​

Stuckpixel of the ReSwitched team recently released his exploit "Nereba".

This exploit will enable Nintendo Switch owners with early units that have held off updating, still on the original 1.0.0 firmware to reboot into a Fusée Gelée payload without any dongle, USB connections to a external device or jig directly from stock untouched firmware. In addition support for 2.x and 3.x firmware is also planned in the future, opening up the exploit to significantly more consoles.

The implementation takes advantage of the nspwn exploit, that users of the original 3.0.0 homebrew implementation will be familiar with. Used in conjunction with this, users will be able to boot any Fusee Gelee payload from the micro SD card, placed in the nereba folder on the root of the SD card. After running the script from the Switch web applet, users can reboot into any payload by launching the album applet from the home menu.

Download:

https://github.com/pixel-stuck/nereba/releases

 

[raxadian]

And I can guarantee that scalpers are going to be greedy assholes about it on eBay.

Eventually a downgrade option will be available and people who paid more for a 1.x Switch will feel like idiots.

 

[Hayato213]

And I can guarantee that scalpers are going to be greedy assholes about it on eBay.

People can put anything on eBay for any price, it up to the other person who buying it if they willing to spend the money, I did managed to get few people to pay $200 buck for stuff that I paid like 30 bucks for lol but it was some rare stuff, a kyogre cover plate from the Japanese exclusive N3DS bundle, and the Boo 3DS cover plate, man people are will to pay. Sorry to says that I am a scalper when I can.

 

[linuxares]

Eventually a downgrade option will be available and people who paid more for a 1.x Switch will feel like idiots.

You can downgrade today, but still need the use of a CFW to boot however

 

[M7L7NK7]

Eventually a downgrade option will be available and people who paid more for a 1.x Switch will feel like idiots.

Never seen someone pay inflated prices, seems everyone who has one either kept it boxed or saved their fuses while updating and used it normally

 

[Hayato213]

Eventually a downgrade option will be available and people who paid more for a 1.x Switch will feel like idiots.

You can always downgrade to any firmware and use a custom bootloader but you can't edit fuse, maybe when you can edit fuse count then yea.

 

[ZachyCatGames]

Exploit through the browser and from there the sd card through the album. Similar to what we had on 3.0 but instead of the homebrew channel loading it will now load cfw thanks to fuse gelee

This doesn’t involve Fusee Gelee in any way

what would happen if we launch that on a Patched Switch
I know that only works on 1.0.0
but whats about nxhax and then Reboot To Payload
Does that works?

If you somehow got a 1.0.0 FG patched system, it’d probably work fine

 

[the_randomizer]

Eventually a downgrade option will be available and people who paid more for a 1.x Switch will feel like idiots.

Yeah and I bet there'll be a softmod option for 8.x.x users as well, right? I have a lot of cynicism towards Switch homebrew development as a whole.

People can put anything on eBay for any price, it up to the other person who buying it if they willing to spend the money, I did managed to get few people to pay $200 buck for stuff that I paid like 30 bucks for lol but it was some rare stuff, a kyogre cover plate from the Japanese exclusive N3DS bundle, and the Boo 3DS cover plate, man people are will to pay. Sorry to says that I am a scalper when I can.

And as long as people will enable scalpers, that'll never change.

 

[jammybudga777]

i asked earlier if downgrading would be an issue from 6.2 to 3.0 (was done official way so burnt fuses) i got told its not possible. but yet im reading in ChoiDujour guide that fuses now dont matter? could someone just tell me whats actually the correct answer please lol

 

[thla]

i asked earlier if downgrading would be an issue from 6.2 to 3.0 (was done official way so burnt fuses) i got told its not possible. but yet im reading in ChoiDujour guide that fuses now dont matter? could someone just tell me whats actually the correct answer please lol

When you update Nintendo has the option of "burning a fuse", quite literally it's permanently modifying the hardware. You can't un-modify the fuses (practically) and the software won't boot with the incorrect fuses set.

But of course it might be possible to circumvent the hardware side if the device is compromised.

 

[jammybudga777]

When you update Nintendo has the option of "burning a fuse", quite literally it's permanently modifying the hardware. You can't un-modify the fuses (practically) and the software won't boot with the incorrect fuses set.

But of course it might be possible to circumvent the hardware side if the device is compromised.

i no how the fuses burn if you update legitly. but im being passed information that contradicts more information im reading. alot of people are saying fuses dont matter anymore? and others are saying i can still return to a lower firmware even after burning fuses?

