Browserhax exploit for ipatched Switch hardware will be out later this week

Kioku · Dec 23, 2018

gnmmarechal said:
That's totally a bug and not an overlooked feature.

Well, I'm not too sure of the technical side of things. However, is running unofficial code a bug?... Or an unintended feature? Did it involve a complex workaround to take advantage of, or could we just build third party tools right off the bat? These are all serious questions as I'm still hazy about it.

Friendsxix · Dec 23, 2018

Memoir said:
Well, I'm not too sure of the technical side of things. However, is running unofficial code a bug?... Or an unintended feature? Did it involve a complex workaround to take advantage of, or could we just build third party tools right off the bat? These are all serious questions as I'm still hazy about it.

It is most certainly a bug. Here is a writeup authored by Kate Temkin: https://misc.ktemkin.com/fusee_gelee_nvidia.pdf

Unless I am misunderstanding what you're saying, in which case I apologize.

Kioku · Dec 23, 2018

Friendsxix said:
It is most certainly a bug. Here is a writeup authored by Kate Temkin: https://misc.ktemkin.com/fusee_gelee_nvidia.pdf

Unless I am misunderstanding what you're saying, in which case I apologize.

No, you're right. I'm ignorant on this part..

Deleted User · Dec 24, 2018

Keylogger said:
Oh ok so we have a web browser exploit but the switch has no web browser

I understand now...

hope you know that this post was a joke

_hexkyz_ · Dec 24, 2018

Sorry for missing my own ETA on the browserhax + nvhax release. I wasn't counting on spending the last days dealing with food poisoning.
The exploit will, obviously, be released during this week (there isn't that much left to justify another delay).
— Mike Heskin (@hexkyz) December 24, 2018

Sorry about that.
In case anyone is interested in knowing which bugs make up the exploit chain that will be released:
https://switchbrew.org/wiki/Switch_System_Flaws#System_Modules (see nvhax)
https://switchbrew.org/wiki/Switch_Userland_Flaws (see CVE-2016-4622)

Mythical · Dec 27, 2018

Can Userland do nand backups?

Yamathedestroyer · Dec 27, 2018

NoNAND · Dec 28, 2018

history repeats itself

radicalwookie · Dec 28, 2018

I'm deeply sorry if this was discussed already, but does this mean that the patched Switches on market now, will be able to run CFW?
Only userland access means no CFW a la SX or am I wrong?

_hexkyz_ · Dec 28, 2018

Write-up is up:

The Switch - A Memoir https://t.co/hqGNcKkSQf
— Mike Heskin (@hexkyz) December 28, 2018

The updated exploit code (for 4.1.0, 5.x and 6.0.0) will be pushed to PegaSwitch over the next few days.

radicalwookie · Dec 28, 2018

_hexkyz_ said:
Write-up is up: https://twitter.com/hexkyz/status/1078753939305054208

The updated exploit code (for 4.1.0, 5.x and 6.0.0) will be pushed to PegaSwitch over the next few days.

This was a better read than most of the books I’ve read so far... thank you!

MyconMama · Jan 3, 2019

_hexkyz_ said:
Write-up is up: https://twitter.com/hexkyz/status/1078753939305054208

The updated exploit code (for 4.1.0, 5.x and 6.0.0) will be pushed to PegaSwitch over the next few days.

Thanks for your tireless efforts and the hilarious write-up "what should we do next? What about take the entire system down?"

I hope you're feeling better!

Gmoney122352 · Jan 6, 2019

Can i use this to edit my save files for games like zelda BOTW

MicShadow · Jan 7, 2019

Gmoney122352 said:
Can i use this to edit my save files for games like zelda BOTW

As much as I'd also love this, not currently.

We (will) only have user land access from within the browser, which would not have access to the save files for games.

With luck, someone will find an exploit to escape the browser sandbox and get generic file system access.
But wouldn't hold your breath.

Scarlet · Jan 7, 2019

MicShadow said:
As much as I'd also love this, not currently.

We (will) only have user land access from within the browser, which would not have access to the save files for games.

With luck, someone will find an exploit to escape the browser sandbox and get generic file system access.
But wouldn't hold your breath.

Are you sure? I swear when I used PegaSwitch on 3.0.0 before all this CFW fun, I could grab saves, albeit via some wonky script that took some effort. Is this going to be different to how PegaSwitch was then?

MicShadow · Jan 7, 2019

Scarlet said:
Are you sure? I swear when I used PegaSwitch on 3.0.0 before all this CFW fun, I could grab saves, albeit via some wonky script that took some effort. Is this going to be different to how PegaSwitch was then?

Hmm taking another look at the write up it does look possible. But @hexkyz would have to confirm as he doesn't specifically mention in his write up the control nvservices has from this point of view
.
Looks like it can write anywhere to DRAM (with some handle exhaustion/mem tricks), which hopefully will mean escaping sandbox protections.
Also, the home brew may need to be written specifically for this mode of exploit (or someone makes a new loader.

Happy to be completely corrected! Haven't been around the switch scene long

DPyro · Jan 10, 2019

Are there instructions on how to run this?

Deleted User · Jan 11, 2019

Since this isn’t a CFW exploit, I won’t get banned from online services right?

SexiestManAlive · Jan 20, 2019

gary4356767 said:
Since this isn’t a CFW exploit, I won’t get banned from online services right?

i think youll still get banned

猫。子猫です！

Introspective Potato

猫。子猫です！

Deleted User

Guest

Well-Known Member

Well-Known Member

Well-Known Member

Give me back my legions!

Well-Known Member

Well-Known Member

Well-Known Member

Well-Known Member

New Member

Well-Known Member

Onion Soup

Well-Known Member

Well-Known Member

Deleted User

Guest

The key that lights the dark

Similar threads

Popular threads in this forum