Hacking Question Is downgrading possible?

[realjumy]

Considering how deep our level of access to the device is, is it possible to downgrade the firmware of the Switch to a lower version? And this this, I mean actually downgrading, not using emunand to emulate previous versions.

Seeing how we have been asked to stay in lower versions and taking into account that I can't find anything posted officially, I wonder if this is because it's not possible, or because the method has not been disclosed (yet).

 

[xXDungeon_CrawlerXx]

It is.
It's not possibly today, but as soon as we're able to disable the fuse-check, we'll be able to downgrade the Firmware.

This won't happen for the next few months, I think.

 

[realjumy]

It is.
It's not possibly today, but as soon as we're able to disable the fuse-check, we'll be able to downgrade the Firmware.

This won't happen for the next few months, I think.

Good At least it's possible ^^

 

[Phenj]

When we will reach the point where we can disable fuses-check, downgrade would be totally useless. You would have complete control of your console anyway.

 

[Lacius]

Downgrading will always be pointless. If you downgrade your system version, then you will always have to use RCM to be able to launch your Switch OS. Since you can use RCM to launch CFW on all system versions anyway, downgrading is pointless.

It is highly unlikely that there will ever be any way around this.

 

[MHDestination]

Hekate does already temporarily disable fuse checks.

Downgrading is possible. But you will need to go through RCM to boot the system.

That won't change ever. We can't permanently disable fuse checks (without a modchip).
These checks are performed by the bootloader. And we can't patch it,
since it's read only.

 

[realjumy]

Hekate does already temporarily disable fuse checks.

Downgrading is possible. But you will need to go through RCM to boot the system.

That won't change ever. We can't permanently disable fuse checks (without a modchip).
These checks are performed by the bootloader. And we can't patch it,
since it's read only.

So AutoRCM is a required 1st step, right?

 

[MHDestination]

So AutoRCM is a required 1st step, right?

Not necessarily AutoRCM, any method of booting RCM is fine
...by jig, by removing nand chip....

 

[Draxzelex]

More accurately, we need a coldboot-based exploit to bypass the fuse check because we need a hack that occurs before the fuse check. RCM is just one example of a coldboot that can bypass the fuse check. Unfortunately, the only coldboot we have is tethered so its still kinda pointless to downgrade because you would still need to tether to avoid the check.

 

[RyanTheArchivist]

Considering how deep our level of access to the device is, is it possible to downgrade the firmware of the Switch to a lower version? And this this, I mean actually downgrading, not using emunand to emulate previous versions.

Seeing how we have been asked to stay in lower versions and taking into account that I can't find anything posted officially, I wonder if this is because it's not possible, or because the method has not been disclosed (yet).

No reason too but im sure its possible its just the switch can detect if the FW on the nand has been flashed

 

[Lacius]

More accurately, we need a coldboot-based exploit to bypass the fuse check because we need a hack that occurs before the fuse check. RCM is just one example of a coldboot that can bypass the fuse check. Unfortunately, the only coldboot we have is tethered so its still kinda pointless to downgrade because you would still need to tether to avoid the check.

Any untethered coldboot exploits that can't be installed with RCM (e.g. the future untethered coldboot exploits that will might someday be released for 1.0.0, 2.0.0-3.0.0, and 3.0.1-4.1.0) will require that the Switch can successfully boot into Horizon without RCM. Downgrading will always be pointless.

 

[Draxzelex]

Any untethered coldboot exploits that can't be installed with RCM (e.g. the future untethered coldboot exploits that will someday be released for 1.0.0, 2.0.0-3.0.0, and 3.0.1-4.1.0) will require that the Switch can successfully boot into Horizon without RCM. Downgrading will always be pointless.

I don't believe those unreleased exploits are coldboots. I think they are warmboots. Someone must have gotten confused with the terminology between softmod and coldboot. But yes, downgrading is pointless due to the fuses.

 

[Lacius]

I don't believe those unreleased exploits are coldboots. I think they are warmboots. Someone must have gotten confused with the terminology between softmod and coldboot.

We don't know for sure, but it has been implied that they might work similarly to CBHC on the Wii U (i.e. the system coldboots into OFW, and then an automated process applies the unreleased exploits to load CFW, giving the illusion of coldbooting CFW). Nobody has corrected the Firmware Status thread either.

 

[Draxzelex]

We don't know for sure, but it has been implied that they might work similarly to CBHC on the Wii U (i.e. the system coldboots into OFW, and then an automated process applies the unreleased exploits to load CFW, giving the illusion of coldbooting CFW). Nobody has corrected the Firmware Status thread either.

Knew I should have attached a source to my last reply. Anyways, this is what Scires is saying about the unreleased exploits and the potential for future coldboots.

I intend to be fully transparent about this shit, especially going forwards. At present, I'm not aware of any non-RCM means of getting code execution from coldboot. To the best of my knowledge, nobody else is, either.

Also, I contacted OP about updating his graphic. Hopefully, he sees my post and changes it as soon as possible to prevent more misinformation from spreading.

 

[Lacius]

Knew I should have attached a source to my last reply. Anyways, this is what Scires is saying about the unreleased exploits and the potential for future coldboots.
Also, I contacted OP about updating his graphic. Hopefully, he sees my post and changes it as soon as possible to prevent more misinformation from spreading.

That's the post I was also referring to. SciresM is saying that, on 1.0.0 and possibly 2.0.0-3.0.1, it might be possible to get the system to boot into the normal OS before loading softwarehax via an automated process, simulating a coldboot into CFW similar to how CBHC works on the Wii U.

In principle, there's no other way to do an untethered coldboot into CFW that would simultaneously be dependent on a having particular system version.

 

[Draxzelex]

That's the post I was also referring to. SciresM is saying that, on 1.0.0 and possibly 2.0.0-3.0.0, it might be possible to get the system to boot into the normal OS before loading softwarehax via an automated process, simulating a coldboot into CFW similar to how CBHC works on the Wii U.

In principle, there's no other way to do an untethered coldboot into CFW that would simultaneously be dependent on a having particular system version.

That is true. The issue here now is that nobody is working on implementing that type of coldboot for those firmwares. While it is possible in principle, Scires summed it up pretty accurately when he says to "maintain approximately zero hope". But of course, anything is possible so I guess it is false to say that there are no potential untethered coldboots.

 

[Lacius]

That is true. The issue here now is that nobody is working on implementing that type of coldboot for those firmwares. While it is possible in principle, Scires summed it up pretty accurately when he says to "maintain approximately zero hope". But of course, anything is possible so I guess it is false to say that there are no potential untethered coldboots.

Anyway, to summarize my original point and bring us back on topic, there are two possibilities regarding an untethered coldboot exploit:

1. It will be something that can be installed with RCM, which makes downgrading pointless.
2. It will be something that depends on the system's ability to boot into OFW normally, which makes downgrading pointless.

 

[realjumy]

Thanks for the clarification, guys.

 

[ssmatt]

It's absolutely possible at this point.

But if there has been anything made yet to reliably do so, I haven't heard of it.

 

[Lacius]

It's absolutely possible at this point.

But if there has been anything made yet to reliably do so, I haven't heard of it.

More importantly, nothing will ever be gained from downgrading a Switch aside from research.