Hacking Question How are we going to do this? (Nintendo Switch Lite RCM)

[CompSciOrBust]

Saying it will take years is also hyperbole though, it's difficult to say how long it would take. And about the Xbox One, I didn't know that, that's pretty neat I guess. But my point was there's little point to hacking an Xbox One for game backups, the only thing is homebrew which people have many systems for, but yeah, the challenge thing is also true (also as a hobby).

XBone has a dev mode which lets you run homebrew in it so you would only need a exploit if you wanted piracy or mods. Check out the XBone homebrew section here on GBATemp, being all NT and UWP it's super easy to port stuff so there's some nice emulators. I don't think saying it will takes years is hyperbole. Looking at other systems even ones that have active hacking scenes like the PS4 there can be years long gaps between exploit releases and the PS4 scene has the advantage of Orbis being Open BSD. The Switch OS is completely custom and uses a Micro Kernel.

 

[smf]

People don't want to release XBone stuff because it runs NT and releasing an NT exploit would be very bad for the 1.5 billion Windows PC users.

I don't buy it. They might not want to release it because they know microsoft will instantly patch it and they don't think they'll ever find another exploit.

 

[ZachyCatGames]

It doesn't matter who it is, there's always a way in the system. If SciresM thinks it cannot be done, someone else will do it instead.

I don't agree with this. It will inevitably become hackable at some point. It's a matter of when rather than if. Every console is.

Thats not how it works >_>

Pinging @SciresM

 

[Josshy0125]

Thats not how it works >_>

Pinging @SciresM

I can guarantee you it will work this way. There will ALWAYS be a way found. You're just being baselessly pessimistic.

 

[ZachyCatGames]

I can guarantee you it will work this way. There will ALWAYS be a way found. You're just being baselessly pessimistic.

It’s not baseless. The stuff that really matters in Nintendo’s OS doesn’t have any useful exploits, this is fact. Marikos bootrom also likely doesn’t have any useful exploits. The only “realistic” way it’s ever getting “hacked” is if someone somehow bruteforces the RSA key, and at that point it’s not even really a “hack”.

Anyway, this is pointless, I’m out.

 

[Josshy0125]

It’s not baseless. The stuff that really matters in Nintendo’s OS doesn’t have any useful exploits, this is fact. Marikos bootrom also likely doesn’t have any useful exploits. The only “realistic” way it’s ever getting “hacked” is if someone somehow bruteforces the RSA key, and at that point it’s not even really a “hack”.

Anyway, this is pointless, I’m out.

Do you know how vulnerabilities even work? You can find them through a game as well, or an application, or even through the weirdest things. Not all crashes result in a vulnerability which can be taken advantage of to create a "jump-off" point, but some can. And no, that's NOT a fact. You're literally making things up.

It's clear from the second sentence in, you have no clue as to what you're even talking about...

 

[ZachyCatGames]

Do you know how vulnerabilities even work? You can find them through a game as well, or an application, or even through the weirdest things. Not all crashes result in a vulnerability which can be taken advantage of to create a "jump-off" point, but some can. And no, that's NOT a fact. You're literally making things up.

It's clear from the second sentence in, you have no clue as to what you're even talking about...

So you’re counting application exploits as hacks? lol. Ok then, sure it’ll be hacked. But do note application exploits get you almost nothing on their own.
So you’re saying SciresM is wrong and is making things up?

 

[SciresM]

Again, you're literally saying bullshit. Why wouldn't it get you anything on Switch? Of course this is a way to get things done. You're making assumptions when you don't know anything about this topic...

He's right, actually. The switch OS is heavily sandboxed, and applications have basically no interesting permissions. I actually assume you can compromise literally any application/the web browser when threat modeling, because it's completely meaningless to doing interesting homebrew stuff.

The Switch's OS (Horizon) is very, very secure software-wise -- it's foolish to expect any meaningful software exploits. The secure monitor and kernel have no bugs, and I've audited both very thoroughly.

 

[x65943]

You heard it from the horse's mouth, now can we stop bickering please

 

[reminon]

I overstepped, and apologize. Back to lurking for me.

 

[rommy667]

They learned a lot from their mistakes on the 3ds,loads of system apps had exploits guess this is why switch is so bare bones less places to have exploits.

 

[smf]

because it's completely meaningless to doing interesting homebrew stuff.

It's kinda subjective to say "interesting homebrew" because that depends on what someone will find interesting. I accept it means you can't load atmosphere, which is probably what you find interesting

I do wonder if there is a viable hardware exploit, even if it's a tiny glitching mod chip.

 

[Boydy86]

Paperclips will get you know nowhere, you need a microphone...:

https://www.extremetech.com/extreme...to-the-tiny-sounds-made-by-your-computers-cpu

 

[spotanjo3]

Nah, hey will find a way to hack it. This time it won't be joy con.. The hacker are smarter and they will figure it out.

 

[ElfenToola]

I don't agree with this. It will inevitably become hackable at some point. It's a matter of when rather than if. Every console is.

Precisely this. 100%.

If its not SciresM It'll be someone else.

Also on the Xbox One front we can already essentially run homebrew on it without hacking it. So the only groups that'd have genuine interest in hacking/releasing one would be propirate groups which many hackers like SciresM proclaim not to be.

 

[senas8]

What about that Fuze programming app recently released for the switch.. wonder if there is a way to boot something from within that sandbox?

 

[The Real Jdbye]

So, now that the Nintendo switch lite is announced, how are we going to hack it?
Since the Joy-Cons can't come off, we can't use RCM Jigs with them.

Do you guys have any suggestions on how this is going to work? (And is this a right place to put it?)

In all likelihood another RCM exploit is never going to happen. It's going to have to be something within the system OS itself, which is a difficult thing to do, given everything uses ASLR (where the RAM addresses are randomized, which messes things up for exploits, not being able to just execute their own code outright, they need to find the right addresses in memory to call to execute the code they need to set up the exploit, and they can't find the right addresses if everything is randomized)

 

[SciresM]

In all likelihood another RCM exploit is never going to happen. It's going to have to be something within the system OS itself, which is a difficult thing to do, given everything uses ASLR (where the RAM addresses are randomized, which messes things up for exploits, not being able to just execute their own code outright, they need to find the right addresses in memory to call to execute the code they need to set up the exploit, and they can't find the right addresses if everything is randomized)

ASLR barely even comes in to play, too, since the OS doesn't really have vulnerabilities in the first place...

 

[DejaSentj]

Yes in the first place but after update change to have a mistake. The more secure they are increasing the bigger mistake gonna make.

One switch maybe a perfect but switch + switch lite + accessories + tools it should be have somewhere or thing can get in.

 

[The Real Jdbye]

ASLR barely even comes in to play, too, since the OS doesn't really have vulnerabilities in the first place...

It's not gonna be easy, but everything seems to get hacked eventually, no matter what. So there is hope, even if it takes until the next generation Nintendo console before it happens.