Homebrew COMPLETED How pikabricker works

[xxNathanxx]

So, Pikabricker was malware that was made as a fake Pikachu rom.

I wrote a whole "writeup" on exactly how the malware works.

https://pastebin.com/6dNDSyZA - Full Pikabricker writeup

I hope this helps people who are making nsp scanners or something to see how they are made with better ease.


Thank you

Thanks, I've read all one hundred and sixty six words, including the 'this is how pikabricker works, i wrote this', 'this is stupid', 'thank you' and 'write up by Midstor', and I am now enlightened.

 

[linuxares]

The Pikachu bricker only corrupts the first 5000 bytes, of this partition, so everything up until offset 0x1388. That's how it it works. It breaks the nand and replace the hex until 0x1388 with 80085 over and over. It writes on the users Nand partition to be exact.

 

[bundat]

The Pikachu bricker only corrupts the first 5000 bytes, of this partition, so everything up until offset 0x1388. That's how it it works. It breaks the nand and replace the hex until 0x1388 with 80085 over and over. It writes on the users Nand partition to be exact.

Oh I finally found the writeup in this thread, guess the thread title was telling the truth.

 

[Paffo]

I get the feeling this is here just to increase post counts, there are no useful info whatsoever.

 

[Mnecraft368]

I get the feeling this is here just to increase post counts, there are no useful info whatsoever.

Somehow doubt that, pretty sure the OP seriously thinks he did good posting this (well, before he got people replying to it).
You would understand if you knew him on discord .

 

[Paffo]

Somehow doubt that, pretty sure the OP seriously thinks he did good posting this (well, before he got people replying to it).
You would understand if you knew him on discord .

I'm in Rei's Discord too, i've read what he types. I always though he was trolling, but since you said that i start doubting it.

 

[midstor]

I thought it only corrupted BIS and didn't touch PRODINFO, although I'm not exactly sure what BIS is other than it has something to do with partitions...
That makes that guy an even bigger dick than I already thought he was.

OG confirmed it wrote over bis after I wrote this but it writes over prod info too

--------------------- MERGED ---------------------------

Somehow doubt that, pretty sure the OP seriously thinks he did good posting this (well, before he got people replying to it).
You would understand if you knew him on discord .

At least my name isn’t cringe....

 

[NoSmokingBandit]

What we need is a little bat file that checks the nsp

But how? The manifest inside the NSP contains SHA hashes for the NROs, but that is useless since someone can simply change the manifest to match the modified NRO. Unless we have a known database of good SHAs there is nothing to compare it to.

Good NROs are signed by Nintendo, but afaik the only way to check this sig is on the switch itself.

 

[GerbilSoft]

But how? The manifest inside the NSP contains SHA hashes for the NROs, but that is useless since someone can simply change the manifest to match the modified NRO. Unless we have a known database of good SHAs there is nothing to compare it to.

Good NROs are signed by Nintendo, but afaik the only way to check this sig is on the switch itself.

hactool's verify function says it verifies hashes and signatures.

 

[Angelus3K]

Is this guy 9 or something. What a joke.

 

[Mnecraft368]

At least my name isn’t cringe....

For one, that has nothing to do with this.
And two, read the message underneath it. I asked for a name change a while back but got rejected.

I also know you saw the message underneath because you clipped it off when you showed discord. EDIT: Might I add you showed discord with no context, just so you could make fun of my name. No reason to show them at all.

Is this guy 9 or something. What a joke.

I usually go with 12, but it's possible.

 

[midstor]

Your write up isn't correct in the slightest... not trying to be rude, but I don't think you know what the hell you're talking about.

Everything in the pastebin was taken directly or worded from what OG said in direct messages over discord.

--------------------- MERGED ---------------------------

The Pikachu bricker only corrupts the first 5000 bytes, of this partition, so everything up until offset 0x1388. That's how it it works. It breaks the nand and replace the hex until 0x1388 with 80085 over and over. It writes on the users Nand partition to be exact.

Info was taken from dm's with the creator of the app.

--------------------- MERGED ---------------------------

Is this guy 9 or something. What a joke.

You are being very immature. You aren't contributing anything to stopping this horrible practice some people do.

 

[linuxares]

And where do you think I got it from?

 

[Localhorst86]

To express my thoughts about this writeup, let me loosely paraphrase David Bowie's response to Coldplay when they asked him to sing one of their songs:

"It's not a very good writeup, is it?"

 

[Angelus3K]

You are being very immature. You aren't contributing anything to stopping this horrible practice some people do.

Your “write up” is doing literally nothing to stop it either. Those with enough knowledge to do anything about the brick will already know or know how to obtain the exact technical specifications of the brick code.

 

[Pippin666]

The malware is weak, it should have render completely useles, permabrick for the win.

Pip'

 

[Clydefrosch]

Holy fucking shit guys we get it, it's not a great read.

Doesn't mean 50 more guys need to get their dicks hard jumping on the guy.

And stop acting as if this wasn't exactly the average level of quality brought forward by a good 70% of this community.

 

[Flying Scotsman]

Interesting read. Since it's in the RomFS - does that mean LFS brick code could be a thing?

 

[PrincessLillie]

Not much of a write up if you ask me. Went in expecting multiple paragraphs of technical information about how the bricker works, came out with a few sentences that barely went into detail about anything. Nice try OP, you gave it your best.

 

[SimonMKWii]

Nice try OP, you gave it your best.

That's debatable