PegaSwitch 3.0, libtransistor, and more

Discussion in 'Switch - Hacking & Homebrew' started by Daeken, Oct 2, 2017.

  1. P4wn4g3

    P4wn4g3 Member

    Newcomer
    35
    4
    Nov 1, 2011
    United States
    Over Here
    Does this mean the update blocking isn't a viable way forward? I thought the new firmwares were essentially just exploit protection similar to prior systems. What about custom firmwares? What is the shortest solution right now to jailbreaking and preserving full system functionality? I suppose something would be needed to prevent the account from reporting on the user as well.
     


  2. ihaveamac

    ihaveamac GBAtemp Guru

    Member
    5,467
    5,961
    Apr 20, 2015
    United States
    Tigard, OR
    new versions can introduce new encryption keys. there will be no way to play 3.0.1+ games on 3.0.0, because 3.0.1 added a new key.
     
    astronautlevel and V-Temp like this.
  3. P4wn4g3

    P4wn4g3 Member

    Newcomer
    35
    4
    Nov 1, 2011
    United States
    Over Here
    I see. I take it no workarounds have been found yet. I can only imagine they are long encryptions and it's not like the switch will be great for running cracking programs.
     
  4. V-Temp

    V-Temp GBAtemp Regular

    Member
    185
    236
    Jul 20, 2017
    United States
    To gain access to higher FW software, you have to crack higher FW and extract the necessary information to be able to decrypt, read, and run updated software. And this will only be viable for single-player games, online gaming is completely off-limits.
     
  5. senas8

    senas8 Advanced Member

    Newcomer
    97
    21
    Apr 3, 2011
    United States
    That’s not what I mean. I mean games Carts already on firmware 2.3
    In the near future these new carts we buy .. they will update to 3.1+
    So for example all game carts in th near future may all be 3.1+.. even game Carts that came out 3 months ago. So unless we by them now in lower firmware .. they will stay that way because we have the phisical copy’s with 2.3 or 3.0. I’m saying that’s what I’m worrying Nintendo might do to fix as many 3.0 switches and get them to update pass that to 3.1+
     
    Last edited by senas8, Oct 7, 2017
  6. Bladexdsl

    Bladexdsl ZOMG my posts...it's over 9000!!!

    Member
    16,234
    3,885
    Nov 17, 2008
    Australia
    Queensland
    oh count on it
     
  7. Digital_0xFF

    Digital_0xFF Member

    Newcomer
    23
    8
    Oct 7, 2017
    Austria
    Hopefully someone can clarify a few things for me:

    1. One can read things like "fw spoof would be impossible". Maybe there are facts that i'm missing but the only thing i could imagine that would be able to fuck this up would be the fuses... but any cfw should be able to bypass this since there must be some API call we could mess with to fake the fuse values.

    2.
    How should ninty's online service be able to distinguish between a physical bought game and a dumped one ? (Both not bound to nnid)

    Edit: I should mention that i am aware that all this will take some time to get build. My question is more like IMPOSSIBLE or not
     
    Last edited by Digital_0xFF, Oct 7, 2017
  8. V-Temp

    V-Temp GBAtemp Regular

    Member
    185
    236
    Jul 20, 2017
    United States
    Fuses are a boot operation, what is an API going to bypass? The boot sequence? CFW spoofing the real FW would require having the other FW compromised to the point of not needing a CFW to spoof the FW; you don't just change some binary to increment the FW# for everything to suddenly work.

    Not the game (though they could hide flags that require server handshakes), but more that the console isn't correct which is precipitated from the notes above on the FW (if a FW is compromised to such a degree, they'd roll out a new one with a forced fuse-burn). And if they catch you going online with a tinkered with Switch, they'll ban its unique cert outright and then it will never go online again.
     
    Digital_0xFF and peteruk like this.
  9. NicknameGoesHere

    NicknameGoesHere 3DS Developer in training!

    Member
    148
    12
    Jul 11, 2017
    United States
    I am learning how to develop for3ds RN, and will be working on the switch when I get one&ROP loaders are out, but is there anything I can work with RN?
     
