Toggle sidebar

Hacking Speculations about Switch 2 hacking

  • Thread starter Thread starter KeeperCP1
  • Start date Start date
  • Views Views 304,638
  • Replies Replies 806
  • Likes Likes 10
  • Haha
  • Like
Reactions: SuffahBish and ChibiMofo
Newhouse-Estates said:
Chibi is really against the idea the switch 2 will ever be hacked.
The slightest idea of it gives him physical pain ;)
Click to expand...
Plot twist: I'm saying it is impossible to challenge eLiTE hackers to crack it. I have been 🏴‍☠️flying the flag🏴‍☠️ since my Amiga days in the 80s. I want S2 emulation and XCIs of DK Bananza and MK World!
But unlike the rest of you, my feet are firmly grounded in Realityland.™ I have no patience for clowns who assume that because the Xbox One was hacked, that it certainly means the S2 will be. That's not how it works in the real world.
Post automatically merged:

Reualed said:
That's.... kinda really poor logic.
We didn't notice a hole here, so therefore there isn't any holes, therefore, hole-less.


There's just no known exploits, doesn't mean no exploits.
Click to expand...
And just because other (much older and less secure) systems have been hacked does not mean S2 will. Complete lack of logic there.
 
ChibiMofo said:
Plot twist: I'm saying it is impossible to challenge eLiTE hackers to crack it. I have been 🏴‍☠️flying the flag🏴‍☠️ since my Amiga days in the 80s. I want S2 emulation and XCIs of DK Bananza and MK World!
But unlike the rest of you, my feet are firmly grounded in Realityland.™ I have no patience for clowns who assume that because the Xbox One was hacked, that it certainly means the S2 will be. That's not how it works in the real world.
Post automatically merged:


And just because other (much older and less secure) systems have been hacked does not mean S2 will. Complete lack of logic there.
Click to expand...

Everything can, and will be hacked. You're acting like the Switch 2 is a CIA blackbox that only the worlds greatest minds can even begin to comprehend. Being a Nintendo console means it is far higher on the "we need to get homebrew on this" list than an "xbox" ""console"". I mean, the PS5 is able to run Linux with full GPU acceleration because of the physical version of a Star Wars game for PS4 thanks to the fact that it had a decades old bug that was never patched.

Of course older and less secure systems have been hacked and hacked relatively quickly, but nothing is perfect and I wouldn't be surprised if a mod chip appears within the next 2 years. I personally don't think Switch 2 modding will ever get as easy as it is on the Wii, but you never know. Nobody except for the people actually working on cracking the Switch 2 know.
 
  • Like
Reactions: DavidinCT, Marc_LFD, Newhouse-Estates and 1 other person
ChibiMofo said:
And just because other (much older and less secure) systems have been hacked does not mean S2 will. Complete lack of logic there.
Click to expand...
Yeah I don't think someone who supports Elon musk is capable of that much logic.

There hasn't been any devices that are unhackable so far. Both through software and hardware means. all that there has been is a more secure device, often is just harder and more time consuming to crack open.
So it's easy for me to just go bet on the pattern, since it's pretty consistent with enough time.
 
Last edited by Reualed,
  • Like
Reactions: XRTerra
While anything can be hacked, the time it takes to hack it may no be within people's expectations. Even the folks that handled the Switch 1 hacking scene had said (a few years ago) that Switch 1's Horizon OS was so secure that had it not been for the initial flaw in the bootROM, they may have still been looking for a crack in its security. That flaw that couldn't be patched on that early shipment got them inside, and then they began working from the inside out. They didn't unlock the gate from the outside. They unlocked it from the inside. That's why even when the flaw was fixed in later SKUs, they could still hack those systems.

And the thing, it technically wasn't a flaw. It was an important feature used in the Nvidia Shield to help recover from flash storage failures. That's why it was called ReCovery Mode (RCM). And Nvidia fully documented it and made it public. For as much as the hackers were credited for all the work they have done, it's not like they had nothing to begin with. This whole thing sped up the hacking scene faster that typical hacking scenarios.

The Switch 2 has no such known entry point, nor does it have any documentation available to match the openness the Switch 1 launch units had. But it can still be hacked, as nothing is unhackable. Just don't expect it in a year, or 2 years, or maybe not even until a couple of decades have passed. Because again, folks still haven't found a good crack in Switch 1's HOS security from the outside, and Switch 2's HOS is a fork of that with more advanced security measures through the newer hardware.
 
  • Like
Reactions: pofehof, [Truth], Reualed and 1 other person
DiscostewSM said:
that Switch 1's Horizon OS was so secure that had it not been for the initial flaw in the bootROM, they may have still been looking for a crack in its security.
Click to expand...
That was past 4.1.0 FW, especially since 8.0.0 FW. HOS was buggy enough in first versions that one of PegaSwitch exploits was found before RCM bug.
 
Webkit is vulnerable by its nature, this is unavoidable.

