Do you think that hackers will ever take full control of the switch?

Discussion in 'Switch - Exploits, Custom Firmwares & Soft Mods' started by Parax342, Oct 8, 2019 at 1:05 AM.

  1. smf

    smf GBAtemp Psycho!

    Member
    9
    Feb 23, 2009
    United Kingdom
    Because it's permanent, not tethered.

    Yes, boot 2 is what loads the OS.

    Well it's loaded from nand, as is boot1 (boot0 is loaded from mask rom).

    If we're talking about a hypothetical made up untethered coldboot exploit, then why can't we make one up that runs on all firmwares?
     
    Last edited by smf, Oct 9, 2019 at 12:18 AM
    8BitWonder likes this.
  2. Draxzelex

    Draxzelex GBAtemp Legend

    Member
    18
    Aug 6, 2017
    United States
    New York City
    Because we would need something that we can hijack that is executed before the fuse check of which does not seem like a very extensive list of avenues.
     
  3. smf

    smf GBAtemp Psycho!

    Member
    9
    Feb 23, 2009
    United Kingdom
    It's not an extensive list, currently there are zero entries. So until there are some workable methods, then you can't really say anything about them.
     
  4. Draxzelex

    Draxzelex GBAtemp Legend

    Member
    18
    Aug 6, 2017
    United States
    New York City
    I don't get it, you initially responded with lets make an untethered coldboot exploit and now you're saying there is none. Pick one.
     
  5. Silent_Gunner

    Silent_Gunner Mad Dog of Rambling and Insanity

    Member
    6
    Feb 16, 2017
    United States
    Would it be possible, theoretically speaking, to downgrade to that OFW via ChouDujourNX and use the method you described for booting into CFW?
     
  6. ZachyCatGames

    ZachyCatGames GBAtemp Addict

    Member
    9
    Jun 19, 2018
    United States
    Hell
    Fusee is more powerful then :P.
     
    Resaec likes this.
  7. RHOPKINS13

    RHOPKINS13 Geek

    Member
    8
    Jan 31, 2009
    United States
    No, but only because the Switch uses eFuses. 4.1.0 expects the Switch to have 5 burned eFuses. If it sees that there are more than that, it will refuse to boot. 8.1.0 expects 10, and 9.x expects 11.

    You can downgrade to 4.1.0 and use Hekate to bypass the fuse check, but in order to do that you'll need to push a payload, which defeats the purpose of downgrading to 4.1.0.
     
    Silent_Gunner likes this.
  8. Silent_Gunner

    Silent_Gunner Mad Dog of Rambling and Insanity

    Member
    6
    Feb 16, 2017
    United States
    So that's why my Switch would never turn on until I accidentally updated to 9.0 on my hacked Switch...
     
  9. Dax_Fame

    Dax_Fame Annoying Member

    Member
    3
    Jan 16, 2015
    United States
    Mom's house
    I feel like I'm not explaining myself properly or not properly understanding people's responses lol...
    • I'm NOT comparing Android running on whatever to Horizon running on the Switch
    • I'm comparing Android running on the Switch to Horizon running on the Switch
    • I'm comparing the performance of the same software (Retroarch) running on the same hardware but on a different OS
    I'm wondering why it is that there are more cores and better performance on the exact same hardware. What is the reason for this beyond full access to the hardware, if it's supposedly not the reason?
     
  10. Andalitez

    Andalitez GBAtemp Fan

    Member
    5
    Jul 2, 2018
    France
    Final Space
    yes, but actually no
     
  11. Ericthegreat

    Ericthegreat Not New Member

    Member
    10
    Nov 8, 2008
    United States
    Vana'diel
    Yes probably, might even be the big hack that enables cfw on newer devices.
     
    Parax342 likes this.
  12. smf

    smf GBAtemp Psycho!

    Member
    9
    Feb 23, 2009
    United Kingdom
    Fusee loses points for being tethered.

    — Posts automatically merged - Please don't double post! —

    No, I said "make one up" as in pretend there is one.

    You're pretending there is one with specific limitations. You said that was a problem, so I suggested we could just pretend there was one without those limitations instead.

    Problem solved.
     
    Last edited by smf, Oct 9, 2019 at 11:51 AM
    Parax342 likes this.
  13. ZachyCatGames

    ZachyCatGames GBAtemp Addict

    Member
    9
    Jun 19, 2018
    United States
    Hell
    It being tethered doesn’t impact how much power it gives you over the system.
     
  14. smf

    smf GBAtemp Psycho!

    Member
    9
    Feb 23, 2009
    United Kingdom
    Ok, then it seems it's equal with Wii, PS3, xbox, DSi then.

    There are actually very few exploits less powerful than fusee
     
  15. ZachyCatGames

    ZachyCatGames GBAtemp Addict

    Member
    9
    Jun 19, 2018
    United States
    Hell
    It’s not equal to the Wii’s exploit, dunno about the other systems. Fusee is an exploit in the bootrom, which is the first code that’s ran on the bpmp when booting the system, it would be equivalent to a boot0 exploit on Wii if one existed.
     
    Resaec and Parax342 like this.
  16. azoreseuropa

    azoreseuropa GBAtemp Guru

    Member
    11
    Nov 6, 2002
    United States
    Azores/Portugal
    Everything is always hackable.. No matter what. It is just "when". It will take time but everything will be hackable, yes.
     
    Silent_Gunner and Parax342 like this.
  17. ZachyCatGames

    ZachyCatGames GBAtemp Addict

    Member
    9
    Jun 19, 2018
    United States
    Hell
    That’s wrong, having exploitless code is possible and has been done.
     
  18. DaniPoo

    DaniPoo GBAtemp Advanced Fan

    Member
    5
    Jan 2, 2013
    I thought private key's were unique for each system thus being called private? :) No point in "leaking" private keys as noone is going to be able to use them.
    Also I though we were able to dump pretty much everything already. I'm also curious whats left.. My guess is the bootloader perhaps?

    — Posts automatically merged - Please don't double post! —

    Now really sure what you are talking about with the exploitless code stuff.. But how is azoreseuropa wrong in his statement?
     
    Parax342 likes this.
  19. FAST6191

    FAST6191 Techromancer

    pip Reporter
    23
    Nov 21, 2005
    United Kingdom
    Private keys in this case refers to the idea of public-private key cryptography aka asymmetric cryptography. There are things that can be done with system level/user/device level keys.



    https://www.khanacademy.org/computi...tro/v/the-internet-encryption-and-public-keys



    If you have the private key then you can essentially make whatever code you like appear as though Nintendo gave it their blessing. This is what was generated for the PS3 back when ( https://media.ccc.de/v/27c3-4087-en-console_hacking_2010 ), though not so many things use elliptical based stuff as much as prime numbers (or probably primes numbers as the case may be).
     
    Parax342 likes this.
  20. ZachyCatGames

    ZachyCatGames GBAtemp Addict

    Member
    9
    Jun 19, 2018
    United States
    Hell
    bootrom, pk1ldr and package1 have been dumped. Everything except some TSEC and Lotus shit has been publicly dumped/dumpable.

    They’re saying that everything is exploitable/hackable, which is straight up untrue
     
    Last edited by ZachyCatGames, Oct 9, 2019 at 9:08 PM
Quick Reply
Draft saved Draft deleted
Loading...