Hacking Deja vu exploit given to Nintendo

Status
Not open for further replies.
P

pworld

Well-Known Member
OP
Member
Level 5
Joined
Jul 15, 2018
Messages
114
Trophies
0
Age
35
XP
734
Country
Austria
Unfortunately, the deja vu exploit an important bug of the deja vu exploit chain (from what I have read in https://daeken.svbtle.com/nintendo-switch-nvservices-info-leak it is "not the most critical bug") has been given to Nintendo as part of a bug bounty program


Hexkyz thinks there will probably have no bugs usable for hacking the switch when Mariko arrives.

EDIT for clarity:
Daeken knew the exploit was found by others, and he found it later, but independently. He still decided to report this exploit to Nintendo.


EDIT II: Could a mod please edit the title to replace "Deja vu exploit" with "Part of Deja vu exploit chain"? (On a side note: Would it be allowed to use the report function for that? It doesn't seem that way)
 
Last edited by pworld,
P

pworld

Well-Known Member
OP
Member
Level 5
Joined
Jul 15, 2018
Messages
114
Trophies
0
Age
35
XP
734
Country
Austria
Well, I haven't seen it here. If it was already posted, I should be deleted obviously.
 
iriez

iriez

Well-Known Member
Member
Level 9
Joined
Oct 27, 2016
Messages
549
Trophies
0
Age
49
Website
www.xbins.org
XP
1,867
Country
United States
Damn, that blows.

Greed fucks us again. Daeken apparently cares more about money than the switch community...which isn't that hard to understand when you see all the immature toxicity.
 
P

pworld

Well-Known Member
OP
Member
Level 5
Joined
Jul 15, 2018
Messages
114
Trophies
0
Age
35
XP
734
Country
Austria
Mariko is the new hardware revision, probably at least with a better screen, maybe also with a better SoC (at least it has a different number), combing out late in the next year (probably).
It will completely fix the hardware bug (I mean, it is also fixed now, but the bootrom is old, so maybe the ipatch doesn't fix everything), so we would have to rely on software bugs. However, the main software bug which could have been used to hack the switch was reported to Nintendo and thus fixed, now we can just hope.
 
P

pworld

Well-Known Member
OP
Member
Level 5
Joined
Jul 15, 2018
Messages
114
Trophies
0
Age
35
XP
734
Country
Austria
Tinnetju said:
Mariko are the new 'patched' switch consoles. The exploit we have now (the thing with the RCM jig) will probably be patched on those.
Click to expand...
Not probably, but certainly. Nintendo already mitigated the exploit by an ipatch. They would have to be beyond stupid to not test whether this exploit is still possible on the new hardware revision.
 
  • Like
Reactions: cearp
Ashura66

Ashura66

Well-Known Member
Member
Level 9
Joined
Feb 1, 2016
Messages
1,766
Trophies
0
Age
37
Location
Under my bed
XP
1,682
Country
Portugal
Tinnetju said:
Mariko are the new 'patched' switch consoles. The exploit we have now (the thing with the RCM jig) will probably be patched on those.
Click to expand...

The Mariko units are more than just a simple patch friend, it's a complete hardware revision with a brand new motherboard that doesn't have the same vulnerability that lets you enter RCM
 
sj33

sj33

Well-Known Member
Member
Level 15
Joined
Oct 22, 2013
Messages
4,072
Trophies
2
XP
4,726
Country
Japan
You should probably post the follow-up tweets for balance.

Untitled.jpg


 
  • Like
Reactions: radrom
P

pworld

Well-Known Member
OP
Member
Level 5
Joined
Jul 15, 2018
Messages
114
Trophies
0
Age
35
XP
734
Country
Austria
Ah, yeah, sorry, when I re-read my OP, it isn't clear that the exploit was independently found and not "stolen".
Daeken know the exploit was found by others, and he found it later, but independently. He still decided to report this exploit to Nintendo.

It is certainly not clearly immoral, but also not right IMHO, especially as he was part of the hacking scene and thus could use their knowledge, even if not this specific exploit. Of course everybody has to make money somehow.
 
