Nintendo Switch V2 Jailbreak Theory

Status
Not open for further replies.
CruzeForce

CruzeForce

Active Member
OP
Newcomer
Level 1
Joined
Apr 18, 2023
Messages
29
Trophies
0
XP
41
Country
United States
There is a vulnerability with the Bluetooth as the 8bitdo takes advantage and allows any controller to connect so what if someone connects a microcontroller that contains a jailbreak script, as there was a video with a jailbreak using a microcontroller, but to do that you have to open up a switch, so cant you just buy a microcontroller with a 8bitdo, put the jailbreak command on the microcontroller and then run a script that will let the switch identify it as a joycon and then add the jailbreak script? as then the switch would run anything the microcontroller says as it will be known as an admin? this would work as the Nintendo switch (including the chip) follows any joycon command and you could buy a possible microcontroller with Bluetooth like a Pico w for cheap, this would be a simple process as someone would make the script, you would connect the microcontroller with Bluetooth to the 8bitdo and run the command on the switch. I hope someone reaches out to me as a response to my theory.
 
Last edited by CruzeForce,
Draxzelex

Draxzelex

Well-Known Member
Member
Level 23
Joined
Aug 6, 2017
Messages
19,011
Trophies
2
Age
29
Location
New York City
XP
13,378
Country
United States
CruzeForce said:
im trying to find a vulnerability its because there is a vulnerability with the Bluetooth as the 8bitdo takes advantage and allows any controller to connect so what if someone connects a microcontroller that contains a jailbreak script, as there was a video with a jailbreak using a microcontroller, but to do that you have to open up a switch, so cant you just buy a microcontroller with a 8bitdo, put the jailbreak command on the microcontroller and then run a script that will let the switch identify it as a joycon and then add the jailbreak script? as then the switch would run anything the microcontroller says as it will be known as an admin? this would work as the Nintendo switch (including the chip) follows any joycon command and you could buy a possible microcontroller with Bluetooth like a Pico w for cheap, this would be a simple process as someone would make the script, you would connect the microcontroller with Bluetooth to the 8bitdo and run the command on the switch. I hope someone reaches out to me as a response to my theory.
Click to expand...
Your post was responded to in this thread. For the second time, use that thread instead of cluttering the forum with useless new threads.
 
  • Love
Reactions: impeeza
CruzeForce

CruzeForce

Active Member
OP
Newcomer
Level 1
Joined
Apr 18, 2023
Messages
29
Trophies
0
XP
41
Country
United States
Draxzelex said:
Your post was responded to in this thread. For the second time, use that thread instead of cluttering the forum with useless new threads.
Click to expand...
I'm pretty sure that somebody will use this to make something, please stop sending messages if you don't want to support the idea or use it
 
CruzeForce

CruzeForce

Active Member
OP
Newcomer
Level 1
Joined
Apr 18, 2023
Messages
29
Trophies
0
XP
41
Country
United States
hippy dave said:
Controller input won't provide any kind of privileged system access. No go.
Click to expand...
there were some flaws jailbreaking it through wifi or bluetooth but we could probably overcome those with a new script
1682193151837.png

Post automatically merged:

linuxares said:
https://switchbrew.org/wiki/Switch_System_Flaws

EDIT: Even if you manage to break in with Bluetooth. It isn't 100% you get kernel exploit.
Click to expand...
true, but maybe we could overcome it with a new script as that was version 4
 
linuxares

linuxares

The inadequate, autocratic beast!
Global Moderator
Level 26
Joined
Aug 5, 2007
Messages
13,302
Trophies
2
XP
18,145
Country
Sweden
CruzeForce said:
there were some flaws jailbreaking it through wifi or bluetooth but we could probably overcome those with a new script
View attachment 366551
Post automatically merged:


true, but maybe we could overcome it with a new script as that was version 4
Click to expand...
This is probably to 99.9% patched or no need to care about since it have no meaningful application.
Else it would already be a exploit for it.
 
  • Like
Reactions: impeeza
BaamAlex

BaamAlex

UDE GA NARU ZE!
Member
Level 16
Joined
Jul 23, 2018
Messages
6,058
Trophies
1
Age
29
Location
Lampukistan
Website
hmpg.net
XP
6,170
Country
Germany
Let's assume that your theory is correct. What then? You would still need a kernel exploit afterwards. Or TrustZone. Whatever. And those don't exist at all atm. And on top of that, Bluetooth is so low level (afaik) that nothing big can be done with it.
 
  • Like
Reactions: impeeza
linuxares

linuxares

The inadequate, autocratic beast!
Global Moderator
Level 26
Joined
Aug 5, 2007
Messages
13,302
Trophies
2
XP
18,145
Country
Sweden
BaamAlex said:
Let's assume that your theory is correct. What then? You would still need a kernel exploit afterwards. Or TrustZone. Whatever. And those don't exist at all atm. And on top of that, Bluetooth is so low level (afaik) that nothing big can be done with it.
Click to expand...
I think the idea is like with blue bomb. But I highly doubt it's as easy on the Switch as with the WIi.
 
