Hacking PegaSwitch 3.0, libtransistor, and more

[P4wn4g3]

You're either updating or you're not playing those games. Nothing to block, the cart and/or eShop won't work.

Does this mean the update blocking isn't a viable way forward? I thought the new firmwares were essentially just exploit protection similar to prior systems. What about custom firmwares? What is the shortest solution right now to jailbreaking and preserving full system functionality? I suppose something would be needed to prevent the account from reporting on the user as well.

 

[ihaveahax]

Does this mean the update blocking isn't a viable way forward? I thought the new firmwares were essentially just exploit protection similar to prior systems. What about custom firmwares? What is the shortest solution right now to jailbreaking and preserving full system functionality? I suppose something would be needed to prevent the account from reporting on the user as well.

new versions can introduce new encryption keys. there will be no way to play 3.0.1+ games on 3.0.0, because 3.0.1 added a new key.

 

[P4wn4g3]

new versions can introduce new encryption keys. there will be no way to play 3.0.1+ games on 3.0.0, because 3.0.1 added a new key.

I see. I take it no workarounds have been found yet. I can only imagine they are long encryptions and it's not like the switch will be great for running cracking programs.

 

[V-Temp]

I see. I take it no workarounds have been found yet. I can only imagine they are long encryptions and it's not like the switch will be great for running cracking programs.

To gain access to higher FW software, you have to crack higher FW and extract the necessary information to be able to decrypt, read, and run updated software. And this will only be viable for single-player games, online gaming is completely off-limits.

 

[senas8]

already done odyssey will have 3.01

That’s not what I mean. I mean games Carts already on firmware 2.3
In the near future these new carts we buy .. they will update to 3.1+
So for example all game carts in th near future may all be 3.1+.. even game Carts that came out 3 months ago. So unless we by them now in lower firmware .. they will stay that way because we have the phisical copy’s with 2.3 or 3.0. I’m saying that’s what I’m worrying Nintendo might do to fix as many 3.0 switches and get them to update pass that to 3.1+

 

[Bladexdsl]

I’m saying that’s what I’m worrying Nintendo might do to fix as many 3.0 switches and get them to update pass that to 3.1+

oh count on it

 

[Digital_0xFF]

Hopefully someone can clarify a few things for me:

1. One can read things like "fw spoof would be impossible". Maybe there are facts that i'm missing but the only thing i could imagine that would be able to fuck this up would be the fuses... but any cfw should be able to bypass this since there must be some API call we could mess with to fake the fuse values.

2.

To gain access to higher FW software, you have to crack higher FW and extract the necessary information to be able to decrypt, read, and run updated software. And this will only be viable for single-player games, online gaming is completely off-limits.

How should ninty's online service be able to distinguish between a physical bought game and a dumped one ? (Both not bound to nnid)

Edit: I should mention that i am aware that all this will take some time to get build. My question is more like IMPOSSIBLE or not

 

[V-Temp]

1. One can read things like "fw spoof would be impossible". Maybe there are facts that i'm missing but the only thing i could imagine that would be able to fuck this up would be the fuses... but any cfw should be able to bypass this since there must be some API call we could mess with to fake the fuse values.

Fuses are a boot operation, what is an API going to bypass? The boot sequence? CFW spoofing the real FW would require having the other FW compromised to the point of not needing a CFW to spoof the FW; you don't just change some binary to increment the FW# for everything to suddenly work.

How should ninty's online service be able to distinguish between a physical bought game and a dumped one ? (Both not bound to nnid)

Not the game (though they could hide flags that require server handshakes), but more that the console isn't correct which is precipitated from the notes above on the FW (if a FW is compromised to such a degree, they'd roll out a new one with a forced fuse-burn). And if they catch you going online with a tinkered with Switch, they'll ban its unique cert outright and then it will never go online again.

 

[NicknameGoesHere]

I am learning how to develop for3ds RN, and will be working on the switch when I get one&ROP loaders are out, but is there anything I can work with RN?

