Hacking Do you think that hackers will ever take full control of the switch?

[Parax342]

Do you think that hackers will ever take full control of the switch

Edit on 7/10 at 3:06 for clarity: I mean being able to modify system files and have them work by full control

 

[Tac 21]

way too soon to talk about it- the fact that Modders got CFW on switch so early for the initial batch is shocking

 

[Jayro]

They basically do. What else are they locked out of?

 

[Parax342]

They basically do. What else are they locked out of?

Well if they had full control, they would be able to make CFW permanant. They can't modify all system files yet.

 

[RHOPKINS13]

Well if they had full control, they would be able to make CFW permanant. They can't modify all system files yet.

They can modify all system files just fine. The problem is that the firmware will see that the changes haven't been signed by Nintendo, and refuse to boot.

So unless Nintendo's private key gets leaked, or some other bootloader-stage exploit is found, both of which are very unlikely to ever happen, this is as close as we'll get.

And that's fine. If you want a CFW without a jig or payload dongle, go find a switch running 4.1.0. Otherwise, be happy with what we have. Because based on information SciresM has posted, I highly doubt we'll see anything better anytime soon, if at all. But I'd say we have about as much "full control" as we could ever hope for. You can run Linux, you can run Android, you've got 3 good CFWs to pick from (4 if you count Kosmos - I just consider that to be "pre-packaged" Atmosphere though.) In Horizon, we have custom themes, even animated ones. We have all sorts of homebrew, including emulators and ports of PC games. We have system modules that give added functionality like background music and FTP services. We even have cheats and game mods. I'm not sure what more you could hope for, other than booting without RCM payloads.

 

[Parax342]

They can modify all system files just fine. The problem is that the firmware will see that the changes haven't been signed by Nintendo, and refuse to boot.

So unless Nintendo's private key gets leaked, or some other bootloader-stage exploit is found, both of which are very unlikely to ever happen, this is as close as we'll get.

And that's fine. If you want a CFW without a jig or payload dongle, go find a switch running 4.1.0. Otherwise, be happy with what we have. Because based on information SciresM has posted, I highly doubt we'll see anything better anytime soon, if at all. But I'd say we have about as much "full control" as we could ever hope for. You can run Linux, you can run Android, you've got 3 good CFWs to pick from (4 if you count Kosmos - I just consider that to be "pre-packaged" Atmosphere though.) In Horizon, we have custom themes, even animated ones. We have all sorts of homebrew, including emulators and ports of PC games. We have system modules that give added functionality like background music and FTP services. We even have cheats and game mods. I'm not sure what more you could hope for, other than booting without RCM payloads.

oh.

 

[ShadowOne333]

They can modify all system files just fine. The problem is that the firmware will see that the changes haven't been signed by Nintendo, and refuse to boot.

So unless Nintendo's private key gets leaked, or some other bootloader-stage exploit is found, both of which are very unlikely to ever happen, this is as close as we'll get.

Getting a full CFW into the Switch would really just require the private key to sign everything properly so the system doesn't reject it?

 

[RHOPKINS13]

Getting a full CFW into the Switch would really just require the private key to sign everything properly so the system doesn't reject it?

That's my understanding, but said key would be highly illegal to distribute even if it did get cracked. And these keys are practically uncrackable - it's more likely that it would be leaked by someone working for Nintendo. And I think it's safe to say Nintendo has probably limited access to all but a very few select employees for this key.

 

[Jayro]

They can modify all system files just fine. The problem is that the firmware will see that the changes haven't been signed by Nintendo, and refuse to boot.

So unless Nintendo's private key gets leaked, or some other bootloader-stage exploit is found, both of which are very unlikely to ever happen, this is as close as we'll get.

I don't understand why the private key can't be compared between signed files, compared, and extracted for use in fake-signing.

 

[proflayton123]

When the switch reaches its EoL

 

[deanspeed]

If you want a CFW without a jig or payload dongle, go find a switch running 4.1.0.

Mine is running 3.0.1 exactly for this reason! Are you saying that this is possible now for anyone who has a low enough firmware?

 

[Filo97]

I dunno about "full control" but i hope sooner or later we'll have a software-modding solution that doesn't involve an RCM jig on exclusively the older models

 

[Budsixz]

Mine is running 3.0.1 exactly for this reason! Are you saying that this is possible now for anyone who has a low enough firmware?

