What's the "save data exploit" in games like Splatoon 2?

G

ghjfdtg

Well-Known Member
Member
Level 12
Joined
Jul 13, 2014
Messages
1,366
Trophies
1
XP
3,299
Country
CompSciOrBust said:
Software exploits exist in firmwares up to and including fw 7.x
https://switchbrew.org/wiki/Switch_System_Flaws#Kernel


SciresM and every other big name Switch hacker who has contributed anything meaningful to the scene has already said that it's impossible to hack a firmware above 7.0. Not that it's unlikely or that it will take years but that it is 100% mathematically impossible to achieve it even if you understood the Switch's operating system perfectly. The only chance we have is if Nintendo releases a new firmware update and accidentally adds vulnerabilities to it (this did happen on firmware 3.0.0).

That said I do know a few hackers from other console scenes (PS4, PS Vita) who think that Scires is wrong, but Scires has thousands of hours reverse engineering the Switch's firmware that they don't have. Your best hope is that a cheaper and easier hard mod comes out. The Switch actually has several more hardware exploits but all of them are as complex and costly to pull off. That's probably the reason Nintendo hasn't bothered patching the BCT glitching exploit. They know if they do someone will just exploit a different flaw and their engineering time on fixing BCT glitching would be wasted.
Click to expand...
I would argue even hacking anything up to 7.0 is debatable since the vulnerability mentioned on the wiki page says it's probably not exploitable.

The best/only way is a modchip for now if your Switch is patched. That being said the knockoff modchips are a total rip-off for the price they are asking. They are not even half the price in production and the design is stolen from the TX modchip.
 
O

Ondrashek06

Well-Known Member
OP
Member
Level 12
Joined
Dec 27, 2019
Messages
1,162
Trophies
0
XP
3,278
Country
Czech Republic
CompSciOrBust said:
random delays in the bootrom
Click to expand...
I wonder how many traps are even there in the firmware for exploiters? Like it's obvious that this was set up to lock exploiters out, but the firmware seems so much riddled with DRM like this that I'm surprised the switch even works. Denuvo DRM slows the games it secured to a crawl.
 
Anxiety_timmy

Anxiety_timmy

Average Asura
Member
Level 11
Joined
Oct 20, 2019
Messages
824
Trophies
1
Location
The Local Dumpster
XP
2,644
Country
United States
ghjfdtg said:
I would argue even hacking anything up to 7.0 is debatable since the vulnerability mentioned on the wiki page says it's probably not exploitable.

The best/only way is a modchip for now if your Switch is patched. That being said the knockoff modchips are a total rip-off for the price they are asking. They are not even half the price in production and the design is stolen from the TX modchip.
Click to expand...
Essentially from what I remember SciresM said that they have everything except for a key, which even a community effort brute force wouldn't work at all for. It would just be too slow.
 
Anxiety_timmy

Anxiety_timmy

Average Asura
Member
Level 11
Joined
Oct 20, 2019
Messages
824
Trophies
1
Location
The Local Dumpster
XP
2,644
Country
United States
Ondrashek06 said:
I wonder how many traps are even there in the firmware for exploiters? Like it's obvious that this was set up to lock exploiters out, but the firmware seems so much riddled with DRM like this that I'm surprised the switch even works. Denuvo DRM slows the games it secured to a crawl.
Click to expand...
The issue is that the actual security outside of kernel is kind of easy to get into. However anything that is actually significant, like a kernel exploit is impossible because the kernel is small enough and it doesn't have enough entry points to be hackable. The kernel is small enough that they essentially made it bugless.
Post automatically merged:

Ondrashek06 said:
It could THEORETICALLY be possible with access to quantum computers or some high-powered stuff we might get in the future.
Click to expand...
Quantum computing is a long ways off, and even then outside of very specific applications they are slower than regular computing. I don't doubt if enough time passes it could be done, but by then we would be having the lack of interest issues. We would essentially need a ton of GPUs (not ideal at all) or wait a decent amount of time.
 
