Toggle sidebar

Hacking Hardware Any useful artifacts for the hackers?

  • Thread starter Thread starter xPatsy
  • Start date Start date
  • Views Views 2,175
  • Replies Replies 15
X

xPatsy

Member
Newcomer
Level 1
Joined
Jan 4, 2016
Messages
12
Reaction score
1
Trophies
0
XP
90
Country
United States
Whenever the Switch 2 finally opens up for general purchase, I plan to buy two here in Tokyo. I'll be picking up the local Japanese version for my wife and the "global" version for my gaijin self.

I plan to swap out the cases for something more colorful. As those swaps look to be a near full teardown of the consoles, I was wondering if there's any userful artifacts I could grab that researchers could use. Other than "not publically hacked yet" I have no idea where the scene or work being done is at, but I've done non-console work professionally in the past.
 
Yeah, when I read the “widely available” I thought you all had good reading comprehension, and assumed that NAND dumps and whatnot were in bountiful supply haha.
 
Considering it's widely available (which it should be), I was wondering... did scalpers make any money with the Switch 2 launch? I hope not. This scalper business on new consoles launch needs to die.
 
  • Like
Reactions: _iggyman_
the op of this post just seems like a guy larping that he has a japanese wife.

i can say with confidence that the Japanese variant of the console is literally just the global version locked down to one localization. nintendo can sell it cheaper in japan because 1.) they don't have to export it, and 2.) they know the Japanese piracy scene it pretty nonexistent, and they are probably banking on recouping the costs in game sales.

now... if there's an exploit done with one variation (i.e., global), it's bound to be done to the other (jpn version) with the same entry points, that's just logical it's the same console you just can't choose the language of the device.

okay, honestly the word artifacts really made me cringe and made me stop lurking to say this. OP, do that shell swap and enjoy the device, I have a white shell coming for my moms switch2 it's gonna look sick... and by all means if you want to open the device and start debugging things, the scene would really appreciate that, because right now, it's pretty much a clean slate. realistically though the T239 chip has pretty beefy memory encryption, and without modifying that upon boot it's going to tell if the NAND has been tampered with... so hardware wise I think it's above your expertise to get us these "artifacts" (no offense)

there's no really public info or possibility of a full blown exploit anytime soon. switch2brew has lots of info you might find interesting, but the closest thing we have that I've seen is the day one webkit ROP chain, accessible by captive portal on the launch firmware (maybe newer ones too? idk if nintendo fixed the webkit that fast). while this is a start it doesn't do anything, as applications like the webkit are sandboxed and most likely encrypted memory wise. and with how small the kernels codebase is, a kernel exploit via software seems very unlikely for a long time.

finally, as far as "artifacts" go, what people meant by "widely" available, was what you referenced in your OP, not the fact that the console itself is widely available, but that teardown info is widely available. As @TheStonedModder said, your vagueness really left potential commenters swinging in the dark.
 
  • Like
Reactions: TheStonedModder
phakio said:
the op of this post just seems like a guy larping that he has a japanese wife.

i can say with confidence that the Japanese variant of the console is literally just the global version locked down to one localization. nintendo can sell it cheaper in japan because 1.) they don't have to export it, and 2.) they know the Japanese piracy scene it pretty nonexistent, and they are probably banking on recouping the costs in game sales.

now... if there's an exploit done with one variation (i.e., global), it's bound to be done to the other (jpn version) with the same entry points, that's just logical it's the same console you just can't choose the language of the device.

okay, honestly the word artifacts really made me cringe and made me stop lurking to say this. OP, do that shell swap and enjoy the device, I have a white shell coming for my moms switch2 it's gonna look sick... and by all means if you want to open the device and start debugging things, the scene would really appreciate that, because right now, it's pretty much a clean slate. realistically though the T239 chip has pretty beefy memory encryption, and without modifying that upon boot it's going to tell if the NAND has been tampered with... so hardware wise I think it's above your expertise to get us these "artifacts" (no offense)

there's no really public info or possibility of a full blown exploit anytime soon. switch2brew has lots of info you might find interesting, but the closest thing we have that I've seen is the day one webkit ROP chain, accessible by captive portal on the launch firmware (maybe newer ones too? idk if nintendo fixed the webkit that fast). while this is a start it doesn't do anything, as applications like the webkit are sandboxed and most likely encrypted memory wise. and with how small the kernels codebase is, a kernel exploit via software seems very unlikely for a long time.

