Hacking Suggestion reason why there wont be piracy on 3.0

  • Thread starter Deleted User
  • Start date
  • Views 4,882
  • Replies 23
  • Likes 2
D

Deleted User

Guest
OP
well thank god i am now a member of the discord chat and was able to understand a bit more of the process of the nintendo switch system.

they was writing the reason why they was telling people to go to 3.0 was that u cant pwn the trust zone anymore which is needed to run any kind of backups even if you bought the game legal on the store it wont work without it.

so if you are planing in playing backups which you made by your self or newer games stay on firmware 1.0 which is the only one which got the tz pwned and also will get the support of emunand.

for 3.0 systems like i have one we can be happy about homebrew but we wont be able to do anything beyond that only if somebody would able to decrypt the keys of the other systems which would be illiegal.

so if you own newer games which you bought on the store you should be able to play them in the future on firmware 1.0

for the others we need to see what the future brings
 

DayVeeBoi

Well-Known Member
Member
Joined
Aug 17, 2015
Messages
528
Trophies
0
Location
Canada
XP
978
Country
Canada
I disagree. It just depends if anyone skilled is going to work on it. Myself I don't care about piracy. I'm happy to buy games if I can play them on 3.0
 

DayVeeBoi

Well-Known Member
Member
Joined
Aug 17, 2015
Messages
528
Trophies
0
Location
Canada
XP
978
Country
Canada
they was writing the reason why they was telling people to go to 3.0 was that u cant pwn the trust zone anymore which is needed to run any kind of backups even if you bought the game legal on the store it wont work without it.
If you watched the 34c3 talk to the end the last section was about the quote "UnTrust Zone" and how its irrelevant due to a poor implementation. That doesnt mean anyone is working on it (yet) but Naehrwert(I think?) laid out a very basic path to use to bypass the need for pwning the trustzone.


(Again, IANA Expert. This is just my interpretation)
 
Last edited by DayVeeBoi,
  • Like
Reactions: lordelan

DSpider

Well-Known Member
Member
Joined
Mar 14, 2015
Messages
566
Trophies
0
XP
1,308
Country
Romania
But, if you have kernel-level access, won't that mean backups can (theoretically) be run? I mean, ffs, if you can run anything with root privileges... right? That's the highest privileges you can get. Or is there something else above root access?

They were telling people to get on 3.0.0 because Nintendo fucked something up when they released that version, and sm:h/smhax was discovered, which granted full permissions to any service.
 
Last edited by DSpider,
  • Like
Reactions: DayVeeBoi

DayVeeBoi

Well-Known Member
Member
Joined
Aug 17, 2015
Messages
528
Trophies
0
Location
Canada
XP
978
Country
Canada
But, if you have kernel-level access, won't that mean backups can (theoretically) be run? I mean, ffs, if you can run anything with root privileges... right? That's the highest privileges you can get. Or is there something else above root access?

They were telling people to get on 3.0.0 because Nintendo fucked something up when they released that version, and sm:h/smhax was discovered, which granted full permissions to any service.
Well I think thats the point about the whole UNtrust zone deal. The keys are handled in hardware and even the root user wont see them. They got the keys by glitching the hardware I think, but with the poor trust zone implementation it seems you may not need to know the keys to use them, (or alternatively you may be leak them but I don't think so). I think the whole deal is what that last slide said, you "Gain Secure EL3 code execution, from usermode" and then he goes on to say immediately after "but as I said, thats just a fun thing thats not useful for homebrew or anything".

I guess its open to interpretation, but that sounds important.
 
Last edited by DayVeeBoi,

satan89

Well-Known Member
Member
Joined
Jan 30, 2014
Messages
424
Trophies
1
Location
Limbo
XP
829
Country
India
But, if you have kernel-level access, won't that mean backups can (theoretically) be run? I mean, ffs, if you can run anything with root privileges... right? That's the highest privileges you can get. Or is there something else above root access?

