Hacking Question so... userland HB on 3.0.1?

  • Thread starter Deleted User
  • Start date
  • Views 4,944
  • Replies 25
D

Deleted User

Guest
OP
I watched the stream from the guys over 34c3 and I understood some of what they said...
they said that the problem with 3.0.1 is that the pid0 bug was patched...
but that bug is only for taking over stuff above userland, right? that was what they showed us in the security access diagram....
I mean, even if I dont get to touch kernel or services, cant we still make userland only hb launcher?
 

jakerman999

Well-Known Member
Newcomer
Joined
May 15, 2013
Messages
52
Trophies
0
Age
31
XP
338
Country
Canada
The pid0 bug is the big bug that was patched in 3.0.1

Nintendo also patched the webkit exploit they used (I believe) but that doesn't really matter as webkit exploits are a dime a dozen. So we can still take over the webbrowser app, but any code will still live inside the sandbox the browser lived in. This means no access to filesystem (including the sd card) and probably some other important things that homebrew likes to have.

SD card is big, because otherwise any homebrew that we want to run has to be downloaded everytime it is ran. Plus, it has to fit entirely on ram.
 

V-Temp

Well-Known Member
Member
Joined
Jul 20, 2017
Messages
1,227
Trophies
0
Age
34
XP
1,342
Country
United States
There's no/limited escalation path out of the webkit sandbox, and then little to none out of userland into kernel, to work with. The Switch has two fronts of security, in the older firmwares you could get into both but because Nintendo patched up nearly everything (repeat: kernel exploits are rare, get harder the more they are patched, and that's why asking for their release at every turn helps no one) and had good code to work with to begin with, once a Switch *is* patched, its very difficult to work backwards. Moving upstream is always easier than moving downstream, so to speak.

3.0.0 has been a fluke of sorts because Nintendo's largely kept their side of the platform very well secured since 2.0.0, you can even read up on this on the wiki. The flaws are detailed and the extensive lack of useful compromises above 2.0.0 aside from the 3.0.0 sm issue is well documented.

Its always a good read to keep up with the work of those leading the scene: http://switchbrew.org/index.php?title=Switch_System_Flaws
 

the_randomizer

The Temp's official fox whisperer
Member
Joined
Apr 29, 2011
Messages
31,284
Trophies
2
Age
38
Location
Dr. Wahwee's castle
XP
18,969
Country
United States
There's no/limited escalation path out of the webkit sandbox, and then little to none out of userland into kernel, to work with. The Switch has two fronts of security, in the older firmwares you could get into both but because Nintendo patched up nearly everything (repeat: kernel exploits are rare, get harder the more they are patched, and that's why asking for their release at every turn helps no one) and had good code to work with to begin with, once a Switch *is* patched, its very difficult to work backwards. Moving upstream is always easier than moving downstream, so to speak.

3.0.0 has been a fluke of sorts because Nintendo's largely kept their side of the platform very well secured since 2.0.0, you can even read up on this on the wiki. The flaws are detailed and the extensive lack of useful compromises above 2.0.0 aside from the 3.0.0 sm issue is well documented.

Its always a good read to keep up with the work of those leading the scene: http://switchbrew.org/index.php?title=Switch_System_Flaws

So this proves 4.x.x exploits of any kind are impossible. And if they were possible, no one would want to put forth the effort to do so given how hard it would be, as all the good exploits were in 3.0.0. That is what you're saying, right?
 
Last edited by the_randomizer,

V-Temp

Well-Known Member
Member
Joined
Jul 20, 2017
Messages
1,227
Trophies
0
Age
34
XP
1,342
Country
United States
So this proves 4.x.x exploits of any kind are impossible. And if they were possible, no one would want to put forth the effort to do so given how hard it would be, as all the good exploits were in 3.0.0. That is what you're saying, right?

No. Nothing is impossible, this is still software made by people and people can make mistakes.
 
  • Like
Reactions: the_randomizer
D

Deleted User

Guest
OP
The pid0 bug is the big bug that was patched in 3.0.1

Nintendo also patched the webkit exploit they used (I believe) but that doesn't really matter as webkit exploits are a dime a dozen. So we can still take over the webbrowser app, but any code will still live inside the sandbox the browser lived in. This means no access to filesystem (including the sd card) and probably some other important things that homebrew likes to have.

