Hacking Switch bootrom warmboot exploit

  • Thread starter Deleted User
  • Start date
  • Views 45,150
  • Replies 161
  • Likes 19

mariogamer

Well-Known Member
Member
Joined
Aug 12, 2015
Messages
1,256
Trophies
0
Age
28
XP
790
Country
Canada
Are all the untethered softmod solutions coming at launch coldboot exploits like on the 3DS? Or would one have to trigger the exploit every time the switch restarts?
Only 1.0.0 is guaranteed to have a coldboot exploit (others are very hard to implement, and on >3.0.2, "You're (pretty much) F*").
 

tivu100

Well-Known Member
Member
Joined
Jun 6, 2015
Messages
2,260
Trophies
0
Age
34
XP
1,136
Country
United States
Are all the untethered softmod solutions coming at launch coldboot exploits like on the 3DS? Or would one have to trigger the exploit every time the switch restarts?
1.0.0 by the sound of it can be coldboot.

2.0-4.1 you need to rerun the exploit. 3.1 to 4.1 would have to wait longer as it's harder for developer to build it.

When it's installed, it would be few clicks to trigger so should be more user friendly/ more convenient than RCM. Installation difficulty is unknown.

Reference is ds exploit for 3ds


 
Last edited by tivu100,

Draxzelex

Well-Known Member
Member
Joined
Aug 6, 2017
Messages
18,986
Trophies
2
Age
29
Location
New York City
XP
13,326
Country
United States
Are all the untethered softmod solutions coming at launch coldboot exploits like on the 3DS? Or would one have to trigger the exploit every time the switch restarts?
I honestly can't tell if you were around for any of the other exploits for the 3DS but that one was released at the end of the console's lifespan. It'd be a miracle to see something like that on the Switch one year after the console has been on the market.
 

FR0ZN

Well-Known Member
Member
Joined
Nov 2, 2013
Messages
1,362
Trophies
1
Age
37
XP
3,818
Country
United States
Only 1.0.0 is guaranteed to have a coldboot exploit (others are very hard to implement, and on >3.0.2, "You're (pretty much) F*").

1.0.0 by the sound of it can be coldboot.

2.0-4.1 you need to rerun the exploit. 3.1 to 4.1 would have to wait longer as it's harder for developer to build it.

When it's installed, it would be few clicks to trigger so should be more user friendly/ more convenient than RCM. Installation difficulty is unknown.

Reference is ds exploit for 3ds




I honestly can't tell if you were around for any of the other exploits for the 3DS but that one was released at the end of the console's lifespan. It'd be a miracle to see something like that on the Switch one year after the console has been on the market.

Thanks for the replies guys!
Fusee Gelee with an internal modchip would be totally fine with me. I'm on 3.0.0 and would only not update if I knew that 3.0.0 had a coldboot exploit. I guess I'll wait what happens. Would be awesome if the devs could tell us what to expect from the release.
 

Draxzelex

Well-Known Member
Member
Joined
Aug 6, 2017
Messages
18,986
Trophies
2
Age
29
Location
New York City
XP
13,326
Country
United States
Thanks for the replies guys!
Fusee Gelee with an internal modchip would be totally fine with me. I'm on 3.0.0 and would only not update if I knew that 3.0.0 had a coldboot exploit. I guess I'll wait what happens. Would be awesome if the devs could tell us what to expect from the release.
The M0 trinket plus AutoRCM simulates coldboot pretty well I'd say.
 
  • Like
Reactions: FR0ZN

guily6669

GbaTemp is my Drug
Member
Joined
Jun 3, 2013
Messages
2,291
Trophies
1
Age
34
Location
Doomed Island
XP
2,050
Country
United States
Thanks for the replies guys!
Fusee Gelee with an internal modchip would be totally fine with me. I'm on 3.0.0 and would only not update if I knew that 3.0.0 had a coldboot exploit. I guess I'll wait what happens. Would be awesome if the devs could tell us what to expect from the release.
I'm also waiting for TX upcoming soldering modchip and emunand, I still won't update my 3.02 Switch, because later if the warmboot comes out working and if it would be as easy as like launching Gateway emunand on the 3DS minus the flashcard, I would totally de-solder the TX chip and use that warmboot.

I actually still use GW emunand and I don't find it any hassle just having to press settings and profile to load it, they really made it hassle free. Hope Warmboot if it ever gets used would be as hassle free as GW ;).

And your FW3.0 is still not a excluded possibility from having a COLDBOOT in the future which is reported up to 3.01, but Warmboot will come first and coldboot might actually never happen above the FW1.0, but hell theres always that small chance that we got to have faith :D (Faith moves mountains or not:ph34r::toot:).
I believe they all require user interaction and possibly WiFi
I think all the warmboots will probably sadly need it, but I wish they can make it without Wifi, but even if it needs wifi its not that much of a hassle as I always have my phone with me and with a touch or 2 in the screen I can easily make a wireless LAN, hope it will not require too much steps though ;).

Well at least FW1.0 if it really gets the coldboot soon will be really GOLD and prices will shoot up very high, wish I had like a 100 Switches on FW1.0 :D.

PS: But in my opinion anything is better than RCM+payload every boot, specially when not using a soldered chip inside, being constantly connecting something on the USB-C socket will make it last less and they are quite a huge hassle to replace, not very easy like fixing the Switch rails which is super easy ;).
 
