- Joined
- Sep 16, 2011
- Messages
- 634
- Trophies
- 1
- Location
- Illinois
- Website
- elliander.etherealspheres.com
- XP
- 1,459
- Country
I have Two Switches. Both hackable. One (with black joycons) is running SXOS 2.3 Beta with emuNAND and OFW both at 6.0.1. The other is running OFW 6.2.0 and has never touched mods or homebrew. I attempted to use, "Match Version with Local Users" when - without warning - the higher firmware Switch started uploading a system update to the emuNAND which is offline and in Stealth Mode.
I cancelled before it had a chance to complete, and everything was fine. This of course reinforced the need for firmware spoofing since it's a serious problem that an update can be installed like this.
However, I got to thinking, and it also seems like a major vulnerability in the Switch itself. Since it's all done offline, if you can present one Switch to another as having a higher firmware version it will attempt to download and install it. It will just trust that the FW with the higher number is official! This might allow us to use one hackable Switch to inject a CFW onto an "unhackable" Switch without an RCM exploit.
Of course, if that is possible, I imagine it could also be used maliciously to trick random people into installing CFW onto their systems. Imagine the headache Nintendo would have to deal with if, say, someone at some convention center pushed CFW onto everyone. I mean, thankfully, it doesn't just download in the background - the user has to initiate it - but they have no way of knowing that it's not legit and the average user seems to just update without a second thought, so I can see potential problems here as well. Especially if the ban risk is high.
Regardless, it might still be a useful means of code injection if nothing else. Install some payload on a Switch that otherwise can't get the Payload with the update, to then allow it to do something else, like run emuNAND.
What do you guys think? Is it feasible?
I cancelled before it had a chance to complete, and everything was fine. This of course reinforced the need for firmware spoofing since it's a serious problem that an update can be installed like this.
However, I got to thinking, and it also seems like a major vulnerability in the Switch itself. Since it's all done offline, if you can present one Switch to another as having a higher firmware version it will attempt to download and install it. It will just trust that the FW with the higher number is official! This might allow us to use one hackable Switch to inject a CFW onto an "unhackable" Switch without an RCM exploit.
Of course, if that is possible, I imagine it could also be used maliciously to trick random people into installing CFW onto their systems. Imagine the headache Nintendo would have to deal with if, say, someone at some convention center pushed CFW onto everyone. I mean, thankfully, it doesn't just download in the background - the user has to initiate it - but they have no way of knowing that it's not legit and the average user seems to just update without a second thought, so I can see potential problems here as well. Especially if the ban risk is high.
Regardless, it might still be a useful means of code injection if nothing else. Install some payload on a Switch that otherwise can't get the Payload with the update, to then allow it to do something else, like run emuNAND.
What do you guys think? Is it feasible?