SD card is big, because otherwise any homebrew that we want to run has to be downloaded everytime it is ran. Plus, it has to fit entirely on ram.
Oh right you cant access sd without kernel.... so in theory it is possible to download one app at a time to ram and run it, tho I dont see anybody doing that...
 
  • Like
Reactions: KHSebastian

duffmmann

Well-Known Member
Member
Joined
Mar 11, 2009
Messages
3,966
Trophies
2
XP
2,305
Country
United States
So you're saying I should hope for a 4.x.x exploit? Hmm... I find this reassuring.

I think he's just saying, never say never. No known exploits for 4.X firmware today, doesn't mean that necessarily will hold true forever. Yet, all the same, until any new news does drop, hoping for such an exploit will remain a pipe dream.
 

Jonna

Some sort of musician.
Member
Joined
May 15, 2015
Messages
1,233
Trophies
1
Age
35
Location
Canada
Website
twitter.com
XP
3,133
Country
Canada
So you're saying I should hope for a 4.x.x exploit? Hmm... I find this reassuring.
Dude, we get it for the 8th time at least now, you're bummed out that you're on a higher firmware.

You're finding words in his post that he's not saying, unfortunately. He just merely said it's not impossible. Surviving 3 bear attacks is not impossible. Just a hell of a lot of effort for nothing in return.
 
D

Deleted User

Guest
OP
Dude, we get it for the 8th time at least now, you're bummed out that you're on a higher firmware.

You're finding words in his post that he's not saying, unfortunately. He just merely said it's not impossible. Surviving 3 bear attacks is not impossible. Just a hell of a lot of effort for nothing in return.
Hey! Thats not "nothing"
It will help the community if it will be released...
Also I did hear some talks on the discord channel regarding exploiting 4.x or 3.0.1, idk how/when tho, dont think anything will go public soon...
 

DiscostewSM

Well-Known Member
Member
Joined
Feb 10, 2009
Messages
5,484
Trophies
2
Location
Sacramento, California
Website
lazerlight.x10.mx
XP
5,469
Country
United States
All I know is that if more great games come out for the system, then it's going to be that much harder not to update it. I'm already on the most recent firmware, so I can't go back (efuses and stuff getting in the way), but I couldn't be happier about what I currently have for the system. Don't feel like buying another Switch (playing roulette for one that is at or below the needed firmware) just for homebrew. Never bought another system for that purpose, and I don't plan on doing it now.
 
D

Deleted User

Guest
OP
having been a part of many scenes I would have to say the answer has to do with motivation. Where is the motivation? Possible as one said yes it's possible to survive 3 bear attacks. What's the motivation for a hacker? You have a motivation.

Why do I mention this? Well a while back there was a fellow who had an hd dvd player. It wouldn't play on his pc. I believe it was designed for his 360 or something. He was told he couldn 't hack it. So he did. Poof there went a whole format. We now use blueray mainly. So like motivation is a strong thing. Right now only hackers with 3.01 are the ones with motivation. But hackers knew to get 3.0...

They are hackers.

So like it's now up to folks like yourself to either ascend or cry and devs who know the innards to decide ok should we help the ones crying or ourselves? My experience is devs and hackers ignore this. They say to themselves well my console is good. I don't have the time basically. But nothing is impossible. The saturn was just reverse engineered. It took how many years? It takes determination. I remember when I threw linux on a 360 in 2005. People in my area told me I was wasting my life. I was determined to get mugen onto a 360. I sadly never succeeded. Work, life, school and all sorts of other things got in the way. But i tried. Sometimes you try and you fail. Now is the time for you to try. That would be my advice to you. But you shouldn't waste time posting threads because it's not effective. Least not here. Start learning and researching the platforms and language and methods of attack. Even though I failed in my own effort I learned sooooo much that I made tons of money...
 

isoboy

Well-Known Member
Member
Joined
Dec 23, 2016
Messages
1,223
Trophies
0
XP
2,666
Country
United States
having been a part of many scenes I would have to say the answer has to do with motivation. Where is the motivation? Possible as one said yes it's possible to survive 3 bear attacks. What's the motivation for a hacker? You have a motivation.

