Hacking payload questions

brollikk

Well-Known Member
OP
Member
Joined
Mar 8, 2018
Messages
350
Trophies
0
XP
1,081
Country
United States
I use sx pro right now but was just curious about how payloads currently work for the switch... it's something that is injected into the switch as it starts up in RCM mode? so the sx pro has a payload that specifically allows sx os to start up? or does it have a payload that lets you get to that screen where you can choose which os you want to boot up?

and regarding using an alternate payload injector (one of the ones from aliexpress) - how would this work? Assuming you want to use sx os and reinx, you would be flashing each corresponding payload when you want to use them? (unless the device supports multiple payloads?)

Just looking for some confirmation/corrections.
 

Draxzelex

Well-Known Member
Member
Joined
Aug 6, 2017
Messages
16,220
Trophies
1
Age
27
Location
New York City
XP
11,077
Country
United States
The exploit chain known as either Fusee Gelee, shofel2, or CVE-2018-6242 involves sending a payload to cause a stack overflow in which we embed some unsigned code that is designed to take control of the system. This payload must be sent via a USB connection while the Switch is in RCM (the RCM from Nvidia, there is another RCM from Nintendo by holding volume + and - when turning the console on).

The SX Pro and another dongles have payloads flashed onto them as well as a battery to automatically send payloads when connected to the Switch in RCM. Non-SX Pro dongles allow you to flash any payload onto them and because it may be a hassle to flash a new payload, all payloads now support chainloading meaning they can send payloads on the SD card (but the initial payload still has to be sent).
 

brollikk

Well-Known Member
OP
Member
Joined
Mar 8, 2018
Messages
350
Trophies
0
XP
1,081
Country
United States
The exploit chain known as either Fusee Gelee, shofel2, or CVE-2018-6242 involves sending a payload to cause a stack overflow in which we embed some unsigned code that is designed to take control of the system. This payload must be sent via a USB connection while the Switch is in RCM (the RCM from Nvidia, there is another RCM from Nintendo by holding volume + and - when turning the console on).

The SX Pro and another dongles have payloads flashed onto them as well as a battery to automatically send payloads when connected to the Switch in RCM. Non-SX Pro dongles allow you to flash any payload onto them and because it may be a hassle to flash a new payload, all payloads now support chainloading meaning they can send payloads on the SD card (but the initial payload still has to be sent).

thank you for your contribution.

Just to clarify - the way sx pro works is that it sends a payload that leads to the menu screen you see (boot sx os, boot original firmware, boot other) then depending on what you select, it chain loads? I know that you are able to boot into reinx using sx os (at least from what I've read).

If I were to buy a third party payload injector for a secondary switch I have, the payload would just boot directly into reinx? Is there a payload that boots into a similar menu that sx os does?
 

Draxzelex

Well-Known Member
Member
Joined
Aug 6, 2017
Messages
16,220
Trophies
1
Age
27
Location
New York City
XP
11,077
Country
United States
Just to clarify - the way sx pro works is that it sends a payload that leads to the menu screen you see (boot sx os, boot original firmware, boot other) then depending on what you select, it chain loads? I know that you are able to boot into reinx using sx os (at least from what I've read).
Not quite. The SX Pro basically has the SX OS Loader flashed onto it, but not the CFW. SX OS itself has to be downloaded from their site and placed onto the SD card as boot.dat

If I were to buy a third party payload injector for a secondary switch I have, the payload would just boot directly into reinx? Is there a payload that boots into a similar menu that sx os does?
The menu is not dependent on the payload but rather the CFW. For example, as previously stated, SX Pro is only SX OS Loader flashed onto the modchip; without the CFW, SX OS as boot.dat, loading SX Pro will result in a screen asking for boot.dat. The menu that you subsequently see is the SX OS menu. ReiNX has no menu when it is sent as a payload because it is meant to be convenient and easy-to-use. It also supports automatic chainloading meaning when ReiNX.bin is sent as a payload, it will automatically load any payload.bin file unlike SX OS and Hekate. Speaking of Hekate, which is arguably the best bootloader, has its own menu that offers a wider variety of options compared to SX OS and supports chainloading.
 

brollikk

Well-Known Member
OP
Member
Joined
Mar 8, 2018
Messages
350
Trophies
0
XP
1,081
Country
United States
so with the reinx payload, it will just auto load anything labeled payload.bin (even if it's sx os?)
hekate... it's like the sx os menu but offers more?
 
General chit-chat
Help Users
    TheLiamChannel @ TheLiamChannel: lol