Hacking Possibly a new exploit?

14Par · Jun 23, 2021

Would it be possible to run code to the switch from Super Smash Bros. Ultimate with a custom game replay (probably not video)? I know you can move videos from smash from the sd card, what about replays or custom replays with data to execute code? Since its an app it has full access to the RAM unlike system apps like the album.

lolcatzuru · Jun 23, 2021

14Par said:
Would it be possible to run code to the switch from Super Smash Bros. Ultimate with a custom game replay (probably not video)? I know you can move videos from smash from the sd card, what about replays or custom replays with data to execute code? Since its an app it has full access to the RAM unlike system apps like the album.

My guess is that it probably wouldn't be possible, as the firmware blocks unsigned code. However if you could enter RCM somehow, maybe.

14Par · Jun 23, 2021

lolcatzuru said:
My guess is that it probably wouldn't be possible, as the firmware blocks unsigned code. However if you could enter RCM somehow, maybe.

Is the code for entering RCM signed?

SciresM · Jun 23, 2021

14Par said:
Would it be possible to run code to the switch from Super Smash Bros. Ultimate with a custom game replay (probably not video)? I know you can move videos from smash from the sd card, what about replays or custom replays with data to execute code? Since its an app it has full access to the RAM unlike system apps like the album.

No, this is not how hacking works, and the switch uses ASLR so memory corruption bugs are useless in non-scripting engines.

Smash bros replays are not a scripting engine.

Also, generally, hacking userland games/applets isn't particularly difficult, it's just pointless because it doesn't enable homebrew because the rest of the OS is secure.

lolcatzuru said:
My guess is that it probably wouldn't be possible, as the firmware blocks unsigned code. However if you could enter RCM somehow, maybe.

Entering RCM is trivial on all devices (just short the relevant pins), but this has no security/exploit implications because RCM is secure/not bugged on patched Erista units and Mariko units.

CompSciOrBust · Jun 23, 2021

SciresM said:
No, this is not how hacking works, and the switch uses ASLR so memory corruption bugs are useless in non-scripting engines.

Smash bros replays are not a scripting engine.

Also, generally, hacking userland games/applets isn't particularly difficult, it's just pointless because it doesn't enable homebrew because the rest of the OS is secure.

Entering RCM is trivial on all devices (just short the relevant pins), but this has no security/exploit implications because RCM is secure/not bugged on patched Erista units and Mariko units.

I keep seeing the no homebrew thing come up because hos is secure but why would that block userland homebrew if someone gains ace in a game? I know lots of homebrew needs full access to services but not everything does. Before b9s I loved playing with userland homebrew on the 3DS, would something like that not be possible on the Switch (excluding fw 3.0.0 since that had access to all services via ro:han)?

Edit: Specifically what I'm asking is what part of hos prevents you from running homebrew in userland unless you can get privileged code execution?

SciresM · Jun 23, 2021

CompSciOrBust said:
I keep seeing the no homebrew thing come up because hos is secure but why would that block userland homebrew if someone gains ace in a game? I know lots of homebrew needs full access to services but not everything does. Before b9s I loved playing with userland homebrew on the 3DS, would something like that not be possible on the Switch (excluding fw 3.0.0 since that had access to all services via ro:han)?

Edit: Specifically what I'm asking is what part of hos prevents you from running homebrew in userland unless you can get privileged code execution?

You cannot get ACE in a game.

You can get ROP.

The ability to run arbitrary code requires compromising Loader, FS, RO, or the kernel, all of which are secure.

Draxzelex · Jul 5, 2021

14Par said:
Would it be possible to run code to the switch from Super Smash Bros. Ultimate with a custom game replay (probably not video)? I know you can move videos from smash from the sd card, what about replays or custom replays with data to execute code? Since its an app it has full access to the RAM unlike system apps like the album.

Unless you're an experienced hacker, you're not going to discover an exploit by randomly suggesting ideas.

thesjaakspoiler · Jul 5, 2021

14Par said:
Would it be possible to run code to the switch from Super Smash Bros. Ultimate with a custom game replay (probably not video)? I know you can move videos from smash from the sd card, what about replays or custom replays with data to execute code? Since its an app it has full access to the RAM unlike system apps like the album.

SmashBros is also running inside a secure sandbox, just like the Album app.
What you need is a bug/exploit in the kernel functions that SmashBros uses.
Atmosphere CFW maker MScires said that he thinks everything is pretty much patched at this moment so chances of finding something will be quite difficult.
But as we have seen with the PS3/PS4 it sometimes just takes a while before someone finds something.

Deleted member 560282 · Jul 5, 2021

14Par said:
Would it be possible to run code to the switch from Super Smash Bros. Ultimate with a custom game replay (probably not video)? I know you can move videos from smash from the sd card, what about replays or custom replays with data to execute code? Since its an app it has full access to the RAM unlike system apps like the album.

No, this is not the Wii anymore

aykay55 · Jul 6, 2021

SciresM said:
Also, generally, hacking userland games/applets isn't particularly difficult, it's just pointless because it doesn't enable homebrew because the rest of the OS is secure.

If this potential exploit worked, could it at least enable basic modification within the game with or without CFW?

brynts · Jul 6, 2021

Draxzelex said:
Unless you're an experienced hacker, you're not going to discover an exploit by randomly suggesting ideas.

many experienced hackers over there, but they're not playing nintendo switch

soup1 · Jul 6, 2021

thesjaakspoiler said:
SmashBros is also running inside a secure sandbox, just like the Album app.
What you need is a bug/exploit in the kernel functions that SmashBros uses.
Atmosphere CFW maker MScires said that he thinks everything is pretty much patched at this moment so chances of finding something will be quite difficult.
But as we have seen with the PS3/PS4 it sometimes just takes a while before someone finds something.

what do you mean by sandbox?

HBubli · Jul 6, 2021

FinalElixir1 said:
what do you mean by sandbox?

I think he means that the application is in its own environment. It cannot interact with the system, it's like locked in an empty room.

Draxzelex · Jul 16, 2021

brynts said:
many experienced hackers over there, but they're not playing nintendo switch

Well, to each their own.

Hacking Possibly a new exploit?

Member

Well-Known Member

Member

Developer

🤔

Developer

Well-Known Member

Well-Known Member

Well-Known Member

Professional Idiot

Member

Active Member

Well-Known Member

Well-Known Member

Similar threads

Popular threads in this forum