Hacking "Get on 3.0.0 - Stay on 3.0.0"

[TiMeBoMb4u2]

Straight from the mouth of "plutoo"...

 

[tech3475]

Doesn't 3.0 contain the battery bug? Obviously people will need to upgrade anyway but if there are problems then it may be worth reminding people.

I have pokken so I'm staying below for now.

 

[TiMeBoMb4u2]

Doesn't 3.0 contain the battery bug? Obviously people will need to upgrade anyway but if there are problems then it may be worth reminding people.
I have pokken so I'm staying below for now.

For the record... I'm staying where I am, for now, as well. I'd like to see what comes of the 3.0.0 homebrew scene, before I update.

 

[tunip3]

if anyone has a 1.00 switch daekan is willing to trade a 2 3.00 switches for 1 1.00

 

[Lacius]

If you're on something lower than 3.0.0, you should not update to 3.0.0 for the time being. In other words, if you're on 1.0.0-3.0.0, stay where you're at.

 

[LukySplatoon]

If you're on something lower than 3.0.0, you should not update to 3.0.0 for the time being. In other words, if you're on 1.0.0-3.0.0, stay where you're at.

Ok but why?

 

[Lacius]

Ok but why?

There have been murmurings about an emuNAND solution for systems on 1.0.0.

 

[Baoulettes]

Doesn't 3.0 contain the battery bug? Obviously people will need to upgrade anyway but if there are problems then it may be worth reminding people.

I have pokken so I'm staying below for now.

Hm mind explaining that bug ?
I am on 3.0.0 with issue to play all day

 

[LukySplatoon]

There have been murmurings about an emuNAND solution for systems on 1.0.0.

Ok but 2.3?

 

[Lacius]

Ok but 2.3?

I'm not aware of any benefit 2.3 has over 3.0 right now. However, it's always good practice to stay on the lowest software version possible. Better to need to update to 3.0.0 later than to update now and be unable to use something that 2.3 has and 3.0 doesn't.

 

[Thelonewolf88]

Doesn't 3.0 contain the battery bug? Obviously people will need to upgrade anyway but if there are problems then it may be worth reminding people.

I have pokken so I'm staying below for now.

It does yeah, which is why i have held off updating from 2.0.0 to 3.0.0 with Pokken. See how it pans out over time.

 

[tech3475]

Hm mind explaining that bug ?
I am on 3.0.0 with issue to play all day

https://www.polygon.com/2017/8/1/16075190/nintendo-switch-battery-issue-bug-system-software-update

 

[tunip3]

I'm not aware of any benefit 2.3 has over 3.0 right now. However, it's always good practice to stay on the lowest software version possible. Better to need to update to 3.0.0 later than to update now and be unable to use something that 2.3 has and 3.0 doesn't.

theyre are a couple extra vulns in 2.3 look over the 34c3 confrence to see which

 

[kublai]

Doesn't 3.0 contain the battery bug? Obviously people will need to upgrade anyway but if there are problems then it may be worth reminding people.

I have pokken so I'm staying below for now.

maybe the battery bug can turn into an exploit like the PSP.

 

[cholaloula]

theyre are a couple extra vulns in 2.3 look over the 34c3 confrence to see which

I saw the conference but can't see what extra vulnerabilities, It's the question of the thread I opened https://gbatemp.net/threads/3-0-0-mandatory.492851/
I'm in the 2.3 case and will wait to see if there's a real advantage. From what I saw 3.0.0 is the way to go as it's the firmware that permitted the ROhan exploit...Am I wrong?

 

[SnAQ]

I'm staying where i am.
4.1.

But I'm happy for all you that had the patience to wait for boring, worthless homebrew.

Have fun with Pong and DOOM, [emoji23]

Sent from my F8331 via Tapatalk

 

[TiMeBoMb4u2]

I'm not aware of any benefit 2.3 has over 3.0 right now. However, it's always good practice to stay on the lowest software version possible. Better to need to update to 3.0.0 later than to update now and be unable to use something that 2.3 has and 3.0 doesn't.

For the most part, this is true, and it is one of the reasons I'll be staying where I'm at, for now.
It's sure tempting, though, when he says, "Get on firmware 3, if you're lower." —

 

[Lacius]

For the most part, this is true, and it is one of the reasons I'll be staying where I'm at, for now.
It's sure tempting, though, when he says, "Get on firmware 3, if you're lower."

I'm not aware of any benefit 2.3 has over 3.0 right now. However, it's always good practice to stay on the lowest software version possible. Better to need to update to 3.0.0 later than to update now and be unable to use something that 2.3 has and 3.0 doesn't.

I'm staying where i am.
4.1.

But I'm happy for all you that had the patience to wait for boring, worthless homebrew.

Have fun with Pong and DOOM, [emoji23]

Sent from my F8331 via Tapatalk

Don't try to bring people down just because you're on 4.1.

 

[cholaloula]

Just making a copy/paste from rohan url :

-----------------------------

ROhan is an exploit to enable userland arbitrary code execution on Switch OS 3.0. It works due to Nintendo’s code making a number of assumptions that don’t hold when sm:h is in play:

• With OS 3.0.0, Nintendo split the ldr:ro service away from the ldr sysmodule, in an attempt to limit the attack surface of the critical ldr.
• The newly-created RO sysmodule contains a codepath meant to ease testing for use on devkits: when loading in NRR files (which validate the integrity of NRO “dlls”), the module will contact the spl: service to check the IsDebugMode flag, and contact the settings sysmodule to request the ro!ease_nro_restriction setting. If both of these are set, the signature check is skipped.

Both of these changes mark theoretical improvements to the system's security. However, sm:h grants full access to the services API – including both registering and unregistering existing services. As such, the exploit flow looks like this:

1. Set the ro!ease_nro_restriction setting to 1
2. Using a compromised sysmodule (more on this later), MITM the spl: service to cause any GetConfig call of type 0xb (IsDebugMode) to return 1
3. Kill and relaunch ro
4. Load any unsigned nrr
5. Load any nro whose hash exists in that nrr

The reason we need a compromised sysmodule is that the ReplyAndReceive syscall, required to imitate a service, simply doesn’t exist in the browser. As such, we hijack an existing sysmodule to perform this attack.

In 3.0, the sdb sysmodule contains a number of bugs that make it a prime target. We currently have an arbitrary write and control of the execution flow; what we don’t have is an actual ROP/JOP-chain to allow arbitrary function calling. This is the sole piece missing for userland ACE on the Switch.

--------------------------

I think that's the reason why Plutoo recommends to upgrade to 3.0.0 but Tunip3 seems to imply the 34c3 speech indicated 2.3.0 could have advantages...

 

[TiMeBoMb4u2]

I'm staying where i am.
4.1.
But I'm happy for all you that had the patience to wait for boring, worthless homebrew.
Have fun with Pong and DOOM, [emoji23]
Sent from my F8331 via Tapatalk

I only bought my Switch for Zelda... Beat it, and I'm still below firmware v3.x.
I can update whenever I like. You, however, cannot ever downgrade, if you decide later you wanted to....unless, of course, someone figures a way to bypass the eFuses.