Homebrew Discussion Soft mode for 2.x & 3.0 & 4.X

MonMonz

MonMonz

Well-Known Member
OP
Member
Level 9
Joined
Nov 7, 2014
Messages
485
Trophies
0
XP
1,680
Country
Egypt
I was thinking users on 2.x - 3.0 and 4.x can actually have a soft mode right now if there is some talanted developer can develop a hombrew app that could be lunched throught pegaswitch..and crash the syatem to get it into RCM right?
Is it possible guys? Am not expert so i wanna know your thoughts about it
 
pLaYeR^^

pLaYeR^^

Doctor Switch
Member
Level 13
Joined
Sep 18, 2014
Messages
3,151
Trophies
1
Age
27
Location
Austria
XP
3,883
Country
Austria
MonMonz said:
Just shareing a point and wanted to know how far we are from achieving this

I was just thinking with the tools that already exists we might see something soon!
Click to expand...
There are always possibilities but instead of searching for new vulnerabilities developers work on existing entry points. I'm sure that there's much potential and we'll never find all vulnerabilities. I guess this or next month we will also have something for lower firmware.
 
MonMonz

MonMonz

Well-Known Member
OP
Member
Level 9
Joined
Nov 7, 2014
Messages
485
Trophies
0
XP
1,680
Country
Egypt
pLaYeR^^ said:
There are always possibilities but instead of searching for new vulnerabilities developers work on existing entry points. I'm sure that there's much potential and we'll never find all vulnerabilities. I guess this or next month we will also have something for lower firmware.
Click to expand...
Okey then sound great
 
Draxzelex

Draxzelex

Well-Known Member
Member
Level 23
Joined
Aug 6, 2017
Messages
19,011
Trophies
2
Age
29
Location
New York City
XP
13,379
Country
United States
There are a total of 3 ways of entering RCM.
  1. Preventing the BCT from working. This is already accomplished via Briccmii but can also be done by removing the eMMC from your Switch (aka its NAND)
  2. Shorting pin 10 while holding vol + and power
  3. Set bit 2 of PMC scratch register zero. On modern firmwares, this requires EL3 or pre-sleep BPMP execution.
I'd imagine whatever software can boot into RCM would have to do number 3. But I think Deja Vu's web-based code execution is as good an alternative to using a jig and USB cable to load hacks. At the very least, it keeps your pins safe and makes the exploit not physically tethered.

Source:http://misc.ktemkin.com/fusee_gelee_nvidia.pdf
 
  • Like
Reactions: MonMonz

Site & Scene News

Go to forum More news

Popular threads in this forum

Homebrew Tutorial  Building Pagascape from source to running Self Hosted mode on Windows and MSYS

Hacking Misc  Getting the MIG Switch to load an XCI dump without its original Initial Data

mig switch not working/updating??

Hacking Homebrew Tutorial  Portable PegaScape (Win32)

Fusee.bin with the new Pre-release of Atmoshere 1.7.0

DBI language error

Homebrew Tutorial  Setup a DevKitPro environment on Windows.

Homebrew  I accidentally updated to fw 18.0 on my switch in cfw and now I am getting an error that says unknown pkg1 version. please help me find a solution

General chit-chat
Help Users
  • No one is chatting at the moment.
    OctoAori20 @ OctoAori20: Nice nice-