That’s what I call an install, I understand that it isn’t permanent and won’t survive a reboot but still an install...
Hacking Can SX OS be uninstalled?
- Thread starter Anthony D'Amico
- Start date
- Views 15,238
- Replies 44
I...guess? In that same vein, you uninstall it by turning off the console because we don't have the necessary keys to sign the CFW that TX is using to the console.
By definition it isn't an install because it only exists in ram. Nothing is ever actually put on the eMMC, and without doing so it doesn't count as an install.
No... it's really not. It's a memory patch, volatile, and clears itself on a reboot or power down, basically all the features that make it the opposite of an install. If I copy a photo to a USB stick and plug it into my computer did I just "install" that picture to my computer? No. Same goes for the SX OS. It's just a payload you copy to the microSD. If you want to remove SX OS, either don't run it or delete the payload off the microSD card. The only part that could be considered an "install" would be the AutoRCM, which is more a system tweak then an actual install as no files are involved in setting up AutoRCM. So in the event you enabled AutoRCM, you would need to disable it for a clean system.
It has yet to be confirmed that they use FG tho, for all we know they could be using F0F's or their own exploit really..
I think what he meant was it works like Fusee Gelee. Team TX is using a jig to send the Switch into RCM and using a dongle that is designed to automatically send whatever payload.bin is stored in it once it detects the Switch is in RCM. All of the Switch hacking teams have basically all been using the same exploit.
Doesn't matter if its in ram and volatile, its still an install. A photo doesn't do anything, you can't install a photo. "Installation (or setup) of a computer program (including device drivers and plugins), is the act of making the program ready for execution."
Last edited by kevin corms,
I, too, can selectively quote wikipedia info:
From your own source, this fully ready executable memory patch does not require installation or uninstallation if it can be simply copied and run or deleted for full removal.
it would be portable if it stayed on the dongle and you had to keep it in, right now its installed to ram. A portable application on a usb stick would stop working once you unplug it. Anyway, don't take it form me I'm just a software developer.
https://en.wikipedia.org/wiki/Portable_application
you see, what we are talking about is not standalone and still needs to be installed to the volatile memory. iOs hackers would call this a "tethered jailbreak" since it wont persist past a reboot.
Last edited by kevin corms,
Lol, whatever dude. First, the SX OS is not on the dongle it’s on the SD card. Second, any executable that’s run is in memory so that doesn’t disqualify it. But you’re set on calling this an install despite all the definitions, traditional and modern nomenclature stating otherwise. We’ll just need to leave it up to the readers to decide.
What is the dongle even for then my good sir? Does it not install a payload to the volatile memory? Even the makers of sx os call it an install, but I guess they are wrong too. Typically folks don't install to volatile memory for obvious reasons, but in this case its all we can do.
Last edited by kevin corms,
Actually, the SX Pro has the SX OS stored on the dongle, in contrary to the separate SX OS purchase which does indeed go on the SD.
The dongle runs an embedded USB stack that sends a malformed USB request to trigger an overflow flaw in the RCM mode allowing them to run some code that tells the Switch to then execute whatever payload file is on the microSD card, in this case, SX OS. This is standard fuseé geleé operation. As for the "install" that TX refers to, that's the AutoRCM which was discussed earlier, which is more of a change to some stored data but not something that is executable, so that's not really classified as an install either. They use the term install for ease of understanding for people like you who don't seem to know the difference. Now, at this point I'm pretty sure you're just trolling.
It's not, they have two different operations on their licensing page, one for the Dongle and one for the license code. Not sure where you got this info from to by honest.
Last edited by DocKlokMan,
Personal attacks... So what changes after reboot? What is the exploit exactly? Are you saying the whole thing is just a portable emunand? Auto rcm isnt really an install, but it does cause the os to be installed on boot to the volatile memory, or does it just run the os entirely from the sd card?
Last edited by kevin corms,
Putting it in memory is not installing. You don't call the data your game and programs put in memory an install, and neither is this.
I wonder if every game would "install" like that every time you open them if you would like... Open game, game says: go smoke a ciggarette, this will take quite some time... "installing" to ram "temporarily" until you exit game. Then you open the game again and same thing...
And oh wait every game running from the CD\DVD\BD-DVD or whatever installs everytime because they load it in the ram so its installing everytime in the ram LOL.
And oh wait every game running from the CD\DVD\BD-DVD or whatever installs everytime because they load it in the ram so its installing everytime in the ram LOL.
Sorry, looks like I was wrong, you're not a troll. You just really... don't know. I'll be happy to explain it.
RCM is a recovery mode that the Switch has for repair purposes. It enters this mode when the eMMC memory chip is not accessible or if the right button combo is pressed (Vol Up and the RCM Home button, which is actually a pin inside the right JoyCon rail). Once in RCM mode it expects a signed, official series of commands to be sent through the USB port for repair and diagnostic.
Since we don't have the official commands, we poked around and discovered that it does not guard against an out-of-spec, really really big USB request. One so big, that it overrides into an area of memory it shouldn't (called stack smashing). If we send this large command along with some unauthorized code, we find that the Switch will run that code as if it were signed. This is only temporary though and we need to do it each time we restart as the code only exists in volatile memory.
What TX has done is made a compact dongle that sends this overlarge command for us. The code they send simply tells the Switch "look at this file on the SD card for further instructions". The file on the SD card is the SX OS file, roughly 16MB large, it does a few things. It can either simply chain load the official OS (Horizon) and boot the Switch normally, it can place some threads into memory, then launch the official OS which gives us the SX OS CFW capable of running dumped games and homebrew, or it can enable AutoRCM.
Since people don't want to remove their eMMC chip or hold the Vol Up and RCM Home button (pin 10) every time, what AutoRCM does is corrupt a signature in your eMMC by changing a few bytes. When the Switch goes to boot this check will fail and it'll startup in RCM mode without needing to hold anything or disconnect anything. Once it's in RCM mode you can use the dongle to smash the stack and run the SX OS payload, which can then patch some memory addresses and chain load the official OS so you can have your fun.
It also has the option to reverse AutoRCM which simply puts the bytes it changed back to normal.
That about covers it, were there any remaining questions?
Last edited by DocKlokMan,
That doesn’t make sense, you remove the disc and the game stops working.
--------------------- MERGED ---------------------------
Alright that makes sense.
So...
I download an Ubuntu live CD. I boot it up, but I want to use SuperMagicApp3.11. However SMA3.11 isn't included in the live distibution, I have o use the software centre to download and ...install it, no? It's only temporarily installed because as soon as I reboot the live distro it will be gone again; but it absolutely has been installed; otherwise I wouldn't be able to run it.
-
K3Nv2
-
BakerMan
I rather enjoy a life of taking it easy. I haven't reached that life yet though. -
BigOnYa
-
Psionic Roshambo
-
-
-
-
-
-
-
-
-
@
Psionic Roshambo:
So two cannibals where eating a clown and one says to the other. Hey does this taste funny to you?+2
-
-
@
Psionic Roshambo:
Did you hear about the police car that someone stole the wheels off of? The police are working tirelessly to find the thieves.+2
-
@
K3Nv2:
A firefighter got arrested for assault his main claim was what I was told he was on fire+2
-
-
@
Psionic Roshambo:
What do you tell a woman with two black eyes? Nothing you already told her twice!
-
-
-
-
-
-
@
BigOnYa:
What's the difference between an airplane, and Ken's mom? Not everyone has been in an airplane.
-
-
-
-
-
