More like there is no point in hacking them...
A kernel exploit exists, you can find it on GitHub: "Collateral Damage"
It's such a meaningless comment, like saying "it's only a matter of time." That time could range from tomorrow to the end of the world, and that comment will still mean nothing.How petty of you
Those types of comments, wishfully hoping for a quick find (along with comments about waiting for a chip or exploit to show up in order to use a $450+ console, or doing this in spite of Nintendo), genuinely annoy me.
Especially since the majority of the people who type that stuff contribute nothing to anything meaningful. Theory crafting means nothing.
Last edited by poisoned_soap,
switch1 is reading switch 2 games can someone dump the game?
Cross-gen games are Switch 1 version, just in red cart
Sure they will probably dump the games eventually. But they'll be encrypted and useless.
Post automatically merged:
Fair points, but I still stand by my statement that having 15 million+ V1 unpatched switches in the wild and cheaply available put a massive damper on finding any new exploits in HOS for most hackers. More eyes on the console may have discovered something else.
There's no interest because users can already do plenty with it as it is. Even I don't care if a hack comes to One X, I like the way it is.
And you know what, I can install the app Kodi right from the Xbox Store! If only the PSN Store had it too.
I read the Developer Mode is going free, still, it's asking for a payment so I'll wait.
https://blogs.windows.com/windowsde...nds-opportunities-for-windows-app-developers/
"Later next month" so some time in June, maybe around June 10-15 ish.
I'm curious, who hacked and modchip'd Switch 1 for the 1st time? what nationality?
Piracy is rampant in 3rd world where most people can't afford the hobby, but have they invented any new ways of hacking? since it's necessity.
I feel like it's always westerners who hack stuff and never chinese, for example, despite its massive gaming community and "making knockoff"/reverse engineering culture.
Piracy is rampant in 3rd world where most people can't afford the hobby, but have they invented any new ways of hacking? since it's necessity.
I feel like it's always westerners who hack stuff and never chinese, for example, despite its massive gaming community and "making knockoff"/reverse engineering culture.
Could be that in many Western countries we have "better" welfare, and can support our interest without a job for a time. Also, we are not that dependent to support family or similar to that extent, which gives more spare time. Also, decent work hours and time for hobbies might play in. I'm a nerd so talking generally. I've got my hobbies covered all the time except from work. Digital, nature, hack everything.
A lot of people found it individiually. But the exploit and Fusee-Gelee got released when SXOS got announced, so the opensource community released it before SXOS did.
https://switchbrew.org/wiki/Switch_System_Flaws
The part I'm most curious about is the microSD Express slot. It exposes a PCIe lane pretty much raw, which is a lot lower level than USB or SD/MMC, and gives access to DMA to peripheral devices (important for fast disk I/O), among other things. I wonder if this could end up becoming a weak point in the system - after the RCM fiasco last time, as well as the early Pegasus stuff that came out despite their insistence on not shipping a browser anymore, they've clearly stepped up security, but a direct port into the SoC's peripheral bus has gotta be tough to 100% secure.
A quick smoke test with something like a DaMAgecard could show whether they did the bare minimum and enabled IOMMU virtualization for the SDe card slot, which if failed would give access to the entire physical memory of the system. And even with IOMMU, there might be a couple of interesting tidbits available depending on what's mapped to the device. I'd tinker if I could, but I don't have $1000 to drop on a Switch 2 and PCIe analysis tools right now, so I hope there's someone doing that already.
A quick smoke test with something like a DaMAgecard could show whether they did the bare minimum and enabled IOMMU virtualization for the SDe card slot, which if failed would give access to the entire physical memory of the system. And even with IOMMU, there might be a couple of interesting tidbits available depending on what's mapped to the device. I'd tinker if I could, but I don't have $1000 to drop on a Switch 2 and PCIe analysis tools right now, so I hope there's someone doing that already.
