Toggle sidebar

Can artemis engine exploit be ported to switch 2 ?

  • Thread starter Thread starter ut0pia
  • Start date Start date
  • Views Views 2,457
  • Replies Replies 14
  • Likes Likes 1
ut0pia

ut0pia

Member
Newcomer
Level 3
Joined
Apr 30, 2018
Messages
20
Reaction score
7
Trophies
0
Age
44
XP
258
Country
France
There is an exploit in the Artemis engine (https://github.com/Gezine/ArtemisLuaLoader/) that is being used as an entry point to trigger a kernel exploit (Lapse) on PS4.
I'm not a developer, but I've noticed that some games (like Hamidashi Creative) use this engine and are available on the eShop (including a demo version).
Could this potentially be ported or used on the Switch 2?
 
  • Haha
Reactions: ChibiMofo
This would result in userland access at most, which has already been achieved with another game (that thing David Buchanan/retr0id did). The kernel of the Switch OS has no vulnerabilities, and it is unlikely this will be different on Switch 2.
 
  • Love
Reactions: ChibiMofo
UsernamesAreWeird said:
No, there is no way to export/import savefiles on Switch 2
Click to expand...
Save files can be imported from switch 1 and is already in use in modified save files for cheats in zelda games. Of course, it will not be a full unlock but could lead to something usefull
 
Yes cheated saves or edited saves could already be transferred to non-hacked S1. Its no different than on the S2. But they don't modify the console in anyway way. Hopefully we will find something similar to what the old Tony Hawk games did with its save exploit. Either way we are at the mercy of a new exploiter or hack group to take on the S2 since SciresM doesn't want to.
 
  • Like
Reactions: Dat0_ and Marc_LFD
I haven't looked into it, but plausibly yes.

But userland entrypoints are just that, entrypoints. You need the rest of the exploit chain for it to be any use from an end-user pov.

From a research perspective it's best to keep such things private until there's something practical to do with it - since Nintendo can remove things from the eshop or block save transfers at any time.
 
Last edited by retr0id,
  • Like
Reactions: PureFallen, ChibiMofo, jrgf1994 and 1 other person
retr0id said:
I haven't looked into it, but plausibly yes.

But userland entrypoints are just that, entrypoints. You need the rest of the exploit chain for it to be any use from an end-user pov.

From a research perspective it's best to keep such things private until there's something practical to do with it - since Nintendo can remove things from the eshop or block save transfers at any time.
Click to expand...
and what u achieve with userland on switch2^?
 
Come to think about it - HorizonOS and its underlying kernel is secure. In the entire lifespan of the Switch, only one exploit in it was found (iirc it was in version 4.1.0).

The main entrypoint we got on the Switch 1 was a hardware bug with a nVIDIA Tegra chip, which allowed arbitrary code execution in its RCM with a stack smash exploit.

The modchips are all based on this hardware bug, and they essentially replicate it.

Due to how secure HorizonOS is, unpatched Switch 1 users still have no way to coldboot payloads. Their only options are modchip installation and having to smash the stack and inject payloads again on every boot of the console.

Do you REALLY think that we'll get a fully usable software exploit for the Switch 2, running on the same secure HorizonOS with so many patches applied to potential entrypoints under the guise of "stability" so early in its lifespan?
 
Ondrashek06 said:
Come to think about it - HorizonOS and its underlying kernel is secure. In the entire lifespan of the Switch, only one exploit in it was found (iirc it was in version 4.1.0).

The main entrypoint we got on the Switch 1 was a hardware bug with a nVIDIA Tegra chip, which allowed arbitrary code execution in its RCM with a stack smash exploit.

The modchips are all based on this hardware bug, and they essentially replicate it.

Due to how secure HorizonOS is, unpatched Switch 1 users still have no way to coldboot payloads. Their only options are modchip installation and having to smash the stack and inject payloads again on every boot of the console.

Do you REALLY think that we'll get a fully usable software exploit for the Switch 2, running on the same secure HorizonOS with so many patches applied to potential entrypoints under the guise of "stability" so early in its lifespan?
Click to expand...
To be fair, with the switch 1 being pretty much destroyed from day 1 - there was little to gain from further exploring potential options.

