Webkit exploit do work on the Nintendo Switch (the one PegaSwitch used is a good example of it), but there are two main reason why they are not (yet) the entry point of choice:
- We already have a RCM exploit (or rather two of them, but they are based upon the same vulnerability) which allow code execution at the lowest level possible
- Due to pretty good security measures that Horizon takes (including ASLR which is a pain in the butt) escalating from user-space using a WebKit exploit is no easy feat (it still can be done)
We will probably see new and creative entry-points (probably based on WebKit) as soon as a new hardware revision (see Mariko) fixes the RCM exploit.
Sources and good reads:
https://github.com/reswitched/pegaswitch (Exploitation suite for Switches <= 3.0.0)
https://nvd.nist.gov/vuln/detail/CVE-2016-4657 Exploit on which PegaSwitch is based upon
https://www.ktemkin.com/faq-fusee-gelee/ (Fusee-Gelee, RCM exploit for any first-gen Switch)
https://github.com/fail0verflow/shofel2 (Shofel2, RCM exploit for any first-gen Switch)
http://switchbrew.org/index.php?title=Main_Page (Switchbrew, a great community driven Wiki for Switch hacking)
Last edited by Deleted member 191657,
u can access the web browser with rocket league when u click on the articles on the right of the main menu..worked on 4.1.0 I figured someone would use that at some point but it's never A thought it seems.
I think the people who know the exploits are keeping it for a later hardware revision where RCM is patched. Its better save the exploits for later use than getting patched now and search for more later.
- Joined
- Jun 6, 2018
- Messages
- 127
- Trophies
- 0
- Age
- 35
- Location
- Under Your bed stealing your data
- XP
- 360
- Country
There a reason why 0 day exploits are so well kept from the public for private use only. The WebKit will be patched completely in the new Mariko hardware with a version update pre installed. The problem right now is the scene burned out a lot of exploits to fast exposing to Nintendo what little holes there OS had it pretty easy to see how moving forward exploits will become a lot harder to find and escalate. This is my speculation from what documentation was released along with the rcm exploit.
