Recent content by blue-
-
B
Hacking Some wild speculations (Tegra usb recovery)
Sooo... my speculation was actually spot on. Vulnerability in the USB Stack of Tegra Recovery Mode.- blue-
- Post #17
- Forum: Nintendo Switch
-
B
Hacking Some wild speculations (Tegra usb recovery)
Actually you don't need to overwrite anything. "If Tegra PMC register scratch0 bit 2..." this sound like it can just be set in software (probably need a exploit chain to kernel or trustzone) and then just reboot the console -> instant recovery mode, no harm done So this might be the way with the...- blue-
- Post #16
- Forum: Nintendo Switch
-
B
Hacking Some wild speculations (Tegra usb recovery)
What you describe is case 1) from my post. "If no valid BCT can be found" I bet you could trigger it by shortening some datalines of the eMMC than. That might just be the "simpel Hardware Mod".- blue-
- Post #3
- Forum: Nintendo Switch
-
B
Hacking Some wild speculations (Tegra usb recovery)
So this is full of a lot of uneducated guesses, but i think it makes up a good story. Some Facts - The exploited vulnerability is in the bootrom - It needs a simple hardware mod if no software exploit chain is available - We are supposed to have a usb cable ready - The vulnerability is not...- blue-
- Thread
- Replies: 17
- Forum: Nintendo Switch