How V2 Softmodding could be possible

[rockrhead]

Hey there!
I recently thought about V2 softmodding and got an idea in my head.

The game "Super Dungeon Maker" allows for levels to be uploaded from your Switch to the games servers similar to Mario Maker. However, the game has also seen a PC Release which shares the same servers with the switch version.
The levels themselves are also all publicly listed on a website. If you are the creator of a level, you can also edit its thumbnail image.
Now, there are two things in here which strike me as interesting:

1. Levels can be uploaded from your PC to the site and then downloaded or played on your switch. If we could send different files to the game server which we can then use to run an exploit on our switch, would a V2 softmod be possible?
2. Same with the images. They get automatically loaded in the preview of the game, which would maybe make a softmod possible if we upload images with executable code.

Now, I'm no master programmer. In fact, I've only made a few smaller games in the past and know practically nothing about the Switch Hardware and OS. But would this be opening the gates for a V2 softmod, similar on how Cubic Ninja did it with the 3ds?

Edit: After doing a bit of research, the functionality of thumbnail images seem to be removed. However, that still leaves the possibility for exploiting hacked levels being uploaded!

 

[gnmmarechal]

Hey there!
I recently thought about V2 softmodding and got an idea in my head.

The game "Super Dungeon Maker" allows for levels to be uploaded from your Switch to the games servers similar to Mario Maker. However, the game has also seen a PC Release which shares the same servers with the switch version.
The levels themselves are also all publicly listed on a website. If you are the creator of a level, you can also edit its thumbnail image.
Now, there are two things in here which strike me as interesting:

1. Levels can be uploaded from your PC to the site and then downloaded or played on your switch. If we could send different files to the game server which we can then use to run an exploit on our switch, would a V2 softmod be possible?
2. Same with the images. They get automatically loaded in the preview of the game, which would maybe make a softmod possible if we upload images with executable code.

Now, I'm no master programmer. In fact, I've only made a few smaller games in the past and know practically nothing about the Switch Hardware and OS. But would this be opening the gates for a V2 softmod, similar on how Cubic Ninja did it with the 3ds?

Edit: After doing a bit of research, the functionality of thumbnail images seem to be removed. However, that still leaves the possibility for exploiting hacked levels being uploaded!

Nintendo's overall security model with the Switch is, to my knowledge, very solid. While you're correct in assuming that this could be an attack vector, that is useless if the software itself is not vulnerable to any similar type of attack with arbitrary inputs.

 

[rockrhead]

Nintendo's overall security model with the Switch is, to my knowledge, very solid. While you're correct in assuming that this could be an attack vector, that is useless if the software itself is not vulnerable to any similar type of attack with arbitrary inputs.

Ah okay that's fair. Maybe someone could take a look at the software - however I woudln't be surprised if there was nothing found. I just figured it was an interesting idea!

 

[Skye-Meowscarada]

Hey there!
I recently thought about V2 softmodding and got an idea in my head.

The game "Super Dungeon Maker" allows for levels to be uploaded from your Switch to the games servers similar to Mario Maker. However, the game has also seen a PC Release which shares the same servers with the switch version.
The levels themselves are also all publicly listed on a website. If you are the creator of a level, you can also edit its thumbnail image.
Now, there are two things in here which strike me as interesting:

1. Levels can be uploaded from your PC to the site and then downloaded or played on your switch. If we could send different files to the game server which we can then use to run an exploit on our switch, would a V2 softmod be possible?
2. Same with the images. They get automatically loaded in the preview of the game, which would maybe make a softmod possible if we upload images with executable code.

Now, I'm no master programmer. In fact, I've only made a few smaller games in the past and know practically nothing about the Switch Hardware and OS. But would this be opening the gates for a V2 softmod, similar on how Cubic Ninja did it with the 3ds?

Edit: After doing a bit of research, the functionality of thumbnail images seem to be removed. However, that still leaves the possibility for exploiting hacked levels being uploaded!

It would likely only be at user level.

 

[thesjaakspoiler]

Getting data onto the Switch fortunately isn't the biggest hurdle as it supports SD cards out of the box.
Problem is the exploit that needs to run the code.
As mentioned, the security model of the Switch is very good as Nintendo learned from its mistakes.
Games run in a user mode where they have limited access to the underlying system so that avoids games running kernel level exploits. So if you would for example be able to use some buffer overflow by creating some special level, then all the game can do is access it's own data and its own storage. It cannot start another game for example.
What you want is a kernel level exploit.
That is where your code has access to everything and can start unsigned code or pirated games.
Chances of finding such an exploit are very small but maybe someone finds one.
With the advances of AI these days, It would be fun to let an AI have a go at it.