Toggle sidebar

Hacking Possibly a new exploit?

  • Thread starter Thread starter 14Par
  • Start date Start date
  • Views Views 4,077
  • Replies Replies 13
1

14Par

Member
Newcomer
Level 1
Joined
Apr 17, 2021
Messages
14
Reaction score
1
Trophies
0
Age
27
XP
107
Country
United States
Would it be possible to run code to the switch from Super Smash Bros. Ultimate with a custom game replay (probably not video)? I know you can move videos from smash from the sd card, what about replays or custom replays with data to execute code? Since its an app it has full access to the RAM unlike system apps like the album.
 
14Par said:
Would it be possible to run code to the switch from Super Smash Bros. Ultimate with a custom game replay (probably not video)? I know you can move videos from smash from the sd card, what about replays or custom replays with data to execute code? Since its an app it has full access to the RAM unlike system apps like the album.
Click to expand...


My guess is that it probably wouldn't be possible, as the firmware blocks unsigned code. However if you could enter RCM somehow, maybe.
 
14Par said:
Would it be possible to run code to the switch from Super Smash Bros. Ultimate with a custom game replay (probably not video)? I know you can move videos from smash from the sd card, what about replays or custom replays with data to execute code? Since its an app it has full access to the RAM unlike system apps like the album.
Click to expand...

No, this is not how hacking works, and the switch uses ASLR so memory corruption bugs are useless in non-scripting engines.

Smash bros replays are not a scripting engine.

Also, generally, hacking userland games/applets isn't particularly difficult, it's just pointless because it doesn't enable homebrew because the rest of the OS is secure.

lolcatzuru said:
My guess is that it probably wouldn't be possible, as the firmware blocks unsigned code. However if you could enter RCM somehow, maybe.
Click to expand...

Entering RCM is trivial on all devices (just short the relevant pins), but this has no security/exploit implications because RCM is secure/not bugged on patched Erista units and Mariko units.
 
Last edited by SciresM,
  • Like
Reactions: AngryCinnabon, BaamAlex, almmiron and 7 others
SciresM said:
No, this is not how hacking works, and the switch uses ASLR so memory corruption bugs are useless in non-scripting engines.

Smash bros replays are not a scripting engine.

Also, generally, hacking userland games/applets isn't particularly difficult, it's just pointless because it doesn't enable homebrew because the rest of the OS is secure.



Entering RCM is trivial on all devices (just short the relevant pins), but this has no security/exploit implications because RCM is secure/not bugged on patched Erista units and Mariko units.
Click to expand...
I keep seeing the no homebrew thing come up because hos is secure but why would that block userland homebrew if someone gains ace in a game? I know lots of homebrew needs full access to services but not everything does. Before b9s I loved playing with userland homebrew on the 3DS, would something like that not be possible on the Switch (excluding fw 3.0.0 since that had access to all services via ro:han)?

Edit: Specifically what I'm asking is what part of hos prevents you from running homebrew in userland unless you can get privileged code execution?
 
Last edited by CompSciOrBust,
CompSciOrBust said:
I keep seeing the no homebrew thing come up because hos is secure but why would that block userland homebrew if someone gains ace in a game? I know lots of homebrew needs full access to services but not everything does. Before b9s I loved playing with userland homebrew on the 3DS, would something like that not be possible on the Switch (excluding fw 3.0.0 since that had access to all services via ro:han)?

Edit: Specifically what I'm asking is what part of hos prevents you from running homebrew in userland unless you can get privileged code execution?
Click to expand...

You cannot get ACE in a game.

You can get ROP.

The ability to run arbitrary code requires compromising Loader, FS, RO, or the kernel, all of which are secure.
 
  • Like
Reactions: KiiWii, Lightyose, peteruk and 2 others
14Par said:
Would it be possible to run code to the switch from Super Smash Bros. Ultimate with a custom game replay (probably not video)? I know you can move videos from smash from the sd card, what about replays or custom replays with data to execute code? Since its an app it has full access to the RAM unlike system apps like the album.
Click to expand...
Unless you're an experienced hacker, you're not going to discover an exploit by randomly suggesting ideas.
 
  • Like
Reactions: ciaomao
14Par said:
Would it be possible to run code to the switch from Super Smash Bros. Ultimate with a custom game replay (probably not video)? I know you can move videos from smash from the sd card, what about replays or custom replays with data to execute code? Since its an app it has full access to the RAM unlike system apps like the album.
Click to expand...
SmashBros is also running inside a secure sandbox, just like the Album app.
What you need is a bug/exploit in the kernel functions that SmashBros uses.
Atmosphere CFW maker MScires said that he thinks everything is pretty much patched at this moment so chances of finding something will be quite difficult.
But as we have seen with the PS3/PS4 it sometimes just takes a while before someone finds something.
 
14Par said:
Would it be possible to run code to the switch from Super Smash Bros. Ultimate with a custom game replay (probably not video)? I know you can move videos from smash from the sd card, what about replays or custom replays with data to execute code? Since its an app it has full access to the RAM unlike system apps like the album.
Click to expand...
No, this is not the Wii anymore
 
  • Like
Reactions: SerenadeEXE
thesjaakspoiler said:
SmashBros is also running inside a secure sandbox, just like the Album app.
What you need is a bug/exploit in the kernel functions that SmashBros uses.
Atmosphere CFW maker MScires said that he thinks everything is pretty much patched at this moment so chances of finding something will be quite difficult.
But as we have seen with the PS3/PS4 it sometimes just takes a while before someone finds something.
Click to expand...
what do you mean by sandbox?
 

Site & Scene News

Go to forum More news

Popular threads in this forum

Dusk for switch (TLoZ Twilight Princess port)

Homebrew  New Homebrew "Foil Server"?

Homebrew  Full List of N64 Recompilation Switch ports

Hacking  WiFi chip failing and can't boot. is it possible to enable Airplane Mode by editing system save files directly?

Homebrew Tutorial Translation Project  CS2SX — Write Nintendo Switch Homebrew in C#

Homebrew  Sonic Unleashed Recompiled (Homebrew Port)

Is it fixable

Hacking Emulation  Switch Prod Keys downloading from sites okay?