Homebrew Question if i'm on update 4.00 is there a way to access eshop without updating

[notimp]

You could have left out the garbage of your post that is upwards from 5. to be honest.

There's absolutely no point coming into this thread and shitting all over some dude because you're a douchebag and need to make yourself feel good. Just report the thread and move on, or alternatively... grow up.

You seem just like the guy that would never visit a comedy show in his lifetime, because - people should just "report their neighbors" instead of acting on their own, and - grow up to be perfect mirror images of their hardworking fathers, they hardly ever saw.

Moderators in here are already clamping down on "support meeeeeee" threads, and support requests for "im on x firmware and I want thing, so can should I update, and whateves" - we've already were gifted in here by the hundereds.

I'm not willing to support people that abuse the homebrew and software forum or this, and I'm only participating - because other people here still have no "extensive" grasp on the situation, but for some reason want to give great recommendations on what to do.

Also - this is the fifth time, I had to explain to someone in here, that its hard to see into the future. And that "just asking anyone -really" doesnt replace trying to research stuff on your own.

The "USELESS" answers 1-4 are all targeted to have some of the folks in here develop a theoretical understanding on how processes work - or at least are supposed to work (when it comes to this forum).

So take your insults and throw them at yourself if you must - I never was a proponent of safespaces, where people can feel comfortable bing serviced, and most of the time - wrong.

 

[Draxzelex]

so I'm still slightly confused by this one. is it the tegra itself that checks? or horizon?

Horizon is checking. The only thing that Tegra has is RCM. It has no OS on the Switch.

 

[notimp]

so I'm still slightly confused by this one. is it the tegra itself that checks? or horizon?

The happens at a low level state (bootloader or similar), so before the OS is loaded.

edit: On second thought, TX said - that they might be able to patch FW backups to run on switches with the incorrect number of burned efuses - so it might actually be part of the FW (and therefore OS?).

 

[HamBone41801]

Horizon is checking. The only thing that Tegra has is RCM. It has no OS on the Switch.

so could hekate potentially boot a -Heavily- modified version of horizon? one that would ignore such checks? or is deconstructing Horizon to that level impossible? I wasn't very active in the few weeks where this stuff was talked about, so I just wanna make sure I'm all caught up.

 

[reminon]

What makes you believe this? I have reason to believe this is not the case.

https://gbatemp.net/threads/is-downgrading-possible.505022/page-2#post-7999668

Because warmboot doesn't need fuse checks?

 

[notimp]

I find this to be a bit extreme IMO.

This was part of every console since downgrade attacks "became a thing". Its a standard security feature in most chip architectures - to safequard them against downgrade attacks. So not just a console thing either.

 

[Draxzelex]

so could hekate potentially boot a -Heavily- modified version of horizon? one that would ignore such checks? or is deconstructing Horizon to that level impossible? I wasn't very active in the few weeks where this stuff was talked about, so I just wanna make sure I'm all caught up.

Booting Hekate would be after the fuse check not before it. The only way to bypass the fuse check currently is with Fusee Gelee, our tethered coldboot. If we had the appropriate keys, we could theoretically sign any CFW that bypasses the fuse check and boot into it when we turn on the Switch, but alas we do not have such keys nor does anyone else.

 

[the_randomizer]

This was part of every console since downgrade attacks "became a thing". Its a standard security feature in most chip architectures - to safequard them against downgrade attacks. So not just a console thing either.

And I still think it's a bit extreme, but whatever.

 

[notimp]

Because warmboot doesn't need fuse checks?

Lets not run in circles around specifics for no reason.

- efuse checks are done before the OS "finishes loading" (maybe only on coldboot).
- TX advertised "we could potentially patch those out and "downgrade""
- at which point you would have a switch running a DRMed and TX modified firmware, without the possibility to go online either - so de facto, a Switch in a "state" that no one supports. Not Nintendo, not the homebrew community, not TX (what do you expect to get back from them "if stuff dont work"?)

Also - just because TX teased, that they can patch out efuse checks, it doesnt mean that they can in the future... (but maybe they can) - so too many hypotheticals at this stage. Also they stated "they couldnt see, why anyone would want to do that ever". And also - from how they are doging legal issues - you might only be able to do this with your own firmwaredumps. Also - its still theoretical.

 

[HamBone41801]

Booting Hekate would be after the fuse check not before it. The only way to bypass the fuse check currently is with Fusee Gelee, our tethered coldboot. If we had the appropriate keys, we could theoretically sign any CFW that bypasses the fuse check and boot into it when we turn on the Switch, but alas we do not have such keys nor does anyone else.

ok I think I understand now. and I assume we cant acquire the keys because the brute-force time would be decades?

 

[notimp]

And I still think it's a bit extreme, but whatever.

But its not. Its actually a normal, decently modern security feature in chipdesign:
https://en.wikipedia.org/wiki/EFUSE

Think of any security critical application - if an attacker can just downgrade your system, and then use old, known flaws against you... Thats a design issue... efuses are how this is met. "Burning fuses" just sounds " xtreme, yo.

 

[reminon]

Lets not run circles in specifics for no reason.

- efuse checks are done before the OS "finishes loading".
- TX advertised "we could potentially patch those out and "downgrade""
- at which point you would have a switch running a DRMed and TX modified firmware, without the possibility to go online either - so de facto, a Switch in a "state" that no one supports. Not Nintendo, not the homebrew community, not TX (what do you expect to get back from them "if stuff dont work"?)

Also - just because TX teased, that they can patch out efuse checks, it doesnt mean that they can in the future... (but maybe they can) - so too many hypotheticals at this stage.

Um.. At this point. The OS you have installed is loaded, fuse checks have passed, etc. yes. Then you can warmboot into another OS version, ignoring fuse checks during warmboot "as they aren't needed during warmboot". A la jamais'vu and deja-vu? For someone who thinks they know everything, you sure are behind the times.

--------------------- MERGED ---------------------------

ok I think I understand now. and I assume we cant acquire the keys because the brute-force time would be decades?

You would probably find headlight fluid quicker. Lol

 

[notimp]

You missed one edit I made - that supported your point.

BUTBUTBUTBUT

The reason to stay on lower firmwares is to get easier ways to *logic snip* boot into CFW (on emunand).

- If you flash a "patched lower FW" onto your switches nand - the switch wont boot without a dongle (RCM route) anymore. (We cant sign Nintendo packages as Nintendo)
- If you want to boot into a lower FW version via emunand and warmboot, why - because you hardly get any benefits.

In both cases its not a viable downgrade - and in one case - you now have a bricked switch, that should only boot with a RCM dongle/powered device talking to it over USB.

So... Logic. Sadly.

*I can haz downgrade* - but switch now in a strange limbo zombie state - or softbooting into a lower FW for no aparant reason (time waste). Also - no chance of getting a sotware only entrypoint anytime soon. Which is kind of the point of "not updating".