Hacking [FAQ] Smhax - Should I update?

[Thirty3Three]

[I know this is a little messy right now, not too presentable. But it has solid information. I'm just crunched on time. I'll update it when I can to make it more presentable]


[Requesting Sticky]


I've seen this question way too many times, threads started, asking the same question, etc. Well I'm here to (hopefully) help avoid... this...

So first off, what is Smhax?

smhax is the informal name of a vulnerability discovered by multiple hackers on the Nintendo Switch. The bug, when fully exploited, appears to be a privilege escalation which allows the attacker to register and run arbitrary services on the console. Specifically, according to the switchbrew wiki:

"Prior to 3.0.1, the service manager (sm) built-in system module treats a user as though it has full permissions if the user creates a new “sm:” port session but bypasses initialization. This is due to the other sm commands skipping the service ACL check for Pids <= 7 (i.e. all kernel bundled modules) and that skipping the initialization command leaves the Pid field uninitialized. Successful exploitation results in Acquisition, registering, and unregistering of arbitrary services"

In other words, coupled with a userland entry point (typically a webkit vulnerability), this could probably be used to gain full access to the console.

[Credit for the paragraph above, goes to Wololo, of Wololo.net. I copy and pasted]

The exploit works on ALL firmware PRIOR to 3.01. So as long as you're below 3.01, you're fine, and good to go.



So guys, now you know what it is... should you update to 3.01?

ultimately? It's up to you. But here are the pros and cons:


If you update:
-Online access (games, eshop, etc.)
-Play the most recent games which require the more recent firmware(s)
-No access to the exploit, when it releases for the common user.

If you don't update:
-No online whatsoever
-Access to the exploit, in time.


Ultimately? It's up to you.
Devs say not to update.


THERE IS NO GUARANTEE THAT ANOTHER EXPLOIT WILL BE RELEASED. EVER. YOU WILL BE TAKING A RISK IF YOU UPDATE... DO NOT LISTEN TO ANYONE WHO TELLS YOU AN EXPLOIT WILL COME IN TIME.


I know this is a messy FAQ right now, I'm sort of crunched for time. I'll edit it when I can to make it more... presentable... I will add dev quotes, recommendations, etc.


In the meantime, if you have any questions or comments you'd like me to add to the faq, let me know.

 

[Sonic Angel Knight]

I updated, and got sonic mania, not worth waiting for me, who knows what will happen, maybe future potential will occur?

Maybe vc would be so cool this time around that I won't need emulators. I hear it will have online multiplayer. Imagine super mario bros online, take turns game with a random player.

 

[Chizko]

But is necesary to be clear, dev didn't say they can use it yet in any level. That is why every day talk about when is release, that is the real question, no if i should update?...

 

[Thirty3Three]

But is necesary to be clear, dev didn't say they can use it yet in any level. That is why every day talk about when is release, that is the real question, no if i should update?...

They mentioned it gives deep access. They've even found ways to dump files among other things, showing that they can take advantage of the exploit. So yes, actually, it can be used in such a level right now. It's not released to the public, but yeah.

 

[KiiWii]

I'll wait for EOLhaxx like WiiU

 

[iAqua]

I didn't update simply because I want to edit my botw save :^)

 

[Chizko]

They mentioned it gives deep access. They've even found ways to dump files among other things, showing that they can take advantage of the exploit. So yes, actually, it can be used in such a level right now. It's not released to the public, but yeah.

i know they do this before the 2.3-3.0, maybe that progress give to Smhax but not "Smhax", maybe i wrong.

 

[billcosby]

I have a question you might want to add to the FAQ. I've been wondering about the exploit does it allow arbitrary code execution as root or something like that? I'm not really sure what registering an arbitrary service really entails.

 

[dpad_5678]

Meh. Staying on 3.0.0 because Zelda, MK8D, and ARMS all work on there. Don't really plan on buying any other games anytime soon and I never play online.

 

[leonmagnus99]

can the exploit lead to custom themes etc.?
if it does, i will consider selling my switch and buying one on exploitable fw.

i play mostly on my ps4/vita these days..
and i also have 2 3ds's i can play on ,so waiting would be no issue for me.

i was thinking about selling my switch these days, but i can't decide yet whether i should or not.
but i would love to have some theme options and some kind of player etc.

custom fw's are so much fun tbh.

 

[Cyan]

sorry, I told you in PM, but I find it funny I want to share (don't take it bad)

FAQ !!! should I update ??

me : "ohhhh, that will tell me what to do ? that thread is great !"
*read, read*

found the answer : it's up to you, do what you want.
I'm not any further ahead and still don't know what to do as you didn't tell me if I should update or not

Ps: I don't even have a switch yet. just has nothing interesting for me yet, it will probably be >3.0 when I'll bought one.