CompSciOrBust

CompSciOrBust

🤔
Member
Level 11
Joined
Sep 9, 2019
Messages
904
Trophies
1
Location
Switch scene
Website
github.com
XP
2,663
Country
Korea, North
Ondrashek06 said:
I wonder how many traps are even there in the firmware for exploiters? Like it's obvious that this was set up to lock exploiters out, but the firmware seems so much riddled with DRM like this that I'm surprised the switch even works. Denuvo DRM slows the games it secured to a crawl.
Click to expand...
I don't condone piracy and I do not suggest anyone download stolen source code from the internet, however the boot rom source code for the Switch has been leaked online so hypothetically you could go see how it works for yourself. That would be illegal of course so don't do it. But you could. But don't.

Delays in the boot rom don't affect performance since the bootrom is only used once at boot (hence the name) and it takes under half a second to execute (probably a lot less time than that but I don't have the exact time and that seems like a conservative estimate). The boot rom also has code to detect if certain points have been glitched through hardware attacks and if it does detect a glitch it will go in to an infinite loop to prevent you from doing anything. You'll be stuck on a black screen with the CPU idling. It also has a few cool other techniques but without an understanding of basic Computer Science you probably won't understand it.

The firmware itself is nice and fast. It achieves security through good system design, Denuvo achieves security by obfuscating the hell out of everything by making code far more convoluted than it has to be to make it harder for reverse engineers to understand how it works. The key difference between the two is Nintendo knows you don't have the ability to modify the firmware because it's signed. Denuvo knows that you have the ability to modify whatever games it's protecting because you're running them on a PC that runs whatever software you tell it to. They're very different security models.
Post automatically merged:

ghjfdtg said:
I would argue even hacking anything up to 7.0 is debatable since the vulnerability mentioned on the wiki page says it's probably not exploitable.
Click to expand...
That's weird. I could have sworn that AtlasNX used to have an exploit host for firmware 7.0.0. I know for sure that they had one for firmware 6.2.0.

ghjfdtg said:
The best/only way is a modchip for now if your Switch is patched. That being said the knockoff modchips are a total rip-off for the price they are asking. They are not even half the price in production and the design is stolen from the TX modchip.
Click to expand...
Has the HWFly been patched? This is the first I'm hearing of it. It's not surprising, it's a 1 line fix in the bootrom, but it took them 3 years to do it so I was expecting it to last until Switch EOL.
 
Last edited by CompSciOrBust,
  • Like
Reactions: ber71 and SylverReZ
G

ghjfdtg

Well-Known Member
Member
Level 12
Joined
Jul 13, 2014
Messages
1,366
Trophies
1
XP
3,299
Country
CompSciOrBust said:
That's weird. I could have sworn that AtlasNX used to have an exploit host for firmware 7.0.0. I know for sure that they had one for firmware 6.2.0.


Has the HWFly been patched? This is the first I'm hearing of it. It's not surprising, it's a 1 line fix in the bootrom, but it took them 3 years to do it so I was expecting it to last until Switch EOL.
Click to expand...
I don't remember seeing anything beyond userland code execution up to 7.0.0.

Nah, i think that's a misunderstanding. Didn't imply they patched it but i was refering to Switches with the RCM USB vuln fixed.
 
  • Like
Reactions: CompSciOrBust
L

l7777

Well-Known Member
Member
Level 7
Joined
Apr 13, 2022
Messages
329
Trophies
0
Location
Earth
XP
1,200
Country
United States
Ondrashek06 said:
Damn it, we're always SO CLOSE to finally installing homebrew.
Click to expand...
No one has said this. Everyone has told you that it isn't going to happen in a reasonable timeframe. You would be far better off to sell your Switch rather than getting worked up over not being able to run homebrew on a patched Switch without a modchip. Alternately you could just get an unpatched Switch, or modchip installed as this would also alleviate your anger and allow you to enjoy life.
 
