Hacking Question Ok so hear me out...

[Deleted member 550701]

Ok so hear me out, if there was a firmware exploit found that works on the mariko version, could we somehow unpatch the RCM (like through a homebrew app or smth) and then hack the switch with fusee-gelee? And yes I know that finding a firmware exploit is a very hard first step, but what i'm really asking is if the patch that was applied to later switches could be unpatched through homebrew?

 

[AncientBoi]

wish I could help you. I don't know of the Switch console, nor homebrew apps. I'm a PSP, iPad and Pc gamer barely trying CWCheats. Sorry

 

[Deleted member 550701]

wish I could help you. I don't know of the Switch console, nor homebrew apps. I'm a PSP, iPad and Pc gamer barely trying CWCheats. Sorry

It's fine bro

 

[The Real Jdbye]

Ok so hear me out, if there was a firmware exploit found that works on the mariko version, could we somehow unpatch the RCM (like through a homebrew app or smth) and then hack the switch with fusee-gelee? And yes I know that finding a firmware exploit is a very hard first step, but what i'm really asking is if the patch that was applied to later switches could be unpatched through homebrew?

In order to "unpatch" RCM we would need another RCM exploit that allowed some sort of code execution. The RCM firmware isn't accessible from anything other than RCM mode itself.

 

[Deleted member 550701]

In order to "unpatch" RCM we would need another RCM exploit that allowed some sort of code execution. The RCM firmware isn't accessible from anything other than RCM mode itself.

Aha that is quite interesting

 

[masagrator]

In order to "unpatch" RCM we would need another RCM exploit that allowed some sort of code execution. The RCM firmware isn't accessible from anything other than RCM mode itself.

First of all RCM is in read-only, non writeable memory. That's why it cannot be patched even by Nintendo.
So whole point of discussion is now lost.

 

[The Real Jdbye]

First of all RCM is in read-only, non writeable memory. That's why it cannot be patched even by Nintendo.
So whole point of discussion is now lost.

I put "unpatch" in quotes because it would just be a temporary on the fly patch that would require code execution to do in the first place. It might not actually be that useful if we had a RCM code execution exploit, as we might just be able to do what we need using that alone.

 

[Deleted member 550701]

Oh well, it was an idea

--------------------- MERGED ---------------------------

Actually wait, how does the SX core work then?

 

[Hayato213]

Oh well, it was an idea

--------------------- MERGED ---------------------------

Actually wait, how does the SX core work then?

https://gbatemp.net/threads/how-does-the-sx-core-work.592282/#post-9557587

see post #9

 

[Deleted member 550701]

https://gbatemp.net/threads/how-does-the-sx-core-work.592282/#post-9557587

Thank you very much!

 

[guy1223]

How's your experiment going, gave up or just won't work?

 

[M7L7NK7]

Don't think there was any experiment

 

[Shadow#1]

I love these type of threads LOL

 

[CompSciOrBust]

First of all RCM is in read-only, non writeable memory. That's why it cannot be patched even by Nintendo.
So whole point of discussion is now lost.

From my (probably incorrect) understanding it would be possible to edit the bootrom if you could get code execution before ipatch fuse lock out. I *think* the boot ROM checks if FUSE_ODM_LOCK is burned and then disables writing to the ipatches. If you could make that check fail ipatch writing would be enabled. That might be possible via fault Injection on Erista but on Mariko there's probably random timing to mitigate it. It would require a mod chip making the entire thing pointless anyway though.

 

[Deleted member 568892]

If you're very very lucky cosmic radiation will hit all the right bits in the ram allowing you to run unsigned code.