 

[M7L7NK7]

You can but if your fuse count doesn't match the firmware you HAVE to use a usb injection to turn your switch on

 

[Garrincho]

i no how the fuses burn if you update legitly. but im being passed information that contradicts more information im reading. alot of people are saying fuses dont matter anymore? and others are saying i can still return to a lower firmware even after burning fuses?

You can downgrade to any firmware you want, anytime, no matter the fuses.

BUT

To boot it if you burned more fuses than the corresponding ones for that FW, you'd still need to use a custom bootloader (in essence rcm exploit ) since the official one will refuse to do so.

So even if you did that, why would you want to enter rcm, start the switch, use this software exploit and reboot again to cfw? You'd just use the old RCM method and go to cfw.

 

[jammybudga777]

You can downgrade to any firmware you want, anytime, no matter the fuses.

BUT

To boot it if you burned more fuses than the corresponding ones for that FW, you'd still need to use a custom bootloader (in essence rcm exploit ) since the official one will refuse to do so.

So even if you did that, why would you want to enter rcm, start the switch, use this software exploit and reboot again to cfw? You'd just use the old RCM method and go to cfw.

thanks for explaining. obviously i wouldnt when you put it like that.

 

[kumikochan]

thanks for explaining. obviously i wouldnt when you put it like that.

Sorry didn't mean to quote you, was on the wrong tab lol

--------------------- MERGED ---------------------------

This doesn’t involve Fusee Gelee in any way

If you somehow got a 1.0.0 FG patched system, it’d probably work fine

It does and it even says so in the first post. '' still on the original 1.0.0 firmware to reboot into a Fusée Gelée payload without any dongle, ''

 

[TP998]

And I can guarantee that scalpers are going to be greedy assholes about it on eBay.

Not really sure there is a market for 1.0.0 consoles, the exploit still needs Emunand.

When it comes however, you'll be faced with two options:

1) Sysnand on low firmware (offline) > Warmboot > Emunand (offline)
2) Sysnand on latest (online) > RCM > Emunand (offline)

As it's not possible to be safe online using Emunand due to it being easily detected and redirecting everything to an sdcard, I can see the vast majority of the community using option 2, because they are already using RCM and they can use their sysnand for retail/f2p games, not sure warmboot is worth exiling yourself from online.

It's the one thing that TX have going for them.

 

[DrDoctor]

I assume this leaves traces, correct?

 

[ZachyCatGames]

It does and it even says so in the first post. '' still on the original 1.0.0 firmware to reboot into a Fusée Gelée payload without any dongle, ''

The payloads aren’t Fusee Gelee specific, Atmosphere’s reboot to payload feature doesn’t involve FG as well. This uses Dormez Vous combined with some other exploits

 

[kumikochan]

The payloads aren’t Fusee Gelee specific, Atmosphere’s reboot to payload feature doesn’t involve FG as well. This uses Dormez Vous combined with some other exploits

Doesn't deja vu use the wekbit exploit to give more userland privileges wich eventually leads to fuse gelee rebooting in to cfw ?

 

[Deleted-442439]

Thanks JJ, very cool!

Danke

Doesn't deja vu use the wekbit exploit to give more userland privileges wich eventually leads to fuse gelee rebooting in to cfw ?

Deja Vu allows you to reboot to payload through arbitrary TrustZone/BootROM code execution. By using either the original Jamais Vu exploit (<6.0.0) and warmboot exploit for higher.

It also uses webkit as a entry-point, but it is not related to nspwn, separate exploits, but same entry point.

The loaded payloads, are indeed the same as used for FG, but the exploit is separate, hence why it works on Ipatched units.

 

[kumikochan]

Danke


Deja Vu allows you to reboot to payload through arbitrary TrustZone/BootROM code execution. By using either the original Jamais Vu exploit (<6.0.0) and warmboot exploit for higher.

It also uses webkit as a entry-point, but it is not related to nspwn, separate exploits, but same entry point.

The loaded payloads, are indeed the same as used for FG, but the exploit is separate, hence why it works on Ipatched units.

Well thanks for letting me know, wasn't sure but this is a good explanation so thanks for that. Know a lot of stuff but i am in a lot of scenes so don't know what's up with everything 100 percent exactly but learned something new thanks to you