They were telling people to get on 3.0.0 because Nintendo fuck something up when they released that version, and sm:h/smhax was discovered, which granted full permissions to any service.
What I've understood from all this is, at 1.0.0 with trustzone 'hacked', you could potentially run code at boot, which would be the perfect type of cfw, and emuNAND like setups could be implemented since it's happening at boot.
On 3.0.0, kernel access will require the WebKit exploit, or whatever entry people find it future, to be run everytime the system is relaunched. It only stays in the RAM, and trustzone will verify ofw at every boot. Also, an emuNAND setup may not work because trustzone will keep verifying the boot processes periodically. But apart from that, the level of privileges upto kernel level are probably identical at 1.0.0 or 3.0.0, which is what the devs might have meant by the whole forget about trustzone thing. Backups may work on 3.0.0 but it will be limited to that firmware or lower.
1.0.0 with a patched trustzone could have a higher firmware emuNAND, or maybe a Dev could figure a way to rewrite something into trustzone that will change the way it works and the console can have cfw sysNAND with updates, similar to a9lh or b9s on 3DS.
All of this is just a noobs understanding of all I've read in the past couple of days.
 
  • Like
Reactions: DayVeeBoi

lordelan

Well-Known Member
Member
Joined
Jan 4, 2015
Messages
6,107
Trophies
1
Age
44
XP
7,246
Country
Germany
If you watched the 34c3 talk to the end the last section was about the quote "UnTrust Zone" and how its irrelevant due to a poor implementation. That doesnt mean anyone is working on it (yet) but Naehrwert(I think?) laid out a very basic path to use to bypass the need for pwning the trustzone.


(Again, IANA Expert. This is just my interpretation)
^ this, pretty much.

There will be some kind of Loadiine for 3.0.0, I'm pretty sure of that although I really don't care that much.
Running backups was very comfortable on the Wii and Wii U because they were always sitting next to your TV and you could just plug in a big hard drive to store them all.
On the Switch a few games would completely fill your memory, even if it is expanded by a micro SD card and don't tell me anyone here owns a 2 TB card lol.
Tbh I don't care that much about piracy on the Switch. I buy the few games that I really like.
What I care about are things like a savegame manager, RetroArch, media player (KODI, VLC or RetroArch core), a way to spoof the FW to play online on older firmwares and - as a far away dream - a way to run Android apps on the Switch either by having Android as a dual boot or by having some kind of Android framework or emulator for the Switch OS.

Also if you want to stay on a low FW to play backups I don't see that working as newer games require features from newer firmwares. Only an emunand would help you here.
 

DayVeeBoi

Well-Known Member
Member
Joined
Aug 17, 2015
Messages
528
Trophies
0
Location
Canada
XP
978
Country
Canada
What I've understood from all this is, at 1.0.0 with trustzone 'hacked', you could potentially run code at boot, which would be the perfect type of cfw, and emuNAND like setups could be implemented since it's happening at boot.
On 3.0.0, kernel access will require the WebKit exploit, or whatever entry people find it future, to be run everytime the system is relaunched. It only stays in the RAM, and trustzone will verify ofw at every boot. Also, an emuNAND setup may not work because trustzone will keep verifying the boot processes periodically. But apart from that, the level of privileges upto kernel level are probably identical at 1.0.0 or 3.0.0, which is what the devs might have meant by the whole forget about trustzone thing. Backups may work on 3.0.0 but it will be limited to that firmware or lower.
1.0.0 with a patched trustzone could have a higher firmware emuNAND, or maybe a Dev could figure a way to rewrite something into trustzone that will change the way it works and the console can have cfw sysNAND with updates, similar to a9lh or b9s on 3DS.
All of this is just a noobs understanding of all I've read in the past couple of days.
Yeah that's basically what I took away from it as well. CFW nowadays is rarely true cfw anymore. Its usually a series of patches applied sometime after boot. In that sense there didn't seem to be any obstacles in the way of a CFW in the general sense on 3.0, I'm not sure why anyone who watched it would takeaway that piracy isn't a possibility on 3.0. Maybe nobody is working on it, but I don't think any of these very public guys would admit it if they were. That doesn't mean nobody will work on it. That's an inevitability. Seems like all the boot level stuff is not possible in later firmware, but that doesnt automatically exclude piracy.