finally, as far as "artifacts" go, what people meant by "widely" available, was what you referenced in your OP, not the fact that the console itself is widely available, but that teardown info is widely available. As @TheStonedModder said, your vagueness really left potential commenters swinging in the dark.
Click to expand...
The captive portal isn’t anything new either

Here is a tool I made for switch 1 the first week it was released
 
Y'all are annoying lol. Against my better judgement I'm going to reply back here again.

Show up to ask a question and try to be helpful to the community and get called a larper, wtf?

Anyways~

I hear you, my question was vague. The word "artifacts" is what I've always used when doing hardware RE work. Pop something open and take pictures. Put together a pinout diagram. Dump flash from chip X, dump firmware from chip Y. Get logic analyzer captures of the traffic between A and B. You can't just call all of that stuff "Flash" or "dumps" or something. To the SUPER HACKER PROS throwing darts from their mom's basement, what word would you use? Am I speaking the right language now, sprinkling some insults in there? smh.

I posted here because I know there are people actively working on the switch 2 who might come by, and if there's something I could do that's useful for 'em I'd like to. I'm not asking you to judge my skill level (tf, you want a resume?)
 
  • Like
Reactions: peteruk
xPatsy said:
Y'all are annoying lol. Against my better judgement I'm going to reply back here again.

Show up to ask a question and try to be helpful to the community and get called a larper, wtf?

Anyways~

I hear you, my question was vague. The word "artifacts" is what I've always used when doing hardware RE work. Pop something open and take pictures. Put together a pinout diagram. Dump flash from chip X, dump firmware from chip Y. Get logic analyzer captures of the traffic between A and B. You can't just call all of that stuff "Flash" or "dumps" or something. To the SUPER HACKER PROS throwing darts from their mom's basement, what word would you use? Am I speaking the right language now, sprinkling some insults in there? smh.

I posted here because I know there are people actively working on the switch 2 who might come by, and if there's something I could do that's useful for 'em I'd like to. I'm not asking you to judge my skill level (tf, you want a resume?)
Click to expand...
Snip

But only go there if you have something concrete (a question or a finding), they don’t like useless talking. Especially not about stuff you can google.
 
Last edited by [Truth],
xPatsy said:
Y'all are annoying lol. Against my better judgement I'm going to reply back here again.

Show up to ask a question and try to be helpful to the community and get called a larper, wtf?

Anyways~

I hear you, my question was vague. The word "artifacts" is what I've always used when doing hardware RE work. Pop something open and take pictures. Put together a pinout diagram. Dump flash from chip X, dump firmware from chip Y. Get logic analyzer captures of the traffic between A and B. You can't just call all of that stuff "Flash" or "dumps" or something. To the SUPER HACKER PROS throwing darts from their mom's basement, what word would you use? Am I speaking the right language now, sprinkling some insults in there? smh.

I posted here because I know there are people actively working on the switch 2 who might come by, and if there's something I could do that's useful for 'em I'd like to. I'm not asking you to judge my skill level (tf, you want a resume?)
Click to expand...
Anything you own or can buy can be easily acquired by any one who is looking to hack the system.
 
Artifacts? There's got to be a better, more accurate term than that.

There isn't anything archeological or of historical interest here. 😅

Anyway, if you want to buy a new Switch 2, well, they're available everywhere. Even those who bought on launch who never actually unsealed it are selling it for a loss as they just want to sell it and get some money back (not a great idea, but if they need that cash then they have to).
 

Site & Scene News

Go to forum More news

Popular threads in this forum

Hardware  Mobapad M12 HD

Rumor  My expectations for the rumored Nintendo Direct

Gaming  Are you enjoying Yoshi and the Mysterious Book?

Am I really the only one who would take longer boot/load times...

Fire Emblem;

Gaming  Star Fox 64 HD Demo

Noob Switch 2 Questions

Switch right joycon weird issue in wireless