Hacking Nintendo Switch Banning Hub & Warning

Cyber Akuma

Well-Known Member
Member
Joined
Mar 12, 2009
Messages
330
Trophies
1
XP
1,144
Country
United States
Hekate is not a CFW, it is a bootloader aka the tool used to run CFW like Atmosphere, ReiNX, or SX OS.

The issue with firmware 6.2 in a nutshell is that in order to patch the firmware, it needs to be decrypted. These keys were all kept in the bootloader which we had full access to. Now one of the keys is in another chip outside of the bootloader known as the TSEC and we can't access the TSEC without a TSEC exploit. This will be a problem for CFW and piracy down the road if not cracked once games are encrypted with this key because we can't dump anything that uses it.

I see, so then the issue with not getting my 6.1 keys before I update to 6.2 would be that I would not be able to downgrade to 6.1 (though since that would lock me out of any 6.2 or later games, that would still be it's own issue) and not be able to install any CFW at all until someone manages... if they manage... to find a TSEC exploit?

From what I understand though with how the efuse thing works, the official firmware is coded to make sure a certain set of efuses are not blown, and if the number blown is larger than the number not blown it will refuse to boot, right? I always assumed it was something in the CPU itself doing the check somehow, so if it's purely in the software, would someone be able to remove that check somehow in a CFW? Or are we not able to decrypt and re-encrypt/compile that part of the firmware that has the efuse check?

And if a TSEC exploit is found, does that mean there would have been any benefit to backing up my 6.1 keys if I had waited to hack my Switch until then?
 

Draxzelex

Well-Known Member
OP
Member
Joined
Aug 6, 2017
Messages
18,986
Trophies
2
Age
29
Location
New York City
XP
13,326
Country
United States
I see, so then the issue with not getting my 6.1 keys before I update to 6.2 would be that I would not be able to downgrade to 6.1 (though since that would lock me out of any 6.2 or later games, that would still be it's own issue) and not be able to install any CFW at all until someone manages... if they manage... to find a TSEC exploit?

From what I understand though with how the efuse thing works, the official firmware is coded to make sure a certain set of efuses are not blown, and if the number blown is larger than the number not blown it will refuse to boot, right? I always assumed it was something in the CPU itself doing the check somehow, so if it's purely in the software, would someone be able to remove that check somehow in a CFW? Or are we not able to decrypt and re-encrypt/compile that part of the firmware that has the efuse check?

And if a TSEC exploit is found, does that mean there would have been any benefit to backing up my 6.1 keys if I had waited to hack my Switch until then?
Well keys have nothing to do with downgrading or upgrading, those are due to fuses. And currently, you can't run firmware 6.2 without burning fuses.

The fuse check is done by the bootloader. And we cannot replace anything permanently in the bootloader because we don't have Nintendo's personal 2, 048 character signing key. Cracking that is virtually impossible and the only theoretical way of obtaining that is by raiding their HQ because with this key, we would have 100% control of the console.

Again, a TSEC exploit and dumping your keys are two different matters. Access to the TSEC allows us to use the RCM exploit on firmware 6.2. Console keys are used for a wide variety of purposes but none of them relate to launching CFW.
 
  • Like
Reactions: Cyber Akuma

JeepX87

Well-Known Member
Member
Joined
Aug 17, 2016
Messages
1,722
Trophies
0
Age
36
XP
3,217
Country
United States
Well keys have nothing to do with downgrading or upgrading, those are due to fuses. And currently, you can't run firmware 6.2 without burning fuses.

The fuse check is done by the bootloader. And we cannot replace anything permanently in the bootloader because we don't have Nintendo's personal 2, 048 character signing key. Cracking that is virtually impossible and the only theoretical way of obtaining that is by raiding their HQ because with this key, we would have 100% control of the console.

Again, a TSEC exploit and dumping your keys are two different matters. Access to the TSEC allows us to use the RCM exploit on firmware 6.2. Console keys are used for a wide variety of purposes but none of them relate to launching CFW.

Oh wow, it means all Switch with 6.2 are unhacked for good? SX products are died?
 

Draxzelex

Well-Known Member
OP
Member
Joined
Aug 6, 2017
Messages
18,986
Trophies
2
Age
29
Location
New York City
XP
13,326
Country
United States
Oh wow, it means all Switch with 6.2 are unhacked for good? SX products are died?
Well, nothing is impossible to crack because it was made by a human. The only issue is the scene has enough persistence and determination to hack it hence why Nintendo platforms tend to get cracked faster and by more people overall than say Microsoft or Playstation devices (there's also the metric of security which I'm ignoring in this example). The usage of the TSEC in firmware 6.2 just means the Nintendo Switch has to be hacked...again. Whether its a userland exploit which leads to the traditional cat-and-mouse game that can drag out forever or another stroke of luck similar to Fusee Gelee, this firmware is halting all progress on CFW until further notice. It could be accomplished tomorrow or next year, there's really no telling. A year ago, firmware 3.0 was considered the motherload, now its anything below 6.2. Just remember the lower the firmware, the better and you will never go wrong in the console hacking scene.
 

