Hacking Discussion Do you care about emunand?

[p2697]

It´s funny how 90% shout that Emunand is trash but the survey results show the truth. Just let people do what they want and stop forcing them onto something.

The problem is people think if Emunand happens software coldboot will, they are two seperate things.

Also that they can switch firmwares and be safe online, which again is not true as there are many ways to detect it. You can't compare the 3DS version to this due to the eFuses and extra security.

If someone said Emunand will be released, but it wont be safe online and there will not be a coldboot solution would people still want it? We will be getting a very easy way to change firmwares on the Switch very soon, so with that in mind who would use it?

 

[enarky]

eFuses are physical alterations, they could not be spoofed with Emunand.

Of course they can. In the end all hardware access are basically reads from a memory address, if you have complete control over the machine it should be possible to virtualize those reads and return whatever is expected from the current FW version.

 

[kumikochan]

The problem is people think if Emunand happens software coldboot will, they are two seperate things.

Also that they can switch firmwares and be safe online, which again is not true as there are many ways to detect it. You can't compare the 3DS version to this due to the eFuses and extra security.

If someone said Emunand will be released, but it wont be safe online and there will not be a coldboot solution would people still want it? We will be getting a very easy way to change firmwares on the Switch very soon, so with that in mind who would use it?

No people do not think that. People who want emunand are fine with using emunand for years on a row till it eventually does happen.

 

[p2697]

always thought an efuse was pure software so everytime you would update your emunand a fuse would get burned in your emunand

It's hardware based, hence why it's a great security method.

There is no device which has eFuses (Xbox 360, Samsung Galaxy phones ect) that have been spoofed or reversed despite sizeable money incentives.

Of course they can. In the end all hardware access are basically reads from a memory address, if you have complete control over the machine it should be possible to virtualize those reads and return whatever is expected from the current FW version.

Read above, has not been done on any device to date.

 

[kumikochan]

Of course they can. In the end all hardware access are basically reads from a memory address, if you have complete control over the machine it should be possible to virtualize those reads and return whatever is expected from the current FW version.

So fuse count can be ported over to emunand basicly ?

 

[EmanueleBGN]

A lot of people here on GBAtemp (me too) say to stay on lowest firmware possible for future exploits, free custom firmware, etc; so:

If

lowest sysNAND firmware is better​

than

emuNAND is useful​

We'll see how the scene will evolve. On 3DS the emuNAND was used a lot of time, and in 3DS lifetime at the second year we wasn't at the same level of Switch hack

 

[p2697]

A lot of people here on GBAtemp (me too) say to stay on lowest firmware possible for future exploits, free custom firmware, etc; so:

If

lowest sysNAND firmware is better​

than

emuNAND is useful​

We'll see how the scene will evolve. On 3DS the emuNAND was used a lot of time, and in 3DS lifetime at the second year we wasn't at the same level of Switch hack

It's always recommended to stay on the lowest official firmware.

You can unofficially update to the latest firmware, meaning you can back to the lowest official version you were runinng if needed.

There is a very long guide to do this, however something big is coming and it's about to get very easy.

Edit: Will be my last post in the thread, thanks for the discussion guys, hope the people who want Emunand get it.

 

[FAST6191]

It's hardware based, hence why it's a great security method.

There is no device which has eFuses (Xbox 360, Samsung Galaxy phones ect) that have been spoofed or reversed despite sizeable money incentives.



Read above, has not been done on any device to date.

What were the conditions for "spoofing" in those contests?

Game hacking has seen thousands of reads to various memory areas, including obfuscated ones, patched before, we have seen calculated hardware/oracle responses generated in software before, hypervisors bypassed and more besides, routinely at that.

Most of those would not be terribly useful in the sorts of contests/bug bounties I see hardware makers initiate and things they wish to defend against. I would too be surprised at some kind of either virtual/emulated machine like hook and redirect, debugger style breakpoints, a simplistic hypervisor or similar sorts of things we can talk about at high levels easily enough but none of that prevents the people combing through the code to find each and every check of such things and patching them out which I imagine is where the others were heading.

Sure they could start doing multiple firmware updates (traditionally regions were different but this I could see going with odd or even serials say), fast turnaround updates (not terribly hard to randomise locations of patches and do 50 recompiles to be released weekly) at the same time as demanding current for online, and all the other stuff we saw cable/satellite box companies do but that would be a different matter.

 

[The Real Jdbye]

It's hardware based, hence why it's a great security method.

There is no device which has eFuses (Xbox 360, Samsung Galaxy phones ect) that have been spoofed or reversed despite sizeable money incentives.



Read above, has not been done on any device to date.