Literally all device DMA has been 100% iommu'd with every device having its own address space even on NX.
If they did no additional changes to the already-existing-in-switch-1 iommu setup for the sd card device, the only thing accessible will be...the work buffer used exclusively for reading sectors from the sd card.
Correct iommu management is something N has always been ahead of the curve on.
Last edited by SciresM,
I dont want to be the first comment after sciresM since I highly respect your work and input.
https://bsky.app/profile/retr0.id/post/3lqtwrndzf22w
But Is this legit and what does this mean?
First userland exploit?
https://bsky.app/profile/retr0.id/post/3lqtwrndzf22w
But Is this legit and what does this mean?
First userland exploit?
Nothing significant - this is, to my understanding, a code reuse demo entirely within the context of a properly sandboxed signed program on the switch. It has no bearing on unsigned code execution (not happening any time soon), breaking out of software sandboxing (literally will not happen), or being anything but a cool party trick that doesn't really matter for anything larger than what you see right there. it's still cool, but nothing to get hopes up over.
I mean who would have guessed that it would be that fast
And according to the OP, its after the day-1 patch.What it means is that we can now run code through the memory. The code that will run is still constrainted by the privileges of the compromised application so by itself its not big (its still in the sandbox) but Its incredible that it was found so fast as it acts like a door into poking into other aspects of the system with the hope of finding a vulnerability for higher privileges.
Great things are coming our way
Last edited by Hyper1on,
It means nothing. It is a POC that claims to have gotten the Switch to do something unexpected in the user sandbox.
if you want to download LUA game demos to your switch for potential JB.
https://store-jp.nintendo.com/item/software/D70010000022285
https://store-jp.nintendo.com/item/software/D70010000037967
https://store-jp.nintendo.com/item/software/D70010000013424
https://store-jp.nintendo.com/item/software/D70010000022285
https://store-jp.nintendo.com/item/software/D70010000012253
https://store-jp.nintendo.com/item/software/D70010000036143
you have to change the account to japanese and also change the switch to japanese region.
i just added the games to the wishlist via pc and downloaded them to the switch.
https://store-jp.nintendo.com/item/software/D70010000022285
https://store-jp.nintendo.com/item/software/D70010000037967
https://store-jp.nintendo.com/item/software/D70010000013424
https://store-jp.nintendo.com/item/software/D70010000022285
https://store-jp.nintendo.com/item/software/D70010000012253
https://store-jp.nintendo.com/item/software/D70010000036143
you have to change the account to japanese and also change the switch to japanese region.
i just added the games to the wishlist via pc and downloaded them to the switch.
Attachments
Is save transfer even possible between a switch 1 and switch 2?
even if it is possible, you will probably need to be on the latest firmware to initiate the transfer which is not something you should do if you hope for a vulnerability.
This is a demo of a transferred hax savegame from switch 1 working on switch 2. I helped retr0id with setting this up months ago, and it working was expected.
This means essentially nothing for end users. This gives ROP under a switch 1 game process, which is very heavily sandboxed. You cannot load or run custom code executables or interact with anything the switch 1 game cannot legitimately access, without further exploits which don't exist at present and may never exist.
It's just a research poc. It's simpler/lower-effort than hacking the browser, which would be the other obvious way to get userland rop.
So you have to make a Japanese account and not just change US account region/language to Japanese? Didn't work changing US account region/language.