But - the interest and allure in console hacking is also significantly reduced since the glory times of the early 2000/2010's, consoles have gotten more secure, companies care more amount protecting the hardware and there are more open hardware alternatives available nowadays.

Really what (hardware wise) does the switch 2 have that more open alternatives don't have? Consoles are now about exclusives, not the hardware anymore.

Most security researchers are against piracy, and Nintendo appears to have the biggest pro-piracy community I have seen. Almost every post here, and on reddit that I have seen with people asking about hacking the switch have been about piracy, migswitch and crap. I haven't seen a single post talking about the excitement of doing anything else on a hacked switch 2.

If I was researching the switch, honestly I'd consider it a lost cause for that alone.

Then combine with people like the above, who ask stupid questions like 'hurr durr have you escaped userland in 2 days hurydurydur'

Though if that post was sarcasm, sorry lol.
 
Last edited by twatsandwich,
twatsandwich said:
To be fair, with the switch 1 being pretty much destroyed from day 1 - there was little to gain from further exploring potential options.
Click to expand...
This is a lovely argument that gets repeated whenever someone doesn't like the fact that HOS has been thouroly examined and This was only true for the initial run. After the RCM flaw was patched there were millions of units that would have benefitted from a software hack. Most people didn't want to install a mod chip and people to this day still ask for software exploits applicable for the Switch 1.
 
l7777 said:
This is a lovely argument that gets repeated whenever someone doesn't like the fact that HOS has been thouroly examined and This was only true for the initial run. After the RCM flaw was patched there were millions of units that would have benefitted from a software hack. Most people didn't want to install a mod chip and people to this day still ask for software exploits applicable for the Switch 1.
Click to expand...
It's never about what leechers want though. It's about what interests the people researching the hardware. There's a lot more allure in researching hardware that is secure from the beginning.

Either way - I think you read too much into that first sentence of mine. Consoles nowadays are pretty damn secure, it'll take years of security research before we get anything usable for the general user. I don't disagree there. I was more commenting that the value of, interest and reasons for hacking consoles has significantly reduced over the past 10 years as well. So those, combined with how much of this community is pro piracy devices - I really don't see things going well here. Feels like a pretty big demotivator tbh.

The switch 2 just doesn't seem like that interesting of a device to investigate. Nintendo hasn't done anything innovative or revolutionary with it.
 
Last edited by twatsandwich,
Ondrashek06 said:
Come to think about it - HorizonOS and its underlying kernel is secure. In the entire lifespan of the Switch, only one exploit in it was found (iirc it was in version 4.1.0).

The main entrypoint we got on the Switch 1 was a hardware bug with a nVIDIA Tegra chip, which allowed arbitrary code execution in its RCM with a stack smash exploit.

The modchips are all based on this hardware bug, and they essentially replicate it.

Due to how secure HorizonOS is, unpatched Switch 1 users still have no way to coldboot payloads. Their only options are modchip installation and having to smash the stack and inject payloads again on every boot of the console.

Do you REALLY think that we'll get a fully usable software exploit for the Switch 2, running on the same secure HorizonOS with so many patches applied to potential entrypoints under the guise of "stability" so early in its lifespan?
Click to expand...

The beauty of fault injection is that you don't need any software bugs.

The Switch 2's early boot stages are presumably hardened against fault injection, but a) that doesn't make it impossible b) early-boot isn't the only place FI could be useful.

Practical Switch 2 exploits, if they ever exist, will likely be a hybrid of software and hardware exploitation.
 

Site & Scene News

Go to forum More news

Popular threads in this forum

Why was there almost no outrage about game keys?

bought a switch 2 from amazon.de(europe) and its banned,what are my chances nitendo unbans it?(i dint know if its seconds hand or not

STARFOX DIRECT!

Lack of Proper Game Streaming...

Hardware  Mobapad M12 HD

Gaming  Are you enjoying Yoshi and the Mysterious Book?

The Switch interface beats the Wii U's in one aspect

Am I really the only one who would take longer boot/load times...