Hacking WIP Switch Exploit Idea - I want the Community to Use it!

Status
Not open for further replies.

aarock1234

New Member
OP
Newbie
Joined
Aug 4, 2017
Messages
1
Trophies
0
Age
24
XP
41
Country
United States
I made an account just to post this.

Mostly I have been a browser of this forum for a long time and like to look at random posts.

I have been developing an idea with a friend and we decided we wanted to share it with the community and see what they could do withit.

Exploit

Notes:
  • Involves JPEG images and buffer overflow.
Usage:

The basic premises state that you would essentially take an image from the switches SD card and edit it in a text editor. You would in theory add many characters to the file so the switch would not know what to do. Basic rules for computers say if a file is too large it would write that overflowing data somewhere else (buffer overflow). That data could be a homebrew launcher, program, game or some other thing that could be written on the switch itself. The reason we use JPEG images is that they are injectable/can be edited. The idea would be to somehow take some code (arm asm) and compile it into a jpeg and use the switch image viewer to access the program.​
 

Sonic Angel Knight

Well-Known Member
Member
Joined
May 27, 2016
Messages
14,395
Trophies
1
Location
New York
XP
12,889
Country
United States
Sounds like psp Chicken hen exploit.... Would that really work a second time, especially on a console 10 years later? :blink:
(Not denying the possibility, just was curious what others thinks)
 

Urbanshadow

Well-Known Member
Member
Joined
Oct 16, 2015
Messages
1,578
Trophies
0
Age
32
XP
1,712
Country
I'd honestly try malforming a .tiff header like was done to the PSP, or malform a .svg to load it from the "browser" but I'm sure it doesn't lead anywhere.

--------------------- MERGED ---------------------------

Sounds like psp Chicken hen exploit.... Would that really work a second time, especially on a console 10 years later? :blink:
(Not denying the possibility, just was curious what others thinks)

Oh the ninja. That was a .tiff file preview, back in the day.
 
  • Like
Reactions: WeedZ

Urbanshadow

Well-Known Member
Member
Joined
Oct 16, 2015
Messages
1,578
Trophies
0
Age
32
XP
1,712
Country
I dunno what it was to be exact, I just now every video i watched was someone opening the picture folder filled with images, and scrolling to the bottom one, and enable homebrew. BAM! I'm batman... err Chicken hen! :P

The tiff header is limited in size, the tiff header reader for psp was coded by sony, they didn't check the size. It was really cheap and dirty. The hit and miss part was depending on what was after the tiff header in memory and if it corrupts the xmb menu memory. After that went the hen payload and the rest is history.
 

DarkOrb

Well-Known Member
Member
Joined
Oct 11, 2013
Messages
290
Trophies
0
Age
31
XP
874
Country
Germany
That won't work. This way the file will be corrupt and not readable anymore. You have to edit the file in a special way, so it's still readable AND will cause a buffer overflow, but this would need an exploit in the Switch image viewer app in the first place. You don't have the slightest chance to make that happen if you're not a very talented dev.
 
D

Deleted User

Guest
In theory it would work if:

  • Somebody could make a tool to re-calculate the hashes for images so that they would be compatible with the Switch (because they are HMAC-SHA256 hash checked)
  • We could patch out the size check on screenshots
They size check is pretty much impossible to bypass (that we know of right now) because it is coded into the firmware.

Also, please read the forums like you said you did before posting stuff like this.
 
  • Like
Reactions: Deleted User

The Catboy

GBAtemp Official Catboy™: Boywife
Member
Joined
Sep 13, 2009
Messages
27,799
Trophies
4
Location
Making a non-binary fuss
XP
38,745
Country
Antarctica
Honestly I think this thread should be locked until the OP has something to show (though extremely doubtful) If they want to take the time and try something, they are clearly not going to get the support of the community until we have something to see.
 
Last edited by The Catboy,
  • Like
Reactions: VinsCool
Status
Not open for further replies.

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
  • No one is chatting at the moment.
  • Sicklyboy @ Sicklyboy:
    maaaaan that's so awesome but I also don't want to fork over a hundo for it
  • Veho @ Veho:
    The fuuuuu---
  • Veho @ Veho:
    I thought it was an actual xBox at that price.
  • Sicklyboy @ Sicklyboy:
    I wanna grab a 360 Slim and a 360 E one of these days. Missed the boat of getting them at their lowest though, once they were discontinued. Could've got them for cheap back when I was a broke 20 something working at Target, but then again, I was a broke 20 something working at Target
  • Veho @ Veho:
    Being broke is no fun.
  • K3Nv2 @ K3Nv2:
    @Sicklyboy, $150 isn't that bad for a jtag slim on ebay
  • Veho @ Veho:
    I only wish it was actually playable.
  • Veho @ Veho:
    There's a guy on the Tube of You that makes playable mechanical arcade games out of Lego. This could work on the same principle.
  • Veho @ Veho:
    Just a couple of guys taking their manatee out for some fresh air, why you have to molest them?
  • Veho @ Veho:
    Stupid Chinese shop switched their shipping company and this one is slooooooow.
  • LeoTCK @ LeoTCK:
    STOP BUYING CHINESE CRAP THEN
  • LeoTCK @ LeoTCK:
    SUPPORT LOCAL PRODUCTS, MAKE REVOLUTION
  • LeoTCK @ LeoTCK:
    THEY KEEP REMOVING LOCAL SHIt AND REPLACING WItH INFERIOR CHINESE CRAP
  • LeoTCK @ LeoTCK:
    THATS WHY MY PARTNER CANT GET A GOOTWEAR HIS SIZE ANYMORE
  • LeoTCK @ LeoTCK:
    HE HAS BIG FOOT AND BIG DUCK
  • LeoTCK @ LeoTCK:
    d*ck i mean*
  • LeoTCK @ LeoTCK:
    lol
  • Veho @ Veho:
    Mkay.
  • Veho @ Veho:
    I just ordered another package from China just to spite you.
  • SylverReZ @ SylverReZ:
    Leo could not withstand communism.
  • SylverReZ @ SylverReZ:
    Its OUR products to begin with lol.
    SylverReZ @ SylverReZ: Its OUR products to begin with lol.