Hacking Question Is it possible to find exploit that way?

[Noctosphere]

By comparing the source code of two firmware, is it possible for expert to find exploit?
If it is, how much time should we stay on previous firmware before updating and assuming there are no exploit fixed on the latest firmware?
Thanks

 

[TheCyberQuake]

By comparing the source code of two firmware, is it possible for expert to find exploit?
If it is, how much time should we stay on previous firmware before updating and assuming there are no exploit fixed on the latest firmware?
Thanks

AFAIK without the previous huge big they don't have as much access and thus can't just compare the source.

 

[MatMaf]

...comparing the source code...

Okay, so how do you expect anyone to find the source of a proprietary, closed Nintendo OS?

 

[TheCyberQuake]

Okay, so how do you expect anyone to find the source of a proprietary, closed Nintendo OS?

This too. They can't just compare source.

 

[mark3p]

Technically this is possible given that you can be on an exploited firmware and then download the new firmware to the console without applying it.

With SM access you could write an unpacker to extract the new firmware update and then copy to SD for external reading / modification.

Think back to original Wii days where you were overwriting stubbed iOS with non-stubbed ones from an original firmware.

The tricky part here is efuses and their behaviour in updates. Anyone analysing this has the potential to either update firmware and lose hack or brick if modifying update and efuses blow. Given that the core hackers aren’t bothered about piracy so would have no need to update to a newer firmware I wouldn’t expect there to be much progress in this area.

 

[mikey420]

Yeah um no. No hacker/dev has said code. And I guarantee Nintendo won't be sharing. If we had the source for the OS finding an exploit would be way way easier. In short no. You can't just compare source code to do this. Furthermore the chance of anyone sharing an exploit they discovered is small especially if said flaws aren't very plentiful. Hackers have a tendency of waiting for there exploits to be patched before releasing them.

 

[Thirty3Three]

Don't think it's as easy as "comparing source code"

 

[blinkzane]

Sure let me just use my mind powers and I'm gonna hook my switch up to my laptop via us and just download it

 

[Bladexdsl]

yeah...NAH

 

[FAST6191]

And I guarantee Nintendo won't be sharing.

While I agree I do have to ask has anybody checked to see if it is ground up custom or uses another more known OS as a base?

 

[thla]

From a purely academic argument, sure it's possible, except you would be comparing machine-readable assembly code, and not human-readable source code.

But in practice it's not that simple, I don't know much about reverse engineering, but from a developer standpoint, code doesn't always do what we expect it to do, and it is not until the point of running the code and feeding it different input that you actually begin to understand how the code works, vs. how it was written to work.

 

[Deleted User]

From a purely academic argument, sure it's possible, except you would be comparing machine-readable assembly code, and not human-readable source code.

But in practice it's not that simple, I don't know much about reverse engineering, but from a developer standpoint, code doesn't always do what we expect it to do, and it is not until the point of running the code and feeding it different input that you actually begin to understand how the code works, vs. how it was written to work.

I mean, if you're a lazy dev and write spaghetti code in a higher level language or unstable platform, then yeah sure, code doesn't do what you expect it to do. But writing C and compiling or directly writing assembly, you know precisely what it's going to do. It IS an exact science, with a specific intent and purpose behind it. If you ever write code that you don't know the effect of, then you shouldn't be writing it in the first place.

As to the "machine readable assembly code": nah. An executable binary can be viewed directly as assembly, and with the required knowledge and experience of writing standard assembly on that platform, there's no reason you couldn't rewrite the same program in C by hand.

All of this isn't to say that OP has said anything accurate or worthwhile, just making sure that you correcting him was in itself correct.

While I agree I do have to ask has anybody checked to see if it is ground up custom or uses another more known OS as a base?

It wouldn't particularly matter even if they did. They could use a custom fork of the Darwin kernel, and it wouldn't make a difference if the services, IPC, and executable format were implemented differently. But to answer your question: It's based on *nix.