Hacking Apparently the X1 bootrom was leaked

[garyopa]

I just can't wait for all the noobs to try this and end up frying their Switch's PCBs

Better way is to flash the firmware on joycon itself via bluetooth, of course custom firmware, so you can just use 'button' on joycon to do the shorting!

 

[Deathscreton]

The Jetson TX1 has some debouncing, but ultimately you're just pulling that input low. If you're really concerned you can use a resistor or something, but it's an input that can handle being grounded.

I knew there was a term for it. lmao

 

[the_randomizer]

Better way is to flash the firmware on joycon itself via bluetooth, of course custom firmware, so you can just use 'button' on joycon to do the shorting!

Hmm, gonna wait for further development.

 

[Deathscreton]

I just can't wait for all the noobs to try this and end up frying their Switch's PCBs

I know a lot of us aren't RE experts, but I imagine most of us have been around long enough to know how to short circuit something. Brings me back to the TSOP days.

 

[TerraPhantm]

Better way is to flash the firmware on joycon itself via bluetooth, of course custom firmware, so you can just use 'button' on joycon to do the shorting!

That pin is setup as an input on the joy-con. Joy-con can't pull it low (it reads the state for its own purposes; if high the joycon is active, if low it's not).

 

[the_randomizer]

I know a lot of us aren't RE experts, but I imagine most of us have been around long enough to know how to short circuit something. Brings me back to the TSOP days.

There's not much for the end user right now anyway.

 

[garyopa]

The Jetson TX1 has some debouncing, but ultimately you're just pulling that input low. If you're really concerned you can use a resistor or something, but it's an input that can handle being grounded.

Source: https://www.maximintegrated.com/en/app-notes/index.mvp/id/1858

 

[Deathscreton]

That pin is setup as an input on the joy-con. Joy-con can't pull it low (it reads the state for its own purposes; if high the joycon is active, if low it's not).

Who are you mystical user and why are you so knowledgeable? Teach me.

 

[Fluffball]

The buzz around this bootrom dump is real but it's going to be a few months until all the pieces for a fully working and stable cfw are in place.

 

[nmkd]

The buzz around this bootrom dump is real but it's going to be a few months until all the pieces for a fully working and stable cfw are in place.

I mean, Atmosphere releases in "a few months".

 

[garyopa]

The buzz around this bootrom dump is real but it's going to be a few months until all the pieces for a fully working and stable cfw are in place.

And then after all that, getting 'backups' to work. FreeEshop not possible on Switch, and remapping the cartridge slot to sdcard is not easy, and then there is the certs needed and the newer master_key_04 and other keys plus kernel patches to disable all the signing checks.

 

[TerraPhantm]

View attachment 121096

Source: https://www.maximintegrated.com/en/app-notes/index.mvp/id/1858

Basically what that's showing is how the debouncing logic works. Normally when you press a button, it actually isn't a clean on -> off or off -> on. Instead you get a wave form like the one pictured - a bunch of rapid oscillations before the button press registers as a flat line (as a HIGH signal in this example). The debouncing logic sees that, and instead sends a clean high signal from the moment the oscillations start. It's not really protecting the device, but instead preventing a condition where a bunch of presses are detected instead of a single press. For something like this where you just need to short the connection during boot rather than reliably read the button condition multiple times, debouncing isn't super important.

Who are you mystical user and why are you so knowledgeable? Teach me.

I'm no one, just have a little experience hacking other systems (my interests have mostly been with BMW engine computers). I know enough to understand discussions about these kind of things, but not enough to play an active role in hacking.

Joycon info I found here: https://github.com/dekuNukem/Nintendo_Switch_Reverse_Engineering

 

[Deathscreton]

I'm no one, just have a little experience hacking other systems (my interests have mostly been with BMW engine computers). I know enough to understand discussions about these kind of things, but not enough to play an active role in hacking.

Joycon info I found here: https://github.com/dekuNukem/Nintendo_Switch_Reverse_Engineering

regardless, your knowledge is impressive. I've tried getting into it, but a lot of the terminology goes clear over my head. lol

 

[Hayro]

So is this basically a race for Hackers glory now?

 

[Deathscreton]

So is this basically a race for Hackers glory now?

Never was really a race. It's more of a "wow, we can't really take our time anymore, shits out so lets get to work" kinda thing.

Everyone was waiting for someone else to make a move.

 

[leerpsp]

Team xecuter Just lost out on a lot of money over this.

 

[Deathscreton]

Team xecuter Just lost out on a lot of money over this.

Maybe, maybe not. Depending on the cost of the short circuit tool, I may buy one if it proves easier to use than a wire. We'll see.

 

[TheKerplunk]

Better way is to flash the firmware on joycon itself via bluetooth, of course custom firmware, so you can just use 'button' on joycon to do the shorting!

https://twitter.com/ktemkin/status/988468894602936320

Check your facts

 

[leerpsp]

https://twitter.com/ktemkin/status/988468894602936320

Check your facts

So i'm gonna have to do this to my joycon and not use the wire i have

 

[Deathscreton]

So i'm gonna have to do this to my joycon and not use the wire i have

Why wouldn't you just use the wire?