  • Like
Reactions: binkinator and CompSciOrBust
O

Ondrashek06

Well-Known Member
OP
Member
Level 12
Joined
Dec 27, 2019
Messages
1,162
Trophies
0
XP
3,278
Country
Czech Republic
l7777 said:
No one has said this. Everyone has told you that it isn't going to happen in a reasonable timeframe. You would be far better off to sell your Switch rather than getting worked up over not being able to run homebrew on a patched Switch without a modchip. Alternately you could just get an unpatched Switch, or modchip installed as this would also alleviate your anger and allow you to enjoy life.
Click to expand...
My parents wouldn't understand why am I selling my perfectly fine Switch for another, used, older Switch for twice the price of a new one. And "because it has a better serial number" isn't an excuse...
 

Site & Scene News

Go to forum More news

Popular threads in this forum

Emulation Homebrew  duckstation for Switch

Can you trade in a banned switch for an unbanned one?

Why is Atmosphere so dominant?

Crosscode Hacking thread

Hacking  Weird findings from that DQ trilogy switch port

Migswitch backups without certificate files

switch change sd card, but android start fail

Hacking Hardware  Picofly on "old" Samsung EMMC glitching fails sometimes

General chit-chat
Help Users
  • Veho @ Veho:
    Nah, a hit gives them mad meth powers, but makes them more difficult to control.
     +1
  • Veho @ Veho:
    Before a hit they're like zombies, persistent but slow.
     +1
  • Veho @ Veho:
    It's a tradeoff.
     +1
  • The Real Jdbye @ The Real Jdbye:
    no i mean, before a hit is after the previous hit
     +1
  • The Real Jdbye @ The Real Jdbye:
    if you keep them well enough fed, it's the same thing
     +1
  • Psionic Roshambo @ Psionic Roshambo:
    By the power of Florida Man, I have the power!!! *Lifts up meth pipe* Meth Man!!! lol
  • BakerMan @ BakerMan:
    Guys, I just learned my little brother is in the hospital because he had a seizure last night.
  • cearp @ cearp:
    Sorry to hear that BakerMan
     +2
  • Veho @ Veho:
    :(
     +2
  • BakerMan @ BakerMan:
    Just found out he's doing alright, doing a lot of complaining too, rightfully so. Who wouldn't complain after having a seizure and being hospitalized?
     +1
  • Psionic Roshambo @ Psionic Roshambo:
    Glad he is OK and complaining is cool :)
     +1
  • K3Nv2 @ K3Nv2:
    Yeah been there had that no fun
     +1
  • K3Nv2 @ K3Nv2:
    They'll give him sleep studies eegs and possibly one week hospital stay
     +1
  • BakerMan @ BakerMan:
    I hope it's not a week.
  • K3Nv2 @ K3Nv2:
    It's standard so doctors can get a idea about what's going on
  • BakerMan @ BakerMan:
    understood
  • K3Nv2 @ K3Nv2:
    https://youtu.be/emo8DHPdRBM?si=D6KWrknGxUxcZNtm
  • BakerMan @ BakerMan:
    well, i'm glad he seems to be doing fine, and ig i'm going to start spewing goofy shit again
  • BakerMan @ BakerMan:
    Update: Turns out he's epileptic
  • K3Nv2 @ K3Nv2:
    Get a 2nd opinion run mris etc they told me that also
  • Psionic Roshambo @ Psionic Roshambo:
    Also a food allergy study would be a good idea
  • K3Nv2 @ K3Nv2:
    Turns out you can't sprinkle methamphetamine on McDonald's French fries
  • ZeroT21 @ ZeroT21:
    they wouldn't be called french fries at that point
  • ZeroT21 @ ZeroT21:
    Probably just meth fries
  • K3Nv2 @ K3Nv2:
    White fries hold up
    K3Nv2 @ K3Nv2: White fries hold up