 

[ehnoah]

I Wonder if some started Doing stuff yet. GbA is quite silence xD

 

[Digital_0xFF]

I Wonder if some started Doing stuff yet. GbA is quite silence xD

"Stuff"? e.g. Homebrew apps? Before they don't have a ROP chain for ROhan (which could take a day or a year) nothin further than the hype will happen.... even if we would find a chain today, at this point i think no one could build a usefull homebrew (due to the lack of details about switch os internals)

 

[ehnoah]

"Stuff"? e.g. Homebrew apps? Bevor they don't have a ROP chain for ROhan (which could take a day or a year) nothin further than the hype will happen.... even if we would find a chain today, at this point i think no one could build a usefull homebrew (due to the lack of details about switch os internals)

So the only rason to keep a 3.0 one is to get it earlier then the rest of the World? But what exactly Rohan do then? I mean didnt it said to run Homebrew? (I know we missing the ROP so that confused me)

So beside the hype most likely nothing will come in the "near" future? Unless we have some super crazy guy?

 

[Digital_0xFF]

So the only rason to keep a 3.0 one is to get it earlier then the rest of the World? But what exactly Rohan do then? I mean didnt it said to run Homebrew? (I know we missing the ROP so that confused me)

So beside the hype most likely nothing will come in the "near" future? Unless we have some super crazy guy?

ROhan is a vulnerability which allows some ROP magic which is needed to actually execute arbitary code (e.g. homebrew) on the switch. But without a proper ROP chain it is nothing but hot air.

The reason to stay below 3.0.1 (or == 3.0.0 for ROhan) is to get homebrew after all...since nobody can say for sure that there will be other exploits >3.0.0 (despite that i am sure that this will happen somewhere in the future)

and yes at least the next 6 month are only exciting if you want to dev for the switch (personal opinion)

All the nitty gritty stuff needs to be developed before we can use it

 

[ehnoah]

ROhan is a vulnerability which allows some ROP magic which is needed to actually execute arbitary code (e.g. homebrew) on the switch. But without a proper ROP chain it is nothing but hot air.

The reason to stay below 3.0.1 (or == 3.0.0 for ROhan) is to get homebrew after all...since nobody can say for sure that there will be other exploits >3.0.0 (despite that i am sure that this will happen somewhere in the future)

and yes at least the next 6 month are only exciting if you want to dev for the switch (personal opinion)

All the nitty gritty stuff needs to be developed before we can use it

So ROhan is a "Smaller ROP of Chain" which is not enough to run stuff actually? But at least the Entry Point to run a propper ROP?

 

[NicknameGoesHere]

"Stuff"? e.g. Homebrew apps? Before they don't have a ROP chain for ROhan (which could take a day or a year) nothin further than the hype will happen.... even if we would find a chain today, at this point i think no one could build a usefull homebrew (due to the lack of details about switch os internals)

We have libnx...

 

[Digital_0xFF]

So ROhan is a "Smaller ROP of Chain" which is not enough to run stuff actually? But at least the Entry Point to run a propper ROP?

Yes ROhan is an entry point which is mandatory to execute a ROP chain

--------------------- MERGED ---------------------------

We have libnx...

And libnx contains API bridges for everything? So there is no function in switch os that we don't know about? Correct me if i am wrong but the way i see it it's not even clear what function every syscall on the switch execute

 

[NicknameGoesHere]

Yes ROhan is an entry point which is mandatory to execute a ROP chain

--------------------- MERGED ---------------------------



And libnx contains API bridges for everything? So there is no function in switch os that we don't know about? Correct me if i am wrong but the way i see it it's not even clear what function every syscall on the switch execute

No, I never said we had everything, I just said that we have something.

 

[V-Temp]

The thing that libnx is doing is creating multiple standards. >.>

 

[astronautlevel]

The thing that libnx is doing is creating multiple standards. >.>

I'm interested in seeing how the devkitPro/libnx and ReSwitched/libtransistor schism will play out - I'm happy we have a toolchain that uses clang and LLVM instead of GCC though

 

[V-Temp]

I'm interested in seeing how the devkitPro/libnx and ReSwitched/libtransistor schism will play out - I'm happy we have a toolchain that uses clang and LLVM instead of GCC though

Its longterm usually bad for the scene to have two parallel developments, going to lead to a lot of potentially confused documentation, but it is what it is.