Last edited by guily6669,

pastaconsumer

Well-Known Member
Member
Joined
Oct 12, 2014
Messages
971
Trophies
1
XP
3,176
Country
United States
Quick question: I have a NAND backup from 4.1.0. I'm on 5.1.0 right now. Can I restore the backup and use AutoRCM to boot without trouble?
Also, would that mean the softmod would work?
 

guily6669

GbaTemp is my Drug
Member
Joined
Jun 3, 2013
Messages
2,291
Trophies
1
Age
34
Location
Doomed Island
XP
2,050
Country
United States
Quick question: I have a NAND backup from 4.1.0. I'm on 5.1.0 right now. Can I restore the backup and use AutoRCM to boot without trouble?
Also, would that mean the softmod would work?
If you updated not following the Rajkosto method without burning e-fuses, sadly at least for now even if a softmod appear and you go back to 4.1, you can't have softmod and probably never will, unless someone could find a way to exploit that in the future, but nothing is known of that ;)

Sadly 4 you to load 4.1 you still will have to enter RCM and send the payload and run it trough hekate every single time you power OFF the console...

If you used Rajkosto method then your safe if a softmod shows up for 3.02 to 4.1...
 

pastaconsumer

Well-Known Member
Member
Joined
Oct 12, 2014
Messages
971
Trophies
1
XP
3,176
Country
United States
If you updated not following the Rajkosto method without burning e-fuses, sadly at least for now even if a softmod appear and you go back to 4.1, you can't have softmod and probably never will, unless someone could find a way to exploit that in the future, but nothing is known of that ;)

Sadly 4 you to load 4.1 you still will have to enter RCM and send the payload and run it trough hekate every single time you power OFF the console...

If you used Rajkosto method then your safe if a softmod shows up for 3.02 to 4.1...
What should I check for to see if I burned fuses?
 

IPLbug

Well-Known Member
Member
Joined
Jun 6, 2018
Messages
127
Trophies
0
Age
35
Location
Under Your bed stealing your data
XP
360
Country
United States
There are no exploits released or in private that allow you to boot from cold boot untethered. You only have fusee Gelee or exploits that require you to boot ofw and then run user triggered exploits, which may require you to have a WiFi network connection.

If you replace ofw with cfw on your mmc then you will need to use RCM on every single boot, if you boot cfw from SD then you only need to go into RCM when booting cfw

That's actually not true if a CFW was flashed to completely replace the emmc boot0 boot1 they would normal boot into CFW without needing rcm every boot. However it would be a lot more time consuming and require a lot more debugging from the devs after taking a close look at how the files are configured on the repo I've come to the see there purely choosing this route for sake of simplicity and less effort as it easier to drag drop files to update than have to make a complete installer on the switch even tho it's less efficient at lest for me to do it this way.

I'll just wait for the release of atmosphere and build from there my owne installer in my spare time unless REI decides to drop his CFW with this tool built in.

It's not a matter of exploits it's just that they rather build off what they had from there inicial research on different OFW. they had to scrap a lot of there code after Fusee geele was presented to the devs and build up again as they had pre built atmosphere without it in mind.

still will see how after they release atmosphere the scene takes it and evolves it further as with all CFW they always get revisioned by others later on
 

smf

Well-Known Member
Member
Joined
Feb 23, 2009
Messages
6,638
Trophies
2
XP
5,835
Country
United Kingdom
That's actually not true if a CFW was flashed to completely replace the emmc boot0 boot1 they would normal boot into CFW without needing rcm every boot.

It's not signed by Nintendo so the switch would refuse to boot. fusee gelee is the only exploit that can circumvent the signature on coldboot. So you would have to enter RCM and load a payload to bypass the signature checks every time.

No amount of "building a tool" will help you. You need to find a new exploit. There are rumours of a 1.0 exploit early enough during Horizon OS bootup that could do it. That doesn't completely replace boot0/boot1, it requires a 1.0 switch & it's only a rumour.

If what you said was that easy then we'd have had modified firmware since the switch was released.
 
Last edited by smf,

TheArchitect-

Member
Newcomer
Joined
Aug 28, 2014
Messages
17
Trophies
0
Age
36
XP
407
Country
Japan
If you used Rajkosto method then your safe if a softmod shows up for 3.02 to 4.1...

Just to hijack this, as I'm in a similar situation. Let's say I update to 5.1 with Rajkosto's method and have my 4.1 nand backup, would downgrading for the softmod be as simple as just restoring the nand through hekate? In theory it should work as no fuses have been burned and I would just be back on my original OFW. No need for RCM or anything. But has anyone actually successfully tried it?
 

kumikochan

Well-Known Member
Member
Joined
Feb 4, 2015
Messages
3,753
Trophies
0
Age
36
Location
Tongeren
XP
3,311
Country
Belgium
Just to hijack this, as I'm in a similar situation. Let's say I update to 5.1 with Rajkosto's method and have my 4.1 nand backup, would downgrading for the softmod be as simple as just restoring the nand through hekate? In theory it should work as no fuses have been burned and I would just be back on my original OFW. No need for RCM or anything. But has anyone actually successfully tried it?
Yeah there have been users who have done so and it works fine, only something about the card slot driver being different. Just know you have to keep using RCM when using the 5.1 update or otherwise the fuses will be burned if you boot it normally. That's the only downside of that method that it forces you to keep using RCM to boot the system
 

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
    Xdqwerty @ Xdqwerty: @StatusN, welcome