"Get on 3.0.0 - Stay on 3.0.0"

Discussion in 'Switch - Exploits, Custom Firmwares & Soft Mods' started by TiMeBoMb4u2, Dec 29, 2017.

  1. TiMeBoMb4u2
    OP

    TiMeBoMb4u2 GBAtemp Advanced Maniac

    Member
    7
    Oct 25, 2008
    United States
    Hyrule
    Straight from the mouth of "plutoo"...

    screencap.
     
  2. MeowMeowMeow
    This message by MeowMeowMeow has been removed from public view by porkiewpyne, Dec 31, 2017.
    Dec 29, 2017
  3. PatrickJr
    This message by PatrickJr has been removed from public view by porkiewpyne, Dec 31, 2017, Reason: One word post.
    Dec 29, 2017
  4. tech3475

    tech3475 GBAtemp Maniac

    Member
    7
    Jun 12, 2009
    Doesn't 3.0 contain the battery bug? Obviously people will need to upgrade anyway but if there are problems then it may be worth reminding people.

    I have pokken so I'm staying below for now.
     
  5. TiMeBoMb4u2
    OP

    TiMeBoMb4u2 GBAtemp Advanced Maniac

    Member
    7
    Oct 25, 2008
    United States
    Hyrule
    For the record... I'm staying where I am, for now, as well. I'd like to see what comes of the 3.0.0 homebrew scene, before I update.
     
    XxShalevElimelechxX likes this.
  6. tunip3

    tunip3 [debugger active]

    Banned
    7
    Oct 31, 2016
    United Kingdom
    if anyone has a 1.00 switch daekan is willing to trade a 2 3.00 switches for 1 1.00
     
  7. Lacius

    Lacius GBAtemp Guru

    Member
    15
    May 11, 2008
    United States
    If you're on something lower than 3.0.0, you should not update to 3.0.0 for the time being. In other words, if you're on 1.0.0-3.0.0, stay where you're at.
     
    Last edited by Lacius, Dec 29, 2017
  8. LukySplatoon

    LukySplatoon GBAtemp Fan

    Member
    2
    Jun 5, 2016
    Belgium
    Ok but why?
     
  9. Lacius

    Lacius GBAtemp Guru

    Member
    15
    May 11, 2008
    United States
    There have been murmurings about an emuNAND solution for systems on 1.0.0.
     
  10. Baoulettes

    Baoulettes The lonely man

    Member
    5
    May 25, 2011
    France
    C:\Users\Baoulettes\Desktop\GBATemp
    Hm mind explaining that bug ?
    I am on 3.0.0 with issue to play all day
     
  11. LukySplatoon

    LukySplatoon GBAtemp Fan

    Member
    2
    Jun 5, 2016
    Belgium
    Ok but 2.3?
     
    weatMod likes this.
  12. Lacius

    Lacius GBAtemp Guru

    Member
    15
    May 11, 2008
    United States
    I'm not aware of any benefit 2.3 has over 3.0 right now. However, it's always good practice to stay on the lowest software version possible. Better to need to update to 3.0.0 later than to update now and be unable to use something that 2.3 has and 3.0 doesn't.
     
    mech, TiMeBoMb4u2 and LukySplatoon like this.
  13. Thelonewolf88

    Thelonewolf88 GBAtemp Fan

    Member
    3
    Jun 11, 2016
    United States
    It does yeah, which is why i have held off updating from 2.0.0 to 3.0.0 with Pokken. See how it pans out over time.
     
  14. tech3475

    tech3475 GBAtemp Maniac

    Member
    7
    Jun 12, 2009
    Baoulettes likes this.
  15. tunip3

    tunip3 [debugger active]

    Banned
    7
    Oct 31, 2016
    United Kingdom
    theyre are a couple extra vulns in 2.3 look over the 34c3 confrence to see which
     
    weatMod likes this.
  16. kublai

    kublai GBAtemp Fan

    Member
    5
    May 29, 2008
    United States
    maybe the battery bug can turn into an exploit like the PSP.
     