JeepX87

Well-Known Member
Member
Joined
Aug 17, 2016
Messages
1,722
Trophies
0
Age
36
XP
3,217
Country
United States
Well, nothing is impossible to crack because it was made by a human. The only issue is the scene has enough persistence and determination to hack it hence why Nintendo platforms tend to get cracked faster and by more people overall than say Microsoft or Playstation devices (there's also the metric of security which I'm ignoring in this example). The usage of the TSEC in firmware 6.2 just means the Nintendo Switch has to be hacked...again. Whether its a userland exploit which leads to the traditional cat-and-mouse game that can drag out forever or another stroke of luck similar to Fusee Gelee, this firmware is halting all progress on CFW until further notice. It could be accomplished tomorrow or next year, there's really no telling. A year ago, firmware 3.0 was considered the motherload, now its anything below 6.2. Just remember the lower the firmware, the better and you will never go wrong in the console hacking scene.

Interesting, do you know about Save Wizard's save resigner for PS4? Sony's encryption key to encrypt the saves have been cracked within less than week now, so it used to be 3 weeks to 1 month before. Is it same situation with Nintendo Switch?
 

Draxzelex

Well-Known Member
OP
Member
Joined
Aug 6, 2017
Messages
18,986
Trophies
2
Age
29
Location
New York City
XP
13,326
Country
United States
Interesting, do you know about Save Wizard's save resigner for PS4? Sony's encryption key to encrypt the saves have been cracked within less than week now, so it used to be 3 weeks to 1 month before. Is it same situation with Nintendo Switch?
I keep very light tabs on the PS4 scene. Basically my console was stuck on a firmware above 4.5.5 but then finally an update for 5.0.5 was dropped and I hacked my PS4. Now that Spyro is out, I just check constantly if there is news for me to play that without updating my PS4 or buying a second one but I think I'm going to have to go with the latter option.

With that being said, I stand by what I said earlier. It could be hacked at anytime. The TSEC is a black box to the hacking scene. Since it is its own chip, it needs its own exploit because the RCM exploit does not give any access to the TSEC. There is no ETA on when we will crack TSEC and/or have support for firmware 6.2 but early signs aren't looking good.
 
  • Like
Reactions: JeepX87

Joshua Wright

Well-Known Member
Member
Joined
Nov 25, 2015
Messages
199
Trophies
0
Age
29
Location
Halfway between TidePods and Bleach
XP
206
Country
United States
I keep very light tabs on the PS4 scene. Basically my console was stuck on a firmware above 4.5.5 but then finally an update for 5.0.5 was dropped and I hacked my PS4. Now that Spyro is out, I just check constantly if there is news for me to play that without updating my PS4 or buying a second one but I think I'm going to have to go with the latter option.

With that being said, I stand by what I said earlier. It could be hacked at anytime. The TSEC is a black box to the hacking scene. Since it is its own chip, it needs its own exploit because the RCM exploit does not give any access to the TSEC. There is no ETA on when we will crack TSEC and/or have support for firmware 6.2 but early signs aren't looking good.
We just have to patience with the switch. It took years before the 3ds was completely blown apart. And it'll take more time with the switch because of the security. But we'll find a hole in it (The TSEC will prob be a nightmare tho)

Also for anyone who doesn't know what the TSEC is here:https://switchbrew.org/wiki/TSEC
 
Last edited by Joshua Wright, , Reason: More info

medoli900

Open the Benzenes;Gate
Member
Joined
Jan 7, 2013
Messages
1,116
Trophies
0
Location
Lavender Town
XP
1,316
Country
Antarctica
I would also like to know if the modification of the Joycon colors is something that Nintendo keeps in check. Obviously, we are talking about the internal data telling the Switch which color to shows for the connected Joycon.
 

Sadman

Member
Newcomer
Joined
Jul 9, 2006
Messages
17
Trophies
0
XP
233
Country
Hey, a question:

How risky is it *briefly* booting into OFW with the SD card you use for SX OS?