Der_Blockbuster

Der_Blockbuster

Well-Known Member
Member
Level 12
Joined
Mar 2, 2016
Messages
878
Trophies
0
Age
24
XP
2,886
Country
Germany
Sad day as we finally have confirmation that one of the most useful bugs in the déjà-vu exploit chain was reported for a bounty by @daeken.

This certainly doesn't mean that the deja vu exploit has been given to Nintendo.
Correct me if I'm wrong...
 
Localhorst86

Localhorst86

Robert'); DROP TABLE members;--
Member
Level 15
Joined
Jul 17, 2014
Messages
2,736
Trophies
1
Location
Nintendo works for my dad
XP
5,342
Country
Germany
Der_Blockbuster said:
Sad day as we finally have confirmation that one of the most useful bugs in the déjà-vu exploit chain was reported for a bounty by @daeken.

This certainly doesn't mean that the deja vu exploit has been given to Nintendo.
Correct me if I'm wrong...
Click to expand...
some people don't understand the difference between an individual bug and an exploit chain.
 
P

pworld

Well-Known Member
OP
Member
Level 5
Joined
Jul 15, 2018
Messages
114
Trophies
0
Age
35
XP
734
Country
Austria
The exploit chain consists of multiple bugs. And I guess what is meant is the most important bug. The chain breaks one single link breaks, so it is broken. I am unsure how to interpret one of his other tweets though, maybe he has some bug to replace this important bug, as he said he could rewrite the chain, but anyway, there is not so much hope.

EDIT: maybe it was not the most important bug, aka the "deja vu" exploit itself
 
Last edited by pworld,
Kukielka

Kukielka

Well-Known Member
Member
Level 4
Joined
Jul 11, 2018
Messages
154
Trophies
0
Age
29
XP
387
Country
Germany
And all the 12 year olds in their moms basement are like "BUT MUH SWITCH".
Fucking hilarious! :D
 
eyeliner

eyeliner

Has an itch needing to be scratched.
Member
Level 16
Joined
Feb 17, 2006
Messages
2,890
Trophies
2
Age
44
XP
5,533
Country
Portugal
Like Nintendo wouldn't know about every exploit currently known. Heck, if they even remotely follow the hacking community, it wouldn't take much time to get there.

Either way, whoever has the console now will not loose anything. This will affect the future console iterations. Not at all problematic. Happens frequently.
 
J

josephdin

Well-Known Member
Member
Level 4
Joined
Jun 20, 2018
Messages
109
Trophies
0
Age
31
XP
382
Country
United States
my tweet to him: How does it feel to be an E-Snitch all for a quick buck? @daeken lul he's like the worst kind of hacker too xD #CultureVulture i may have went too far but i'm just angry right now, i'm really against hackers stabbing other hackers in the back, those guys worked endlessly to find an exploit only for others to be petty and cash grab on their success. Pisses me off
 
8BitWonder

8BitWonder

Small Homebrew Dev
Member
Level 15
Joined
Jan 23, 2016
Messages
2,489
Trophies
1
Location
47 4F 54 20 45 45 4D
XP
5,347
Country
United States
iriez said:
Damn, that blows.

Greed fucks us again. Daeken apparently cares more about money than the switch community...which isn't that hard to understand when you see all the immature toxicity.
Click to expand...
It was confirmed that Daeken discovered the vuln independently. They did nothing wrong by submitting it.

Plus community praise doesn't pay bills. :P
 
Last edited by 8BitWonder,
  • Like
Reactions: iktwo
Status
Not open for further replies.

Site & Scene News

Go to forum More news

Popular threads in this forum

Homebrew Tutorial  Building Pagascape from source to running Self Hosted mode on Windows and MSYS

mig switch not working/updating??

Hacking Homebrew Tutorial  Portable PegaScape (Win32)

Hacking Misc  Getting the MIG Switch to load an XCI dump without its original Initial Data

Fusee.bin with the new Pre-release of Atmoshere 1.7.0

DBI language error

Emulation Homebrew Tutorial  Building SM64 for Nintendo Switch from sm64ex-alo Repository

Homebrew Tutorial  Setup a DevKitPro environment on Windows.

General chit-chat
Help Users
    K3Nv2 @ K3Nv2: Watching the fallout series it is pretty decent