Hacking Early Switch model - Black Screen on payload injection (Linux)

Deleted member 669151 · Aug 18, 2023

I have a Nintendo Switch with a serial # of less than XAW1001 (in the XAW10009 range precisely). I wanted to see if it was actually hackable before going out to get a larger microSD card, but after injecting the payload with fusee-launcher (the Tk interface running as root) I get a black screen. I have tried two payloads, TegraExplorer and a fusee-test payload. The firmware of this Switch is currently at 11.0.1. I tried to find an earlier version of TegraExplorer that was made for 11.0.1 but this didn't work either. I get the following output across any payload:

Code:

Important note: on desktop Linux systems, we currently require an XHCI host controller. A good way to ensure you're likely using an XHCI backend is to plug your device into a blue 'USB 3' port. 

Identified a Linux system; setting up the appropriate backend.

Found a Tegra with Device ID: [ Redacted for privacy ]

Setting ourselves up to smash the stack...
Uploading payload...
Smashing the stack...
skipping checks
The USB device stopped responding-- sure smells like we've smashed its stack. :)
Launch complete!

I've ensured I am using USB3 because the cable that I'm using, which is the one for the Switch Pro Controller, is plugged into the blue USB port. lsmod shows me that XHCI is indeed being used, and the Injector GUI recognizes the Switch when it is in RCM mode (otherwise the button to inject payload cannot be pressed).

I suppose it can't be hacked, but with such a low serial # and that the site for checking the serial number shows me that mine is in the green, it begs the question of am I doing something wrong? I am using aluminum foil taped to the two farthest back pins to access RCM. I've tried inserting the only microSD card I have (which is 32 GB) formatted with FAT32 to see if it makes a difference, which it doesn't. Is there a certain step in this process that I'm missing or am I just unlucky and have an early patched Switch?

Ryab · Aug 18, 2023

hunter0one said:
I have a Nintendo Switch with a serial # of less than XAW1001 (in the XAW10009 range precisely). I wanted to see if it was actually hackable before going out to get a larger microSD card, but after injecting the payload with fusee-launcher (the Tk interface running as root) I get a black screen. I have tried two payloads, TegraExplorer and a fusee-test payload. The firmware of this Switch is currently at 11.0.1. I tried to find an earlier version of TegraExplorer that was made for 11.0.1 but this didn't work either. I get the following output across any payload:

Code:

Important note: on desktop Linux systems, we currently require an XHCI host controller. A good way to ensure you're likely using an XHCI backend is to plug your device into a blue 'USB 3' port. Identified a Linux system; setting up the appropriate backend. Found a Tegra with Device ID: [ Redacted for privacy ] Setting ourselves up to smash the stack... Uploading payload... Smashing the stack... skipping checks The USB device stopped responding-- sure smells like we've smashed its stack. :) Launch complete!

I've ensured I am using USB3 because the cable that I'm using, which is the one for the Switch Pro Controller, is plugged into the blue USB port. lsmod shows me that XHCI is indeed being used, and the Injector GUI recognizes the Switch when it is in RCM mode (otherwise the button to inject payload cannot be pressed).

I suppose it can't be hacked, but with such a low serial # and that the site for checking the serial number shows me that mine is in the green, it begs the question of am I doing something wrong? I am using aluminum foil taped to the two farthest back pins to access RCM. I've tried inserting the only microSD card I have (which is 32 GB) formatted with FAT32 to see if it makes a difference, which it doesn't. Is there a certain step in this process that I'm missing or am I just unlucky and have an early patched Switch?

Deleted

Hayato213 · Aug 18, 2023

Ryab said:
If you use something like TegraRCMhgui it will specify if the system is in RCM mode. If the system says it is in RCM mode then it 100% is a hackable system. Also make sure you have installed the proper driver for it. If you have not I know that TegraRCMGui does have the installer built in.

Patched unit can enter RCM mode too, just that they don't accept payload.

Ryab · Aug 18, 2023

Hayato213 said:
Patched unit can enter RCM mode too, just that they don't accept payload.

Oh, I never knew that.

masagrator · Aug 18, 2023

It's easier to confirm that with TegraRCMGui as it returns how many bytes it "smashed".

If it's 0x0000, it's patched. If it's 0x7000, it's not patched. Payload may not work for other reasons than unit being patched, so this is definitive way to check if Switch is patched.

Deleted member 669151 · Aug 18, 2023

masagrator said:
It's easier to confirm that with TegraRCMGui as it returns how many bytes it "smashed".

Sadly TegraRCMGui doesn't work on Linux. So far the only injectors I know that work would be fusee-launcher and any frontends to it like the Tk one I used since its written in Python.

Post automatically merged: Aug 18, 2023

Holy cow, JTegraNX works! TegraExplorer successfully appears on screen

My suggestion for Linux users, use JTegraNX.

Hacking Early Switch model - Black Screen on payload injection (Linux)

New Member

Well-Known Member

Newcomer

Well-Known Member

The patches guy

New Member

Similar threads

Popular threads in this forum