Hacking Do you need to wires or the jig to get in rcm mode in future?
- Thread starter Unity150_magickavoxel
- Start date
- Views 13,888
- Replies 27
- Likes 1
You boot into RCM, and then from there load the exploit (which in turn will load CFW in the future) via a tethered connection to a USB host.
<=3.0.0 can launch into RCM without the jig or any hardmod, but will still require the USB host to send the exploit (ie a computer).
You will need that every time you reboot/shutdown the system to load back into cfw.
<=3.0.0 can launch into RCM without the jig or any hardmod, but will still require the USB host to send the exploit (ie a computer).
You will need that every time you reboot/shutdown the system to load back into cfw.
D
Deleted-355425
Guest
And you will need a USB connection to a PC (or a powered "device" that can run scripts) until something like this happens:
Last edited by notimp,
D
Deleted-355425
Guest
3.0.0 will have a software trigger from OFW to boot into RCM, with later versions to follow.
All FW will be able to wipe out the boot loader to force into RCM on every coldboot, you still need to tether but you can use a modchip for that.
I suspect the boot loader wiping will come as a fusee gelee module, so one time you will need to trigger RCM either from software 3.0.0 or below, or ground the pins and push some buttons.
Not with fusee gelee. I suspect people will hold onto their untethered coldboot exploits for a while though.
It's still tethered, just to a device smaller than a PC.
Last edited by smf,
Here is the basic misunderstanding people are having currently. CFW, cant just simply be "installed over OFW" and ran by the Switch on boot - without exploiting the Switch first, after every reboot/cold boot.
Reason is simple. We dont have the keys to sign the CFW as if it would be "real Nintendo firmware", so the Switch wont allow you to "just install it" over OFW.
And even if you would trick the flasher subroutine into writing a CFW on to the Switches internal nand, it then wouldn't boot - without an exploit, because the keys are incorrect.
So the current idea seems to be to load the CFW onto the sdcard and launch it as emunand after you did an exploit "on boot". This means minimal permanent manipulation on the original Switch, and potentially the ability to update the internal Switch firmware (nand) to a current OFW, should you so desire. All of this is not set in stone, but to my knowledge this is what people currently are working on.
Reason is simple. We dont have the keys to sign the CFW as if it would be "real Nintendo firmware", so the Switch wont allow you to "just install it" over OFW.
And even if you would trick the flasher subroutine into writing a CFW on to the Switches internal nand, it then wouldn't boot - without an exploit, because the keys are incorrect.
So the current idea seems to be to load the CFW onto the sdcard and launch it as emunand after you did an exploit "on boot". This means minimal permanent manipulation on the original Switch, and potentially the ability to update the internal Switch firmware (nand) to a current OFW, should you so desire. All of this is not set in stone, but to my knowledge this is what people currently are working on.
Thats the reason why Signature Patches exist.
Or custom kernels that can load a CFW from an sdcard.
Yet to my understanding this is not what Athmosphere is based around currently.
Please correct me if I am portraying this wrong.
(The how do we want to honor the "you will always be able to use the eshop" promise has not yet been explained in detail... )
--------------------- MERGED ---------------------------
Here is another possibility. Create a "modchip" that by default actively shorts pin 10, then disables the short after it has been powered for 5 seconds. Put it internally - have a kernel patch, or an internal usb jig that allows you to induce the exploit from the Switch itself, if that code is not detectable, you should be golden. Not sure if this is too much to ask - and if at that point you could just make that patch execute after every boot without glitching - but, that way you wouldnt have to write to system partitions potentially.
Still, there has to be code that allows the CFW to load in the first place. CFW will not in itself solve this issue.
Yet to my understanding this is not what Athmosphere is based around currently.
Please correct me if I am portraying this wrong.
(The how do we want to honor the "you will always be able to use the eshop" promise has not yet been explained in detail...
)--------------------- MERGED ---------------------------
Here is another possibility. Create a "modchip" that by default actively shorts pin 10, then disables the short after it has been powered for 5 seconds. Put it internally - have a kernel patch, or an internal usb jig that allows you to induce the exploit from the Switch itself, if that code is not detectable, you should be golden. Not sure if this is too much to ask - and if at that point you could just make that patch execute after every boot without glitching - but, that way you wouldnt have to write to system partitions potentially.
Still, there has to be code that allows the CFW to load in the first place. CFW will not in itself solve this issue.
Last edited by notimp,
D
Deleted-355425
Guest
‘
- Versions between 3.0.1 and 4.1.0 still have vulnerabilities that we've proven to work, but they don't give you the immediate fun that switches in the previous two categories do. There's still a case for holding onto these until all details regarding Fusée Gelée are released, so you can understand what the advantages and disadvantages are of Fusée Gelée before upgrading.
I've looked this up in the temkin Q and A again.
"To make the assistance permanent" implies, that there would be a reason to do that, which would be to run the exploit on every boot.
The second paragraph might contradict that or only simply refer to the 3D printed jtag thingy as a non permanent solution. So no conclusive outcome.
The fact that a "permanent assisted solution" is talked about though seems to indicate - that in concept you would have to glitch the switch after every boot. (Or have a "modchip" do it for you - which hopefully also could talk on the usb data rail.)
"To make the assistance permanent" implies, that there would be a reason to do that, which would be to run the exploit on every boot.
The second paragraph might contradict that or only simply refer to the 3D printed jtag thingy as a non permanent solution.
So no conclusive outcome. The fact that a "permanent assisted solution" is talked about though seems to indicate - that in concept you would have to glitch the switch after every boot. (Or have a "modchip" do it for you - which hopefully also could talk on the usb data rail.)
So if I'm on 2.1 just need to wait and we don't need to shot the pins ? Just the USB to connect the switch to a pc ?
The fact that the exploit is tethered makes it less exciting for me now...Hopefully an untetherd solution will come later on.
Yeah, that's unfortunate that it's tethered. I imagine being on vacation somewhere in the world, and my Switch battery running out of juice. I'd at least need small device to execute the exploit. Something like the Pi zero.
I'm really looking forward to that TX has to present to the public. I hope they figured something out. Maybe some kind of an internal solution you can solder and feed from the Switch battery.
I'm really looking forward to that TX has to present to the public. I hope they figured something out. Maybe some kind of an internal solution you can solder and feed from the Switch battery.
im going with xecuter chip if it will do al this without me manually doing it each time i boot the switch.
im on 1.0.0 and im honestly questioning myself why i stayed there till today. but lets wait and see what the scene is going to bring
im on 1.0.0 and im honestly questioning myself why i stayed there till today. but lets wait and see what the scene is going to bring
Similar threads
what a shame, to have to go back to an OG size battery soon.