I always take it out when using the sysNAND but sometimes I fail the RCM process and briefly boot into OFW. I guess that's enough time for the Nintendo telemetry to check if there are .xci files or a boot.dat file in the SD card:(
 

Draxzelex

Well-Known Member
OP
Member
Joined
Aug 6, 2017
Messages
18,986
Trophies
2
Age
29
Location
New York City
XP
13,326
Country
United States
Hey, a question:

How risky is it *briefly* booting into OFW with the SD card you use for SX OS?

I always take it out when using the sysNAND but sometimes I fail the RCM process and briefly boot into OFW. I guess that's enough time for the Nintendo telemetry to check if there are .xci files or a boot.dat file in the SD card:(
Nintendo doesn't need to nor do they scan the SD card for files. The reason being files on an SD card don't indicate whether or not a console is hacked. If an unhacked console uses the same SD card as a hacked console, then there is no evidence for Nintendo to ban the unhacked console because files on an SD card amount to nothing more than files on an SD card. If they were to ban that console, that would be a false ban which you could fight to get unbanned but because it would lead to a false ban, they would not ban it in the first place.

Anyways, booting in OFW is safer than say booting in CFW but it will still transmit traces of CFW such as bogus error codes or whatever traces .XCI files leave on the system.
 
  • Like
Reactions: Sadman

Aternel

Well-Known Member
Member
Joined
Aug 14, 2015
Messages
242
Trophies
0
XP
397
Country
Hey! I’m on 6.1.0, never hacked anything on my launch day Switch. Could I theoretically: Turn on airplane mode, backup my 6.1 NAND just incase I need to restore it (would that count as a downgrade, burning fuses, etc?), update to 6.2 so I can legally play online and then never touch CFW again until ban-prevention methods are found? All of that without risking a ban, and losing my save data? I want to make a clean backup just don’t want to miss out on hacking possibilities if the community doesn’t find a new way to hack beyond 6.2, or whatever patch comes next. If I understand correctly, I don't need to use CFW or Homebrew to backup my NAND, so the Switch should remain "hack-free"? Thanks!
 
Last edited by Aternel,

bad361

Well-Known Member
Member
Joined
Jun 18, 2018
Messages
1,168
Trophies
0
Location
Moscow
XP
2,443
Country
Russia
Ban? N
SX OS used? N
Did you play any .XCI files online with a certificate/header? N
Do you have a certificate/header ban (look for error code 2124-4025)? N
Non-TX Layered FS Used? N
Did you connect to the Internet with a non-TX LayeredFS Inject? N
Played online w/ Non-TX Layered FS Injects? N

Used DevMenu? N
Installed any .NSP? Y
Did you connect to the Internet w/ any .NSP installed? Y
Did you play any .NSP installed online? N
Did you perform any CDN/Freeshop downloading with your own Switch's certificate? N
Backups updated? N
Homebrew/non-TX CFW Used? Y
Connect to Internet w/ homebrew/non-TX CFW? Y
Connect to eShop while using CFW/homebrew? Y
AutoRCM? N
Did you update your firmware w/o burning fuses? N
Did you install the exFAT update offline? N

What firmware(s) were you on when you cleared error logs prior to going online? Cleared logs once on 5.1.0
Disabled "Send Error Information" in System Settings? Y
Wi-Fi settings deleted? Y/N (i connect to wifi manually when i need to, i guess it's YES then)
Airplane mode? Y (i always turn it on while playing to save battery, its a habit already)
Auto-Update Software Enabled in System Settings? N
Can you use the eShop on the Switch? Y
Can you login to Nintendo's website using your linked Nintendo Account? Y
Can you update your system firmware? Y

Console/Account Region(s) RU
Trimmed .XCI? N
Got banned after accidentallly udating from 5.1 to 6.0 (official update ofc). My own botw game told me there was a software update for it and thought it was just for the game...I hit the update button and it turned out to be a firmware update :D. Never gonna fall for that again. Happened when 6.0 was the latest. Before that update i played nsp's, used homebrews and emulators, never played online and never updated anything "pirated" online. Guess there's something definately they check duting ofw updates, since only after that i got banned (not a cdn ban, just eshop access and online i guess, but i dont care for that). Hope it helps in some way to gather more info on bans.
 
