Hacking RELEASE NSScreenshotMaker

[DocKlokMan]

It seems you aren't the only one with issues like this. I'll try to implement the new MAC calculation, once I get the new keys. In the meantime, could you please send me the images in PM? I'll take a look and see if I can do anything.

Sure thing. I used the tool in this quoted post below and the images worked fine

I found a similar tool for macOS and did some comparisons with the EXIF headers.

The hex diff shows that the pexif module might have problem with the endianness or it's due to the auto object typing by Python, some value generated by Python seems to be long instead of short like what Nintendo used.

Still, they all work, just a little heads up.

I'll send the images via PM for you. I'm trying to get them to show with Breath of the Wild's title ID which seems to be F1C11A22FAEE3B82F21B330E1B786A39 according to the other screen shots taken on the Switch.

 

[Dr.doom]

Anybody try bin2jpg then convert that jpg to a signed one yet .we might be able to run payloads through it .

 

[Naked_Snake]

I’m just waiting for this to be updated so we can convert movies

 

[cheuble]

I’m just waiting for this to be updated so we can convert movies

I just need the keys and I can start working on it.

Anybody try bin2jpg then convert that jpg to a signed one yet .we might be able to run payloads through it .

SciresM already told multiple times an exploit is not possible using this.

 

[Naked_Snake]

I just need the keys and I can start working on it.

SciresM already told multiple times an exploit is not possible using this.

@SimonMKWii postes a page back how to get them

I got them from the capsrv sysmodule.
Essentially, once you have those kek sources, run a GenerateAesKek function using the usecase 0 key.
Next, generate a CMAC using the kek you just generated as the secret key, then calculate the SHA256 hash of that CMAC.
That hash is the signing key.

COUGH
View attachment 124404

 

[cheuble]

@SimonMKWii postes a page back how to get them

I don't have my Switch at the moment, and I probably still won't have it for a few weeks. So I can't dump them :/

 

[Naked_Snake]

Ah ok no worries if it requires Linux or pegaswitch than I can’t do it I’m on 5.0.2

 

[Dr.doom]

I just need the keys and I can start working on it.

SciresM already told multiple times an exploit is not possible using this.

If you can fake sign it's already exploited lol but there's definitely a way through video it's libstagefright .

 

[GizmoTheGreen]

If you can fake sign it's already exploited lol but there's definitely a way through video it's libstagefright .

Only if they have an old vulnerable version which I doubt. And even if you get code execution you still need to get enough permissions to do anything useful from there.

 

[Dr.doom]

Only if they have an old vulnerable version which I doubt. And even if you get code execution you still need to get enough permissions to do anything useful from there.

If that libstagefright is older than December of last year which it is there's an exploit .

 

[Dr.doom]

Challenge excepted btw may take a few weeks but expect a poc soon .

 

[huma_dawii]

It great to have this, but it would be a lot better to have the album to read pictures and videos other than signed

 

[GizmoTheGreen]

hope we can get this soon

 

[SimonMKWii]

Challenge excepted btw may take a few weeks but expect a poc soon .

Considering you constantly spout total horseshit and never release a code snippet, POC or any other evidence to support your claims, I'll be very interested to see this.

--------------------- MERGED ---------------------------

Oh yeah, and if it works, I will literally eat my hat.

 

[GalladeGuy]

Challenge excepted btw may take a few weeks but expect a poc soon .

Just stop.

 

[Dr.doom]

Considering you constantly spout total horseshit and never release a code snippet, POC or any other evidence to support your claims, I'll be very interested to see this.

--------------------- MERGED ---------------------------

Oh yeah, and if it works, I will literally eat my hat.

For one I wouldn't give you spit if you were on fire Simon two Nintendo doesn't sign anything just for nothing .

 

[SimonMKWii]

For one I wouldn't give you spit if you were on fire Simon two Nintendo doesn't sign anything just for nothing .

Are you legitimately stupid?
You think a libstagefright exploit is going to work on Switch?
Yeah, good luck, and even if you do manage to pwn it, good luck escalating into sysmodules on 5.0.0+, ASLR will fuck you over.

 

[Creatable]

For one I wouldn't give you spit if you were on fire Simon two Nintendo doesn't sign anything just for nothing .

Are... are you stupid...? I don't understand how someone can be this moronic. Like everything Nintendo makes is signed. Hell, what does signing have to do with an image exploit?
If SciresM says there is not an image exploit, there isn't one. Plain and simple.

 

[Dr.doom]

Are... are you stupid...? I don't understand how someone can be this moronic. Like everything Nintendo makes is signed. Hell, what does signing have to do with an image exploit?
If SciresM says there is not an image exploit, there isn't one. Plain and simple.

To busy to mess with this plus already got everything I want running on switch harassing me won't help you none .

 

[GizmoTheGreen]

bump cause I wanna watch chinese cartoons on my switch