Hacking Question so... userland HB on 3.0.1?

  • Thread starter Deleted User
  • Start date
  • Views 4,669
  • Replies 25
D

Deleted User

Guest
OP
I watched the stream from the guys over 34c3 and I understood some of what they said...
they said that the problem with 3.0.1 is that the pid0 bug was patched...
but that bug is only for taking over stuff above userland, right? that was what they showed us in the security access diagram....
I mean, even if I dont get to touch kernel or services, cant we still make userland only hb launcher?
 

jakerman999

Well-Known Member
Newcomer
Joined
May 15, 2013
Messages
52
Trophies
0
Age
29
XP
318
Country
Canada
The pid0 bug is the big bug that was patched in 3.0.1

Nintendo also patched the webkit exploit they used (I believe) but that doesn't really matter as webkit exploits are a dime a dozen. So we can still take over the webbrowser app, but any code will still live inside the sandbox the browser lived in. This means no access to filesystem (including the sd card) and probably some other important things that homebrew likes to have.

SD card is big, because otherwise any homebrew that we want to run has to be downloaded everytime it is ran. Plus, it has to fit entirely on ram.
 

V-Temp

Well-Known Member
Member
Joined
Jul 20, 2017
Messages
1,227
Trophies
0
Age
32
XP
1,322
Country
United States
There's no/limited escalation path out of the webkit sandbox, and then little to none out of userland into kernel, to work with. The Switch has two fronts of security, in the older firmwares you could get into both but because Nintendo patched up nearly everything (repeat: kernel exploits are rare, get harder the more they are patched, and that's why asking for their release at every turn helps no one) and had good code to work with to begin with, once a Switch *is* patched, its very difficult to work backwards. Moving upstream is always easier than moving downstream, so to speak.

3.0.0 has been a fluke of sorts because Nintendo's largely kept their side of the platform very well secured since 2.0.0, you can even read up on this on the wiki. The flaws are detailed and the extensive lack of useful compromises above 2.0.0 aside from the 3.0.0 sm issue is well documented.

Its always a good read to keep up with the work of those leading the scene: http://switchbrew.org/index.php?title=Switch_System_Flaws
 

the_randomizer

The Temp's official fox whisperer
Member
Joined
Apr 29, 2011
Messages
31,284
Trophies
2
Age
37
Location
Dr. Wahwee's castle
XP
18,927
Country
United States
There's no/limited escalation path out of the webkit sandbox, and then little to none out of userland into kernel, to work with. The Switch has two fronts of security, in the older firmwares you could get into both but because Nintendo patched up nearly everything (repeat: kernel exploits are rare, get harder the more they are patched, and that's why asking for their release at every turn helps no one) and had good code to work with to begin with, once a Switch *is* patched, its very difficult to work backwards. Moving upstream is always easier than moving downstream, so to speak.

3.0.0 has been a fluke of sorts because Nintendo's largely kept their side of the platform very well secured since 2.0.0, you can even read up on this on the wiki. The flaws are detailed and the extensive lack of useful compromises above 2.0.0 aside from the 3.0.0 sm issue is well documented.

Its always a good read to keep up with the work of those leading the scene: http://switchbrew.org/index.php?title=Switch_System_Flaws

So this proves 4.x.x exploits of any kind are impossible. And if they were possible, no one would want to put forth the effort to do so given how hard it would be, as all the good exploits were in 3.0.0. That is what you're saying, right?
 
Last edited by the_randomizer,

V-Temp

Well-Known Member
Member
Joined
Jul 20, 2017
Messages
1,227
Trophies
0
Age
32
XP
1,322
Country
United States
So this proves 4.x.x exploits of any kind are impossible. And if they were possible, no one would want to put forth the effort to do so given how hard it would be, as all the good exploits were in 3.0.0. That is what you're saying, right?

No. Nothing is impossible, this is still software made by people and people can make mistakes.
 
  • Like
Reactions: the_randomizer
D

Deleted User

Guest
OP
The pid0 bug is the big bug that was patched in 3.0.1

Nintendo also patched the webkit exploit they used (I believe) but that doesn't really matter as webkit exploits are a dime a dozen. So we can still take over the webbrowser app, but any code will still live inside the sandbox the browser lived in. This means no access to filesystem (including the sd card) and probably some other important things that homebrew likes to have.

SD card is big, because otherwise any homebrew that we want to run has to be downloaded everytime it is ran. Plus, it has to fit entirely on ram.
Oh right you cant access sd without kernel.... so in theory it is possible to download one app at a time to ram and run it, tho I dont see anybody doing that...
 
  • Like
Reactions: KHSebastian

duffmmann

Well-Known Member
Member
Joined
Mar 11, 2009
Messages
3,967
Trophies
0
XP
2,282
Country
United States
So you're saying I should hope for a 4.x.x exploit? Hmm... I find this reassuring.

I think he's just saying, never say never. No known exploits for 4.X firmware today, doesn't mean that necessarily will hold true forever. Yet, all the same, until any new news does drop, hoping for such an exploit will remain a pipe dream.
 

