Hacking Question Current status of Switch homebrew/CFW?

a9lh-1user · Aug 5, 2018

There has to be one:

"Recently, it has come to our attention there's a new revision of the Nintendo Switch in the wild which is incompatible with our SX Pro product. This isn't simply an incompatibility with SX Pro but rather appeared to be a fix of the infamous "USB RCM" exploit.

Naturally, we had to locate one of these new Switch units to get to the bottom of this. Our new Switch unit arrived to us at firmware version 5.1.0 and what we found out is the following (sorry, time to get a bit technical):

One of the IPATCH entries in the fuse set (entry #3) has been replaced with a new patch. The old patch patches the bootrom location 0x10fb3c with the value "00 20" (mov r0, #0 in thumb), and the new patch patches the bootrom location 0x10769a with the value "00 21" (mov r1, #0 in thumb). This new patch effectively zeroes out the upper-byte of the wLength field in the USB RCM endpoint 0 handling code.

Those who are paying attention probably wonder how we know the exact details of this IPATCH entry change, since we can't read out the fuses without our precious USB RCM exploit, right? It is a classic chicken and egg problem.

The answer is obvious: There is more than one coldboot bootrom exploit, and it is not just the warmboot one.

So don't fear: we will deliver a solution for these new "unhackable" switches in due time!

Thank you for attention."

Source: https://team-xecuter.com/team-xecuter-versus-the-unhackable-switch/

But they wont share it ..... me think

magico29 · Aug 5, 2018

Th3C0d3br34k3r said:
It's truly sad that there isn't any software vulnerability on 5.x.

as we know long time ago 3.0.0 is the maximun,some people said 4.1.0. lower is better be patient.

magico29 · Aug 5, 2018

Th3C0d3br34k3r said:
It's truly sad that there isn't any software vulnerability on 5.x.

as we know long time ago 3.0.0 is the maximun,some people said 4.1.0. lower is better be patient.

Th3C0d3br34k3r · Aug 5, 2018

magico29 said:
as we know long time ago 3.0.0 is the maximun,some people said 4.1.0. lower is better be patient.

I have nothing to wait, I've already (Rather, my sister) updated to 5.1, and it's somewhat awkward putting the jig and connecting. It's just a little bit dissapointing.

MushGuy · Aug 5, 2018

magico29 said:
as we know long time ago 3.0.0 is the maximun,some people said 4.1.0. lower is better be patient.

Currently I'm still waiting on 3.0.0, too. One for a coldboot method, second to see if there will be some kind of stealth mode to avoid bans, and third to see how it will turn out with the upcoming paid online service.

magico29 · Aug 5, 2018

Th3C0d3br34k3r said:
I have nothing to wait, I've already (Rather, my sister) updated to 5.1, and it's somewhat awkward putting the jig and connecting. It's just a little bit dissapointing.

thats not nice,why ur sis did that to you.

Th3C0d3br34k3r · Aug 5, 2018

magico29 said:
thats not nice,why ur sis did that to you.

It doesn't matter. She just wanted to play MK8 Deluxe online. I was on 4.0.1.

mariogamer · Aug 5, 2018

a9lh-1user said:
There has to be one:

"Recently, it has come to our attention there's a new revision of the Nintendo Switch in the wild which is incompatible with our SX Pro product. This isn't simply an incompatibility with SX Pro but rather appeared to be a fix of the infamous "USB RCM" exploit.

Naturally, we had to locate one of these new Switch units to get to the bottom of this. Our new Switch unit arrived to us at firmware version 5.1.0 and what we found out is the following (sorry, time to get a bit technical):

One of the IPATCH entries in the fuse set (entry #3) has been replaced with a new patch. The old patch patches the bootrom location 0x10fb3c with the value "00 20" (mov r0, #0 in thumb), and the new patch patches the bootrom location 0x10769a with the value "00 21" (mov r1, #0 in thumb). This new patch effectively zeroes out the upper-byte of the wLength field in the USB RCM endpoint 0 handling code.