    Last edited by NicknameGoesHere, Oct 8, 2017
  10. ehnoah

    ehnoah GBAtemp Fan

    Member
    381
    72
    Oct 9, 2012
    Netherlands
    I Wonder if some started Doing stuff yet. GbA is quite silence xD
     
  11. Digital_0xFF

    Digital_0xFF Member

    Newcomer
    23
    8
    Oct 7, 2017
    Austria
    "Stuff"? e.g. Homebrew apps? Before they don't have a ROP chain for ROhan (which could take a day or a year) nothin further than the hype will happen.... even if we would find a chain today, at this point i think no one could build a usefull homebrew (due to the lack of details about switch os internals)
     
    Last edited by Digital_0xFF, Oct 8, 2017
  12. ehnoah

    ehnoah GBAtemp Fan

    Member
    381
    72
    Oct 9, 2012
    Netherlands
    So the only rason to keep a 3.0 one is to get it earlier then the rest of the World? But what exactly Rohan do then? I mean didnt it said to run Homebrew? (I know we missing the ROP so that confused me)

    So beside the hype most likely nothing will come in the "near" future? Unless we have some super crazy guy?
     
  13. Digital_0xFF

    Digital_0xFF Member

    Newcomer
    23
    8
    Oct 7, 2017
    Austria
    ROhan is a vulnerability which allows some ROP magic which is needed to actually execute arbitary code (e.g. homebrew) on the switch. But without a proper ROP chain it is nothing but hot air.

    The reason to stay below 3.0.1 (or == 3.0.0 for ROhan) is to get homebrew after all...since nobody can say for sure that there will be other exploits >3.0.0 (despite that i am sure that this will happen somewhere in the future)

    and yes at least the next 6 month are only exciting if you want to dev for the switch (personal opinion)

    All the nitty gritty stuff needs to be developed before we can use it ;)
     
    Last edited by Digital_0xFF, Oct 8, 2017
    leonmagnus99 and TotalInsanity4 like this.
  14. ehnoah

    ehnoah GBAtemp Fan

    Member
    381
    72
    Oct 9, 2012
    Netherlands

    So ROhan is a "Smaller ROP of Chain" which is not enough to run stuff actually? But at least the Entry Point to run a propper ROP?
     
  15. NicknameGoesHere

    NicknameGoesHere 3DS Developer in training!

    Member
    148
    12
    Jul 11, 2017
    United States
    We have libnx...
     
  16. Digital_0xFF

    Digital_0xFF Member

    Newcomer
    23
    8
    Oct 7, 2017
    Austria
    Yes ROhan is an entry point which is mandatory to execute a ROP chain

    — Posts automatically merged - Please don't double post! —

    And libnx contains API bridges for everything? So there is no function in switch os that we don't know about? Correct me if i am wrong but the way i see it it's not even clear what function every syscall on the switch execute
     
    Last edited by Digital_0xFF, Oct 8, 2017
    TotalInsanity4 likes this.
  17. NicknameGoesHere

    NicknameGoesHere 3DS Developer in training!

    Member
    148
    12
    Jul 11, 2017
    United States
    No, I never said we had everything, I just said that we have something.
     
    TotalInsanity4 likes this.
  18. V-Temp

    V-Temp GBAtemp Regular

    Member
    185
    236
    Jul 20, 2017
    United States
    The thing that libnx is doing is creating multiple standards. >.>
     
    astronautlevel likes this.
  19. astronautlevel

    astronautlevel The Young Descendent of Tepes

    Member
    4,041
    4,987
    Jan 26, 2016
    United States
    That Nightly Site™
    I'm interested in seeing how the devkitPro/libnx and ReSwitched/libtransistor schism will play out - I'm happy we have a toolchain that uses clang and LLVM instead of GCC though :)
     
    DayVeeBoi likes this.
  20. V-Temp

    V-Temp GBAtemp Regular

    Member
    185
    236
    Jul 20, 2017
    United States
    Its longterm usually bad for the scene to have two parallel developments, going to lead to a lot of potentially confused documentation, but it is what it is.
     
    DayVeeBoi and peteruk like this.