Toggle sidebar

Misc Just a theory about Switch hacking.

GreenDuck65777

GreenDuck65777

Well-Known Member
Member
Level 3
Joined
Mar 5, 2023
Messages
101
Reaction score
14
Trophies
0
XP
269
Country
Russia
Is it possible to use the official method for transferring photos/videos to load a corrupted picture (or video), which will overflow the console buffer and transfer it to some kind of “safe mode”. Most likely, for the console to recognize this photo/video, you need to take them in the format of the Nintendo Switch itself (such as 1280x720 and the desired aspect ratio, or the name of this picture/video must match a similar screenshot/video that you plan to use, and so on...). Is this even possible? Or does the Nintendo Switch have some kind of write protection?

P.S.
I wrote this through a translator, so please forgive me my grammar. Remember it's just a theory and no need for insulting me. Thanks for understanding ❤️
 
GreenDuck65777 said:
Is it possible to use the official method for transferring photos/videos to load a corrupted picture (or video),
Click to expand...
No. There are multiple factors preventing that, but first and foremost: Pictures and videos are digitally signed with your console key. Trying to upload file without correct digital sign will result in Album refusing to read it.
 
  • Like
Reactions: Blythe93, mathew77, Coolsonickirby and 4 others
masagrator said:
No. There are multiple factors preventing that, but first and foremost: Pictures and videos are digitally signed with your console key. Trying to upload file without correct digital sign will result in Album refusing to read it.
Click to expand...
So you can only make Switch => PC, but not PC => Switch. I get it. It was interesting topic to think about (for me). Thanks for the answer 🙂
 
  • Like
Reactions: Blythe93 and BigOnYa
GreenDuck65777 said:
Is it possible to use the official method for transferring photos/videos to load a corrupted picture (or video), which will overflow the console buffer and transfer it to some kind of “safe mode”. Most likely, for the console to recognize this photo/video, you need to take them in the format of the Nintendo Switch itself (such as 1280x720 and the desired aspect ratio, or the name of this picture/video must match a similar screenshot/video that you plan to use, and so on...). Is this even possible? Or does the Nintendo Switch have some kind of write protection?

P.S.
I wrote this through a translator, so please forgive me my grammar. Remember it's just a theory and no need for insulting me. Thanks for understanding ❤️
Click to expand...
It's almost impossible, because this time Big N learned from their errors, the Userland is so isolated from SYSland which no calls from one can be done to upper level, even if you compromise Userland, there is no way to get low level access so no real usable exploit will be possible.
 
  • Like
Reactions: mathew77 and GreenDuck65777
GreenDuck65777 said:
So you can only make Switch => PC, but not PC => Switch. I get it. It was interesting topic to think about (for me). Thanks for the answer 🙂
Click to expand...
It can be done, but you need to sign image/video. We have tools for that. But we cannot retrieve console key without hacking it first, so whole journey is pointless.

And after hacking unit you can disable digital sign check with system_settings.ini
 
  • Like
Reactions: Blythe93, GreenDuck65777, Deleted member 702243 and 1 other person
I mean... if it was THAT easy to install homebrew to a Switch, we wouldn't still be here 7 years later, opening our Switch units and risking irreversible damage to install modchips either for unpatched coldboot or for any homebrew on patched.
 
  • Like
Reactions: ack and impeeza
Ondrashek06 said:
I mean... if it was THAT easy to install homebrew to a Switch, we wouldn't still be here 7 years later, opening our Switch units and risking irreversible damage to install modchips either for unpatched coldboot or for any homebrew on patched.
Click to expand...
Yeah I know, but it was interesting topic to think about.
 
  • Like
Reactions: impeeza
linuxares said:
Isn't images and videos on the Switch also in a sandbox?
Click to expand...
They are not, but because of privileges system mumbo jumbo it's not possible to overwrite executable code, execute code outside of R-X mapping or buffer overflow to another process without whole system refusing to do that and just forcing system to crash.
 
SylverReZ said:
You mean a malformed banner (banner.bnr)?
Click to expand...
Aye that one
masagrator said:
They are not, but because of privileges system mumbo jumbo it's not possible to overwrite executable code, execute code outside of R-X mapping or buffer overflow to another process without whole system refusing to do that and just forcing system to crash.
Click to expand...
Ah, well its much more secure than the wii atleast ;)
 
  • Like
Reactions: GreenDuck65777, impeeza and SylverReZ
lol, this is cute. firstly, the switch is using industry standard techniques and the industry wisened up to this malformed image kind of technique a while ago. (except maybe SVGs?) Secondly, the switch has ASLR, which means that the place of everything in RAM is randomized. So even if the programmer who wrote the album was an absolute idiot and didn't put in checks, you would just be overwriting some random part of memory. Not very useful, unless you're willing to load the image, crash, reboot, repeat, until the aslr is juuust right and your exploit works. Which would take longer than you would live. Even if that was defeated, there are measures beyond those two.
 

Site & Scene News

Go to forum More news

Popular threads in this forum

Dusk for switch (TLoZ Twilight Princess port)

Homebrew  Full List of N64 Recompilation Switch ports

Homebrew  New Homebrew "Foil Server"?

Homebrew Tutorial Translation Project  CS2SX — Write Nintendo Switch Homebrew in C#

Hacking  WiFi chip failing and can't boot. is it possible to enable Airplane Mode by editing system save files directly?

Homebrew Homebrew game Project  So... Dan didn't want to reveal his Vulkan, so I made mine.

Homebrew  Sonic Unleashed Recompiled (Homebrew Port)

Feedback Homebrew  Essential Homebrew