Those who are paying attention probably wonder how we know the exact details of this IPATCH entry change, since we can't read out the fuses without our precious USB RCM exploit, right? It is a classic chicken and egg problem.

The answer is obvious: There is more than one coldboot bootrom exploit, and it is not just the warmboot one.

So don't fear: we will deliver a solution for these new "unhackable" switches in due time!
Thank you for attention."

Source: https://team-xecuter.com/team-xecuter-versus-the-unhackable-switch/

But they wont share it ..... me think

Just to say that SciresM/hexkyz denied that you need a trustzone warmboot/coldboot exploit to access the fuse (you can access them on userspace by taking over certain parts of the systems). So the message of this is not true and they might not necessary have it.

sblast3 · Aug 5, 2018

It would be nice if there was a script that periodically scans the /v/ catalog for a new /hbg/ thread and inserts the OP into an RSS feed.

tinysolderingguy · Aug 5, 2018

Pluupy said:
For future reference, the /hbg/ thread on 4chan keeps a little update log in each OP. Good for recent events and advancements. People there aren't very nice so I would recommend limiting interaction with /hbg/ to just lurking.

SX OS patch 1.4. Can find information here.
https://team-xecuter.com/sx-os-v1-4-announcement

Team TX says they found new exploit for the new patched Switch models released in July. Can find information here.
https://team-xecuter.com/team-xecuter-versus-the-unhackable-switch

Switch March SDK was released. Nothing of value for non-developers. Not ok to distribute on GBATemp.

Atmosphere 0.7, first release, coming out at the end of this month. Can find information here.
https://github.com/Atmosphere-NX/Atmosphere/wiki/release-plans

ReiNX CFW is now legal to distribute. Auto patching. Prevents gamecard reader from updating too. Can find here.
https://gbatemp.net/threads/official-reinx-thread.512203/

Tinfoil can install game, game updates, and game DLC via .NSP files. Can find here.
https://buildserv.stayathomeserver.club/tinfoil/

With the .XCI to .NSP converter, there isn't really a need for SX OS anymore unless you really just need to have .XCIs. Reminiscent of 3DS and the .3DS and .CIA conflict. Can find here.
https://gbatemp.net/threads/4nxci-open-source-xci-to-nsp-converter.513758/

RajNX CFW is a thing. Not sure why you would want to use this instead of Atmosphere or ReiNX. Can find here.
https://gbatemp.net/threads/rajnx-c...free-starter-pack-for-nintendo-switch.513785/

ChuoDujourNX allows for automated updating without burning Switch fuses. Still forces AutoRCM to prevent fuse burning. Can find here.
https://gbatemp.net/threads/choiduj...ller-homebrew-for-the-nintendo-switch.513416/

wym? /hbg/ is VERY nice. 100% would love to talk with them again. had a nice discussion with them

M7L7NK7 · Aug 5, 2018

mariogamer said:
Just to say that SciresM/hexkyz denied that you need a trustzone warmboot/coldboot exploit to access the fuse (you can access them on userspace by taking over certain parts of the systems). So the message of this is not true and they might not necessary have it.

Why would they lie though? They've managed to do things that no one else can do still so I wouldn't doubt them

mariogamer · Aug 5, 2018

Milenko said:
Why would they lie though? They've managed to do things that no one else can do still so I wouldn't doubt them

The message that you need the rcm exploit for that is still not true.

They got no reasons of lying.
Things they have done by themself on switch? Xci backup loading.

Hacking Question Current status of Switch homebrew/CFW?

a9lh-1user

Guest

Well-Known Member

Well-Known Member

Member

Well-Known Member

Well-Known Member

Member

Well-Known Member

Well-Known Member

Banned!

Well-Known Member

Well-Known Member

Similar threads

Popular threads in this forum