Hacking Question Vulnerability based on serial

[Shoruk3n]

Hi all,

Recently picked up a switch and I'm considering homebrew. Is my unit one of the recently patched? Serial # is XAW10078xxxxxx, on OFW (obviously lol) 4.1.0. I looked over the serial number thread and am still unsure. Thanks!

 

[RealLatias]

The only way to know for sure is to try booting into rcm and booting hekate.

 

[Shoruk3n]

The only way to know for sure is to try booting into rcm and booting hekate.

If I do so, does that put me in the ban greyzone?

 

[Draxzelex]

If I do so, does that put me in the ban greyzone?

Exactly but I can tell you from experience that your serial number is highly unlikely to be patched. But if you want to use this console for hacking, you automatically enter the banning grey zone.

 

[Shoruk3n]

If i wanted to know for sure that it's vulnerable, can I just do the paperclip RCM technique to find out? Or will patched units still boot into RCM using that technique?

 

[Draxzelex]

If i wanted to know for sure that it's vulnerable, can I just do the paperclip RCM technique to find out? Or will patched units still boot into RCM using that technique?

RCM is not what's being patched out. Being able to accept payloads is what is being patched out. You can enter RCM on all units, patched or not.

 

[RealLatias]

RCM is not what's being patched out. Being able to accept payloads is what is being patched out. You can enter RCM on all units, patched or not.

Wouldn’t running rcm and then booting just hekate be able to test it? As in getting into ctcaer menu and then restarting to horizon?

 

[Draxzelex]

Wouldn’t running rcm and then booting just hekate be able to test it? As in getting into ctcaer menu and then restarting to horizon?

There are any number of ways to test it however what's important to see (and definitely check whether its patched or not) is by running TegraRCMSmash via command line so you can see the 0 bytes being sent to your Switch meaning its patched. Otherwise, you may not have setup properly so the payload may have failed to send due to user error.

 

[RealLatias]

There are any number of ways to test it however what's important to see (and definitely check whether its patched or not) is by running TegraRCMSmash via command line so you can see the 0 bytes being sent to your Switch meaning its patched. Otherwise, you may not have setup properly so the payload may have failed to send due to user error.

Ah, i have a XAW1000 switch from day one, I’m asking for reference in the future. Thanks.

 

[Draxzelex]

Ah, i have a XAW1000 switch from day one, I’m asking for reference in the future. Thanks.

All credit goes to the (unlucky) user who ended up with the first discovered patched unit.

You have to buy a new Switch !!!
The unit you got is patched and it does not accept payload either from USB, NXLoader, SX Pro dongle, etc...

If you are not sure whether it is your cable, please try to inject biskeydump
Go to https://switchtools.sshnuke.net/ to download tegrarcmsmash and biskeydump
Then open a command prompt, plug in your RCM switch and run this command.

TegraRcmSmash.exe -w biskeydump.bin BOOT:0x0

You will see from the output then your switch received payload but it does not execute the payload.

This is from XAJ700439xxxxx: (Not working, no solution as of now)
View attachment 135626

This is from XAJ7003xxxxxx: (working)
View attachment 135627

By the way, welcome to the club

 

[Shoruk3n]

Thanks for the help everyone. I think the question I should have asked to start was is there a way to check if my console is vulnerable that doesn't involve the possibility of getting banned. Either way I'm pretty sure I'll move forward with hacking, just depends how soon.

 

[Gootah]

Thanks for the help everyone. I think the question I should have asked to start was is there a way to check if my console is vulnerable that doesn't involve the possibility of getting banned. Either way I'm pretty sure I'll move forward with hacking, just depends how soon.

You need some resolve grasshopper. Either resolve to enter the ban zone or resolve not to. The answers will come then my son...

 

[Shoruk3n]

You need some resolve grasshopper. Either resolve to enter the ban zone or resolve not to. The answers will come then my son...

Grasshoppah!

I'll do it eventually for sure. Been eyeballing the sx os pro all day today, but with all the atmosphere and reinx stuff going on I feel like waiting at least a short while might be smart. But then again h4x!!

 

[Gootah]

Grasshoppah!

I'll do it eventually for sure. Been eyeballing the sx os pro all day today, but with all the atmosphere and reinx stuff going on I feel like waiting at least a short while might be smart. But then again h4x!!

What you have to ask yourself: "Do I want to wait? Is saving $50 worth that wait, or is it more worth it to play now?" The way the Switch's security is setup, all methods will get you banned, drink the poison now or later...

 

[Deathwing Zero]

Grasshoppah!

I'll do it eventually for sure. Been eyeballing the sx os pro all day today, but with all the atmosphere and reinx stuff going on I feel like waiting at least a short while might be smart. But then again h4x!!

I asked the same question (is there any other way to check vulnerability) and Draxzelex gave me the same answer he gave you. The only way (currently) is to enter RCM and push a payload. I used Hekate 3.2. For what little it's worth, I have not been banned, but I haven't gone into Horizon with CFW or anything like that. I launched Hekate and did a nand back up and that's it.

Also do not be dumb like me and update to 5.1. Even if your switch is patched it should still be vulnerable to the Deja Vu exploit.

 

[Draxzelex]

I asked the same question (is there any other way to check vulnerability) and Draxzelex gave me the same answer he gave you. The only way (currently) is to enter RCM and push a payload. I used Hekate 3.2. For what little it's worth, I have not been banned, but I haven't gone into Horizon with CFW or anything like that. I launched Hekate and did a nand back up and that's it.

Also do not be dumb like me and update to 5.1. Even if your switch is patched it should still be vulnerable to the Deja Vu exploit.

Sorry, had to go through your post history to remember what I told you (to be fair, it was a week ago). Anyways, while there are technically other methods of testing for patched units, they are definitely more...expensive than just sticking a USB cable into your console.

If a prominent Switch hacker got their hands on one of these units, they may be able to find an alternative method of identification since so far, they're in the hands of noobs for the most part.

 

[Shoruk3n]

So if I was to get started and just do one task tonight, should that one thing be bend a paperclip, enter RCM, push Hekate, and do a NAND backup?

 

[Draxzelex]

So if I was to get started and just do one task tonight, should that one thing be bend a paperclip, enter RCM, push Hekate, and do a NAND backup?

Sounds like a plan to me. Now the question remains what guide details the exact process? Well this thread contains the Hekate payload and explains how to do it in parts in case you don't have a 32 GB SD card or larger. While this tutorial details the exact steps in a more user-friendly fashion along with how to setup the Switch before booting Hekate.

 

[Deathwing Zero]

So if I was to get started and just do one task tonight, should that one thing be bend a paperclip, enter RCM, push Hekate, and do a NAND backup?

Just so you know, it could take a bit before it finishes backing up. So if time is critical I would wait until you have some free time before doing the nand backup. Mine took 122 minutes. I don't know if that's because my sd card wasn't exFAT at the time or if it just takes that long.

 

[Shoruk3n]

Ah, yea that's longer than I want to be busy tonight. Especially considering that I don't have a 32gb or larger card free at the moment. Got another question though, is buying an SX OS license and setting up homebrew via the methods we're discussing in this thread analogous to buying SX OS Pro and just using the dongle they provide?