Front-page Hacking  Updated

Switch TrustZoneHax on 4.x

nintendo-switch-15-1-630x354.jpg

The ReSwitched Hacking Team have done it again. motezazer, ktemkin and SciresM have achieved code execution on 4.1.0, the latest version at the time of writing this, via deja vu at TrustZone level. This means devices on 4.1.0 and below will be able to gain access to the whole system. SciresM strongly advises to not update in the future.

After less than a year, the Switch hacking team has moved extremely fast and now have got full access on the latest version. The progress being made is incredible, and in comparison, the 3DS took around 2 years to get ARM9 access. The scene is looking very promising so far and we are very lucky to have such talented people working on the Switch.

:arrow: Source
 
Last edited by Deleted member 381889,
  • Like
Reactions: ragestaker21, Anonymous42456, Dothackjhe and 88 others
Click to expand...
8BitWonder

8BitWonder

Small Homebrew Dev
Member
Level 16
Joined
Jan 23, 2016
Messages
2,489
Trophies
1
Location
47 4F 54 20 45 45 4D
XP
5,363
Country
United States
ThatBenderGuy said:
So me having a Switch on 8.0.0 means im still fucked right? My switch is on partially patched (XAW1011) and it automatically updated to 8.0.0 without my knowing (That or my gf did it by accident)

Will this work on my unit?
Click to expand...
Assuming you can't push payloads on your switch in RCM, then yes unfortunately you're boned if you wanted to run CFW. 8.0.0 patched the last known TZ vulnerability.

Unless a new vulnerability is found (could be a long time/never) the highest fw an ipatched unit will be able to run CFW is going to be 7.0.1.
 
hippy dave

hippy dave

BBMB
Member
Level 33
Joined
Apr 30, 2012
Messages
9,895
Trophies
2
XP
29,487
Country
United Kingdom
ThatBenderGuy said:
So me having a Switch on 8.0.0 means im still fucked right? My switch is on partially patched (XAW1011) and it automatically updated to 8.0.0 without my knowing (That or my gf did it by accident)

Will this work on my unit?
Click to expand...
Partially patched isn't a thing, I guess your serial is in the range where some are patched and some aren't, so you need to find out if yours is or not by putting it in RCM mode and sending a payload.
 
Nononoki

Nononoki

Well-Known Member
Newcomer
Level 4
Joined
Jan 31, 2012
Messages
84
Trophies
0
XP
484
Country
Gambia, The
Currently on 8.0 but my original fuses from 4.0.X are not burned, but lost my backup 4.0.X (6.2 is my earliest backup available). Anyway to downgrade without burning fuses and without backup? Just install old Firmware file with Choidujour? Never done that before, I just wanna know if there are major risks in downgrading. Or wait for 6.2+ support for warmboot?
 
Last edited by Nononoki,
pLaYeR^^

pLaYeR^^

Doctor Switch
Member
Level 13
Joined
Sep 18, 2014
Messages
3,151
Trophies
1
Age
27
Location
Austria
XP
3,893
Country
Austria
Nononoki said:
Currently on 8.0 but my original fuses from 4.0.X are not burned, but lost my backup 4.0.X (6.2 is my earliest backup available). Anyway to downgrade without burning fuses and without backup? Or wait for 6.2+ support for warmboot?
Click to expand...
Rebuild NAND for 4.0.X? If you don't need clean 4.0.X NAND you can also simply downgrade with ChoiDujourNX to 4.0.X.
 
Last edited by pLaYeR^^,
Nononoki

Nononoki

Well-Known Member
Newcomer
Level 4
Joined
Jan 31, 2012
Messages
84
Trophies
0
XP
484
Country
Gambia, The
pLaYeR^^ said:
Rebuild NAND for 4.0.X? If you don't need clean 4.0.X NAND you can also simply downgrade with ChoiDujourNX to 4.0.X.
Click to expand...

Ah thanks - any reports that downgrading with ChoidujourNX bricks consoles? Or is it (mostly) safe since I have backups? Never had a clean NAND so I don't care ;)
 
ZachyCatGames

ZachyCatGames

Well-Known Member
Member
Level 14
Joined
Jun 19, 2018
Messages
3,398
Trophies
1
Location
Hell
XP
4,209
Country
United States
Nononoki said:
Ah thanks - any reports that downgrading with ChoidujourNX bricks consoles? Or is it (mostly) safe since I have backups? Never had a clean NAND so I don't care ;)
Click to expand...
if you don’t use the factory reset option in ChoiNX when downgrading you’ll likely get a fatal when you start the system
 
