Homebrew Switch Hacking & Homebrew Discussion

D

Deleted User

Guest
Is there an alternative to the Kosmos Toolbox for stock Atmosphere?
I want to be able to toggle sysmodules
 
Romreactor

Romreactor

Member
Newcomer
Level 2
Joined
Feb 7, 2019
Messages
23
Trophies
0
Age
32
XP
144
Country
United States
Hey everyone, I had a quick question in regards to Homebrew and the new game Astrol Chains that's coming out by P*. I'm currently on version 4.1 and waiting for new Switch release before installing cf on it. Question is if I buy Astrol Chains in August which would probably require latest version internal update, would I be able to have homebrew access in the long run like by new switch release and after?

Also, I haven't been keeping up to development due to being busy with work, but since I remmeber version closer to 3.0 was as close to the last gold mine unit to homebrew as you could get, is it best for me to stay on 4.1 and just not get the game for now or are there no benefits at this point since its not 3.0 to keep 4.1?
 
Draxzelex

Draxzelex

Well-Known Member
Member
Level 23
Joined
Aug 6, 2017
Messages
19,005
Trophies
2
Age
29
Location
New York City
XP
13,369
Country
United States
Romreactor said:
Hey everyone, I had a quick question in regards to Homebrew and the new game Astrol Chains that's coming out by P*. I'm currently on version 4.1 and waiting for new Switch release before installing cf on it. Question is if I buy Astrol Chains in August which would probably require latest version internal update, would I be able to have homebrew access in the long run like by new switch release and after?

Also, I haven't been keeping up to development due to being busy with work, but since I remmeber version closer to 3.0 was as close to the last gold mine unit to homebrew as you could get, is it best for me to stay on 4.1 and just not get the game for now or are there no benefits at this point since its not 3.0 to keep 4.1?
Click to expand...
The current exploit used is hardware-based, not software. What this means is that your firmware is not at all relevant when it comes to hacking the console. What matters is making sure your hardware is vulnerable which we check via the serial number. You can find a full list of patched and unpatched serial numbers here.

However that doesn't mean you should update immediately. Lower firmware versions may have access to better exploits in the future such as a hypothetical untethered coldboot hack. So the question is how do you update your firmware whilst still being able to take advantage of future exploits on lower firmware versions? By updating your firmware without burning fuses. Fuses are normally designed to prevent you from downgrading. They are burnt when the console turns on normally while you are running a firmware version higher than the current fuse count. Part of the exploit involves sending a payload via USB and this payload can also act as a custom bootloader bypassing this fuse check allowing us to run higher firmware versions without burning additional fuses. This is achieved by enabling AutoRCM which ensures that the console is only turned on when using a custom bootloader. As for how to update without burning fuses, the best way is with the homebrew application ChoiDujourNX.
 
  • Like
Reactions: Romreactor
Romreactor

Romreactor

Member
Newcomer
Level 2
Joined
Feb 7, 2019
Messages
23
Trophies
0
Age
32
XP
144
Country
United States
Draxzelex said:
The current exploit used is hardware-based, not software. What this means is that your firmware is not at all relevant when it comes to hacking the console. What matters is making sure your hardware is vulnerable which we check via the serial number. You can find a full list of patched and unpatched serial numbers here.

However that doesn't mean you should update immediately. Lower firmware versions may have access to better exploits in the future such as a hypothetical untethered coldboot hack. So the question is how do you update your firmware whilst still being able to take advantage of future exploits on lower firmware versions? By updating your firmware without burning fuses. Fuses are normally designed to prevent you from downgrading. They are burnt when the console turns on normally while you are running a firmware version higher than the current fuse count. Part of the exploit involves sending a payload via USB and this payload can also act as a custom bootloader bypassing this fuse check allowing us to run higher firmware versions without burning additional fuses. This is achieved by enabling AutoRCM which ensures that the console is only turned on when using a custom bootloader. As for how to update without burning fuses, the best way is with the homebrew application ChoiDujourNX.
Click to expand...

Oh awesome, I remember when I got the switch I made sure the serial numbers checked and they were in the green zone from that thread. Also, to my understanding, basically once I install custom firmware with the jig method, and back up the system Nand, I can use the custom homebrew application ChoiDojourNX to update my system to latest firmware and play any new switch game released without burning any fuses which are responsible to locking boot-loader from downgrading to my initial older version that down the line can be used to initiate cold boot hacks if and when they come out.

Last question would online play also work with ChoiDojourNX or its not recommended and best used to only play new games offline?

Hopefully I understood that correctly, let me know and thanks =)
 
Draxzelex

Draxzelex

Well-Known Member
Member
Level 23
Joined
Aug 6, 2017
Messages
19,005
Trophies
2
Age
29
Location
New York City
XP
13,369
Country
United States
Romreactor said:
Oh awesome, I remember when I got the switch I made sure the serial numbers checked and they were in the green zone from that thread. Also, to my understanding, basically once I install custom firmware with the jig method, and back up the system Nand, I can use the custom homebrew application ChoiDojourNX to update my system to latest firmware and play any new switch game released without burning any fuses which are responsible to locking boot-loader from downgrading to my initial older version that down the line can be used to initiate cold boot hacks if and when they come out.

Last question would online play also work with ChoiDojourNX or its not recommended and best used to only play new games offline?