Has anyone just flat out asked SciresM what he means re: this?
^ this, pretty much.

There will be some kind of Loadiine for 3.0.0, I'm pretty sure of that although I really don't care that much.
Running backups was very comfortable on the Wii and Wii U because they were always sitting next to your TV and you could just plug in a big hard drive to store them all.
On the Switch a few games would completely fill your memory, even if it is expanded by a micro SD card and don't tell me anyone here owns a 2 TB card lol.
Tbh I don't care that much about piracy on the Switch. I buy the few games that I really like.
What I care about are things like a savegame manager, RetroArch, media player (KODI, VLC or RetroArch core), a way to spoof the FW to play online on older firmwares and - as a far away dream - a way to run Android apps on the Switch either by having Android as a dual boot or by having some kind of Android framework or emulator for the Switch OS.

Also if you want to stay on a low FW to play backups I don't see that working as newer games require features from newer firmwares. Only an emunand would help you here.
It sounds like it might be possible to pull off an emunand type solution on 1.0 consoles since they have pwned the earlyish boot process and thats when eFuses are checked. I think thats the big thing lost on fw 3.0.
 
  • Like
Reactions: satan89

DSpider

Well-Known Member
Member
Joined
Mar 14, 2015
Messages
566
Trophies
0
XP
1,308
Country
Romania
Running backups was very comfortable on the Wii and Wii U because they were always sitting next to your TV and you could just plug in a big hard drive to store them all.
On the Switch a few games would completely fill your memory, even if it is expanded by a micro SD card and don't tell me anyone here owns a 2 TB card lol.
You can have your Switch sitting next to your TV, too, and (probably) plug in a big hard drive, since the dock has a USB port. That would be fricken sweet. Getting up from the couch to change cartridges is a PITA.
 

DayVeeBoi

Well-Known Member
Member
Joined
Aug 17, 2015
Messages
528
Trophies
0
Location
Canada
XP
978
Country
Canada
You can have your Switch sitting next to your TV, too, and (probably) plug in a big hard drive, since the dock has a USB port. That would be fricken sweet. Getting up from the couch to change cartridges is a PITA.
It wont surprise me if one day there is flashcart solution. The $$$ incentive that these experienced flashcart teams lost when CFW became easier on 3DS than their tedious etransfer payment schemes has become a huge incentive because of the switch. You can bet chinese teams are watching this 34c3 very closely
 

lordelan

Well-Known Member
Member
Joined
Jan 4, 2015
Messages
6,107
Trophies
1
Age
44
XP
7,246
Country
Germany
It sounds like it might be possible to pull off an emunand type solution on 1.0 consoles since they have pwned the earlyish boot process and thats when eFuses are checked. I think thats the big thing lost on fw 3.0.
I would feel bad about that now if my Switch wasn't on 2.3.0 already when I bought it so I'm fine with my decision that I updated it to 3.0.0 :P

You can have your Switch sitting next to your TV, too, and (probably) plug in a big hard drive, since the dock has a USB port. That would be fricken sweet. Getting up from the couch to change cartridges is a PITA.
That's true and I hope for a way to use hard drives (maybe even officially by Ninty in the future) in dock mode so the games only appear on the homescreen when the Switch is docked only because I'm a lazy asshole and don't wanna get up off my couch. ^^
 
Last edited by lordelan,
  • Like
Reactions: DayVeeBoi

DayVeeBoi

Well-Known Member
Member
Joined
Aug 17, 2015
Messages
528
Trophies
0
Location
Canada
XP
978
Country
Canada
I would feel bad about that now if my Switch wasn't on 2.3.0 already when I bought it so I'm fine with my decision that I updated it to 3.0.0 :P
I got mine on pre-order, so I did have version 1.0 for a long time, but when it got around that 3.0 introduced a serious bug I updated since I had bought Splatoon on pre-order as well and couldnt play it for weeks lol
 
  • Like
Reactions: lordelan

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
    Xdqwerty @ Xdqwerty: @SylverReZ, (although for some reason entering any Twitter url sends me to the homepage)