R

Rimaahkehs

Member
Newcomer
Level 1
Joined
May 21, 2019
Messages
11
Trophies
0
Age
28
XP
55
Country
India
I am very new to the seen and in desperate need of help please help me by telling me where to look for these exploits I (mean link) to hack my ipatched unit I am from India and unable to find help anywhere else please

--------------------- MERGED ---------------------------

I am on 4.1 firmware
 
hippy dave

hippy dave

BBMB
Member
Level 33
Joined
Apr 30, 2012
Messages
9,895
Trophies
2
XP
29,487
Country
United Kingdom
Rimaahkehs said:
I am very new to the seen and in desperate need of help please help me by telling me where to look for these exploits I (mean link) to hack my ipatched unit I am from India and unable to find help anywhere else please

--------------------- MERGED ---------------------------

I am on 4.1 firmware
Click to expand...
Just keep waiting a bit longer, they will be posted on this forum when they're ready.
 
S

Sticker

Well-Known Member
Newcomer
Level 5
Joined
Oct 1, 2018
Messages
89
Trophies
0
Age
34
XP
683
Country
Vietnam
I remember someone said we can boot any CFW without care about furse count because ignoring count feature of hakate or something similar. So can we downgrade to 4.0 and take advanced of Trust Zone vulnerability without care about burning furses?
 
Draxzelex

Draxzelex

Well-Known Member
Member
Level 23
Joined
Aug 6, 2017
Messages
19,017
Trophies
2
Age
29
Location
New York City
XP
13,403
Country
United States
Sticker said:
I remember someone said we can boot any CFW without care about furse count because ignoring count feature of hakate or something similar. So can we downgrade to 4.0 and take advanced of Trust Zone vulnerability without care about burning furses?
Click to expand...
If you can boot the console via Hekate and subsequently CFW, what would be the point of booting Deja Vu?
 

Site & Scene News

Go to forum More news

Popular threads in this forum

Emulation Homebrew  duckstation for Switch

Can you trade in a banned switch for an unbanned one?

Why is Atmosphere so dominant?

Crosscode Hacking thread

Hacking  Weird findings from that DQ trilogy switch port

Migswitch backups without certificate files

switch change sd card, but android start fail

Hacking Hardware  Picofly on "old" Samsung EMMC glitching fails sometimes

General chit-chat
Help Users
  • Veho @ Veho:
    That's a relief to hear. Do you know what happened?
  • SylverReZ @ SylverReZ:
    @BakerMan, Any idea what happened? I hope that your brother's doing good.
  • BakerMan @ BakerMan:
    Well, from what I've heard from my parents, he had a seizure last night, perhaps an epileptic episode, fucking died, had a near death experience, my dad called the paramedics, they showed up, took him to the hospital, and he woke up covered in tubes, and started complaining.
  • BakerMan @ BakerMan:
    He couldn't eat until after his MRI, when he had a bomb pop.
  • BakerMan @ BakerMan:
    What matters now is that he's doing alright.
  • Veho @ Veho:
    But you still don't know what it was?
  • Veho @ Veho:
    Has he had seizures before?
  • The Real Jdbye @ The Real Jdbye:
    apparently stress can cause seizures, my brother had one during a test once
  • The Real Jdbye @ The Real Jdbye:
    never had one before that, and never had one since
  • Veho @ Veho:
    https://i.imgur.com/bG1pQld.mp4
     +1
  • Psionic Roshambo @ Psionic Roshambo:
    https://www.youtube.com/watch?v=_9PnFJMnYT0
  • Redleviboy123 @ Redleviboy123:
    Question about game texture chanching Do i need an own game id?
  • The Real Jdbye @ The Real Jdbye:
    @Veho for those that want to
    experience being sonic the hedgehog
  • Veho @ Veho:
    Ah, you mean
    furries.
     +1
  • The Real Jdbye @ The Real Jdbye:
    well, sonic fans are a whole separate thing from furries
  • The Real Jdbye @ The Real Jdbye:
    like bronys
  • The Real Jdbye @ The Real Jdbye:
    sonic porn is too weird even for me
  • Dumpflam @ Dumpflam:
    bruh
  • Dumpflam @ Dumpflam:
    guys how do i delete a post
  • The Real Jdbye @ The Real Jdbye:
    you don't
  • The Real Jdbye @ The Real Jdbye:
    you can report it and request deletion
  • BakerMan @ BakerMan:
    Also, no, that was his first time having a seizure, and hopefully the last
     +1
  • K3Nv2 @ K3Nv2:
    Ea play raised priced to $6 a month lol
  • BigOnYa @ BigOnYa:
    Same with uremum, she's now $2 a month
  • K3Nv2 @ K3Nv2:
    Also seizures come and and go they don't have an off switch like that it all depends
    K3Nv2 @ K3Nv2: Also seizures come and and go they don't have an off switch like that it all depends