  17. cholaloula

    cholaloula Advanced Member

    Newcomer
    1
    May 15, 2017
    France
    I saw the conference but can't see what extra vulnerabilities, It's the question of the thread I opened https://gbatemp.net/threads/3-0-0-mandatory.492851/
    I'm in the 2.3 case and will wait to see if there's a real advantage. From what I saw 3.0.0 is the way to go as it's the firmware that permitted the ROhan exploit...Am I wrong?
     
    weatMod likes this.
  18. SnAQ

    SnAQ GBAtemp Advanced Fan

    Member
    6
    May 20, 2010
    I'm staying where i am.
    4.1.

    But I'm happy for all you that had the patience to wait for boring, worthless homebrew.

    Have fun with Pong and DOOM,

    Sent from my F8331 via Tapatalk
     
    Meriadoc, a9lh-1user and zezzo like this.
  19. TiMeBoMb4u2
    OP

    TiMeBoMb4u2 GBAtemp Advanced Maniac

    Member
    7
    Oct 25, 2008
    United States
    Hyrule
    For the most part, this is true, and it is one of the reasons I'll be staying where I'm at, for now.
    It's sure tempting, though, when he says, "Get on firmware 3, if you're lower." —

     
    Last edited by TiMeBoMb4u2, Dec 29, 2017
    leonmagnus99 likes this.
  20. Lacius

    Lacius GBAtemp Guru

    Member
    15
    May 11, 2008
    United States
    Don't try to bring people down just because you're on 4.1.
     
    Ricken, 20degrees, satan89 and 3 others like this.
  21. cholaloula

    cholaloula Advanced Member

    Newcomer
    1
    May 15, 2017
    France
    Just making a copy/paste from rohan url :

    -----------------------------

    ROhan is an exploit to enable userland arbitrary code execution on Switch OS 3.0. It works due to Nintendo’s code making a number of assumptions that don’t hold when sm:h is in play:

    • With OS 3.0.0, Nintendo split the ldr:ro service away from the ldr sysmodule, in an attempt to limit the attack surface of the critical ldr.
    • The newly-created RO sysmodule contains a codepath meant to ease testing for use on devkits: when loading in NRR files (which validate the integrity of NRO “dlls”), the module will contact the spl: service to check the IsDebugMode flag, and contact the settings sysmodule to request the ro!ease_nro_restriction setting. If both of these are set, the signature check is skipped.
    Both of these changes mark theoretical improvements to the system's security. However, sm:h grants full access to the services API – including both registering and unregistering existing services. As such, the exploit flow looks like this:

    1. Set the ro!ease_nro_restriction setting to 1
    2. Using a compromised sysmodule (more on this later), MITM the spl: service to cause any GetConfig call of type 0xb (IsDebugMode) to return 1
    3. Kill and relaunch ro
    4. Load any unsigned nrr
    5. Load any nro whose hash exists in that nrr
    The reason we need a compromised sysmodule is that the ReplyAndReceive syscall, required to imitate a service, simply doesn’t exist in the browser. As such, we hijack an existing sysmodule to perform this attack.

    In 3.0, the sdb sysmodule contains a number of bugs that make it a prime target. We currently have an arbitrary write and control of the execution flow; what we don’t have is an actual ROP/JOP-chain to allow arbitrary function calling. This is the sole piece missing for userland ACE on the Switch.

    --------------------------

    I think that's the reason why Plutoo recommends to upgrade to 3.0.0 but Tunip3 seems to imply the 34c3 speech indicated 2.3.0 could have advantages...
     
  22. TiMeBoMb4u2
    OP

    TiMeBoMb4u2 GBAtemp Advanced Maniac

    Member
    7
    Oct 25, 2008
    United States
    Hyrule
    I only bought my Switch for Zelda... Beat it, and I'm still below firmware v3.x.
    I can update whenever I like. You, however, cannot ever downgrade, if you decide later you wanted to....unless, of course, someone figures a way to bypass the eFuses.