And webkit is still vulnerable, but somehow Nintendo fixed the problem that gave it too much privileges. So HOS was at fault here.

Any app giving you an access to stuff you shouldn't have is a failure of OS.
 
@Reulated Chibi is simply an old-school internet troll. The identity and backstory are with 99% chance fake, and the only goal is to provoke others using weak, low-effort arguments which can be disproven by history, common sense and simply by having an IQ higher than the freezing point of water (in celsius). The best approach is to ignore it completely. You will have a much better time that way. So lean back and treat it as entertainment, watching someone make a complete fool of themselves, ideally with a good coffee.

(and for the one percent chance that any of it is actually real, it only makes the whole thing even more amusing, so you might as well grab some fresh popcorn too.)

EDIT:
footnode: It is worth appreciating this twice. This might actually be one of the last of its kind, a genuine human troll, not an automated agent, but someone still putting in the effort manually. A dying breed.
 
Last edited by karmesin,
  • Like
Reactions: Marc_LFD, itnA, Reualed and 3 others
emmauss said:
you don't write an exploit, you discover them and write hacks using it. And as for what I think your question is, then the answer is 0.
Click to expand...
What? Lmao. You discover vulnerabilities. You write exploits. Also almost all of them are at least partially written in ROP. Like qwertyoruiopz's 4.0x firmware exploit, PSFree, PS3Xploit, zerosense, JsTypeHax, browserhax_fright, ROBChain, PegaSwitch, Tony Hawk's Pro Strcpy, ETC. That's not even all of them. Oh, and the 360 bad update hypervisor exploit. The exploit is explicitly built around ROP because the Xbox 360’s kernel and hypervisor enforce memory protections (no direct shellcode execution in many regions).

Stay in school kids.

Edit: Oh, and just to clarify when I say partially... The base exploit would be written in something like JavaScript which would exploit the browser. Which would then execute the ROP chain exploit to exploit some system function. Which would then load some code written in like C/C++ once it gets code execution and set up the homebrew environment. This is 100% possible on the Switch 2.
 
Last edited by SuffahBish,
ronin47 said:
What about this?

Click to expand...

Does that person have any experience with hacking? If not, then it isn't even speculation. It's more of an assumption.

masagrator said:
Webkit is vulnerable by its nature, this is unavoidable.

And webkit is still vulnerable, but somehow Nintendo fixed the problem that gave it too much privileges. So HOS was at fault here.

Any app giving you an access to stuff you shouldn't have is a failure of OS.
Click to expand...
A game that crashes because of a bug in the game code doesn't mean the OS is at fault. The same game getting updated to prevent the crash doesn't mean the OS was patched. Same goes for a browser using webkit.
 
  • Like
Reactions: Marc_LFD and DigBar
DiscostewSM said:
A game that crashes because of a bug in the game code doesn't mean the OS is at fault. The same game getting updated to prevent the crash doesn't mean the OS was patched. Same goes for a browser using webkit.
Click to expand...
Huh? Do you read what you write?

masagrator said:
Any app giving you an access to stuff you shouldn't have is a failure of OS.
Click to expand...
^I'm talking about bugs that can be escalated to take over OS. This kind of bug is an OS fault.

You are talking about stuff OS was made to prevent in the first place - prevent bugs from escalating beyond what OS was designed for. If OS did its job - it's an app fault. If OS didn't do its job - it's the OS fault.
 
Last edited by masagrator,
  • Like
Reactions: Reualed and SuffahBish
ronin47 said:
What about this?

Click to expand...

Sorry but that guy has no idea what he's talking about. NVMe drives share the same bus as microSD Express cards, making it possible to use one instead of the other. That has absolutely nothing to do with hacking the system
 
  • Like
Reactions: DavidinCT, pofehof, Skelletonike and 3 others
ronin47 said:
What about this?

Click to expand...

Doesn't make any sense.

We can't decrypt the sd card contents in the Nintendo folder. So a malicious attack there isn't possible to my knowledge.

That also means whatever that is, trying to hijack the sd card port, is bogus. Because under pretty much all conditions that is read write, but not execute. And the screen shot also shows that we are still working with just nornal fat32/exfat.
Meaning it's not some sort of attack, attacking somehow misreading partitions, if that is even a exploit that is possible.
 
masagrator said:
Huh? Do you read what you write?


^I'm talking about bugs that can be escalated to take over OS. This kind of bug is an OS fault.

You are talking about stuff OS was made to prevent in the first place - prevent bugs from escalating beyond what OS was designed for. If OS did its job - it's an app fault. If OS didn't do its job - it's the OS fault.
Click to expand...
PegaSwitch was limited to user-mode. It was more or less allowing one to explore, not control. So the OS was doing its job. To suggest otherwise is like saying ANYTHING that goes wrong is an OS fault, so it's never an app's fault, even when one admits that something like webkit is "vulnerable by nature".
 
