- Joined
- Jan 5, 2017
- Messages
- 270
- Trophies
- 0
- Age
- 33
- Location
- Bridgwater
- Website
- grimtech.co.uk
- XP
- 752
- Country
Well you've definitely helped me in the moral support area, thanks.For moral support - so am I.
People presumably are now sniffing the network traffic of their consoles to see how Nintendo could connect to them (and ALL of them) without going through the usual update servers - could be a domain that lay dormant and never popped up in logs of the Switch talking to Nintendo before, could be a baked in return channel, that directly communicates to an IP, and circumvents DNS resolving, ...
Once they've found it, we can block it. Presumably once they've found it, they also will analyze the part of their software where the "command and control" pipe comes in to hopefully have a better chance of preventing them to do this in the future.
"We" can reverse what they have done - but not without considerable effort on the part of everyone who wants to do so. Making syspartition backups and writing to them via linux on the switch primarily. And in the end, they wont be able to prevent the hardware assisted exploits.
So depending on how long folks take to find out what exactly N is doing, this might be an entirely useless storm in the waterglass, that does nothing for N apart from pissing off the most technically savvy users.
If this turns out to take longer than expected - everyone on 3.0.0 shoudl look for the esp8266 method of launching HBL from a local "mini server" that costs about 7USD.
Less convenient, but not really slower, or more complicated.
Of course - using the locally hosted exploit, still blocking the Switches Internet access entirely - is only possible - if the bit hasn't already been switched (the access restriction for the browser enabled). At least until the method to flip the bit back is released. (Which shouldnt take long, but let devs reside on the side of caution there).
You should be able to check them all trying to use the webauthapplet on a captive site...There is no way to tell if a 3.01 - 5.01 Switch has been affected or not at this time.
You should be able to check them all trying to use the webauthapplet on a captive site...
Just get yourself the homebrew launcher, pull your routers internet connection and you are fineYeah, I realized that after. Where could I obtain a chunk of code to test offline? It makes no sense to test online because it's extremely risky to do so.
Have Sony and Microsoft ever done anything like this?
Just get yourself the homebrew launcher, pull your routers internet connection and you are fine
Here a European Customer, yes, it hapened to me, in europe, whit a europe bought console and whit europe IP(No vpn)You know where all those hacks (and all software entry points currently being worked on) open a browser window?
Nintendo, doesn't allow you to get access to the browser anymore, if you are not on the most current firmware. Instead you get a popup that tells you to update.
-
By all intents and purposes Nintendos behavior should be illegal, if they are pulling it off in Europe as well. US customers, as always are out of luck, because their rights can be sold away on a virtual piece of napkin, that no one has to read.
First: Here are the different "license agreements" for both regions:
The european one does not even have to be read, you can skip it in the setup progress without acknowledging that you have read it. Nintendo simply asks you to, but you don't have to - so you are not entering into an interpersonal contract with them at that point.
Also - the european text doesnt remove their responsibility to inform you of the update or to ask for your consent. Nintendo should also have a hard time arguing, how what they are doing is covered by any of the reasons they list for being allowed to update software automatically -
and as they are putting up another usage restriction, and are not "removing content" (they are flipping a bit, adding a 1), no potential action of theirs is covered in the last paragraph. Also "may render the Software unplayable" is stated passively and should not cover them "hacking into your console" and adding a usage restriction.
So by any of the quasi legal texts they include with the platform in Europe, they shouldn't be allowed to do what they are currently doing.
US users on the other hand are effed, because they dont have consumer protection laws, that wouldnt allow any EULA to sign away their rights. EULAs to them are literally laws, as in that they cant negotiate them, and that to them they are legally binding even if they dont really read them, and whats inside conflicts with their state law.
Other interpretations are welcome.
Would be interesting to know if some of the known bit switches happened for european customers as well.
That's not entirely true unless you don't count personal servers run locally(my server is always live for me! ), which they should be counted considering a whitelisting server is inherently a more personal thing anyway. (different people would want to whitelist different domains) So a stringent whitelist, or just blocking everything is basically the same as being offline, a controlled sort of offline unless what this user pointed out is actually happening ->In theory, but as I said we don't know what is triggering it, and there are no whitelist DNS's live right now, so offline is the only option.
