D
Deleted User
Guest
No it is not
It launches rcm payloads
Its a warmboot exploit
Warmboot is when the console is on
Coldboot is like from rcm
D
Deleted User
Guest
@Draxzelex has already told you what it is
Nereba says its a "A warmboot bootrom exploit for the Nintendo Switch "
D
Deleted User
Guest
Again just to tell you
"The core of this exploit is not a Horizon OS vulnerability, but a vulnerability in the bootrom of the Tegra X1. During normal operation, when the Switch enters sleep mode, the main processor shuts down all but a few essential components of itself. The OS stores some state in RAM, which is kept on and its contents preserved. On wakeup, it re-executes the bootrom, and uses the state stored in RAM and in one of the regions kept on in the main processor. The bootrom takes a special codepath called the warmboot path, based on the presence of certain data (which can also be simulated on a reboot), and allows the console to wake up from sleep. One of the wakeup tasks is to get the RAM ready for usage, as it was put in a special mode before sleep. There are a set of parameters used to configure the RAM that are used during boot and wakeup. The bootrom assumes that these parameters do not change, as they are signed during a "coldboot" (power on reset), but Nvidia forgot to verify them during warmboot. This means they are able to be changed and thus the bootrom will use them to perform arbitrary writes. We can use these writes to take control of the bootrom using the built in ipatch system. Exploition on 1.0 is simple, as the region where the RAM parameters are stored is accessible easily with the nspwn exploit. This changed on later firmware versions; using this on firmware versions higher than 1.0 requires more complex exploits to achieve the same results."
D
Deleted User
Guest
why do complaining about yourself stop it and lets get back to the main thread
D
Deleted User
Guest
D
Deleted User
Guest
Yes, what you described was the point of emuNAND on other consoles.
But first of all, it's not the point of emuNAND on RCM-able Switches.
Your point of view is exactly the reason why only SX OS is the only one to give people an emuNAND solution right now. They're the only ones to actually see that what I described was something actually useful, and people like you only started to see the use of an emuNAND when ipatched Switches came out (because yeah in this case you need an exploitable firmware to boot into CFW but you probably want an updated firmware to play with), hence why Atmosphere devs implemented stuff like creport and all but only started working on an emuNAND recently.
Second of all, I was answering in the context of the first post, which says "I keep seeing people refer to EmuNAND as if it's a way to play online with a CFW Switch. Is that really the case?".
@op. If you want to avoid the flame battle up there, I'll share you a few of my knowledge:
1. EmuNAND (Emulated NAND), in layman's term copies the OS (SysNAND or System NAND) from the system partition to the external storage (i.e. sdcard)
2. On TX's point of view, emunand is something you can use to, allegedly, "avoid" getting banned by playing legit on SysNAND, while playing shady on EmuNAND.
3. Without any shady intent, the real purpose of EmuNAND is to have SysNAND in a certain (low) firmware where exploits are available, and use EmuNAND on the latest firmware.
3.1. To keep #3 simple, it's purpose is to enjoy the latest firmware while still having the ability to use exploits that are ONLY available on lower firmwares.
4. EmuNAND can be updated even without updating SysNAND.
5. If you're banned already, EmuNAND won't magically unban you. As mentioned in item#1, EmuNAND is a copy of your SysNAND. And no, you cannot use EmuNAND from another switch.
6. Exploits like DejaVu where it's needed to be a certain firmware version to use is inferior to fusee gelee, the current bootrom exploit we have on pre-ipatched switches since a bootrom exploit can and will work to ANY firmware version. So one can argue that DejaVu and EmuNAND isn't really needed on pre-ipatched units but it is definitelly useful on ipatched units since ipatched units doesn't have a bootrom exploit.
And that's all I can think of at the moment. I hope my I didn't confuse you more. Heh.
Bonus:
7. Some people uses EmuNAND to have an extra layer of safety. So when an unfortunate event happened and they bricked their switch, EmuNAND is the first one to brick and not the SysNAND.
