Question Possibilities of Exploit NSwitch with FW 3.0.x or 4.x.x by means of modified saved game

Discussion in 'Switch - Hacking & Homebrew' started by Ghost92, Jan 11, 2018.

  1. Ghost92
    OP

    Ghost92 Advanced Member

    Newcomer
    80
    20
    Jun 29, 2017
    Colombia
    If with the introduction of current exploits and there is a Homebrew that makes backup of saved games. If I upload or inject an altered game on a Nintendo Switch with FW 3.0.0 or lower, and transfer that game to a console 3.0.1 or higher (4.x.x).

    - Could the console of 4.x.x be modified by means of an exploit in a Videogame with the altered savegame?.

    -There's a possibility?.

    - What risks would a brick ?.

    Leave your opinion. :)

     
    Last edited by Ghost92, Jan 11, 2018
  2. Zyvyn

    Zyvyn GBAtemp Advanced Fan

    Member
    685
    143
    Aug 9, 2017
    United States
    pretty sure saves are saved to the switch not cart
     
  3. mustafag32g

    mustafag32g GBAtemp Advanced Fan

    Member
    707
    481
    Jul 30, 2014
    Argentina
    clickbait title! Change it before people rage :P
     
  4. Zyvyn

    Zyvyn GBAtemp Advanced Fan

    Member
    685
    143
    Aug 9, 2017
    United States
    its tagged as a question and you cant change titles
     
  5. Ghost92
    OP

    Ghost92 Advanced Member

    Newcomer
    80
    20
    Jun 29, 2017
    Colombia
    I would add off-topic, if I could. The same is a question that invites to comment, I do not assure that there is an exploit of this type currently in process.
     
  6. Mnecraft368

    Mnecraft368 GBAtemp Maniac

    Member
    1,284
    362
    Aug 8, 2015
    You can ask a mod to change it.
    And already got over 50 people baited to the thread :P (unless they are actually reading)

    Also, unless their is an actual exploit in the system that can be abused by a game save, then no this isnt possible. Brick level probably 0 if userland (thats if this exists).
     
  7. Ghost92
    OP

    Ghost92 Advanced Member

    Newcomer
    80
    20
    Jun 29, 2017
    Colombia
    I just open a topic, and it's useless. The consoles must have the same update of FW (from 4.x.x) to perform transfer of saved games. :( only, if this type of exploit were to exist, it seems to me inevitable that the source console must be updated with the modified saved game to carry out the modification ...


    https://www.nintendo.es/Atencion-al...-usuario-y-los-datos-de-guardado-1294746.html

     
    Last edited by Ghost92, Jan 11, 2018
  8. yardie

    yardie GBAtemp Maniac

    Member
    1,306
    1,334
    Mar 27, 2016
    United States
    take this thread out to the barn and shoot it
     
    cagycee likes this.
  9. Bedel

    Bedel The key of the blade

    Member
    1,033
    371
    Oct 28, 2015
    Afaik, any. I recall it was comented at the 34c3, that games have no access to the kernel so it's not possible to do this.
     
  10. TotalInsanity4

    TotalInsanity4 GBAtemp Supreme Overlord

    Member
    9,559
    9,672
    Dec 1, 2014
    United States
    Under a rock
    Address randomization would make VERY difficult, if not impossible
     
  11. DinohScene

    DinohScene Feed Dino to the Sharks

    Member
    GBAtemp Patron
    DinohScene is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    17,615
    14,528
    Oct 11, 2011
    Antarctica
    В небо
    Say you're correct and you can modify save games on carts.
    You'd still need a vulnerability on the other console to exploit.
     
  12. yardie

    yardie GBAtemp Maniac

    Member
    1,306
    1,334
    Mar 27, 2016
    United States
    wait for team xecuter
     
  13. Kubas_inko

    Kubas_inko Mensa must be broken. Otherwise, I am genius.

    Member
    1,546
    510
    Feb 3, 2017
    Czech Republic
    Don't worry. Just because of you, we are going to make sure these apps/mods are going to have 100% brick rate.
     
  14. puelo

    puelo Newbie

    Newcomer
    3
    3
    Jan 5, 2018
    Germany
    Switch uses ASLR (Address space layout randomization) in the complete user-space (i believe). This is what makes save-game exploits extremly difficult because it is very hard to predict where in memory your save game will be loaded to or where you need to jump.
     
    Last edited by puelo, Jan 12, 2018
    Ghost92, a5723797 and TotalInsanity4 like this.
  15. Quantumcat

    Quantumcat Dead and alive

    Member
    12,845
    7,177
    Nov 23, 2014
    Australia
    Canberra, Australia
    Doesn't the Switch save the save games on the console? So the target would have to have access to homebrew already to import the save.
     
  16. sarkwalvein

    sarkwalvein My mother tongue is Spanish, for god's sake!

    Member
    GBAtemp Patron
    sarkwalvein is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    6,095
    6,838
    Jun 29, 2007
    Germany
    Niedersachsen
    Of course it saves in the console. The game cards contain no save data at all.
     
    Quantumcat likes this.
  17. Uumas

    Uumas GBAtemp Advanced Maniac

    Member
    1,747
    679
    Sep 17, 2016
    Finland
    The way to transfer the hacked save to a new console could be updating the hacked console and then doing a normal transfer. The hard part is creating a save that could be used as a exploit.
     
  18. TheCyberQuake

    TheCyberQuake Certified Geek

    Member
    4,266
    3,121
    Dec 2, 2014
    United States
    Las Vegas, Nevada
    We've already discussed this. Switch is not likely to have save game exploits. You need at least two vulnerabilities; an info leak and a buffer overflow. Very unlikely to get both in one game. On top of that you wouldn't be able to transfer the save from a homebrew-compatible device because that feature was introduced into later firmwares and likely uses server verification before the transfer.
     
  19. Ghost92
    OP

    Ghost92 Advanced Member

    Newcomer
    80
    20
    Jun 29, 2017
    Colombia
    I understand then it is probably null for a vulnerability to come out from a saved game, and ASRL, reminds me of something like online video games, where they prevent cheating. In any case, the softmod is the only salvation for FW 3.0.1 and higher. I'll keep thinking about the possibilities, even if I'm not a modder.

     
    Last edited by Ghost92, Jan 13, 2018
    TotalInsanity4 likes this.
Loading...