It is a fairly simple thing to do actually. We can read the fuses in homebrew no problem so we know what code is needed to read the fuses. Simply find that code in the firmware and change it to return whatever we need it to.
I don't know if it's been done before or not so I can't comment on that, but you need full kernel access for it to be possible, which we have on the Switch.

 

[jimmyj]

tbh if you're on a low fw it is important, though even on high fw imo it's still important because say you on 5.1 and a new update drops and 5.1 has a coldboot exploit(just an example) then ofc you want to preserve 5.1 so you can coldboot into sysnand cfw and get redirected to emuNand cfw.

 

[Paspain]

Someone who are actually working on a emunand? Because thats could be great but i dont know anyone who do it... and its extrange because a lot of people (including me) pray for it like a backup loader!! ( in the same priorities)

 

[kumikochan]

Someone who are actually working on a emunand? Because thats could be great but i dont know anyone who do it... and its extrange because a lot of people (including me) pray for it like a backup loader!! ( in the same priorities)

Don't know wich dev it was but it is a dev known for not releasing anything showed a video before on twitter running emunand so I am guessing some are working on it

 

[MatMaf]

Future coldboot solutions on 2.3.0 (my second Switch's firmware) are keeping me on that firmware. I'm not so impatient for free games. I'd rather wait to get coldboot on my sysNAND which could possibly load into an emuNAND on the latest firmware.

 

[Paspain]

Don't know wich dev it was but it is a dev known for not releasing anything showed a video before on twitter running emunand so I am guessing some are working on it

I think thats a dev who months ago just post a picture for a progress in emunand and then ,when their work (hekate) was using for piracy go out of the dev and leave everithing, so.. i thing that is not.

 

[Bedel]

As I said b4, emu could be a good idea if you want to play pirated games offline and the original ones online without ban risk. You could have both updated, and the emunand without conection. It's what I'll recomend to some friends when all this is out and without brick risk.

 

[p2697]

It is a fairly simple thing to do actually. We can read the fuses in homebrew no problem so we know what code is needed to read the fuses. Simply find that code in the firmware and change it to return whatever we need it to.
I don't know if it's been done before or not so I can't comment on that, but you need full kernel access for it to be possible, which we have on the Switch.

It hasn't and there have been some very, very clever people working on it for Samsung phones, as it locks out your warrenty and apps if it blows its one and only eFuse.

Here is the problem, I mentioned eFuses as a way to detect unofficial firmware, but also altering the firmware in any way will change the checksum, if they check that and it doesn't match then the theorteical spoofer would be useless as you would still get banned.

It doesn't matter if you have all the permissions in the world for the device, if it is not byte for byte the same it's detectable.

Right.... that is absolutely my last post as it's Sunday and don't wanna just post all day

 

[subcon959]

People keep bringing up the 3ds

Of course people are going to bring up the 3ds, it's the console that introduced the idea of emuNAND in the first place, and pretty much the only console that had a useful implementation of it.

It´s funny how 90% shout that Emunand is trash but the survey results show the truth. Just let people do what they want and stop forcing them onto something.

Remember those that don't give a crap are less likely to bother coming in and voting No, whereas those that have been waiting/campaigning for it are almost guaranteed to come and vote Yes. So, what the poll is actually showing is an absolute number rather than a percentage.

It's up to the respective dev to decide if it's worth the time and effort to implement for those hundred or so people (out of thousands?).

 

[The Real Jdbye]

It hasn't and there have been some very, very clever people working on it for Samsung phones, as it locks out your warrenty and apps if it blows its one and only eFuse.

Here is the problem, I mentioned eFuses as a way to detect unofficial firmware, but also altering the firmware in any way will change the checksum, if they check that and it doesn't match then the theorteical spoofer would be useless as you would still get banned.

It doesn't matter if you have all the permissions in the world for the device, if it is not byte for byte the same it's detectable.

Right.... that is absolutely my last post as it's Sunday and don't wanna just post all day

That's a completely different thing. You can patch out the checks in the ROM (in fact, Phone Info shows my KNOX warranty void status as 0x0 even though the bootloader shows it as 0x1), but you can't patch out the checks in the bootloader since that can't be modified, and you also can't patch out the checks in whatever software Samsung uses in their repair process. However, we can modify the Switch OS, which is where the checks happen.

 

[8BitWonder]

Wouldn't you be able to install digital titles to the 32GB space that's taken up, as though it were normal internal storage?

If you can then I don't see why people are upset about the 32GB chunk of space being used if they were going to fill it anyway.

 

[nikeymikey]

In my opinion an EmuNand is only useful for those who wish to stay on a lower firmware whilst holding out and hoping for a cold/warmboot exploit. Personally i aint bothered about any of that as my switch sits in the dock All the time so i just use sleep mode and only need to rehack with the dongle if i remove the sd card.