Even then the browser would only be the very first layer, to do anything more usefull on a modern console, you will need to exploit other things from there on, like the system modules, the kernel and/or trustzone
Hacking Discussion Why The Switch cant have any savegame or DNS Exploit?
- Thread starter AnyIdeasOnANameForMe
- Start date
- Views 9,229
- Replies 43
- Likes 2
These kinds of exploits require finding a bug to exploit. Homebrew devs didn't just take a game and suddenly there was homebrew. Devs found something broken in the game code that could allow code to be run from a save file, causing the game to crash and launch their exploit. It could be possible that something like this exists in some Switch games, but it would require people investing their time into looking for these exploits. The same really goes for any exploits found in the system, there needs to be a bug that can found to be "game-breaking" enough to be exploited and used for homebrew.
Last edited by The Catboy,
It's because of KASLR (address space layout randomization), it makes it near impossible to identify the correct pieces of code in memory to string together (before we have code execution, we have to rely on stringing existing bits of code together in a way that it loads our own code and jumps to it)
The reason it works in the browser is because of the javascript engine, which is a big attack surface for potential exploits, but not only that, all of the API is exposed, and we can abuse that to make it do what we want, so finding the right bits of code in memory is essentially taken out of the equation.
Last edited by The Real Jdbye,
D
Deleted User
Guest
The reason why the Switch has no savegame exploit is because nobody has released one yet 
Same reason we don't have a perpetual motion machine.The reason why the Switch has no savegame exploit is because nobody has released one yet
Plus that games are running in sandbox (dunno about applet calls). If you will try to access memory address outside of sandbox, system will crash instantly. So you're limited only to addresses assigned to game by loader.
For ASLR there were exploits that could potentially make it predictible or could extract addresses, but all that we know about are already patched.
Last edited by masagrator,
D
Deleted User
Guest
I guess we aren't speaking about that in this thread or stuff like that, there is no interest on those exploits since there is already RCM.
- Joined
- Jul 23, 2018
- Messages
- 6,051
- Trophies
- 1
- Age
- 29
- Location
- Lampukistan
- Website
- hmpg.net
- XP
- 6,163
- Country
Yes, we have the rcm. But this exploit has already been fixed. And the consoles that still have this exploit will not exist forever. And newer units can only use homebrew via chip. And as far as we know, the chips can't be bought atm. If yes, very overpriced or very quickly out of stock. So, from that point of view, we don't really have much at the moment. There are no more chips, no RCM units (except the ones out in the wild). A softwarehax would be nice. But who knows what us the future shows.
- Joined
- Jul 10, 2020
- Messages
- 176
- Trophies
- 0
- Age
- 27
- Location
- Florianópolis - SC, Brasil
- XP
- 682
- Country
Similar threads
- No one is chatting at the moment.
-
-
-
-
-
-
-
@
Xdqwerty:
@realtimesave, hey there buddy chum pal friend buddy pal chum bud friend fella bruther amigo pal buddy friend chummy chum chum pal -
@
Xdqwerty:
@realtimesave, hey there buddy chum pal friend buddy pal chum bud friend fella bruther amigo pal buddy friend chummy chum chum pal
-
-
-
-
-
-
-
-
-
-
-
@
Sicklyboy:
@Xdqwerty, Osu! Tatakae! Ouendan! is the Japanese version of the game, different settings/characters/songs but otherwise identical mechanics. I played that before I knew about Elite Beat Agents lol. Both fantastic games https://en.wikipedia.org/wiki/Osu!_Tatakae!_Ouendan+1 -
-
-
-
-
-