Jonna

Some sort of musician.
Member
Joined
May 15, 2015
Messages
1,175
Trophies
1
Age
33
Location
Canada
Website
twitter.com
XP
2,591
Country
Canada
So you're saying I should hope for a 4.x.x exploit? Hmm... I find this reassuring.
Dude, we get it for the 8th time at least now, you're bummed out that you're on a higher firmware.

You're finding words in his post that he's not saying, unfortunately. He just merely said it's not impossible. Surviving 3 bear attacks is not impossible. Just a hell of a lot of effort for nothing in return.
 
D

Deleted User

Guest
OP
Dude, we get it for the 8th time at least now, you're bummed out that you're on a higher firmware.

You're finding words in his post that he's not saying, unfortunately. He just merely said it's not impossible. Surviving 3 bear attacks is not impossible. Just a hell of a lot of effort for nothing in return.
Hey! Thats not "nothing"
It will help the community if it will be released...
Also I did hear some talks on the discord channel regarding exploiting 4.x or 3.0.1, idk how/when tho, dont think anything will go public soon...
 

DiscostewSM

Well-Known Member
Member
Joined
Feb 10, 2009
Messages
5,472
Trophies
1
Location
Sacramento, California
Website
lazerlight.x10.mx
XP
5,052
Country
United States
All I know is that if more great games come out for the system, then it's going to be that much harder not to update it. I'm already on the most recent firmware, so I can't go back (efuses and stuff getting in the way), but I couldn't be happier about what I currently have for the system. Don't feel like buying another Switch (playing roulette for one that is at or below the needed firmware) just for homebrew. Never bought another system for that purpose, and I don't plan on doing it now.
 
D

Deleted User

Guest
OP
having been a part of many scenes I would have to say the answer has to do with motivation. Where is the motivation? Possible as one said yes it's possible to survive 3 bear attacks. What's the motivation for a hacker? You have a motivation.

Why do I mention this? Well a while back there was a fellow who had an hd dvd player. It wouldn't play on his pc. I believe it was designed for his 360 or something. He was told he couldn 't hack it. So he did. Poof there went a whole format. We now use blueray mainly. So like motivation is a strong thing. Right now only hackers with 3.01 are the ones with motivation. But hackers knew to get 3.0...

They are hackers.

So like it's now up to folks like yourself to either ascend or cry and devs who know the innards to decide ok should we help the ones crying or ourselves? My experience is devs and hackers ignore this. They say to themselves well my console is good. I don't have the time basically. But nothing is impossible. The saturn was just reverse engineered. It took how many years? It takes determination. I remember when I threw linux on a 360 in 2005. People in my area told me I was wasting my life. I was determined to get mugen onto a 360. I sadly never succeeded. Work, life, school and all sorts of other things got in the way. But i tried. Sometimes you try and you fail. Now is the time for you to try. That would be my advice to you. But you shouldn't waste time posting threads because it's not effective. Least not here. Start learning and researching the platforms and language and methods of attack. Even though I failed in my own effort I learned sooooo much that I made tons of money...
 

isoboy

Well-Known Member
Member
Joined
Dec 23, 2016
Messages
1,132
Trophies
0
XP
2,084
Country
United States
having been a part of many scenes I would have to say the answer has to do with motivation. Where is the motivation? Possible as one said yes it's possible to survive 3 bear attacks. What's the motivation for a hacker? You have a motivation.

Why do I mention this? Well a while back there was a fellow who had an hd dvd player. It wouldn't play on his pc. I believe it was designed for his 360 or something. He was told he couldn 't hack it. So he did. Poof there went a whole format. We now use blueray mainly. So like motivation is a strong thing. Right now only hackers with 3.01 are the ones with motivation. But hackers knew to get 3.0...

They are hackers.

So like it's now up to folks like yourself to either ascend or cry and devs who know the innards to decide ok should we help the ones crying or ourselves? My experience is devs and hackers ignore this. They say to themselves well my console is good. I don't have the time basically. But nothing is impossible. The saturn was just reverse engineered. It took how many years? It takes determination. I remember when I threw linux on a 360 in 2005. People in my area told me I was wasting my life. I was determined to get mugen onto a 360. I sadly never succeeded. Work, life, school and all sorts of other things got in the way. But i tried. Sometimes you try and you fail. Now is the time for you to try. That would be my advice to you. But you shouldn't waste time posting threads because it's not effective. Least not here. Start learning and researching the platforms and language and methods of attack. Even though I failed in my own effort I learned sooooo much that I made tons of money...

That's a hell of a story that I'll remember for the rest of my life. Now excuse me while I go ice fishing for five days.
 

pwsincd

Garage Flower
Developer
Joined
Dec 4, 2011
Messages
3,680
Trophies
1
Location
Manchester UK
XP
4,203
Dude, we get it for the 8th time at least now, you're bummed out that you're on a higher firmware.

You're finding words in his post that he's not saying, unfortunately. He just merely said it's not impossible. Surviving 3 bear attacks is not impossible. Just a hell of a lot of effort for nothing in return.
dude we get this every console from the randomizer lmao..
 
General chit-chat
Help Users
  • No one is chatting at the moment.
    KenniesNewName @ KenniesNewName: +1