 

[mendezagus]

Great idea Man. Here´s a suggestion: maybe you could add some guidence for people that decide not to update. For exaple:

"Can i access the eshop if i don´t update? Answer: NO"

or

"Can i block firmware updates? Answer : YES" (acording to this: https://hackinformer.com/2017/03/31/bypass-new-nintendo-switch-fw-update/)

 

[Sonic Angel Knight]

I can sit around for months waiting for Something to happen, or keep updating my system and getting new and more features to make it more complete and "Stabilized" and keep eshop access and online modes for games I wanna buy, eventually you will come across a game you want to play, will you just not buy it cause of fear of updates or play it cause "You bought a $300 game console hybrid and want to play games and enjoy it"

Maybe you'll get lucky with a exploit in future firmwares, nintendo isn't exactly known for iron clad defense on hacking.

 

[The Real Jdbye]

It's worth noting in the FAQ that this exploit on its own does not enable piracy nor homebrew, and it has limited usefulness to the end users. However it's possible that in the future it could be used to exploit another part of the system to gain full access or at least gain enough access for unsigned code execution.

I have a question you might want to add to the FAQ. I've been wondering about the exploit does it allow arbitrary code execution as root or something like that? I'm not really sure what registering an arbitrary service really entails.

Probably not without another exploit.

 

[Thirty3Three]

sorry, I told you in PM, but I find it funny I want to share (don't take it bad)

FAQ !!! should I update ??

me : "ohhhh, that will tell me what to do ? that thread is great !"
*read, read*

found the answer is : it's up to you, do what you want.
I'm not any further ahead and still don't know what to do as you didn't tell me if I should update or not

Ps: I don't even have a switch yet. just has nothing interesting for me yet, it will probably be >3.0 when I'll bought one.

took that the wrong way, trying not to
Thanks again though.

 

[Cyan]

that's just a thing to point what you should change, like mendezagus said, adding some specific information.
write it in a way that tell the users they should not update (if they wants any homebrew for now).

for the moment, that's the only entry point, I don't know if there will or if there is something using it, but it's the only useful vulnerability.
so, user should understand that : no, he shouldn't update if he want anything related to homebrew/hack.

the way you word it is encouraging or preventing the user to do anything. you actually have the power to decide for them.
when reading that thread titles, they expect a direct answer (in my opinion).

 

[dpad_5678]

that's just a thing to point that you should change, like mendezagus said.
write it in a way that tell the users they should not update (if they wants any homebrew for now).

for the moment, that's the only entry point, I don't know if there will or if there is something using it, but it's the only useful vulnerability.
so, user should understand that : no, he shouldn't update if he want anything related to homebrew/hack.

the way you word it is encouraging or preventing the user to do anything. you actually have the power to decide for them.
when reading that thread titles, they expect a direct answer (in my opinion).

Yeah I agree. @Thirty3Three, your post is extremely informative however not everybody has the patience to read through all of this. Maybe a TL;DR at the top of the thread?

 

[ShadowOne333]

The online whores are the ones most likely to update.
Sonic Mania, Splatoon 2 and Mario Kart 8 DX seem to be the main three reasons why people have been updating. (Perhaps BotW DLC as well).

But really, there should be a message in red bold letters saying something like:
"If you want to be able to run smhax when it's released DO NOT update.
If you want to continue playing online then be my guest, update and risk the possibility of not being able to run haxx right when it's released"

Besides, we don't know if there are any exploits found for anything above 3.0.0, much less if the exploits above 3.0.0 might even get the same kind of permissions as the ones who stayed on 3.0.0 or below with smhax.
Most likely, IF an exploit for 3.0.1 and above does get released, it will only be userland with very limited services and modules at disposal.

 

[Cyan]

that's the SAME for all consoles, really. sometime only in their early life (wiiu/3DS), sometime always valid (PS3/PS4).
if you want to use a hack, do not update !
if you want online, update !

choose, and live with your choice.

 

[Keizel]

that's the SAME for all consoles, really. sometime only in their early life (wiiu/3DS), sometime always valid (PS3/PS4).
if you want to use a hack, do not update !
if you want online, update !

choose, and live with your choice.

I udpated Wii U to 5.5.2 and I could load Mocha CFW.
I updated 3DS to 11.5.0 and I could load LumaCFW.
I updated PS3 to 4.81 and I could load CFW Rebug with downgrade with E3 Flasher.

Well, I updated to my Nintendo Switch and I will play to online (Splatoon2, arms etc) until the exploit for my version be released. The no-update maybe is more useful for people that dont have games and want the exploit for play it free without use money.