Toggle sidebar

Hacking Hacking the Switch through the Album?

SciresM said:
I already documented how the hash works, post a few above yours references my tweet, it's just an sha256 hmac with a hard coded key lol -- eventually I'll probably make a tool but I tested and a custom "resigned" JPEG worked fine last night.
Click to expand...
could we see a picture of your switch with this resigned image in your album? just for the sake of absolute proof, sorry, just want to know if this truly is real...it's hard to beleive that so much you folks have done in 4 months, I expected this all to take much longer to the point of at least a year or 2, just wow
 
blujay said:
i assume then you have the hardcoded key?

also, i'm happy my theory about the album was actually true.
Click to expand...

Yes, the key is extremely easy to extract if you have capsrv's code....they were smart enough not store the key itself, instead the ipad/opad (Key ^ 0x363636...., Key ^ 0x5C5C...) are loaded via MOVK instructions.

Still, not hard if you know what you're doing.

On 2.0 the Hmac function is at 0x7B94 in .text, it takes in (pointer to output mac, pointer to jpeg data, size of jpeg data, pointer to output size_parsed variable)

jt_1258 said:
could we see a picture of your switch with this resigned image in your album? just for the sake of absolute proof, sorry, just want to know if this truly is real...it's hard to beleive that so much you folks have done in 4 months, I expected this all to take much longer to the point of at least a year or 2, just wow
Click to expand...

I guess I can tweet a pic this evening when I'm doing switch stuff, heh -- didn't bother since it's only screenshots...
 
Last edited by SciresM,
  • Like
Reactions: Alex1234, peteruk and jt_1258
SciresM said:
Yes, the key is extremely easy to extract if you have capsrv's code....they were smart enough not store the key itself, instead the ipad/opad (Key ^ 0x363636...., Key ^ 0x5C5C...) are loaded via MOVK instructions.

Still, not hard if you know what you're doing.

On 2.0 the Hmac function is at 0x7B94 in .text, it takes in (pointer to output mac, pointer to jpeg data, size of jpeg data, pointer to output size_parsed variable)



I guess I can tweet a pic this evening when I'm doing switch stuff, heh -- didn't bother since it's only screenshots...
Click to expand...
oh, I thought you had edited and put in a custom pic
 
  • Like
Reactions: SciresM
jt_1258 said:
oh, I thought you had edited and put in a custom pic
Click to expand...

When I tested the screenshot stuff last night I "resigned" a pic of the reswitched logo and put on my SD card, verified album loaded it with no problems...didn't bother posting to social media because like I said it's only screenshots editing...

I think you took "it's only screenshots" to mean "no custom pictures" -- not what I meant, those work fine, I just meant screenshot editing isn't a huge deal in terms of hax-noteworthiness :)
 
Last edited by SciresM,
  • Like
Reactions: peteruk
SciresM said:
When I tested the screenshot stuff last night I "resigned" a pic of the reswitched logo and put on my SD card, verified album loaded it with no problems...didn't bother posting to social media because like I said it's only screenshots editing...

I think you took "it's only screenshots" to mean "no custom pictures" -- not what I meant, those work fine, I just meant screenshot editing isn't a huge deal in terms of hax-noteworthiness :)
Click to expand...
>.< well, hit it on the nail, sorry about that, well, cool
if ninty ever does implement recording gameplay maybe something similar could be done to get it to play movies and stuff
seems pretty dam cool
also are there ever any issues with adding an image into the album if it's not the same dimensions like a 150x120 image in there instead of the normal dimensions you would see on a tv or the switch itself?
 
jt_1258 said:
>.< well, hit it on the nail, sorry about that, well, cool
if ninty ever does implement recording gameplay maybe something similar could be done to get it to play movies and stuff
seems pretty dam cool
also are there ever any issues with adding an image into the album if it's not the same dimensions like a 150x120 image in there instead of the normal dimensions you would see on a tv or the switch itself?
Click to expand...

Don't know, haven't messed with that -- there's definitely "some" validation of size, images without right size thumbnail show as question marks with "corrupt data" message. I'm sure it'll get documented eventually, but the non-crypto parts of validation are low priority heh.
 
  • Like
Reactions: I pwned U!, Alex1234 and jt_1258
SciresM said:
Yes, the key is extremely easy to extract if you have capsrv's code....they were smart enough not store the key itself, instead the ipad/opad (Key ^ 0x363636...., Key ^ 0x5C5C...) are loaded via MOVK instructions.

Still, not hard if you know what you're doing.

On 2.0 the Hmac function is at 0x7B94 in .text, it takes in (pointer to output mac, pointer to jpeg data, size of jpeg data, pointer to output size_parsed variable)



I guess I can tweet a pic this evening when I'm doing switch stuff, heh -- didn't bother since it's only screenshots...
Click to expand...
ah i see. my switch is on 3.0 because i used to have a different stance on switch hacking. (although not really sure this is considered switch hacking).

capsrv is in the kernel then, right?
 
blujay said:
ah i see. my switch is on 3.0 because i used to have a different stance on switch hacking. (although not really sure this is considered switch hacking).

capsrv is in the kernel then, right?
Click to expand...

Nope, capsrv is a sysmodule, not the kernel.

The sha256 stuff is implemented via native sha256 instructions in .text.
 

Site & Scene News

Go to forum More news

Popular threads in this forum

Homebrew  Full List of N64 Recompilation Switch ports

Homebrew Tutorial Translation Project  CS2SX — Write Nintendo Switch Homebrew in C#

Homebrew Homebrew game Project  So... Dan didn't want to reveal his Vulkan, so I made mine.

Hacking  WiFi chip failing and can't boot. is it possible to enable Airplane Mode by editing system save files directly?

Feedback Homebrew  Essential Homebrew

Homebrew  Sonic Unleashed Recompiled (Homebrew Port)

running 20.5 Is it worth upgrading my firmware...?

Is it fixable