Well there is pegascape

 

[tech3475]

I don't understand why the private key can't be compared between signed files, compared, and extracted for use in fake-signing.

The private key (should) never leave Nintendo, the reason we’ve had things like Trucha or the PS3 signing key is because of flawed implementation allow the brute forcing or reverse engineering of keys.

 

[Boydy86]

I don't understand why the private key can't be compared between signed files, compared, and extracted for use in fake-signing.

To crack a private key, you literally need to trial every single possible variation of the key based on bit length:

"Imagine a computer that is the size of a grain of sand that can test keys against some encrypted data. Also imagine that it can test a key in the amount of time it takes light to cross it. Then consider a cluster of these computers, so many that if you covered the earth with them, they would cover the whole planet to the height of 1 meter. The cluster of computers would crack a 128-bit key on average in 1,000 years.

If you want to brute-force a key, it literally takes a planet-ful of computers. And of course, there are always 256-bit keys, if you worry about the possibility that government has a spare planet that they want to devote to key-cracking."​

I believe the Private key used to sign Nin software to be in the region of 2048 bits.

 

[Dax_Fame]

To crack a private key, you literally need to trial every single possible variation of the key based on bit length:

"Imagine a computer that is the size of a grain of sand that can test keys against some encrypted data. Also imagine that it can test a key in the amount of time it takes light to cross it. Then consider a cluster of these computers, so many that if you covered the earth with them, they would cover the whole planet to the height of 1 meter. The cluster of computers would crack a 128-bit key on average in 1,000 years.

If you want to brute-force a key, it literally takes a planet-ful of computers. And of course, there are always 256-bit keys, if you worry about the possibility that government has a spare planet that they want to devote to key-cracking."​

I believe the Private key used to sign Nin software to be in the region of 2048 bits.

We're gonna need a whole lotta planets...

I just want to know why if you run Lakka or RA for Android they can run more cores than the RA Homebrew for Horizon. 60fps GameCube emulation will never happen in Horizon... But why?

Bloated OS? Something to do with the kernel or how the OS utilizes the processor?

I don't know a thing about this stuff (obviously) but I was thinking it was because we don't have complete control, only most of it... Plenty good for me!

Tomorrow's front page news: GC Emulation available on Switch!!!

 

[Boydy86]

We're gonna need a whole lotta planets...

I just want to know why if you run Lakka or RA for Android they can run more cores than the RA Homebrew for Horizon. 60fps GameCube emulation will never happen in Horizon... But why?

Bloated OS? Something to do with the kernel or how the OS utilizes the processor?

I don't know a thing about this stuff (obviously) but I was thinking it was because we don't have complete control, only most of it... Plenty good for me!

Tomorrow's front page news: GC Emulation available on Switch!!!

I reckon quite simply just architectural differences at the silicon level. A simple instruction sent to a GC chip would be completely unrecognisable to any instruction set on Switch hardware, this needs emulated, by maybe up to 100 processes to make the instruction discernible! I estimate close to 80-90% of CPU usage whilst emulating is translations.

 

[Dax_Fame]

I reckon quite simply just architectural differences at the silicon level. A simple instruction sent to a GC chip would be completely unrecognisable to any instruction set on Switch hardware, this needs emulated, by maybe up to 100 processes to make the instruction discernible! I estimate close to 80-90% of CPU usage whilst emulating is translations.

Oh I understand that much, I specifically mean while running Lakka and Android on the Switch.

There are more cores available and core performance is increased on the same hardware. This is what's puzzling to me.

Loved that analogy, btw.

 

[smf]

That's my understanding, but said key would be highly illegal to distribute even if it did get cracked.

It would be the same as distributing fusee as you can't copyright a number like a key (even if gbatemp pretends you can). The DMCA/EUCD would consider them equivalent.

I just want to know why if you run Lakka or RA for Android they can run more cores than the RA Homebrew for Horizon. 60fps GameCube emulation will never happen in Horizon... But why?

The code for Android has already been written & is easily recompiled for the switch, to do the same on Horizon will require someone to put in effort to make it run. The Why is because nobody who can do it, has done it yet.

 

[linuxares]

Well Atmosphere is working on a proper CFW. One that doesn't require Horizon at all Time will tell if they're successful.