Toggle sidebar

Front-page Hacking 

fusée gelée -- coldboot proof-of-concept for the Tegra X1

DWOUcCQU8AEMUEb.jpg DWOUZnCVAAAb2jJ.jpg Thank's to @ktemkin and all Reswitched Team[prebreak]1[/prebreak]:wink::wink:

I'm super pleased to tease "fusée gelée", @reswitchedteam's proof-of-concept coldboot execution hack-- with which we join the growing ranks of those with unpatchable Tegra X1 bootrom bugs.
Quick video of it in action on a Switch: https://youtu.be/ik04jn0obag
Click to expand...

 
  • Like
Reactions: Alex1234, Jyssa, I pwned U! and 46 others
Click to expand...
isn't it kind of funny that nintendo did the protection very good on this console but its somehow the fastest hacked console of nintendo yet even thou the protection is good :D
 
  • Like
Reactions: Owenge
DerProGamer2000 said:
isn't it kind of funny that nintendo did the protection very good on this console but its somehow the fastest hacked console of nintendo yet even thou the protection is good :D
Click to expand...
it isnt, nintendo made the protection strong but that doesnt matter if nvidias protectiong is worthless.
 
DerProGamer2000 said:
oh so its because of nvidia... what if the chip would be the best protection which exploits would not work?
Click to expand...
thats what i get out of most of explaination of the exploit.
Also there is no prefect protection. If its made by a human it can be destroyed/cracked by a human its as easy as that.
 
SoslanVanWieren said:
Eh its nintendos fault as well to they did not patch the trust zone exploit properly they just patched access to it. Nintendo are lazy with fixing stuff.
Click to expand...
fixing the trust zone exploit could be complicated and in the meanwhile they just closed the accsess point. this a common approach in programming, not just nintendo.
 
I suppose now it's just a race to see who releases their cold boot hax first. Probably Team Xecuter with their "modchip". Which judging by other's cold boot exploits, don't need one... A modchip is just a cashgrab.
 
Jayro said:
I suppose now it's just a race to see who releases their cold boot hax first. Probably Team Xecuter with their "modchip". Which judging by other's cold boot exploits, don't need one... A modchip is just a cashgrab.
Click to expand...
It could depend on what the "public" coldboot exploits require for installation. My guess is they would at minimum require userland access, and it may require higher privileges. That means it would be free to install on firmwares that support those privileges, but anything higher would be SoL. Supposedly the hardmod would allow coldboot hacks on any firmware regardless of having code execution or not.
 
TheCyberQuake said:
It could depend on what the "public" coldboot exploits require for installation. My guess is they would at minimum require userland access, and it may require higher privileges. That means it would be free to install on firmwares that support those privileges, but anything higher would be SoL. Supposedly the hardmod would allow coldboot hacks on any firmware regardless of having code execution or not.
Click to expand...
Well, we (at least SciresM) have tzhax on any firmware. Is that enough privileges? :D
 
Last edited by Kubas_inko,
sorry to bring this up but some older consoles held up pretty well PS3 4x aka super slim and sega saturn just only got fully cracked last year(sega saturn not pss3 superslim though that maybe exploited soon too) i think but theres a golden rule i learned here if it's a manmade electronic it can be exploited in some form
 
Last edited by chrisrlink,
TheCyberQuake said:
It could depend on what the "public" coldboot exploits require for installation. My guess is they would at minimum require userland access, and it may require higher privileges. That means it would be free to install on firmwares that support those privileges, but anything higher would be SoL. Supposedly the hardmod would allow coldboot hacks on any firmware regardless of having code execution or not.
Click to expand...
That does make sense... Soft-mod method probably requires 3.0.0, whereas the modchip works on any system firmware.
 
I think that every time Team Xecuter make a move, f0f and other teams show the possibilities of their "free" alternatives in order to dissuade TX from trying to make money out of piracy devices. That's the reason why they just show poc but never release anything...
 
Mrdx said:
I think that every time Team Xecuter make a move, f0f and other teams show the possibilities of their "free" alternatives in order to dissuade TX from trying to make money out of piracy devices. That's the reason why they just show poc but never release anything...
Click to expand...
Except if they never release their free alternatives, all it does is push more traffic to the things that actually release, even if they are a paid product
 
  • Like
Reactions: RedHunter
chrisrlink said:
sorry to bring this up but some older consoles held up pretty well PS3 4x aka super slim and sega saturn just only got fully cracked last year(sega saturn not pss3 superslim though that maybe exploited soon too) i think but theres a golden rule i learned here if it's a manmade electronic it can be exploited in some form
Click to expand...
Best one is Sega Dreamcast, just burn a game CD and run it lol, that was epic.
 

Site & Scene News

Go to forum More news

Popular threads in this forum

Dusk for switch (TLoZ Twilight Princess port)

Homebrew  New Homebrew "Foil Server"?

Homebrew  Full List of N64 Recompilation Switch ports

Hacking  WiFi chip failing and can't boot. is it possible to enable Airplane Mode by editing system save files directly?

Homebrew Tutorial Translation Project  CS2SX — Write Nintendo Switch Homebrew in C#

Is it fixable

Homebrew  Sonic Unleashed Recompiled (Homebrew Port)

Hacking Emulation  Switch Prod Keys downloading from sites okay?