DiscostewSM said:
PegaSwitch was limited to user-mode. It was more or less allowing one to explore, not control. So the OS was doing its job. To suggest otherwise is like saying ANYTHING that goes wrong is an OS fault, so it's never an app's fault, even when one admits that something like webkit is "vulnerable by nature".
Click to expand...
PegaSwitch worked because SM was buggy (smhax) and also NVDRV (nvhax which was escalated to f.e. Caffeine). Nintendo fixed smhax, stripped browser of all unnecessary permissions and later limited them even more.

Because they didn't fix until 6.2.0 HOS bugs hackers relied on after they patched smhax, what saved Nintendo was updating WebKit in 5.0.0 update which was much harder to manipulate.
So even if new exploit shows up in WebKit it will do nothing that will allow running unsigned code as long as HOS doesn't have critical bugs.

All of them were OS fault first, browser second.
 
Last edited by masagrator,
  • Like
Reactions: peteruk and itnA
d64.gif
 
  • Haha
  • Like
Reactions: DavidinCT, sley, Newhouse-Estates and 1 other person
FernandoRocker said:
Well, it is unhackable.

Is a hack available? No? Then it is unhackable.
Click to expand...
I mean this is fair enough.

The only thing is you're arguing like people are saying an exploit is available today. No one is doing that.

You're arguing against a ghost.

What others are rightfully pointing out is that it will be hacked some day in the future. We don't know when yet. It might be years from now, decades perhaps (though not likely), but years is rather probable.

Most people mean by unhackable: won't happen ever.

What you're describing is what most people would call: "unhacked", as in it's not hacked right this moment.

You'd be much more productive using the generally accepted term for what you're trying to say.
Post automatically merged:

emmauss said:
It was in the browser, and it was not running arbitrary code. It used ROP, and was only calling functions already compiled into the browser applet. There's a reason nothing came of it. We want to be able to map memory as executable, but the browser can only map memory as read-write
Click to expand...
Not arbitrary code -> it used ROP.

"Chained together, these gadgets allow an attacker to perform arbitrary operations on a machine employing defenses that catch simpler attacks." (https://en.wikipedia.org/wiki/Return-oriented_programming)


Aka the attacker can create (with usually increased difficulty) any arbitrary program/code using the browsers code. The browser has plenty of returns, with plenty of useful code before it. Writing a program that makes use of these so called "gadgets" wether you like or not, is in fact "arbitrary code execution".

ROP is also the exact type of ACE used for say, ninjhax on the 3DS ;)

The bigger issue with the early ROP exploit is it remains in userland. And programming using ROP is much more timeconsuming than being able to point to your own compiled code. And the browser process is missing plenty of entitlements (in it's userspace) to even be particularly useful for homebrew.

But those last things are true and the practical reasons it has not gone far since day 1.

Thus in a final user-usable exploit ROP (if used) is usually the first arbitrary code execution used to bootstrap a more conventional enviroment for more traditional (arbitrary) code to load, which then usually serves to exploit other flaws in the system to attain higher privellage levels in the software to the point where all hardware can be accessed and any software featured altered, removed etc.

But let's not pretend it's not ACE for no good reason.
Post automatically merged:

Skelletonike said:
I personally do not care if it is unhackable or not, I simply do not want piracy on the system in the first couple of years at least (although ideally until the console stops being supported).

I do not mind mods or CFW, my Wii, DSi and 3DS were softmodded after the systems stopped being supported, although in my case I mainly I only use them for fan translations for the most part. However I do hate piracy on current systems, especially when it's done in a way that ruins the fun for everyone, namely leaks and spoilers. It was great to play Pokopia without a single leak or anything like it.
Click to expand...
Fair, but the question was mostly towards the people arguing "unhackable".

That's a different discussion from "I'd prefer it went unhacked".

Though given financial success of Wii/3DS/Switch despite being hacked quite early for all of them, I personally do not share in this wish, as I see little to no harm in it. But You're position is perfectly sane, based in reality etc. so i have no issues with it :)
emmauss said:
you don't write an exploit, you discover them and write hacks using it. And as for what I think your question is, then the answer is 0.
Click to expand...
Um actually you do write an eploit, the people making the software being exploited might discover the exploit.

Hackers discover a vulnerability, and write an exploit to take advantage of the vulnerability found ;)
 
Last edited by MRJPGames,
  • Like
Reactions: SuffahBish

Site & Scene News

Go to forum More news

Popular threads in this forum

Why was there almost no outrage about game keys?

bought a switch 2 from amazon.de(europe) and its banned,what are my chances nitendo unbans it?(i dint know if its seconds hand or not

Gaming  Pokemon Wind/Wave will be the first Pokemon game since X/Y that won't be datamined

STARFOX DIRECT!

Lack of Proper Game Streaming...

Hardware  Mobapad M12 HD

Gaming  Are you enjoying Yoshi and the Mysterious Book?

The Switch interface beats the Wii U's in one aspect