Hopefully I understood that correctly, let me know and thanks =)
Click to expand...
Its not a good idea to play a hacked console online with or without ChoiDujourNX. You also do not install CFW on the Switch. Lastly, we technically already have cold boot; the current exploit, Fusee Gelee, translates to frozen rocket which is in reference to sending payloads in cold boot.
 
Romreactor

Romreactor

Member
Newcomer
Level 2
Joined
Feb 7, 2019
Messages
23
Trophies
0
Age
32
XP
144
Country
United States
Draxzelex said:
Its not a good idea to play a hacked console online with or without ChoiDujourNX. You also do not install CFW on the Switch. Lastly, we technically already have cold boot; the current exploit, Fusee Gelee, translates to frozen rocket which is in reference to sending payloads in cold boot.
Click to expand...

Sweet, k so to my understanding, with my 4.1 FM and system hardware, I can flash Fusee Gelee with an RCM Jig, and from there use Fusee Gelee to back up my Nand and then use ChoiDojourNX to update my firmware to play new games, like Astrol Chains offline with out burning any fuses. All with the benefit of cold booting, where there is no need to insert the RCM Jig every time to boot Fusee Gelee.

Hope I got that correctly, and sorry for my newbiness just don't want to get this wrong and break my device =D. Thanks.
 
Itsuki235

Itsuki235

Well-Known Member
Member
Level 3
Joined
Jun 13, 2019
Messages
228
Trophies
0
XP
368
Country
United States
Sweet, k so to my understanding, with my 4.1 FM and system hardware, I can flash Fusee Gelee with an RCM Jig, and from there use Fusee Gelee to back up my Nand
Click to expand...
Some terminology fixes:

"Fusee Gelee [FG]", aka the "RCM bug", refers to the vulnerability itself. A "payload" refers to a "Fusee Gelee compatible payload" that can be used when the switch is in recovery mode [RCM] to run native code. There are many different programs that run native code, like Lockpick_RCM, Hekate (bootloader), various stub loaders, sept and even a Linux distribution.

To run custom firmware (CFW) using the native switch operating system (called "Horizon"), the switch must first be put into recovery mode. While the switch is OFF, this is done by shorting pin 10 of the right joy-con (typically done by using an "RCM Jig"), holding the volume + button and the power button for 5 seconds. The switch will turn on but nothing will display on the screen. A FG payload needs to be pushed to it.

The best FG payload to push initially is "Hekate" which is used as a bootloader or chain bootloader for other FG payloads, to perform NAND + Boot0/1 backups, enable AutoRCM and set CFW to autoboot. Hekate, an FG payload, can be pushed from PC using a "TegraRCMGUI" with a USB to USB C cable after installing the correct driver or using a switch "dongle", which is a small rechargeable battery powered circuit board designed to push a stub loader that is statically configured to load a FG payload from the inserted SDXC card in the switch (usually "SD:/payload.bin" or similar).

After creating a backup, enabling RCM, backing up system info and selecting autoboot, hekate can launch->CFW to boot Atmosphere, which is one possible CFW for the Switch.

Note that no current cold boot exploit exists for the switch. Enabling AutoRCM WILL negate the need for a "Jig" to enter recovery mode but NOT negate the need for the need to push a FG compatible payload to the switch after cold booting. Basically, Hekate needs to get pushed to the switch after every reboot so usually a "Dongle", "modchip" or "TegraRCMGUI" is still needed. A coldboot exploit would theoretically negate the need for this, thus while FG allows for CFW, it should be considered a "tethered" exploit.

Enabling AutoRCM is what prevents the burning of fuses since any FG payloads that launch after that will already be past the part of the bootloader/ipatch code that burns fuses. Disabling AutoRCM and cold booting into OFW (without going into recovery mode) is the only way to burn fuses typically.
 
  • Like
Reactions: Romreactor
Megadriver94

Megadriver94

Well-Known Member
Member
Level 10
Joined
Aug 11, 2017
Messages
529
Trophies
0
Location
Earth
XP
1,962
Country
United States
HBGshop is overrated, and I'd either rather get Tinfoil(which the ReSwitched HBGshop stole some of its code from), stick to the manual way, OR wait for a Switch version of CIAngel or Vita PKG.
 
Megadriver94

Megadriver94

Well-Known Member
Member
Level 10
Joined
Aug 11, 2017
Messages
529
Trophies
0
Location
Earth
XP
1,962
Country
United States
Idontknowwhattoputhere said:
What are you smoking?
ReSwitched does not support piracy
And CiaAnglel for the switch will never happen
Click to expand...
>ReSwitched does not support piracy
Oh, ok then.
>CIAngel for the Switch will never happen
WRONG, punk!
LIAR.gif
 
Last edited by Megadriver94,

Site & Scene News

Go to forum More news

Popular threads in this forum

The MIG Switch Thread

Kingdom Come Deliverance Nswitch MOD

Homebrew Tutorial  Building Pagascape from source to running Self Hosted mode on Windows and MSYS

mig switch not working/updating??

Hacking Homebrew Tutorial  Portable PegaScape (Win32)

Hacking Misc  Getting the MIG Switch to load an XCI dump without its original Initial Data

Fusee.bin with the new Pre-release of Atmoshere 1.7.0

DBI language error

General chit-chat
Help Users
    Sonic Angel Knight @ Sonic Angel Knight: :ninja: