I think I found the exploit to crack the Switch on the 2nd model and possibly OLED

NintenboChan · Mar 30, 2022

Hey guys, I'm new here and I know the hacking scene here is wide. Anyway, I'm fairly familiar with hacking and seen how exploits through Flipnote worked etc and I was playing my Switch (An XKW) model. I was playing Yugioh Duel Links Evolution and testing decks I may build in Master duel but while I was playing instead of the game glitching and closing like I'm use too because it's an unstable game on switch. But this time I was greeted with the greatest screen an open door had to present. A pink screen that would occasionally flash "Please reconnect controller" I tested my joy cons and both were working but I realized if we use that screen and pair a device as a controller that can inject the exploit then we can crack the Switch.

smf · Mar 30, 2022

yes, of course you can.

banjojohn · Mar 30, 2022

Sound very plausible...

Shadow#1 · Mar 30, 2022

NintenboChan said:
Hey guys, I'm new here and I know the hacking scene here is wide. Anyway, I'm fairly familiar with hacking and seen how exploits through Flipnote worked etc and I was playing my Switch (An XKW) model. I was playing Yugioh Duel Links Evolution and testing decks I may build in Master duel but while I was playing instead of the game glitching and closing like I'm use too because it's an unstable game on switch. But this time I was greeted with the greatest screen an open door had to present. A pink screen that would occasionally flash "Please reconnect controller" I tested my joy cons and both were working but I realized if we use that screen and pair a device as a controller that can inject the exploit then we can crack the Switch.

ROTFLMAO that's not how this works all games run in a sandbox LOL

ut2k4master · Mar 30, 2022

lol nope xD

Shadow#1 · Mar 30, 2022

Ikr kids theses days

tabzer · Mar 30, 2022

NintenboChan said:
Hey guys, I'm new here and I know the hacking scene here is wide. Anyway, I'm fairly familiar with hacking and seen how exploits through Flipnote worked etc and I was playing my Switch (An XKW) model. I was playing Yugioh Duel Links Evolution and testing decks I may build in Master duel but while I was playing instead of the game glitching and closing like I'm use too because it's an unstable game on switch. But this time I was greeted with the greatest screen an open door had to present. A pink screen that would occasionally flash "Please reconnect controller" I tested my joy cons and both were working but I realized if we use that screen and pair a device as a controller that can inject the exploit then we can crack the Switch.

Why would this be different than pairing a controller through the system? Is there a reason that you think this method is providing a way to tunnel in that the system normally doesn't allow via pairing mode?

Usually one would have some sort of cue that prompts a specific approach. You could bruteforce your way into finding a method that works, but that could take your whole life, or more, to yield any kind of progress.

Shadow#1 said:
ROTFLMAO that's not how this works all games run in a sandbox LOL

Except that not historically accurate. 3DS had multiple exploits via game software and the Switch had a game pulled from its shop because the game allowed code editing. It's not really something you can rule out. Sandbox doesn't mean much if Nintendo's coding is buggy or has holes. Stability updates would like a word with you.

masagrator · Mar 30, 2022

tabzer said:
3DS had multiple exploits via game software and the Switch had a game pulled from its shop because the game allowed code editing

Because they were not running in a sandbox + 3DS didn't have ASLR.
It didn't allow code editing. It was glitchy code interpreter that could potentially leak something, but people that tested it came to a conclusion it's worthless in terms of exploiting OS. And they pulled this game out because dev hidden this before Nintendo reviewers.

NintenboChan said:
A pink screen that would occasionally flash "Please reconnect controller" I tested my joy cons and both were working but I realized if we use that screen and pair a device as a controller that can inject the exploit then we can crack the Switch.

Pairing and reading output is done outside of game. Then this is remade to structs usables for games and this is what is parsed.

Shadow#1 · Mar 30, 2022

masagrator said:
Because they were not running in a sandbox + 3DS didn't have ASLR.
It didn't allow code editing. It was glitchy code interpreter that could potentially leak something, but people that tested it came to a conclusion it's worthless in terms of exploiting OS. And they pulled this game out because dev hidden this before Nintendo reviewers.

Pairing and reading output is done outside of game. Then this is remade to structs usables for games and this is what is parsed.

Exactly

tabzer · Mar 30, 2022

masagrator said:
Because they were not running in a sandbox + 3DS didn't have ASLR.

ASLR seems like a natural progression. What's the nuance, though, that 3DS games weren't running in a sandbox (and switch games are)? The fact that they were exploited or that they were given root access as default?

OSes have their own different methods of isolating applications from their system's services and some are weaker than others. The idea that the Switch cannot be hacked through a game is an ideal celebrating Nintendo's security, but not something that can be fully trusted.

masagrator said:
And they pulled this game out because dev hidden this before Nintendo reviewers.

That's the story. :rolleyes:

Imagine stockholder reaction if they did say it was because it could exploit the Switch? So if it is true, they probably wouldn't even say so.

NintenboChan · Mar 30, 2022

Bingo. Pairing might be done outside of the game but if it links and the game picks it up in this "Glitch state" and the "controller" paired can run an exploit then it might be possible that we could use this as a form of modding. More or less this is theoretically a way to open a window to putting in an exploit. If we can find were the data is pulling from during the glitch and what provokes it, then we can figure out how to get the data in from there. Which if done right the insert could load in a false prompt to boot to something like a CFW install.

A better way to help demonstrate it is by showing the step process.

*Boot Yugioh Legacy of the duelist: Link Evolution
*Cause Glitch
*Get prompt to reconnect controller
*Use false controller with data inject
*Game picks up controller and knows to progress forward, then starts reading injected data
*Injection prompts mod/CFW boot from SD Card/ Whatever is being used as a false controller.

NintenboChan · Mar 30, 2022

I also wanted to refer how to how a switch reads data from the SD card play a game, If it can be prompted to read it from a different source through exploiting the game it's ideally a viable option to boot custom files from the SD card.

masagrator · Mar 30, 2022

Does anybody have this link where it's explained why this is a naive idea? I think there was a nice post about exploits chain loading requirement that doesn't exist since 8.0.0+

masagrator · Mar 30, 2022

NintenboChan said:
I also wanted to refer how to how a switch reads data from the SD card play a game, If it can be prompted to read it from a different source through exploiting the game it's ideally a viable option to boot custom files from the SD card.

This already shows how ignorant you are in how system sets sandbox cage privileges and how nnsdk is communicating with system.

Nothing to see here folks. You can go.

tabzer · Mar 30, 2022

NintenboChan said:
Bingo. Pairing might be done outside of the game but if it links and the game picks it up in this "Glitch state" and the "controller" paired can run an exploit then it might be possible that we could use this as a form of modding. More or less this is theoretically a way to open a window to putting in an exploit. If we can find were the data is pulling from during the glitch and what provokes it, then we can figure out how to get the data in from there. Which if done right the insert could load in a false prompt to boot to something like a CFW install.

A better way to help demonstrate it is by showing the step process.

*Boot Yugioh Legacy of the duelist: Link Evolution
*Cause Glitch
*Get prompt to reconnect controller
*Use false controller with data inject
*Game picks up controller and knows to progress forward, then starts reading injected data
*Injection prompts mod/CFW boot from SD Card/ Whatever is being used as a false controller.

The most obvious issue I see is that it's asking you to reconnect the controller. It's just a screen implying that it has lost connection with the controllers, which all games tend to have. Are you relying on the fact that the screen looks funny as the clue?

NintenboChan · Mar 30, 2022

tabzer said:
The most obvious issue I see is that it's asking you to reconnect the controller. It's just a screen implying that it has lost connection with the controllers, which all games tend to have. Are you relying on the fact that the screen looks funny as the clue?

Not exactly. I'm not sure if you've played a Yugioh game before but it only happens during a duel where it's constantly trying to read scripts turn by turn and the glitch I'm fairly certain is trying to pull from either the cinematics or the AI response in game. It's an obvious indicator that it's looking for data to follow. But if there's data to read where this glitch happens then it's a free ticket to loading custom data.

tabzer · Mar 30, 2022

NintenboChan said:
Not exactly. I'm not sure if you've played a Yugioh game before but it only happens during a duel where it's constantly trying to read scripts turn by turn and the glitch I'm fairly certain is trying to pull from either the cinematics or the AI response in game. It's an obvious indicator that it's looking for data to follow. But if there's data to read where this glitch happens then it's a free ticket to loading custom data.

So if it's waiting for an input, which you could hypothetically feed custom code, are you aware of any kernel vulnerabilities that would escalate your access?

NintenboChan · Mar 30, 2022

tabzer said:
So if it's waiting for an input, which you could hypothetically feed custom code, are you aware of any kernel vulnerabilities that would escalate your access?

As of now know because I updated a few days ago because I had actually given up on modding my model. Is there a way to explain the process of how the switch prompts and update? If so that could be what's used in an injection to prompt an update to a CFW.

tabzer · Mar 30, 2022

NintenboChan said:
As of now know because I updated a few days ago because I had actually given up on modding my model. Is there a way to explain the process of how the switch prompts and update? If so that could be what's used in an injection to prompt an update to a CFW.

I'm sure there is a server it connects to, a passphrase, a handshake, and a lot of processes that I don't think we, as a community, even have the resources to emulate. If you are trying to rally support, you've come to the wrong place. People either contribute here or want stuff handed to them. @masagrator and @Shadow#1 represent two sides of that polarity. These people don't really want to collaborate, lol.

This is gbatemp in a nutshell:

https://gbatemp.net/threads/hack-sxos.582831/

As you notice @Shadow#1 is the first useless person to "contribute", but the moral of the story, the guy was onto something and it's more trouble than it's worth to deal with these egos if you are trying to actually accomplish something.

Shadow#1 said:
ROTFLMAO "CFW" isn't "INSTALLED"

So useless.

NintenboChan · Mar 30, 2022

tabzer said:
I'm sure there is a server it connects to, a passphrase, a handshake, and a lot of processes that I don't think we, as a community, even have the resources to emulate. If you are trying to rally support, you've come to the wrong place. People either contribute here or want stuff handed to them. @masagrator and @Shadow#1 represent two sides of that polarity. These people don't really want to collaborate, lol.

This is gbatemp's in a nutshell:

https://gbatemp.net/threads/hack-sxos.582831/

As you notice @Shadow#1 is the first useless person to "contribute", but the moral of the story, the guy was onto something and it's more trouble than it's worth than to deal with these egos if you are trying to actually accomplish something.

So useless.

Yeah, I feel you. I found the possible window and was more looking to understand it and how we can actually manipulate it in our favor but I can see where you're coming from. For some reason people want to send hateful messages. It's usually a self-esteem issue in real life as to why I'm not taking them seriously.

I think I found the exploit to crack the Switch on the 2nd model and possibly OLED

Member

Well-Known Member

Well-Known Member

Wii, 3DS Softmod & Dumpster Diving Expert

Lord Tourettes

Wii, 3DS Softmod & Dumpster Diving Expert

This place is a meme.

The patches guy

Wii, 3DS Softmod & Dumpster Diving Expert

This place is a meme.

Member

Member

The patches guy

The patches guy

This place is a meme.

Member

This place is a meme.

Member

This place is a meme.

Member

Similar threads

Popular threads in this forum