Hacking Could it be possible to downgrade the switch somewhen

[Noctosphere]

I know this is a total noob question that has already been answered : No, you can't downgrade the switch because of efuses
Well I just need to know, will it be possible somewhen to hack the switch deep enough to be able to skip the verification of efuses when booting up the console?
please dont call me noob, i know i am

 

[Ryab]

I know this is a total noob question that has already been answered : No, you can't downgrade the switch because of efuses
Well I just need to know, will it be possible somewhen to hack the switch deep enough to be able to skip the verification of efuses when booting up the console?
please dont call me noob, i know i am

not for a long while

 

[Noctosphere]

not for a long while

so you tell me it will be possible?
not for a long while but it will happens, right?

 

[Sonic Angel Knight]

This talk about efuses, pardon my noob terminology understanding but this isn't a real bomb related situation right? I already don't like my battery exploding on me.

 

[SirNapkin1334]

What are efuses? And how do they work? What do they do?

 

[nero99]

Read this article http://wololo.net/2017/08/24/nintendo-switch-prevents-downgrading/

 

[SirNapkin1334]

Wait, but what if you made earlier (or modded the current) NAND backup to have less fuses? A NAND backup would have eFuse data, so if you restored on one an old FW, you can reset the fuses and the FW, right?

 

[DarkFlare69]

Once efuses are "blown" they can't be repaired by any means. It's not a physical fuse, but an electrical one (hence the "e"). The switch will check them upon boot. With each new update something is done with the efuses to make sure you're on the firmware you should be on. I don't know all the technical details, but this is the main idea of it and why the switch cant be downgraded.

 

[Noctosphere]

Once efuses are "blown" they can't be repaired by any means. It's not a physical fuse, but an electrical one (hence the "e"). The switch will check them upon boot. With each new update something is done with the efuses to make sure you're on the firmware you should be on. I don't know all the technical details, but this is the main idea of it and why the switch cant be downgraded.

you... havent read the OP, obviously

 

[DarkFlare69]

you... havent read the OP, obviously

I have read it, obviously, why would I post here if I didn't? I said this to explain the purpose of efuses to the people who replied and didn't know what they did.

 

[Noctosphere]

I have read it, obviously, why would I post here if I didn't? I said this to explain the purpose of efuses to the people who replied and didn't know what they did.

oh i see, i though you were talking to me
next time, quote the one you are talking to avoid that please

 

[ChaosRipple]

When and if we are able to hack the switch to bypass efuse verification, it would probably be unnecessary to downgrade since it will very likely require a kernel exploit to do so.

 

[Noctosphere]

When and if we are able to hack the switch to bypass efuse verification, it would probably be unnecessary to downgrade since it will very likely require a kernel exploit to do so.

well... taking it that way... sure maybe...

 

[DarkFlare69]

oh i see, i though you were talking to me
next time, quote the one you are talking to avoid that please

Ok

I can't really answer your question because I'm not a software or electrical engineer. All I know (may not be right, but i think it is) is that the number of efuses blown has to be softcoded into each update so it knows how many are supposed to be blown. If we were to be able to restore our old NAND or downgrade in any way, we might be able to edit the value inside of the dump that represents the number that are supposed to be blown in that dump and then restore it.

For example, if on update 3.0.0, 5 efuses are blown, and our console is on on update 4.0.0, which may check if 7 efuses are blown, we could modify our 3.0.0 nand dump to check for 7 blown fuses instead of 5.

This is just my theory, it may be correct and it may not be.

 

[SirNapkin1334]

Ok

I can't really answer your question because I'm not a software or electrical engineer. All I know (may not be right, but i think it is) is that the number of efuses blown has to be softcoded into each update so it knows how many are supposed to be blown. If we were to be able to restore our old NAND or downgrade in any way, we might be able to edit the value inside of the dump that represents the number that are supposed to be blown in that dump and then restore it.

For example, if on update 3.0.0, 5 efuses are blown, and our console is on on update 4.0.0, which may check if 7 efuses are blown, we could modify our 3.0.0 nand dump to check for 7 blown fuses instead of 5.

This is just my theory, it may be correct and it may not be.

I bet the eFuse = version encoding is in Bootrom. Nintendo would be smarter than to make the encoding writable.

 

[DarkFlare69]

I bet the eFuse = version encoding is in Bootrom. Nintendo would be smarter than to make the encoding writable.

That's true. So we'd need access to the bootrom to be able to trick it

 

[Noctosphere]

so... from what I understand, it will be possible somewhen, but, by the time we will get it, it wont be needed anymore

 

[SirNapkin1334]

That's true. So we'd need access to the bootrom to be able to trick it

That'd be useless. The name says it all–bootrom–it's READ-ONLY. So, we couldn't change it. Also, I could only think the eFuses are physical, since the only way would be to make them Read-Only, but then the console couldn't set them...

 

[DarkFlare69]

That'd be useless. The name says it all–bootrom–it's READ-ONLY. So, we couldn't change it. Also, I could only think the eFuses are physical, since the only way would be to make them Read-Only, but then the console couldn't set them...

Sighax for the 3ds is a bootrom exploit.

 

[SirNapkin1334]

Sighax for the 3ds is a bootrom exploit.

SIGH...
YOU CAN'T EDIT BOOTROM. PERIOD.
In fact, after Bootrom Lockout, you can't even Read Bootrom.
Sighax takes advantage of problems in the Bootrom code, specifically in the Signature parser, hence the name Sighax.
Read this for information about how Sighax works.