Hacking Suggestion I maybe have an idea to hack patched switches

[The Real Jdbye]

Hi !

I'm new to the Switch hacking scene, I come from the 3ds one, and my idea maybe seems stupid, but I'm thinking of a way to hack patched switches. First, sorry for my bad english. Do you know the exploit steelhax from the 3ds scene ? It is a way to run the 3ds Homebrew Launcher by injecting a hacked save file into the game Steeldiver Subwars to the sd card, which will run unsigned code. As a the save file needs to be encrypted, you need to send a false friend request to obtain the encryption. They've probably patched this issue for the Switch, but maybe we can inject a hacked save file (if making a hacked save file to run unsigned code is possible) in a clean NAND from a RCM compatible Switch, then transfer the user with the hacked file to a patched switch. Do you think it can work ?

Reswitched has said that it's very unlikely any game exploits will come out for the Switch. This is because the Switch uses ASLR, which means the memory is randomized every time. The exploit has to locate the right memory addresses to chain together to gain code execution. I won't go into too much detail, but the reason it works in the web browser is because it has a scripting engine that can be abused. But in a regular game, you have no way to execute custom code, you can only chain together existing pieces of code, and those pieces can't be located because we have no code execution at that point.

Bottom line, no matter how vulnerable a game is, unless it has some sort of scripting engine that can be used, ASLR will stop you before you even get to the open door.

 

[eyeliner]

I can't understand your English

He was made, apparently.

 

[PatrickD85]

In response to the OP; a lot of hacks in the past have come from save exploits especially when it comes to Nintendo consoles.
Nintendo has always been known for their ... well lets be frank ... lack of good protection in these fields.

But Nintendo stepped up their game when the Switch came around though.
Even simple checks for transferring a save from one console to the another and the likes all are using dauth checks now.
So even outside of a game sense they have that in order.

And as for stubbing these ... I talked a while back with SciresM and various others of options there but they said it would not be really worthwhile. When they say so ... well they know more on the topic than I do.

The major f*ck came also did not directly from Nintendo's end ... but with the way the original Tegra chip was written away. The flawed bootROM in question can't be modified once the Tegra chip leaves the factory.

Well as we know they now have taken action on that end. To counteracts that on newer models.
Which once again made for a pretty solid protection.

That and the fact we have not seen a save exploit off the likes we had on Wii, Wii U and GC for more than 3 years since the launch of the console in itself should say a lot really. That is why modchips are coming as solutions for systems where triggering code in RCM is not even an option.

Down the line sure ... somehow somewhere someone ... will always find something. The scene simply never ceases to amaze but I am not putting my hopes in the 'old' save exploits.

PS: in no way meant to discourage you though ... just my 2 cents. If you think you can make something go for it by all means

 

[Dathuss]

In response to the OP; a lot of hacks in the past have come from save exploits especially when it comes to Nintendo consoles.
Nintendo has always been known for their ... well lets be frank ... lack of good protection in these fields.

But Nintendo stepped up their game when the Switch came around though.
Even simple checks for transferring a save from one console to the another and the likes all are using dauth checks now.
So even outside of a game sense they have that in order.

And as for stubbing these ... I talked a while back with SciresM and various others of options there but they said it would not be really worthwhile. When they say so ... well they know more on the topic than I do.

The major f*ck came also did not directly from Nintendo's end ... but with the way the original Tegra chip was written away. The flawed bootROM in question can't be modified once the Tegra chip leaves the factory.

Well as we know they now have taken action on that end. To counteracts that on newer models.
Which once again made for a pretty solid protection.

That and the fact we have not seen a save exploit off the likes we had on Wii, Wii U and GC for more than 3 years since the launch of the console in itself should say a lot really. That is why modchips are coming as solutions for systems where triggering code in RCM is not even an option.

Down the line sure ... somehow somewhere someone ... will always find something. The scene simply never ceases to amaze but I am not putting my hopes in the 'old' save exploits.

PS: in no way meant to discourage you though ... just my 2 cents. If you think you can make something go for it by all means

I understand what you, mean, and thank you for your answer. Obviously someone like SciresM would have found something in 3 years (except for the rcm). Well, let's buy old switches (thankfully I got one !).

 

[PatrickD85]

Once again not meant to discourage but to at least give some insight into various things.
Main thing is you should just know Nintendo themselves stepped up.

For now IF you can get an RCM able switch (and if Im not mistaken both OG and the ones before Mariko are RCM able). WHICH IS exploitable (can run code in RCM (check with things like TegraRCM)) you can do quite of fun stuff and even explore more on how the Horizon OS works and all that.

Perhaps that is a great place to start learning more. That would be the best advice if you want to really look into what you can find without running into the 'wall' . Perhaps you can uncover something which others 'overlooked'. It does happen...

As for patched systems well it's a though situation. Only earlier FW version could yield some stuff on software level where elevating stuff under precise circumstances could mean something. But most of them will come with 'higher' than that fw..
And downgrading fw is not something possible without homebrew as far as I know of.

 

[Roamin64]

OP is a funny guy. Did you come up with that idea all by yourself ? Surely no real developer thought about that! If you have to ask this question here, then you're simply not smart enough.. (yet, keep learning.. )

 

[Dathuss]

Once again not meant to discourage but to at least give some insight into various things.
Main thing is you should just know Nintendo themselves stepped up.

For now IF you can get an RCM able switch (and if Im not mistaken both OG and the ones before Mariko are RCM able). WHICH IS exploitable (can run code in RCM (check with things like TegraRCM)) you can do quite of fun stuff and even explore more on how the Horizon OS works and all that.

Perhaps that is a great place to start learning more. That would be the best advice if you want to really look into what you can find without running into the 'wall' . Perhaps you can uncover something which others 'overlooked'. It does happen...

As for patched systems well it's a though situation. Only earlier FW version could yield some stuff on software level where elevating stuff under precise circumstances could mean something. But most of them will come with 'higher' than that fw..
And downgrading fw is not something possible without homebrew as far as I know of.

Yeah, as far as I know, we are pretty lucky on the switch, because we can explore the system very easily, unlike ps4 or xbox one. I think that's way too complicated for me, but I'll still try, thanks !

 

[tivu100]

If we have savehax. We can have an offline warmboot for unpatched Switch. There is none for a reason. Our homebrew developers even have a bounty for savehax!

 

[USUKDecks]

Yeah..no.

instead of saying "yeah no" like an idiot giving no reason why, explain your yeah no. Because every indicator shows software hacking modding on consoles is going out the door. and I got news for you mr. yeah no, Eventually in about 15-25yrs from now I'd be shocked if there are even game consoles in existence. Everything will be cloud/streamed. There will be no physical or digital games to copy/backup or whatever. Piracy of video games will die. You can live in denial and say "yeah no" all you want, but you're a nobody that can't stop progress. deal with it.

--------------------- MERGED ---------------------------

We also did not go to the moon everything is hoax and I'm a giraffe

the FACTS are we have seen nothing from nobody except them! those are facts.

These are The same people that put brick bombs in their early sx os and told nobody about it till someone found it. Afterwards they took it away but gave no apologies or anything to anybody whose system was ruined. If you want to ride their sack and think that they are incapable of doing a scam with these modchips, then you're gullible AF!