Hacking Mariko revision. Does nobody care about hacking these?

[Draxzelex]

So what, am I seriously just going to shell out $60 when Nintendo releases another game I want?

Or...you can just not buy games.

 

[A Generic User]

So what, am I seriously just going to shell out $60 when Nintendo releases another game I want?

I mean.... you bought the 300 dollar tablet for the games you want first, yes?

 

[Spider_Man]

to be fair, save money, dont buy a switch as its littered with wii u ports.

 

[SciresM]

if you don't mind me asking, (since you are here) for unpatched units Is 7.0 software cfw exploit realistic or not? I don't mean now or the near future.

(I don't want to hold you by the books since you already do so much for the community, and would be really rude and unrealistic to ask for a time or date. As I'd imagine your more busy keeping up with Nintendo's shenanigans per update and continued implementation/expanding features of atmosphere)

But I heard that 7.0 is the last software entry point that can have cfw. Has something got in the way of that by any chance?

That's a super "eventually" thing.

On < 8.x Erista units, TrustZone can be compromised if you control the bpmp at wake-from-sleep.

In practice, this means a full userland compromise is needed.

You can maybe do some stuff with tsec or GPU dma if you compromise nvservices, but it needs research and isn't straightforward.



So, pieces needed for cfw on a < 8.0.0 erista console:
* Console is not update nagged (this is unfixable).
* Browser exploit.
* nvservices exploit.
* Further userland escalation.
* TrustZone compromise.

Stuff we have:
* TrustZone compromise.

Stuff we kind of have:
* Browser exploit (I have a webkit 0-day, but I would like to avoid burning it for something like this when it might be useful to me if I want to look at PS5 or a future console).
* The userland escalation bit via tsec or gpu, but this would probably be 50-100 hours of research/work once an nvservices compromise is in hand.

Stuff we don't have:
* nvservices compromise.

Nvservices is pretty dogshit from a security pov, and it's all nvidia code and not Nintendo code -- this means it's lower security.

I'm sure nvservices vulnerabilities exist to be found, but I don't actually have one.

Combining all those factors, it's just super low priority. I expect "eventually" it'll happen, but like...don't expect it any time soon, and it's not an area of active work on my part, especially since it would be so much work and so few people will benefit from it.

So what, am I seriously just going to shell out $60 when Nintendo releases another game I want?

Even ignoring the fact that I and other hackers don't support and aren't motivated by piracy, it may surprise you to learn that the fact that you don't want to pay for games doesn't make exploitable bugs magically exist.

Perhaps a clear analogy: I'd prefer not to have to pay my rent. Unfortunately my apartment's lease, like Mariko units, doesn't have any exploitable bugs. My not wanting to pay my rent doesn't make any bugs exist in my lease.

My options, then, are to pay my rent or live somewhere else.

Your options are to buy switch games, or not play games on your switch.

 

[godreborn]

the ones who complain about a $60 game are the same ones who get pissed off at theflow for making 10 grand for disclosing an exploit on the ps4. they do absolutely nothing in the scene, yet they feel entitled.

 

[zenjiki]

We have 3 OG switches all unbanned and just been used for retrogaming with emulators I'll sell you 1. How much you willing to pay to not pay $60 for new games? lol Love my retrogaming though, so its going to cost.

 

[JeepX87]

DM me a link, please!

SX Core and SX Lite are no longer manufactured so don't bother to hunt for this and cost is going up due to higher demand.

You have to wait for next clone in near future.

So what, am I seriously just going to shell out $60 when Nintendo releases another game I want?

I have no sympathy for people whoever pirate the game and you just contaminated the CFW that supposed to use with homebrew, save sharing and cheating, so you gave Nintendo a major reason to crack all of us who use CFW down because you want to pirate the game.

Go find a job or ask your boss for pay raise if they don't pay you enough.

I'm not going assist with people whoever want to pirate the games and you are on own.

SX Core and SX Lite are no longer manufactured, anyway.

Edit: I don't mean to be rude to you and it is very bad deal to bring up about pirated games.

 

[Deleted member 546149]

It has been 4 full years since the Switch has been released, and 2 years since Mariko was released. Yet, we still have no softmod for Mariko. What's taking so long?

People have been trying to install CFW but it's very hard to find a bug that allows it. HB channel may be different but no one try experimenting with basic homebrew anymore.

--------------------- MERGED ---------------------------

Just for the record, as a hacker who's been involved in every cfw-related exploit for the switch and works on this stuff regularly: it's probably not going to happen.

