Hacking Potential switch v2 vulnerability discovered

[qwerty999]

I was messing around on the hidden switch browser accessible with a custom dns wifi setting, was checking out newgrounds and found out that when you try to run a game, a popup message would display saying that WebGl isn't supported, or would run at a really low fps.
But I found out that this specific plants vs zombies game would instantly cause a whole system crash right away, requiring to restart the console, and the crash is persistent, happening each time.

Video showcase:

I was curious if there could be a potential vulnerability or exploit based on this

 

[urherenow]

Lol... you made a new account for this? Come on, what's your real account? That error is triggered when corrupt data is detected, and is exactly why there is nothing there that can EVER be exploited.

The Switch's firmware has been thoroughly reverse-engineered. There ARE NO EXPLOITABLE VUNERABILITIES in software. Get over it and buy a mod chip.

 

[Viri]

If there was an exploit, it was found ages ago, and probably being kept secret until the Switch 2 comes out.

Coward, show us your real account!

 

[Jayinem]

That's nothing, I found one for Switch 2.

 

[KeeperCP1]

That's nothing, I found one for Switch 2.

Does it involve an Angry Birds fangame?

 

[qwerty999]

Lol... you made a new account for this? Come on, what's your real account? That error is triggered when corrupt data is detected, and is exactly why there is nothing there that can EVER be exploited.

The Switch's firmware has been thoroughly reverse-engineered. There ARE NO EXPLOITABLE VUNERABILITIES in software. Get over it and buy a mod chip.

This is my first time using this site?

And corrupt data can trigger crashes to stop further damage but doesn't necessarily rule out the potential for exploiting the situation, especially if buffer overflows or similar issues are involved. Corrupt data handling could still have potential to explore

 

[Blythe93]

I really hope that you're right and one day we see the exploit working on the patched units. But, sadly, there's a very high chance that the people behind the Switch hacking scene have already checked each and every nook and cranny of the Switch software in search for an exploit and found none on the patched systems. There's only a hope for CFW for some of the patched v1s that are on firmware 5.0.0-7.0.0, but nothing of sorts for Lite and OLED models yet (source).

 

[fspkwon]

what can i theorize stack-integrity-checking exploitation is proveable by spectre and meltdown

i would have to like draw something that makes sense

index - chapter - paragraph
|
Program accessing paragraph...
|- something short hand give me paragraph... or that index is writing to paragraph
says open a [side-channel] through chapter and some erroneous function causing
the firmware to constantly verify that paragraph before is the same before as
what it will be after is after so write chapters second paragraph if there is no paragraph there...
what IS chapter ones 2nd paragraph ... if theres nothing there it must write Chapter 2s Second Paragraph....
using branch says i can get this paragraph from Document 1 ... and Document 2... now if Process Reader
is providing this creates a branch condition of is likely here or here... and in the midst of what like updating
the material of chapter 2s whatever because it isnt Published yet

a modchips way out of my ways of direction but id like one day to have a pocket device like i had when i had my palm pilot tungsten t2 because theyre just interested that way i never really saw anything else interested that way unless its literally is like a modded switch because cell phones were backlash, iPods is the secret to god if you want something modded

 

[DefeatOf13]

My heart skipped a beat when i read the title of the post

 

[masagrator]

especially if buffer overflows or similar issues are involved

They are worth shit in ASLR environment... which is the case here. So no, this is worthless.
2168-0002 is just a segfault, probably caused by trying to access a null pointer.

stack-integrity-checking exploitation is proveable by spectre and meltdown

There is no stack integrity checking in HOS because of its performance impact. HOS doesn't need it because its security makes any attempt on exploiting stack worthless, the best you can get is crash.
And rest of your post is pure gibberish.

 

[Deleted member 731084]

Lol... you made a new account for this? Come on, what's your real account? That error is triggered when corrupt data is detected, and is exactly why there is nothing there that can EVER be exploited.

You're really confident for being wrong. That error code is for a data abort, which means segfault in arm speak. My guess would be that the browser tried to allocate all the memory it could, didn't check if it got any and then tried to dereference a null pointer.

 

[urherenow]

You're really confident for being wrong. That error code is for a data abort, which means segfault in arm speak. My guess would be that the browser tried to allocate all the memory it could, didn't check if it got any and then tried to dereference a null pointer.

Also caused by abnormal process termination via svcExitProcess. Note: directly jumping to nnMain()-retaddr from non-main-thread has the same result.

What is the error "2168-0002"? ​

The error code "2168-0002" is a specific error that can appear when launching a Nintendo Switch game or application. The most common causes of this error are:

• Corrupted Data : If the game data is corrupted, it may not launch properly and will display an error.
• Console malfunction : There may be a temporary malfunction in the system software.
• Storage issues : Problems with the internal memory or microSD card can sometimes prevent game data from loading properly.

Your type just loves to cherry pick your "facts". My point was made, and it was not incorrect.

Here, I'm sure *somewhere* amongst all of these issues you can cherry pick some more... https://github.com/search?q=repo:Atmosphere-NX/Atmosphere+2168-0002&type=issues

 

[masagrator]

Also caused by abnormal process termination via svcExitProcess

which basically never happens

Note: directly jumping to nnMain()-retaddr from non-main-thread has the same result.

also basically never happens

Just shutup. Your type just loves to cherry pick your "facts". My point was made, and it was not incorrect.

But his explanation is correct in 99.9% of cases (wrong pointer derefrence), in this case I can bet too. So why so salty?

 

[urherenow]

But his explanation is true in 99.9% of cases, in this case I can bet too. So why so salty?