Last edited by bad361,
  • Like
Reactions: Joshua Wright

LoneFlo

Well-Known Member
Member
Joined
Oct 20, 2015
Messages
180
Trophies
0
XP
765
Country
France
I was wondering... If I get banned, will I be able to transfert my account to a new Switch ? I got some troubles with the 3DS in the past. :unsure:
 

Draxzelex

Well-Known Member
OP
Member
Joined
Aug 6, 2017
Messages
18,986
Trophies
2
Age
29
Location
New York City
XP
13,326
Country
United States
Hey! I’m on 6.1.0, never hacked anything on my launch day Switch. Could I theoretically: Turn on airplane mode, backup my 6.1 NAND just incase I need to restore it (would that count as a downgrade, burning fuses, etc?), update to 6.2 so I can legally play online and then never touch CFW again until ban-prevention methods are found? All of that without risking a ban, and losing my save data? I want to make a clean backup just don’t want to miss out on hacking possibilities if the community doesn’t find a new way to hack beyond 6.2, or whatever patch comes next. If I understand correctly, I don't need to use CFW or Homebrew to backup my NAND, so the Switch should remain "hack-free"? Thanks!
Possibly but if you're going to be waiting on a "ban-prevention" method, you may be left waiting until the Switch's EOL. There is nothing better than dumping and restoring a clean NAND.
I was wondering... If I get banned, will I be able to transfert my account to a new Switch ? I got some troubles with the 3DS in the past. :unsure:
A Nintendo Account can be shared across multiple consoles so you don't really "transfer" the account, you just set that console as a Secondary Device. If you want another console to be the Primary, which will allow it to play games owned by account offline, then you can do that on their website but are limited to doing it once a year.
 
  • Like
Reactions: LoneFlo

LucioDragon

Well-Known Member
Member
Joined
Jun 21, 2018
Messages
147
Trophies
0
Age
28
XP
812
Country
Chile
In the light of games being released way earlier from the release date (like pokemon let's go or super smash bros ultimate)
Shouldn't we add "played games before release date" as a ban trigger? Like in the 3ds people got insta banned for playing s/m us/um early
 

Draxzelex

Well-Known Member
OP
Member
Joined
Aug 6, 2017
Messages
18,986
Trophies
2
Age
29
Location
New York City
XP
13,326
Country
United States
In the light of games being released way earlier from the release date (like pokemon let's go or super smash bros ultimate)
Shouldn't we add "played games before release date" as a ban trigger? Like in the 3ds people got insta banned for playing s/m us/um early
Not really. Playing the game early is in fact not a ban trigger otherwise every single video game reviewer would get flagged. What did trigger these bans is playing the games online early. I played both S/M and US/UM early but my 3DS isn't banned.
 
  • Like
Reactions: LucioDragon

LucioDragon

Well-Known Member
Member
Joined
Jun 21, 2018
Messages
147
Trophies
0
Age
28
XP
812
Country
Chile
Not really. Playing the game early is in fact not a ban trigger otherwise every single video game reviewer would get flagged. What did trigger these bans is playing the games online early. I played both S/M and US/UM early but my 3DS isn't banned.
So playing ssbu offline in xci shouldn't make a big red Flag for the nintendo?
You know, a big red Flag like when someone installs nsp
 

Draxzelex

Well-Known Member
OP
Member
Joined
Aug 6, 2017
Messages
18,986
Trophies
2
Age
29
Location
New York City
XP
13,326
Country
United States
So playing ssbu offline in xci shouldn't make a big red Flag for the nintendo?
You know, a big red Flag like when someone installs nsp
Unless Nintendo has a list of every video game reviewers Nintendo Accounts and Users, just because the initial play time started before the release data doesn't mean you'll get banned. I should also mention that stores also breaking street date which isn't necessarily a violation of the Terms of Service...I think.
 

ikithme

Well-Known Member
Member
Joined
Mar 28, 2015
Messages
166
Trophies
0
XP
315
Country
United States
Not sure if this was mentioned earlier in the thread but my banned switch that was getting errors when trying to updated the system legitimately when 6.1 came out just downloaded the 6.2 update just fine from Nintendo and is now prompting for an update.

Edit: Wait nevermind I just thought of something, does Pokemon Lets Go have 6.2 on board?
 
Last edited by ikithme,

Draxzelex

Well-Known Member
OP
Member
Joined
Aug 6, 2017
Messages
18,986
Trophies
2
Age
29
Location
New York City
XP
13,326
Country
United States
Not sure if this was mentioned earlier in the thread but my banned switch that was getting errors when trying to updated the system legitimately when 6.1 came out just downloaded the 6.2 update just fine from Nintendo and is now prompting for an update.
That just means you're not CDN banned but soft banned. The only difference between a CDN ban and a normal ban is that CDN bans prevent system updates but it seems that Nintendo has converted all CDN bans back to normal bans.
 

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
  • No one is chatting at the moment.
    LeoTCK @ LeoTCK: yes for nearly a month i was officially a wanted fugitive, until yesterday when it ended