Tomato123

Tomato123

Well-Known Member
Member
Level 11
Joined
Feb 8, 2020
Messages
731
Trophies
1
Location
England
XP
2,499
Country
United Kingdom
CruzeForce said:
There is a vulnerability with the Bluetooth as the 8bitdo takes advantage and allows any controller to connect so what if someone connects a microcontroller that contains a jailbreak script, as there was a video with a jailbreak using a microcontroller, but to do that you have to open up a switch, so cant you just buy a microcontroller with a 8bitdo, put the jailbreak command on the microcontroller and then run a script that will let the switch identify it as a joycon and then add the jailbreak script? as then the switch would run anything the microcontroller says as it will be known as an admin? this would work as the Nintendo switch (including the chip) follows any joycon command and you could buy a possible microcontroller with Bluetooth like a Pico w for cheap, this would be a simple process as someone would make the script, you would connect the microcontroller with Bluetooth to the 8bitdo and run the command on the switch. I hope someone reaches out to me as a response to my theory.
Click to expand...
There are threads like this posted pretty often and there's a reason that after so many of them that there are no more useful exploits. The Switch is a pretty tough console in terms of security. RCM was a fluke more than anything and I doubt we'd get anything as 'easy' as that again. It will take years of research to find anything that SciresM hasn't found already. They already reversed engineered basically the whole firmware and found nothing useful (Yes, there is a chance they missed something).

People are pretty desperate for something on V2 but there are still options (modchips) and that's the way it's going to stay for a while unfortunately. You have to either get a V1 or a modchip for a V2. As much as I hate to say stuff like "if you don't know what you're talking about then don't try" well... This is one of those cases as it's so much more complicated than vulnerability = jailbreak/CFW/etc.
 
  • Like
Reactions: peteruk and Lumince
CruzeForce

CruzeForce

Active Member
OP
Newcomer
Level 1
Joined
Apr 18, 2023
Messages
29
Trophies
0
XP
41
Country
United States
BaamAlex said:
Correct. I doubt that nintendo will make the same mistakes like on their old consoles.
Click to expand...
But then also, they did allow the OLED to have the same chip as the v2 but y'all are right, this might not work but I'm still testing it out, I will post a response after I make the script on a microcontroller and test it, if this works then I'll post it on gbatemp
 
  • Haha
  • Like
Reactions: BigOnYa and SparkyX1
BigOnYa

BigOnYa

Has A Very Big
Member
Level 18
Joined
Jan 11, 2021
Messages
3,190
Trophies
1
Age
50
XP
7,536
Country
United States
CruzeForce said:
But then also, they did allow the OLED to have the same chip as the v2 but y'all are right, this might not work but I'm still testing it out, I will post a response after I make the script on a microcontroller and test it, if this works then I'll post it on gbatemp
Click to expand...
"You Da Man! F the haters and do it!"
 
Last edited by BigOnYa,
  • Haha
Reactions: impeeza and M7L7NK7
CruzeForce

CruzeForce

Active Member
OP
Newcomer
Level 1
Joined
Apr 18, 2023
Messages
29
Trophies
0
XP
41
Country
United States
BigOnYa said:
"You Da Man! F the haters and do it!"
Click to expand...
Thank you for the motivational response ☺️
Post automatically merged:

linuxares said:
I think the idea is like with blue bomb. But I highly doubt it's as easy on the Switch as with the WIi.
Click to expand...
It actually is
Post automatically merged:

BaamAlex said:
Let's assume that your theory is correct. What then? You would still need a kernel exploit afterwards. Or TrustZone. Whatever. And those don't exist at all atm. And on top of that, Bluetooth is so low level (afaik) that nothing big can be done with it.
Click to expand...
Using trustzone
 
CruzeForce

CruzeForce

Active Member
OP
Newcomer
Level 1
Joined
Apr 18, 2023
Messages
29
Trophies
0
XP
41
Country
United States
hippy dave said:
Controller input won't provide any kind of privileged system access. No go.
Click to expand...
There was a wifi/Bluetooth jailbreak by yellows8 on switch firmware v4
Post automatically merged:

linuxares said:
Aight! Go for it!
Click to expand...
Wow, thanks a lot, I will try to wrap this up by the end of summer
But then also if anyone wants to help I will post my discord right now
Post automatically merged:

Cruze Force#4787
 
Status
Not open for further replies.

Site & Scene News

Go to forum More news

Popular threads in this forum

Homebrew Tutorial  Building Pagascape from source to running Self Hosted mode on Windows and MSYS

Hacking Misc  Getting the MIG Switch to load an XCI dump without its original Initial Data

mig switch not working/updating??

Hacking Homebrew Tutorial  Portable PegaScape (Win32)

Fusee.bin with the new Pre-release of Atmoshere 1.7.0

DBI language error

Homebrew Tutorial  Setup a DevKitPro environment on Windows.

Homebrew  I accidentally updated to fw 18.0 on my switch in cfw and now I am getting an error that says unknown pkg1 version. please help me find a solution

General chit-chat
Help Users
    Veho @ Veho: Cool.