Why do I mention this? Well a while back there was a fellow who had an hd dvd player. It wouldn't play on his pc. I believe it was designed for his 360 or something. He was told he couldn 't hack it. So he did. Poof there went a whole format. We now use blueray mainly. So like motivation is a strong thing. Right now only hackers with 3.01 are the ones with motivation. But hackers knew to get 3.0...

They are hackers.

So like it's now up to folks like yourself to either ascend or cry and devs who know the innards to decide ok should we help the ones crying or ourselves? My experience is devs and hackers ignore this. They say to themselves well my console is good. I don't have the time basically. But nothing is impossible. The saturn was just reverse engineered. It took how many years? It takes determination. I remember when I threw linux on a 360 in 2005. People in my area told me I was wasting my life. I was determined to get mugen onto a 360. I sadly never succeeded. Work, life, school and all sorts of other things got in the way. But i tried. Sometimes you try and you fail. Now is the time for you to try. That would be my advice to you. But you shouldn't waste time posting threads because it's not effective. Least not here. Start learning and researching the platforms and language and methods of attack. Even though I failed in my own effort I learned sooooo much that I made tons of money...

That's a hell of a story that I'll remember for the rest of my life. Now excuse me while I go ice fishing for five days.
 

pwsincd

Garage Flower
Developer
Joined
Dec 4, 2011
Messages
3,686
Trophies
2
Location
Manchester UK
XP
4,450
Dude, we get it for the 8th time at least now, you're bummed out that you're on a higher firmware.

You're finding words in his post that he's not saying, unfortunately. He just merely said it's not impossible. Surviving 3 bear attacks is not impossible. Just a hell of a lot of effort for nothing in return.
dude we get this every console from the randomizer lmao..
 

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
  • Psionic Roshambo @ Psionic Roshambo:
    I might attempt that dual PC thing, would need a way to switch keyboard and mouse...
  • Psionic Roshambo @ Psionic Roshambo:
    Like a USB hub with a switch that could plug into both mobos...
  • K3Nv2 @ K3Nv2:
    Linux/windows?
  • Psionic Roshambo @ Psionic Roshambo:
    Windows of course lol
  • Psionic Roshambo @ Psionic Roshambo:
    What my idea is that I would be processing video on the new one while I could game on my current machine
  • Psionic Roshambo @ Psionic Roshambo:
    Sort of what I use my Pi 4 for now
  • BakerMan @ BakerMan:
    luke is a simp for kath soucie ngl
  • realtimesave @ realtimesave:
    @Psionic Roshambo don't worry my spanish is so bad, I said "quanto" on facebook instead of "cuanto"
    +1
  • SylverReZ @ SylverReZ:
    I only know little Spanish, haven't done classes in a long time.
  • Psionic Roshambo @ Psionic Roshambo:
    I used to know almost enough Spanish to have a simple conversation but not anymore lol
  • NinStar @ NinStar:
    quanto is portuguese
  • BakerMan @ BakerMan:
    guys, hear me out
  • BakerMan @ BakerMan:
    a backrooms or scp mmo would be sick
  • BakerMan @ BakerMan:
    especially if you could change perspective (first person, third person, top down)
  • NinStar @ NinStar:
    backrooms kinda lost its magic for me
  • Veho @ Veho:
    Fluffernutter sounds like a sex move but apparently it's not.
    +1
  • Sonic Angel Knight @ Sonic Angel Knight:
    Blaster Master is the name of a game. by SUNSOFT! Totally not a sex move. :creep:
    +1
  • Veho @ Veho:
    Master Blaster is the name of a Mad Max character.
    +1
  • Veho @ Veho:
    Characters to be precise.

    +1
  • SylverReZ @ SylverReZ:
    @Veho, Master Blaster sounds like an adult video game.
  • Veho @ Veho:
    His ultimate move is the Jizznado.
    +1
  • SylverReZ @ SylverReZ:
    How does that work?
  • BakerMan @ BakerMan:
    he jerks it in a circle
    +1
  • Psionic Roshambo @ Psionic Roshambo:
    Math Blaster lol
    Psionic Roshambo @ Psionic Roshambo: Math Blaster lol