Hacking Atmosphere 0.8 released 6.2.0 working

[x65943]

If I switch over from Reinx to atmosphere will my games and stuff be still there?

Vanilla atmosphere doesn't support pirated nsps

 

[zoogie]

I wonder if they've properly pwned TSEC or if it's just dumping the keys.

Will be interesting to see Nintendo's stability response to this either way.

 

[leon315]

Nice, I'm sure a lot of people were waiting for this.

A lot of people, plus TX ready to ''borrow'' the codes

type F to pay respect.

joke aside, it's nice that new CFWW won't create crash report, that means more stealth!

 

[smf]

Vanilla atmosphere doesn't support pirated nsps

These patches may or may not work with 6.2 https://gbatemp.net/threads/i-heard-that-you-guys-need-some-sweet-patches-for-atmosphere.521164/

I wonder if they've properly pwned TSEC or if it's just dumping the keys.

It looks like the exploit that mathileu described.

https://github.com/Atmosphere-NX/Atmosphere/commit/ed3770691519f025b5e7ebe353afa0fd3b224fd6

I'm not convinced it's possible to actually hack TSEC any other way, so it will be interesting how Nintendo will block it and whether 6.2 is going to turn out to be the highest we will ever be able to run.

 

[Justinde75]

Vanilla atmosphere doesn't support pirated nsps

Damn was hoping to try out smash
oh well guess i'll just wait

 

[Loko4]

Gods, gods everywhere

 

[alefabio2014]

is there a way to remove some update folder to never update the switch, just as there was a way on Wii U?

 

[Foundforgood89]

Error. I have placed all files in root SD and booted fusee primary bin payload. Goes through the black atmosphere welcome and set up, then nintendo logo, then switch logo, then this.

Please help

 

[Deleted-471350]

I wonder if they've properly pwned TSEC or if it's just dumping the keys.

Will be interesting to see Nintendo's stability response to this either way.

I can answer this, since I fully understand how this sploit works (and wrote it independently myself).

They did not pwn TSEC at all. What the sploit does is fool TSEC into thinking it's running with sole full control of the system (it thinks the CPUs / DMA are halted). Only then will it continue to generate the keys and decrypt the package1. To fool the TSEC, it needs to read the same constant values from MMIO memory space. This can be done by remapping the address space into DRAM by using SMMU translation. If a single bit from this space is different (like say the BPMP CPU is still running, the IO space would reflect that) then the TSEC would detect it. But by mimicing the same values in DRAM, the TSEC is fooled and continues decrypting package1.

To actually pwn TSEC you need to get code execution in the authenticated mode of the TSEC, which can then be used to reveal TSEC secrets. To date, nobody (and I'm pretty sure not even reswitched or switchbrew) has managed to do this.

 

[sarkwalvein]

Error. I have placed all files in root SD and booted fusee primary bin payload. Goes through the black atmosphere welcome and set up, then nintendo logo, then switch logo, then this.

Please help

That's a very pretty picture, good resolution, the text looks great. Perhaps it's that the error reporting code uses good anti-aliasing, or perhaps it is the camera, no idea.

 

[comput3rus3r]

come on TX, get busy.

 

[ssssss13]

Vanilla atmosphere doesn't support pirated nsps

Isnt every NSP pirated by definition?

 

[The Catboy]

And then the next day, "SXOS rocking the Switch scene 2018!"

 

[comput3rus3r]

And then the next day, "SXOS rocking the Switch scene 2018!"

"and beyond"...

 

[The Catboy]

"and beyond*"...

*So long as we have community projects to steal code from
You need to "*"

 

[comput3rus3r]

Well I hope they release version 3.0 including gui changes along with 6.2 compatibility. Maybe they'll even throw in NSP install to hdd. fingers crossed.

 

[kamesenin888]

I can answer this, since I fully understand how this sploit works (and wrote it independently myself).

They did not pwn TSEC at all. What the sploit does is fool TSEC into thinking it's running with sole full control of the system (it thinks the CPUs / DMA are halted). Only then will it continue to generate the keys and decrypt the package1. To fool the TSEC, it needs to read the same constant values from MMIO memory space. This can be done by remapping the address space into DRAM by using SMMU translation. If a single bit from this space is different (like say the BPMP CPU is still running, the IO space would reflect that) then the TSEC would detect it. But by mimicing the same values in DRAM, the TSEC is fooled and continues decrypting package1.

To actually pwn TSEC you need to get code execution in the authenticated mode of the TSEC, which can then be used to reveal TSEC secrets. To date, nobody (and I'm pretty sure not even reswitched or switchbrew) has managed to do this.

Can nintendo with an update change how this is handled so the TSEC wont give the keys?

 

[Deleted-471350]

Can nintendo with an update change how this is handled so the TSEC wont give the keys?

Yes they can. Mimicing MMIO with exactly the same behavior from a CPU is not trivial. What the TSEC now checks is mostly static data. If they change the TSEC to start to check for dynamic behavior of MMIO memory, well let's say it may not be possible to bypass it. There are also probably more than just one way to detect this hack.

 

[sj33]

Vanilla atmosphere doesn't support pirated nsps

You can just add the sigpatches bundled with Kosmos. I use these with vanilla Atmosphere.

 

[fadx]

Isnt every NSP pirated by definition?

Something being a certain filetype does not make it pirated. Also dumping your own games as NSP would not be piracy.