Firmware downgrading

[Deleted User]

I'm asking this in the EOF because it's probably a dumb question with a simple answer.

Why hasn't anyone ever downloaded an earlier firmware version then changed the version string to make it appear as though it were the latest one? If someone did that then downgrading on every system would be super easy.

 

[Noctosphere]

I'm asking this in the EOF because it's probably a dumb question with a simple answer.

Why hasn't anyone ever downloaded an earlier firmware version then changed the version string to make it appear as though it were the latest one? If someone did that then downgrading on every system would be super easy.

errr...
simple question for you
what are you talking about?
switch?
3ds?
ps4?
xbo?
xD?

 

[Deleted User]

Because theres more that a version string
You would need to resign the file

 

[x65943]

I think Eix has got it. Basically we would have to have all the crypto and sign the file so that it really appears as if it's a later fw.

Unfortunately we never really get this kind of control. Usually we just patch out signature checks - because we aren't able to actually sign anything legit.

 

[ThoD]

Let's see...
- Resigning the OS file
- Going to older firms may make exploits unpatched but will also take away ACTUAL stability updates
- Not anywhere near as simple as you think it may be
- If talking about Switch, it's LITERALLY impossible to downgrade because upon upgrading specific fuses go out for good to prevent that
- It wouldn't serve any purpose whatsoever, as downgrading requires almost complete control over the console, so if you already have that, what is even the point in downgrading?
- It can cause bricks if there's even a little slip-up
- MOST consoles can't even update using a file from the SD card, so you HAVE to get the update from the online servers and good luck with that if you want to download a modified OS (only PSP/PS3/PS4 can update without connecting to the servers)

and various other reasons...

 

[x65943]

Let's see...
- Resigning the OS file
- Going to older firms may make exploits unpatched but will also take away ACTUAL stability updates
- Not anywhere near as simple as you think it may be
- If talking about Switch, it's LITERALLY impossible to downgrade because upon upgrading specific fuses go out for good to prevent that
- It wouldn't serve any purpose whatsoever, as downgrading requires almost complete control over the console, so if you already have that, what is even the point in downgrading?
- It can cause bricks if there's even a little slip-up
- MOST consoles can't even update using a file from the SD card, so you HAVE to get the update from the online servers and good luck with that if you want to download a modified OS (only PSP/PS3/PS4 can update without connecting to the servers)

and various other reasons...

For the switch if we could theoretically make it think the downgrade is an upgrade - then we wouldn't have to worry about the efuses. That's OP's entire point.

But the rebuttal is - good luck signing the fw.

 

[ThoD]

For the switch if we could theoretically make it think the downgrade is an upgrade - then we wouldn't have to worry about the efuses. That's OP's entire point.

But the rebuttal is - good luck signing the fw.

No, it's still literally impossible for the last reason I stated. Let's say you can trick it to think it's not a downgrade and that you can sign it. You STILL have to download updated through Nintendo's servers, thus making it impossible to download such an OS. Also, let's say you can manage that, the OS STILL won't run, because it will require specific fuses to be active (so tricking the system won't really work) and can potentially result in a brick (since you can't load the OS and perhaps not even recovery mode), thus impossible no matter what.

 

[x65943]

No, it's still literally impossible for the last reason I stated. Let's say you can trick it to think it's not a downgrade and that you can sign it. You STILL have to download updated through Nintendo's servers, thus making it impossible to download such an OS. Also, let's say you can manage that, the OS STILL won't run, because it will require specific fuses to be active (so tricking the system won't really work) and can potentially result in a brick (since you can't load the OS and perhaps not even recovery mode), thus impossible no matter what.

The idea is to not update via ninty's servers. Games still come with updates - right? I don't think ninty is the only option.

 

[ThoD]

The idea is to not update via ninty's servers. Games still come with updates - right? I don't think ninty is the only option.

You will need to flash cartridges then or sign those too. And even then, the OS won't load because fuses won't be active. The way fuses act is basically like this, each OS has a requirement that's "if fuse x until y are active, then load". So you will need to also edit the firmware itself instead of just signing it, changing the version string and flashing it onto a cartridge. Which brings us to... if we EVER get THAT much control over the system, WHY downgrade? You will already have perfect control over the console already, no point

 

[x65943]

You will need to flash cartridges then or sign those too. And even then, the OS won't load because fuses won't be active. The way fuses act is basically like this, each OS has a requirement that's "if fuse x until y are active, then load". So you will need to also edit the firmware itself instead of just signing it, changing the version string and flashing it onto a cartridge. Which brings us to... if we EVER get THAT much control over the system, WHY downgrade? You will already have perfect control over the console already, no point

Yes - I wasn't saying it was smart - just possible.

And if we did have that much control we could change the version string, like you said.

I think you really misunderstood my point.

 

[ThoD]

Yes - I wasn't saying it was smart - just possible.

And if we did have that much control we could change the version string, like you said.

I think you really misunderstood my point.

No, I got your point. Just saying it's impossible because we won't ever have that much control over the system, as the ONLY system we ever got that much control over was the PSP and that thing was a JOKE to hack. The Switch has some of the best security a console has had out of the entire console history.

 

[x65943]

No, I got your point. Just saying it's impossible because we won't ever have that much control over the system, as the ONLY system we ever got that much control over was the PSP and that thing was a JOKE to hack. The Switch has some of the best security a console has had out of the entire console history.

I know, read my first post "Unfortunately we never really get this kind of control"

It almost seems like you're trying to create an argument where there isn't one. We have had the same view the entire time. You have been disagreeing with a made up version of my statements that only exists in your head

 

[ThoD]

I know, read my first post "Unfortunately we never really get this kind of control"

It almost seems like you're trying to create an argument where there isn't one. We have had the same view the entire time. You have been disagreeing with a made up version of my statements that only exists in your head

Missed that post because it wasn't present when I was replying to the OP, then next time page loaded I was reading the one right under mine. Can't blame me

 

[SirNapkin1334]

For the switch if we could theoretically make it think the downgrade is an upgrade - then we wouldn't have to worry about the efuses. That's OP's entire point.

But the rebuttal is - good luck signing the fw.

Actually, you could probably downgrade the Switch but if you reboot it you're bricked.
eFuses are checked on boot, so even if we tell it that it's an update, it won't matter.

 

[x65943]

Actually, you could probably downgrade the Switch but if you reboot it you're bricked.
eFuses are checked on boot, so even if we tell it that it's an update, it won't matter.

You're missing the point. If the version string was higher up - then the efuses wouldn't matter.

 

[SirNapkin1334]

You're missing the point. If the version string was higher up - then the efuses wouldn't matter.

You mean the eFuse requirement. But firmware packages are encrypted iirc and signed, so unless someone wants to illegally hack into laptops of the entire Nintendo Switch software department, we won't be signing our own stuff.

 

[x65943]

You mean the eFuse requirement. But firmware packages are encrypted iirc and signed, so unless someone wants to illegally hack into laptops of the entire Nintendo Switch software department, we won't be signing our own stuff.

I swear - read what is said. This is the whole point. If we could theoretically sign our own stuff efuses wouldn't matter.

No one is reading anything before they post.

This thread is a complete trainwreck.

 

[Deleted User]

errr...
simple question for you
what are you talking about?
switch?
3ds?
ps4?
xbo?
xD?

any and every system