RELEASE Nereba Exploit: Reboot to Fusée Gelée payload from stock firmware.

Discussion in 'Switch - Exploits, Custom Firmwares & Soft Mods' started by jjbredesen, Apr 19, 2019.

  1. raxadian

    raxadian GBAtemp Advanced Fan

    Member
    4
    Nov 10, 2018
    Argentina
    Eventually a downgrade option will be available and people who paid more for a 1.x Switch will feel like idiots.
     
  2. Hayato213

    Hayato213 GBAtemp Guru

    Member
    10
    Dec 26, 2015
    United States
    People can put anything on eBay for any price, it up to the other person who buying it if they willing to spend the money, I did managed to get few people to pay $200 buck for stuff that I paid like 30 bucks for lol but it was some rare stuff, a kyogre cover plate from the Japanese exclusive N3DS bundle, and the Boo 3DS cover plate, man people are will to pay. Sorry to says that I am a scalper when I can.
     
  3. linuxares

    linuxares I'm not a generous god!

    Moderator
    16
    Aug 5, 2007
    Sweden
    You can downgrade today, but still need the use of a CFW to boot however ;)
     
    Lacius likes this.
  4. Milenko

    Milenko GBAtemp Advanced Maniac

    Member
    9
    Oct 16, 2017
    Australia
    Never seen someone pay inflated prices, seems everyone who has one either kept it boxed or saved their fuses while updating and used it normally
     
  5. Hayato213

    Hayato213 GBAtemp Guru

    Member
    10
    Dec 26, 2015
    United States
    You can always downgrade to any firmware and use a custom bootloader but you can't edit fuse, maybe when you can edit fuse count then yea.
     
  6. ZachyCatGames

    ZachyCatGames GBAtemp Advanced Maniac

    Member
    8
    Jun 19, 2018
    United States
    Hell
    This doesn’t involve Fusee Gelee in any way :P
    If you somehow got a 1.0.0 FG patched system, it’d probably work fine
     
  7. the_randomizer

    the_randomizer The Temp's official fox whisperer

    Member
    24
    GBAtemp Patron
    the_randomizer is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    Apr 29, 2011
    United States
    Dr. Wahwee's castle
    Yeah and I bet there'll be a softmod option for 8.x.x users as well, right? I have a lot of cynicism towards Switch homebrew development as a whole.

    And as long as people will enable scalpers, that'll never change.
     
  8. jammybudga777

    jammybudga777 GBAtemp Addict

    Member
    7
    Aug 23, 2013
    i asked earlier if downgrading would be an issue from 6.2 to 3.0 (was done official way so burnt fuses) i got told its not possible. but yet im reading in ChoiDujour guide that fuses now dont matter? could someone just tell me whats actually the correct answer please lol
     
  9. thla

    thla Member

    Newcomer
    4
    Jul 30, 2017
    Denmark
    When you update Nintendo has the option of "burning a fuse", quite literally it's permanently modifying the hardware. You can't un-modify the fuses (practically) and the software won't boot with the incorrect fuses set.

    But of course it might be possible to circumvent the hardware side if the device is compromised.
     
  10. jammybudga777

    jammybudga777 GBAtemp Addict

    Member
    7
    Aug 23, 2013
    i no how the fuses burn if you update legitly. but im being passed information that contradicts more information im reading. alot of people are saying fuses dont matter anymore? and others are saying i can still return to a lower firmware even after burning fuses?
     
  11. Milenko

    Milenko GBAtemp Advanced Maniac

    Member
    9
    Oct 16, 2017
    Australia
    You can but if your fuse count doesn't match the firmware you HAVE to use a usb injection to turn your switch on
     
  12. Garrincho

    Garrincho GBAtemp Regular

    Member
    4
    Sep 16, 2015
    Uruguay

    You can downgrade to any firmware you want, anytime, no matter the fuses.

    BUT

    To boot it if you burned more fuses than the corresponding ones for that FW, you'd still need to use a custom bootloader (in essence rcm exploit ) since the official one will refuse to do so.

    So even if you did that, why would you want to enter rcm, start the switch, use this software exploit and reboot again to cfw? You'd just use the old RCM method and go to cfw.
     
    jammybudga777 and Milenko like this.
  13. jammybudga777

    jammybudga777 GBAtemp Addict

    Member
    7
    Aug 23, 2013
    thanks for explaining. obviously i wouldnt when you put it like that.
     
  14. kumikochan

    kumikochan GBAtemp Psycho!

    Member
    11
    Feb 4, 2015
    Belgium
    Tongeren
    Sorry didn't mean to quote you, was on the wrong tab lol

    — Posts automatically merged - Please don't double post! —

    It does and it even says so in the first post. '' still on the original 1.0.0 firmware to reboot into a Fusée Gelée payload without any dongle, ''
     
  15. TP998

    TP998 Newbie

    Newcomer
    1
    Apr 19, 2019
    Aruba
    Not really sure there is a market for 1.0.0 consoles, the exploit still needs Emunand.

    When it comes however, you'll be faced with two options:

    1) Sysnand on low firmware (offline) > Warmboot > Emunand (offline)
    2) Sysnand on latest (online) > RCM > Emunand (offline)

    As it's not possible to be safe online using Emunand due to it being easily detected and redirecting everything to an sdcard, I can see the vast majority of the community using option 2, because they are already using RCM and they can use their sysnand for retail/f2p games, not sure warmboot is worth exiling yourself from online.

    It's the one thing that TX have going for them.
     
  16. DrDoctor

    DrDoctor Member

    Newcomer
    2
    Oct 20, 2017
    United Kingdom
    I assume this leaves traces, correct?
     
  17. ZachyCatGames

    ZachyCatGames GBAtemp Advanced Maniac

    Member
    8
    Jun 19, 2018
    United States
    Hell
    The payloads aren’t Fusee Gelee specific, Atmosphere’s reboot to payload feature doesn’t involve FG as well. This uses Dormez Vous combined with some other exploits
     
  18. kumikochan

    kumikochan GBAtemp Psycho!

    Member
    11
    Feb 4, 2015
    Belgium
    Tongeren
    Doesn't deja vu use the wekbit exploit to give more userland privileges wich eventually leads to fuse gelee rebooting in to cfw ?
     
  19. jjbredesen
    OP

    jjbredesen Yes I am not dead.

    Member
    14
    GBAtemp Patron
    jjbredesen is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    Feb 16, 2018
    Korea, North
    Hyrule
    Danke
    Deja Vu allows you to reboot to payload through arbitrary TrustZone/BootROM code execution. By using either the original Jamais Vu exploit (<6.0.0) and warmboot exploit for higher.

    It also uses webkit as a entry-point, but it is not related to nspwn, separate exploits, but same entry point.

    The loaded payloads, are indeed the same as used for FG, but the exploit is separate, hence why it works on Ipatched units.
     
    Last edited by jjbredesen, Apr 19, 2019
    kumikochan and ZachyCatGames like this.
  20. kumikochan

    kumikochan GBAtemp Psycho!

    Member
    11
    Feb 4, 2015
    Belgium
    Tongeren
    Well thanks for letting me know, wasn't sure but this is a good explanation so thanks for that. Know a lot of stuff but i am in a lot of scenes so don't know what's up with everything 100 percent exactly but learned something new thanks to you :D
     
Loading...