Hacking Atmosphere-NX - Custom Firmware in development by SciresM

[deinonychus71]

Unless you send the Ninja team to Nintendo HQ, I don't see how you will get it.
As you know, the Switch doesn't hold it, it doesn't know it, it is never used, not when you read a game, not when you go into eShop... never.
For verifying a signature you only need the public key, that is on the Switch, there is no reason for Nintendo to ever give anyone the private key, it doesn't get outside its HQ.

Hence why the ps3 fail and private key findings was so epic
EDIT: Too slow to post

 

[P4RI4H]

Even if you used every computer on the planet, it would take a few million years to factor that key. Only way around it is if they made a mistake in either key generation or signature verification (like with B9S)



As far as I know, the PS3 key was able to be calculated because Sony made a mistake and didn't randomize properly.

You sir are technically correct. "The best kind of correct." But again, "yet." Where computing stands right now we couldn't hash them. Doesn't mean things won't change where we don't need to or some other unforeseeable factor.

Edit: Not for nothing, there exists nothing on a computer that it 100% "True" randomization. That's why PGP adds human input for added entropy.

 

[sabykos]

As far as i know, once the CFW is finished there will be no need to do tethered, i mean, the security of the switch is totally compromised whit this, soo i dont see anything that can stop the cfw from signing itself, installing itself in the nand and after that booting itself, that said, im not an expert, soo i can be wrong.

You're wrong.

 

[Red1Reaper]

Unless you send the Ninja team to Nintendo HQ, I don't see how you will get it.
As you know, the Switch doesn't hold it, it doesn't know it, it is never used, not when you read a game, not when you go into eShop... never.
For verifying a signature you only need the public key, that is on the Switch, there is no reason for Nintendo to ever give anyone the private key, it doesn't get outside its HQ.

Instructions unclear, Ninja got stuck in window. by the way, if the key is asymetric... well, i think my unused pi 3 has adquired a new job.

 

[dark_lord_dodongobongo]

Pardon my ignorance, but can someone explain exactly what Atmosphere is? Does it run on top of the official OS? Or is it one guy re-implementing the entire Switch OS stack in half a year? If the latter, how is that even possible?

 

[TotalInsanity4]

Pardon my ignorance, but can someone explain exactly what Atmosphere is? Does it run on top of the official OS? Or is it one guy re-implementing the entire Switch OS stack in half a year? If the latter, how is that even possible?

It's a mix of the former and latter, and it comes with a lot of research and trial and error

 

[Draxzelex]

Pardon my ignorance, but can someone explain exactly what Atmosphere is? Does it run on top of the official OS? Or is it one guy re-implementing the entire Switch OS stack in half a year? If the latter, how is that even possible?

Because he's a god living in a human body.

 

[Rune]

It's a mix of the former and latter, and it comes with a lot of research and trial and error

It's probably like say Luma on 3DS. It probably looks exactly the same on the surface, but will come with additional apps or features like a cia installer, file browser, etc, that can then open it up to potentially more features down the line.

 

[NeoSlyde]

We will have a permanent exploit
When usb drivers will be finished
Because now all we can do is read and we can’t write

 

[WaterBotttle]

You're wrong.

Mind explaining why ?
Is it due to the fact that the eMMC is using asymmetric encryption?

 

[igivenup]

As far as i know, once the CFW is finished there will be no need to do tethered, i mean, the security of the switch is totally compromised whit this, soo i dont see anything that can stop the cfw from signing itself, installing itself in the nand and after that booting itself, that said, im not an expert, soo i can be wrong.

EDIT: Yeah i think i was wrong

The reason 4.1 and below are still useful is because of the possibility to launch Fusee Gelee/CFW without it being tethered. You can find the source on Kate Tempkins FAQ. This is why I still haven't updated my switch either past 4.1.

 

[SciresM]

Pardon my ignorance, but can someone explain exactly what Atmosphere is? Does it run on top of the official OS? Or is it one guy re-implementing the entire Switch OS stack in half a year? If the latter, how is that even possible?

Atmosphère is a customized firmware for the Switch. It'll consist of a fully custom bootloader/boot stack, a custom trustzone firmware, a custom hypervisor + kernel patches, and customized versions of the OS's system modules. The vision is "Luma but for the Switch and making the right design decisions from the get-go", basically.

The re-implementation stuff is to facilitate easy extension of system functionality -- example: ROM hacks might want to replace title code content. Normally this might be complicated (replacing installed title file, signature checks...) -- why do that when you can make the loader just check for executables on the SD and load them instead of the normal content? Reimplementations are better than patching for extensibility and support for multiple versions -- and they also serve as a good reference for those who want to understand the system, so that's win/win/win.

 

[smf]

Mind explaining why ?
Is it due to the fact that the eMMC is using asymmetric encryption?

No, it's because the switch will normally only run signed software. Various exploits allow you to run unsigned software, but if you cold boot then that ability is lost and the switch reverts to rejecting unsigned software. I believe there are unreleased exploits which auto launch on coldboot, if/when they are released is anyones guess.

 

[leerpsp]

even if we do not have the private key I think its possible to have something installed along side the bootloader that takes over on boot and boot what ever we would like off the sd card and be gold. If we can do that tethered there has to be a way doing it untethered with out the private key's. Remember guys this is hacking we are talking about so almost anything is possible.

 

[brollikk]

ah, just to clarify I wasn't getting upset over the tethered thing - Just wanted to learn about the state of the exploit. Tethered is fine for me - i'm willing to ride the whole experience start to end with the switch. I've been pretty blessed - acquiring all my other consoles/portables for so cheap - and hacking them all to a permanent state so far. I'm confident it will happen with the switch - seems like there's something about nintendo systems that really get the hacking groups to puthrough

 

[EmanueleBGN]

To not open a new thread, I post this here: https://twitter.com/naehrwert/status/990042617307021312

 

[leerpsp]

To not open a new thread, I post this here: https://twitter.com/naehrwert/status/990042617307021312

Full bootloader!!!!! Think this will make a hell of a lot of people happy

 

[Quantumcat]

To not open a new thread, I post this here: https://twitter.com/naehrwert/status/990042617307021312

What is it?

 

[leerpsp]

What is it?

read the comments on twitter

 

[Quantumcat]

read the comments on twitter

The comments are mainly asking what it is, or saying something but with a question mark. Is it for backing up your NAND?