Site & Scene News
New Hot Discussed
-
-
24K views
Twilight Princess PC port "Dusk" gets its first release
It wasn't too long ago we saw our first glimpse of Courage Reborn, another Twilight Princess PC port in the works based on last year's decompilation efforts. With... -
13K views
Nintendo announces price increases across the board, set to come into effect from September in western regions
After much speculation, Nintendo has finally followed their competitors in announcing price increases for their hardware. You can find a breakdown of what's changing... -
12K views
Pokemon Platinum PC port gets a surprise release
Seemingly out of nowhere a PC port for Pokemon Platinum has surfaced online, bundled alongside the source code for those interested in building and developing it for... -
10K views
Star Fox 64 remake for the Switch 2 announced in surprise Nintendo Direct
Airing last night with very little in the way of warning, a brand new Nintendo Direct was aired. Running for 15 minutes in total, it took a moment to celebrate the... -
10K views
GameStop CEO proposes $55.5bn takeover of eBay
Known more widely for their unusual stock price in modern times, GameStop has seen a steady decline as the go-to retail space for US gamers. In what feels like an... -
9K views
Steam Deck gets a major price bump, more than 40% increase for US buyers
With very little in the way of announcement, Valve has today increased the price of the Steam Deck but some fairly considerable margins. Both of the available models... -
8K views
Nintendo president Shuntaro Furukawa explains Switch 2 price increases in recent Financial Results Briefing
As a part of their Financial Results Briefing for the previous year, Nintendo president Shuntaro Furukawa took to the floor to answer key questions around the Switch... -
8K views
Sony announces PlayStation Plus price increase for new customers starting May 20
Earlier this year, Sony announced major price increases for the PS5, PS5 Pro, and PlayStation Portal. Now the company is raising prices again, this time for... -
7K views
Forza Horizon 6 leaks online after Steam preload data was uploaded without encryption
We are once again here to tell you about a game leaking before its release, but for once, it's not one published by Nintendo. The game files for Microsoft's upcoming... -
6K views
Pokémon Crystal gets a PC port titled "suiCune" based on C/C++ language
Continuing with the great news of Pokémon Platinum getting a native unofficial PC port just a few days ago, today, yet another classic title from the franchise has...
-
-
-
163 replies
Twilight Princess PC port "Dusk" gets its first release
It wasn't too long ago we saw our first glimpse of Courage Reborn, another Twilight Princess PC port in the works based on last year's decompilation efforts. With... -
155 replies
Steam Deck gets a major price bump, more than 40% increase for US buyers
With very little in the way of announcement, Valve has today increased the price of the Steam Deck but some fairly considerable margins. Both of the available models... -
144 replies
Nintendo announces price increases across the board, set to come into effect from September in western regions
After much speculation, Nintendo has finally followed their competitors in announcing price increases for their hardware. You can find a breakdown of what's changing... -
134 replies
Star Fox 64 remake for the Switch 2 announced in surprise Nintendo Direct
Airing last night with very little in the way of warning, a brand new Nintendo Direct was aired. Running for 15 minutes in total, it took a moment to celebrate the... -
104 replies
GameStop CEO proposes $55.5bn takeover of eBay
Known more widely for their unusual stock price in modern times, GameStop has seen a steady decline as the go-to retail space for US gamers. In what feels like an... -
100 replies
Pokemon Platinum PC port gets a surprise release
Seemingly out of nowhere a PC port for Pokemon Platinum has surfaced online, bundled alongside the source code for those interested in building and developing it for... -
92 replies
Sony announces PlayStation Plus price increase for new customers starting May 20
Earlier this year, Sony announced major price increases for the PS5, PS5 Pro, and PlayStation Portal. Now the company is raising prices again, this time for... -
83 replies
Nintendo president Shuntaro Furukawa explains Switch 2 price increases in recent Financial Results Briefing
As a part of their Financial Results Briefing for the previous year, Nintendo president Shuntaro Furukawa took to the floor to answer key questions around the Switch... -
73 replies
Paper Mario PC recompilation "ReCut" gets its first pre-release build
The latest in a growing number of native PC ports, Paper Mario ReCut got its first pre-release build earlier this week. Based on the N64 recompilation toolchain, the... -
66 replies
PlayStation State of Play June 2, 2026 broadcast - new God of War announced
A whole hour of PlayStation content is on the way, thanks to the latest State of Play showcase. Headlining the stream will be Marvel's Wolverine, alongside a...
-