I've sunk ~300-400 hours of my time investigating Mariko exploit stuff.

There are no trustzone bugs. This means no custom firmware.

There are no kernel bugs. This means no shitty fake custom firmware where you pretend you hacked trustzone, which is something I was prepared to work to support if I found the right bug.

Nintendo got the security right this time. Waiting for a software exploit is almost certainly not gonna do anything for you.

Mariko is almost impossible to install cfw on, but what about plain hb[/QUOTE]

 

[SciresM]

Mariko is almost impossible to install cfw on, but what about plain hb

My analysis is basically the same.

Getting plain hb requires full userland compromise.

Mariko fixes the GPU DMA bug; getting just homebrew isn't impossible but isn't happening any time soon.

You'd have to find an exploitable bug in FS, and good luck with that lmao.

 

[Deleted member 546149]

My analysis is basically the same.

Getting plain hb requires full userland compromise.

Mariko fixes the GPU DMA bug; getting just homebrew isn't impossible but isn't happening any time soon.

You'd have to find an exploitable bug in FS, and good luck with that lmao.

Especially on latest firmware

 

[JeepX87]

My analysis is basically the same.

Getting plain hb requires full userland compromise.

Mariko fixes the GPU DMA bug; getting just homebrew isn't impossible but isn't happening any time soon.

You'd have to find an exploitable bug in FS, and good luck with that lmao.

I'm wonder about patched Switch prior to Mariko?

 

[Purple_Heart]

interesting discussion

 

[SciresM]

I'm wonder about patched Switch prior to Mariko?

You'd need a browser exploit + an nvservices compromise.

Then you'd be able to use the GPU dma bug to play homebrew games.

Note that you'd have almost no privileges -- this means no editing savedata, no overclocking or using interesting system modules, no custom themes, no game mods, etc etc. Homebrew games that don't use special privileges only.

See a few posts above -- you still need an nvservices bug and a browser exploit, and it's kind of like "who cares" imo when it doesn't let you do game mods or save editing.

Probably not impossible, but hard for me to imagine anyone with the skill to find the bugs sinking in all the time/effort?

 

[legendheaven]

You'd need a browser exploit + an nvservices compromise.

Then you'd be able to use the GPU dma bug to play homebrew games.

Note that you'd have almost no privileges -- this means no editing savedata, no overclocking or using interesting system modules, no custom themes, no game mods, etc etc. Homebrew games that don't use special privileges only.

See a few posts above -- you still need an nvservices bug and a browser exploit, and it's kind of like "who cares" imo when it doesn't let you do game mods or save editing.

Probably not impossible, but hard for me to imagine anyone with the skill to find the bugs sinking in all the time/effort?

U got me fish pokemon I find bug and I did cfw but still have problems 3/1 brick.... My old posts I said I find a method lol

 

[Deleted member 546149]

You'd need a browser exploit + an nvservices compromise.

Then you'd be able to use the GPU dma bug to play homebrew games.

Note that you'd have almost no privileges -- this means no editing savedata, no overclocking or using interesting system modules, no custom themes, no game mods, etc etc. Homebrew games that don't use special privileges only.

See a few posts above -- you still need an nvservices bug and a browser exploit, and it's kind of like "who cares" imo when it doesn't let you do game mods or save editing.

Probably not impossible, but hard for me to imagine anyone with the skill to find the bugs sinking in all the time/effort?

You could still pirate

 

[SciresM]

You could still pirate

No, you couldn't.

Piracy requires substantially higher privileges than homebrew, not lower.

In the low privileges homebrew scenario described, you very much would not be able to pirate games.

 

[Skelletonike]

Tbh, I'm pretty happy with that.

Once the switch dies, they can do whatever with it, for now, I'd rather it remains the way it is, at least for the Mariko version.

 

[Jayro]

The up-coming "Aula" Switch units won't be getting a softmod either, as their SoC is based off of Mariko's, only clocked higher.

 

[linuxares]

"no overclocking" that's like one of the best features of a homebrewed Switch. Like with the Vita. Some games require OC to work, atleast feel smooth.

 

[Deleted member 546149]

No, you couldn't.

Piracy requires substantially higher privileges than homebrew, not lower.

In the low privileges homebrew scenario described, you very much would not be able to pirate games.

You could without sigpatches, for example, the USB loader, or an sd loader

--------------------- MERGED ---------------------------

Anyways there will be cfw one day, whether it's near or end of life