1) You have to consider what Nintendo refers to as corrupted data. Ever get this error on an unmodded switch? Regardless, "pretty much never happens" doesn't mean it doesn't happen, or the Switchbrew team wouldn't have bothered saying so, now would they? And it did happen. Because OP tried to force it to happen.

2) Doen't even matter with the point I was trying to make (it's been FULLY reverse-engineered, and there is nothing that can be exploited on the software side).

3) I simply don't like the messenger or pretty much any of her type... and if she's consistent, you'll get a earfull for misgendering her. As if it's anybody's job to give a shit over the internet where they can't see you. Her reply was SPECIFICALLY to target me, and really no other good reason.

 

[masagrator]

You have to consider what Nintendo refers to as corrupted data

Yes. But this happens on system level, not game. Corruption is not a case here because each system module is hash checked before running, so data corruption is impossible in this case if you can still run browser after reboot.
In games case only executables are hash checked.

or the Switchbrew team wouldn't have bothered saying so, now would they

because they were testing "what would happen if" to test how HOS works, and came across the same error when it's segfaulting, so they added it's possible to trigger this code this way too. Not because this happened without their input.

 

[Deleted member 731084]

Also caused by abnormal process termination via svcExitProcess. Note: directly jumping to nnMain()-retaddr from non-main-thread has the same result.

What is the error "2168-0002"? ​

The error code "2168-0002" is a specific error that can appear when launching a Nintendo Switch game or application. The most common causes of this error are:

• Corrupted Data : If the game data is corrupted, it may not launch properly and will display an error.
• Console malfunction : There may be a temporary malfunction in the system software.
• Storage issues : Problems with the internal memory or microSD card can sometimes prevent game data from loading properly.

Just shutup. Your type just loves to cherry pick your "facts". My point was made, and it was not incorrect.

Here, I'm sure *somewhere* amongst all of these issues you can cherry pick some more... https://github.com/search?q=repo:Atmosphere-NX/Atmosphere+2168-0002&type=issues

quotes page i posted, posts random LLM answer and then breaks the rules

go to therapy please.

Post automatically merged: Feb 7, 2025

But his explanation is correct in 99.9% of cases (wrong pointer derefrence), in this case I can bet too. So why so salty?

i am once again asking people to read my username (this is the extent to which i called out misgendering, btw). Also salty because they rage quit over not wanting to explain what (aside from systemic issues) causes disparities between demographics hired to S&P 100 companies and national demographics with the exact same "how dare you have facts" speech in the politics forum.

Post automatically merged: Feb 7, 2025

Her reply was SPECIFICALLY to target me, and really no other good reason.

were or were you not confidently wrong? i could've just left it at that, but then i actually explained what happened here.

 

[InsaneNutter]

I'm impressed Newgrounds is still going, that's a site I've not visited since the early 2000s.

 

[masagrator]

i am once again asking people to read my username (this is the extent to which i called out misgendering, btw).

well, sorry, but username argument is bad. I know many men using their "waifu" name as nick... You should set your gender in profile if you want to have a real argument against misgendering.

It doesn't help the fact that English doesn't have declination based on gender like my language has, so it's hard to figure out for me from your post who you are. That's why I try to use they, but because such thing doesn't exist for single person in my language that doesn't sound offensive, I often catch myself using him without thinking.

 

[urherenow]

quotes page i posted, posts random LLM answer and then breaks the rules

Since you decided to post just the first sentence? Yup. Sure did. And the "random LLM answer" was specifically a Nintendo Switch answer, but thanks for playing.

go to therapy please.

Post automatically merged: Feb 7, 2025

i am once again asking people to read my username (this is the extent to which i called out misgendering, btw). Also salty because they rage quit over not wanting to explain what (aside from systemic issues) causes disparities between demographics hired to S&P 100 companies and national demographics with the exact same "how dare you have facts" speech in the politics forum.

Post automatically merged: Feb 7, 2025

were or were you not confidently wrong? i could've just left it at that, but then i actually explained what happened here.

NO, I wasn't wrong. My point still stands. Are we just going to ignore all of the various issues that have triggered that exact code? Which again, wasn't the point? Oh, yea, I forgot... you like to cherry pick just to split hairs. Carry on.

 

[Deleted member 731084]

Since you decided to post just the first sentence? Yup. Sure did. And the "random LLM answer" was specifically a Nintendo Switch answer, but thanks for playing.

I was assuming it was. This isn't a gotcha. The contents are what's random, since it'll mostly regurgitate speculation from GBATemp. But you literally don't believe someone who writes patches for the specific device so you can angrily yell at me, idk what could convince you.

NO, I wasn't wrong. My point still stands. Are we just going to ignore all of the various issues that have triggered that exact code? Which again, wasn't the point? Oh, yea, I forgot... you like to cherry pick just to split hairs. Carry on.

segmentation faults (program tried to read unmapped/invalid/protected memory) and the subset of null pointer dereferences are extremely common bugs in software

if you've ever seen this, that was a segmentation fault. if you've ever gotten a PAGE_FAULT_IN_NONPAGED_AREA blue screen, that was also a segfault, but in the kernel

these are called "data aborts" in ARM.

Post automatically merged: Feb 7, 2025

well, sorry, but username argument is bad. I know many men using their "waifu" name as nick... You should set your gender in profile if you want to have a real argument against misgendering.

It doesn't help the fact that English doesn't have declination based on gender like my language has, so it's hard to figure out for me from your post who you are. That's why I try to use they, but because such thing doesn't exist for single person in my language that doesn't sound offensive, I often catch myself using him without thinking.

Fair enough. Though unfortunately it's not a field that gets shown in thread view. Guess I gotta pony up Patron money if I want a trans pride flag there.