Hacking Apparently the X1 bootrom was leaked

[Sephirosu]

They can do what they want, but not in that way.
At this point it's outrageous how the "twitter celebs" of the switch scene tease us and laugh at the others teams.
We need respect back.

Oh I know that. Trust me I lived it with team FOF in the Wii u era and now im happy that someone is actually releasing stuff to the public. I just don't like that they're throwing dirt to the other teams but again im glad that the flame wars are actually getting things to move along just not too happy about the flaming itself xD

 

[ShadowOne333]

(Switch needs volume up press and JoyCon pin shorted).

So this is what Kate meant by shorting some things on the Switch.
And the USB-A to USB-C cable seems to be needed to enter the RCM command to smash the Boot ROM stack before signature checks.
Which means that we can potentially have a sigpatched sysnand in the foreseeable future for the Switch, no emunand

 

[sarkwalvein]

Just FYI these are the first notes in the leaked IDC, staright out of IDA
!!NOTHING ILLEGAL!!

// Tegra ROM IDC by G33KAtWork & q3k, 2018/04/23
// rom.bin 1c629af8a34adf21771630822a77ff78f57d0ba3e4953d96f0f68e5ab2b38dec
// Notes:
//  - you will need to have uncompressed IRAM
//  - this does not take into account IPATCH data
//  - some of the structs have _inner members just so that reading hexrays
//    output is less painful
//  - parts of it are certainly wrong
//  - please, for the love of everything that is holy, don't hoard 0days and
//    also boast about it on twitter - you'll only make bad actors throw
//    more resources at the problem to find the bug before you release it
//

Drama queens ride the scene.

 

[garyopa]

just one of dozen bugs, and joycon stuff been patched latest firmwares, a little tougher now.

 

[DeslotlCL]

So, has the drama started at all? Where are dem free gamez smh

 

[CMDreamer]

I'm out of the loop here, what can it be used for?

If you don't know, then it's not useful for you, don't worry. (No offense meant).

 

[charlieb]

just one of dozen bugs, and joycon stuff been patched latest firmwares, a little tougher now.

So you're saying this "leak" is really easy for people on old FW?. I'm on 1.0.0 on both my consoles so I think I'm lucky but for the majority on 3.0.1 bad news?

 

[Sephirosu]

-snip-

That's a very good question. Which versions does that work in? Is what a lot of us want to know.

 

[subcon959]

So, the 2 messages so far have been that hacking is easy and glitching is hard... Hmmmmm I wonder who that narrows it down to..

 

[garyopa]

https://twitter.com/Mathieulh/status/988430024821886976

--------------------- MERGED ---------------------------

So you're saying this "leak" is really easy for people on old FW?. I'm on 1.0.0 on both my consoles so I think I'm lucky but for the majority on 3.0.1 bad news?

joycon patches didn't start until recently 5.01 and higher series. -- you can still get around that by changing the joycon firmware yourself first via pc to bluetooth connection, just more work.

 

[Crazy-S]

So apparently JOYCONHAX was real...^^

Spoiler: KTEMKIN FAQ ABOUT JOYCONHAX

Q: There's been a ton of meme'ing around joyconhax. Do the JoyCons actually have direct kernel access, or do they give you access tosomething you need in Horizon?

The JoyCons definitely do not have direct kernel access. The Switch operating system, Horizon, is based on a microkernel architecture, and thus drivers for most hardware peripherals are run as less-privileged (EL0/userland) system applications called sysmodules. The JoyCon interfacing is mostly handled by the hid sysmodule, though the busand the bluetooth system modules help to ferry data along. None of these play any role in launching Fusée Gelée.

While software modifications to the JoyCon can be fun and useful-- and we do have the capability to arbitrarily hack the JoyCon firmware-- custom JoyCon firmware is currently not involved at all in launching any of the Fusée Gelée variants.

(But, hey-- if you come up with a clever solution that patches JoyCon software to do something exploity, I'd love to hear it.)

 

[nWo]

Okay so now what. I´m at work but my head is spinning trying to understand what the hell is going on!!!! So much info in a single slap!! Can´t read the posts with a calm mind right now. Damn I want to go home, like the school days ha!!!

 

[Flying Scotsman]

Already leaked. https://pastebin.com/4ykNxzU5

Since that bug was "released":

It looks like someone else has found-- and documented-- one of our bootROM bugs. Since there doesn't seem to be much point in hiding it anymore, ReSwitched brings you: http://www.memecpy.com/ . Also: JoyCon hax? Still real. More information / guides forthcoming.

The Fusee-Launcher has now been released as well.

 

[tunip3]

We don't know everything about Fusée Gelée and its variants, but Kate has said that users should only have to open up their Switch systems one time.


That's correct. We still need Atmosphère to be completed.

Arch linux

 

[Subtle Demise]

even if thats the case its every device which runs this chip which will have trouble or issues , tech you could use the exploit to fuck around with teslas software or even drive the car with a Joy con

Yeah because the media center is in total control of essential system functions

 

[ploggy]

FOF is peddling a "hardmod" for the Switch?

Introducing our new, revolutionary technology for Nintendo Switch modification. Welcome to SwitchX PRO. Coming soon. pic.twitter.com/d3xGawrW1u

— fail0verflow (@fail0verflow) April 23, 2018

 

[subcon959]

LOL, theres too much shit going on at once its hard to keep up.

 

[ploggy]

Things are dropping left and right!!

Failed to fetch tweet 988448011104628736

So, what does this mean for Atmosphère?

Atmosphère's still not ready yet, and public brom bug doesn't change that -- I'll be working as hard as I can to get it ready asap.

It *does* mean that anyone who is interested can contribute to dev, though -- and I hope you all do so :) https://t.co/qOeykE0wcp

— Michael (@SciresM) April 23, 2018

 

[fatsquirrel]

This is happening too fast for my brain to understand

 

[subcon959]

Christ, I did not expect today to go like this at all...