Toggle sidebar

Hacking Nintendo Switch bootrom dumped.

  • Thread starter Thread starter epicmartin7
  • Start date Start date
  • Views Views 57,877
  • Replies Replies 191
  • Likes Likes 29
TwinRetro said:
Nintendo consoles dating all the way back to the NES with the lockout chip have always been the red headed stepchild to hackers/modders/exploiters. Always being the target of a good flogging. And I think it may have something to do with Nintendo's philosophy. You play by our rules, do as we say, and maybe, just maybe, you'll turn a profit. People started making NES cartridges that bypassed the lockout chip, because Nintendo wasn't playing nice with their licensing program. At least that's how it started out. Now, I have no idea.

Either way, it's funny that Nintendo has taken this long to tackle security for their consoles in a serious manner. Now...if only they put that much effort into their online services... :unsure:
Click to expand...

The Yamauchi Era of Nintendo was a few steps short of the Yakuza. But at that time they also single-handedly saved the western market, so you can definitely see how they thought they had all the power and all the chips on the table. This was shattered by SEGA and later Sony entering the scenes.

But with Yamauchi's passing on the leadership and Iwata's tenure before his passing (though Iwata has most assuredly redefined the nature of Nintendo), they shifted away from the Yakuza and went more to being... My Neighbor Totoro. They never focused on online and, because of it, their security lagged because for a long time their consoles were isolated boxes (with some really dumb security holes like with the GC/Wii and DS). They started to catch up somewhat with the 3DS/WiiU but there were still major flaws therein.

NERD, nowadays, are some top-class engineers though.

--------------------- MERGED ---------------------------

DocAmes1980 said:
Do you have a link, sir? I did a search but I can't find a d-pad shell for sale. I see people have modded their own though.
Click to expand...

Here: https://www.amazon.com/BASSTOP-Portable-Replacement-Controller-Electronics/dp/B076C97N83/ref=sr_1_2?ie=UTF8&qid=1507730079&sr=8-2&keywords=basstop+nintendo+switch&th=1
 
Last edited by V-Temp,
  • Like
Reactions: DocAmes1980, Frysenberg and MelodieOctavia
V-Temp said:
I hardware mod my equipment. I can make it have delicious M&Ms for buttons if I wanted. Its quite the fun little project, and even if you screw up its just 50-60$ bucks and not a bricked Switch! :P

I expect Nintendo to launch d-pad joy-cons any way.
Click to expand...

That's what I plan to do if a good 1st/3rd party solution doesn't present itself. Mod in a d-pad that it. Not the M&M buttons. Though since they melt in your mouth, not in your hand, it might be a good implementation. That could be frustrating for friends who are playing your Switch though.

Friend: What button jumps?
You: The 'M' button.
Friend: Which 'M' button?!
 
  • Like
Reactions: Frysenberg
DocAmes1980 said:
That's what I plan to do if a good 1st/3rd party solution doesn't present itself. Mod in a d-pad that it. Not the M&M buttons. Though since they melt in your mouth, not in your hand, it might be a good implementation. That could be frustrating for friends who are playing your Switch though.

Friend: What button jumps?
You: The 'M' button.
Friend: Which 'M' button?!
Click to expand...

:rofl2:
 
From what I'm gleaning of the Switch's security, downgrades are impossible, combined with specific version upgrades being difficult (can only upgrade through online AFAIK), if an exploit is version specific, folks are really going to have to be careful about how and when they update their Switch.
 
TwinRetro said:
From what I'm gleaning of the Switch's security, downgrades are impossible, combined with specific version upgrades being difficult (can only upgrade through online AFAIK), if an exploit is version specific, folks are really going to have to be careful about how and when they update their Switch.
Click to expand...

You can cart upgrade, but do have to mindful of print runs and changes in the loaded firmware (and other signed patches) in newer runs. Exploits being version specific is a problem because of the downgrade protections. Going up is always easy, going down is impossible.

So the problem will always be that someone will find themselves at a higher firmware and be stuck.

Being at a lower firmware will take all of one visit to eBay to find the right cartridge! :P
 
V-Temp said:
You can cart upgrade, but do have to mindful of print runs and changes in the loaded firmware (and other signed patches) in newer runs. Exploits being version specific is a problem because of the downgrade protections. Going up is always easy, going down is impossible.

So the problem will always be that someone will find themselves at a higher firmware and be stuck.

Being at a lower firmware will take all of one visit to eBay to find the right cartridge! :P
Click to expand...

So they're still doing upgrade-on-cart nonsense? I thought they would have learned by now.
 
still confused about the fuse system... since the burned fuse count changes from fw to fw there must be some sort of data flow which tells how many fuses should be burned in the current fw. Can someone explain to me why it should be impossible to intercept that flow (on a compromised system) and compromise the value?

(Sure this won't be enough to fw spoof (keys missing) but im curious about this fact)
 
Last edited by Digital_0xFF,
Digital_0xFF said:
still confused about the fuse system... since the burned fuse count changes from fw to fw there must be some sort of data flow which tells how many fuses should be burned in the current fw. Can someone explain to me why it should be impossible to intercept that flow (on a compromised system) and compromise the value?

(Sure this won't be enough to fw spoof (keys missing) but im curious about this fact)
Click to expand...

Some say impossible... XB360 had Efuses... The only thing anyone should state is 'Currently not possible'
 
Last edited by Soluble,
  • Like
Reactions: Digital_0xFF
It only depends on how early you have system access. With bootrom access, it's possible to patch the fuse read/pop functions to return a satisfactory value and not pop fuses respectively.
 
  • Like
Reactions: Digital_0xFF
Ok, Nintendo will announce a console in 3 weeks. It was a short but nice lifespan for the Switch.

--------------------- MERGED ---------------------------

Seliph said:
First Vampires win the Splatfest, then I find out I have a game that's worth 400 bucks and some other expensive games laying around in my house and now this? What a great night.
Click to expand...
Wondering what that game was :P?
 
It means, effectively nothing. It provides a further insight into how the console works but that is it.
At most it provides access to the keys location however that would still need to be compromised and decrypted to be of any use.
I should remind people Wii U bootrom was hacked years ago and nothing boot level has ever come of that.
Maybe take a look at some of Fail0verfl0w information on hacked bootroms to get a better idea of it's functionality.
 
TheCyberQuake said:
Backing a name off of what it uses is different from using the same naming scheme for almost every exploit. It's lazy to simply take the exploited item and slap *hax on the end. No creativity in most 3ds exploit names.
Click to expand...
the only reason I havent had an issue with the hax thing is that without context I wouldn't even know pegaswitch is realted to hacking the switch, not everyone is always in the ring of knowing everything going on
 
people are really jumping the gun with their conclusions, let these people work in peace. I bet this is why most of these things are kept secret before going public
 

Site & Scene News

Go to forum More news

Popular threads in this forum

Dusk for switch (TLoZ Twilight Princess port)

Homebrew  New Homebrew "Foil Server"?

Homebrew  Full List of N64 Recompilation Switch ports

Hacking  WiFi chip failing and can't boot. is it possible to enable Airplane Mode by editing system save files directly?

Homebrew Tutorial Translation Project  CS2SX — Write Nintendo Switch Homebrew in C#

Homebrew  Sonic Unleashed Recompiled (Homebrew Port)

Is it fixable

Hacking Emulation  Switch Prod Keys downloading from sites okay?