Sent from my SM-N960F using Tapatalk
1. EmuNAND (Emulated NAND), in layman's term copies the OS (SysNAND or System NAND) from the system partition to the external storage (i.e. sdcard)
2. On TX's point of view, emunand is something you can use to, allegedly, "avoid" getting banned by playing legit on SysNAND, while playing shady on EmuNAND.
3. Without any shady intent, the real purpose of EmuNAND is to have SysNAND in a certain (low) firmware where exploits are available, and use EmuNAND on the latest firmware.
3.1. To keep #3 simple, it's purpose is to enjoy the latest firmware while still having the ability to use exploits that are ONLY available on lower firmwares.
4. EmuNAND can be updated even without updating SysNAND.
5. If you're banned already, EmuNAND won't magically unban you. As mentioned in item#1, EmuNAND is a copy of your SysNAND. And no, you cannot use EmuNAND from another switch.
6. Exploits like DejaVu where it's needed to be a certain firmware version to use is inferior to fusee gelee, the current bootrom exploit we have on pre-ipatched switches since a bootrom exploit can and will work to ANY firmware version. So one can argue that DejaVu and EmuNAND isn't really needed on pre-ipatched units but it is definitelly useful on ipatched units since ipatched units doesn't have a bootrom exploit.
And that's all I can think of at the moment. I hope my I didn't confuse you more. Heh.
Bonus:
7. Some people uses EmuNAND to have an extra layer of safety. So when an unfortunate event happened and they bricked their switch, EmuNAND is the first one to brick and not the SysNAND.
Sent from my SM-N960F using Tapatalk
Last edited by annson24,
That doesn't change the fact there are still uses for EmuNAND for Fusee-Gelee vulnerable consoles. The ability to update without burning fuses and AutoRCM can be useful for people who fall for the AutoRCM rumors. Its also a great way to prevent SysNAND from being bricked since its much easier to recover from EmuNAND being bricked than SysNAND. Lastly, EmuNAND has been planned from the start of Atmosphere since it was initially planned to be used with Deja Vu which was slated to work with firmwares 4.1 and below. And there are plenty of people who will take a softmod over a pseudo-hardmod that has an extremely variable chance at succeeding.
Wow this guy just kept digging a hole for himself...
What you said, 3 times was that you cant update emunand if you dont update sysnand... well my sysnand is on 4.1 and my emunand is 7.... how you explain that if you cant update emunand?
Switch just will crash and that's it. Nothing will be damaged.
EmuNand = Copy of Nand you can use without touching the Nand
So the Nand not trace what you do in EmuNand = emulate a second Switch via software
If you have a clean Nand you can use as legit, Online and original games and EmuNand to the pirate stuff, but offline, because you use the same cert as Nand and if Nintendo catch you using EmuNand, bachup, homebrew they can block/ban your Switch and/or his account linked to this Switch.
All this isn't 100% accurate, but work for the majority that use like this.
CFW emulate part of the Nand, but let traces of games, homebrew, etc. Yes they cand catch this traces and not let Nintendo know, but you need to stay 100% offline like in EmuNand.
So the Nand not trace what you do in EmuNand = emulate a second Switch via software
If you have a clean Nand you can use as legit, Online and original games and EmuNand to the pirate stuff, but offline, because you use the same cert as Nand and if Nintendo catch you using EmuNand, bachup, homebrew they can block/ban your Switch and/or his account linked to this Switch.
All this isn't 100% accurate, but work for the majority that use like this.
CFW emulate part of the Nand, but let traces of games, homebrew, etc. Yes they cand catch this traces and not let Nintendo know, but you need to stay 100% offline like in EmuNand.
You will lose emunand and have to recreate one after fixing your sdcard. Also regqrding sdcards, it has been a moot whether using emunand shortens the sdcards life as using it will meqn a constant read&write to the partition used by the emunand. While the concept may hold true, many, including me, have used emunand for quite a long time and none of our sdcards broke yet.
Sent from my SM-N960F using Tapatalk
Similar threads
- Question