Yes we have to check if that's actually what's happening or else it could be one of the domains we're actually whitelisting that's sneaking this silent change in their on us. If it's directly using IPs rather than hostnames then custom dns servers isn't enough anymore, we also have to control it more at the router level... So we're then not only not allowing lookups to unknown locations (or not known safe) by hostname but not allowing connections to unknown locations by hostname or ip either.You are right... It might use an IP instead of a hostname and circumvent the DNS completely, too.
Offline is the best choice, second is an offline network for the switch only hosting HBL.
I don't think you have to do that in order to fix it, someone just has to reverse engineer NeedsUpdateVulnerability (Since we know exactly where we need to look) and see what it uses to determine when to follow the code path that ends up returning a value of 1. It's simple to fix either change the thing back that it uses to determine to return 1 back to normal so it returns 0 naturally itself again and keep a way to easily reset that at anytime. Or I like option two, just patch NeedsUpdateVulnerability to always return 0 for false. So anything that asks: Does it need update for vulnerability related issue? It says No not at all no need, that would be false, always.I don't know about programming and stuffs like that... but what if someone emulate a DNS with a fake 5.0.2 firmware authentication to confuse Nintendo's servers? So that way we could get our switch's NeedUpdateVulnerability value set to 0 again... I don't know if something like that is possible ...
Yea I think he means to be 100% safe, connect it to a local network without any internet access whatsoever. So that means pulling the wire in his example, so that you locally trigger the exploit on your own local network which has no internet connected to it so nothing can access the internet (to prevent your switch from accidentally getting the message to flip that bit from somewhere, until we know where that's coming from we're on the lookout for anywhere it could be. If it comes from the regular servers that we whitelist in order to go online while just blocking updates then that's an issue and we'll just need to patch this b.s. and move on! We got homebrew to brew!!Not sure what you mean.... because it can't connect to the active portal to test if there's no internet connection. It can't get to the IP, I would need to host the portal locally, no?
sub_NeedUpdateVulnerability:
mov x0, #0
ret
; End of function sub_NeedUpdateVulnerability
sub_NeedUpdateVulnerability:
; …
mov x1,[VulnerabilityNeedsUpdateFlag]
cmp x1, #1
b.ne NoVulnerabilityNoUpdateNeeded
mov x0, #1
ret
NoVulnerabilityNoUpdateNeeded:
mov x0, #0
ret
; End of function sub_NeedUpdateVulnerability
b.e NoVulnerabilityNoUpdateNeeded
b NoVulnerabilityNoUpdateNeeded
None of this sounds connected or true. First, N isnt forcing you to sign into a service, they are forcing a firmware update, second MS or Sony would not be able to restrict you from using the browser, if they also support captive portals. We need the browser for a few seconds, third no one is worried about having to pay for things - in general, or in this situation, fourth - how did Netflix play into this again?Kind of. On the Xbox 360 you needed to pay for Xbox Live to access the web browser and Netflix, for example. On the PS4 you need to be signed in to a PSN account to activate the web browser. Not sure how it works on the Xbox One.
5.0.0 verified.
If you currently get an update prompt, delete all wifi connections, put in airplane mode:
- Shut down your Switch
- Start in recovery mode EDIT: (hold both Up and Down volume Key and press power button, continue holding volume keys until system boots, video at bottom if needed).
- Select update
- Interupt the proces (press X to cancel is in the screen, I didn't have wifi on so it failed anyway and A got me back)
- Power off and on
- Profit, enjoy no prompts
Huge if true.There is a set off instructions posted by "Flacid_Monkey" on the Switch Haxing Reddit that claims to clear this:
https://old.reddit.com/r/SwitchHaxi...f_you_are_on_an_older_fw_and_want_an/dy974gj/
If someone tests this please state what FW version you are, and if it worked for you.
I have "auto connect" inside my internet connection settings off (and always had) if that helps someone.