Toggle sidebar

Hacking Speculations about Switch 2 hacking

  • Thread starter Thread starter KeeperCP1
  • Start date Start date
  • Views Views 303,885
  • Replies Replies 803
  • Likes Likes 10
jammybudga777 said:
Odd that your in these forums then really tbh
Click to expand...
why? You actually have to update the console to use the MicroSD Express card..... so why wouldnt we update. It's not like there was an exploit found and Nintendo patched it with a day 1 system update.

The whole reason why anyone is in this thread is the announcement of an exploit or modchip that will work with the switch 2
 
  • Like
  • Love
Reactions: ChibiMofo, morrisseyshair, Marc_LFD and 1 other person
Davitek said:
Well this is interesting
Click to expand...

Seen it earlier.
There is some things throwing people of, such as the used Horizon OS (18.1.0) or the Memory Region Allocation of 4 Gigabytes, which was the case for Switch 1 but not for Switch 2 (12 GB).
Also systemd-calls which speak for Linux but not HorizonOS...

This is most likely video playback from random messages printed (or maybe a Switch 1 Emulator) on Linux.
 
Last edited by PureFallen,
  • Like
  • Love
Reactions: ChibiMofo, D4M28, 64bitmodels and 2 others
Davitek said:
Well this is interesting
Click to expand...

I wish it were real, but I don't think he just found an entry point out of nowhere and made a CFW in the process. I don't believe it, besides that serial number is from switch 1 xD

But hey, I hope I'm wrong and they've already found an exploit in Switch 2.
 

Attachments

  • Screenshot_20250614-221918_Fotos.png
    Screenshot_20250614-221918_Fotos.png
    174 KB · Views: 57
  • Like
Reactions: 64bitmodels and theanine
PureFallen said:
Seen it earlier.
There is some things throwing people of, such as the used Horizon OS (18.1.0) or the Memory Region Allocation of 4 Gigabytes, which was the case for Switch 1 but not for Switch 2 (12 GB).
Also systemd-calls which speak for Linux but not HorizonOS...

This is most likely video playback from random messages printed (or maybe a Switch 1 Emulator) on Linux.
Click to expand...

People on Twitter figured out even more wrong things with this video, such as a Switch 1 Serial Number being displayed. At this point we can be certain that this video is fake and that this path shouldn't be followed any further down.
 
  • Love
  • Like
Reactions: ChibiMofo and tomcat007
PureFallen said:
People on Twitter figured out even more wrong things with this video, such as a Switch 1 Serial Number being displayed. At this point we can be certain that this video is fake and that this path shouldn't be followed any further down.
Click to expand...
There are always idle people who use NS or NS2 player to play some videos to spread fake information. What benefits can they get?
 
  • Haha
Reactions: ChibiMofo
tomcat007 said:
There are always idle people who use NS or NS2 player to play some videos to spread fake information. What benefits can they get?
Click to expand...
Ad Revenue.
Social Media pays you for ads displayed on your posts (when having Premium on X or something like that).
This is the entire concept of Rage Bait and why we will have to assume that more fake posts like this will appear in the future.
 
  • Like
  • Love
Reactions: ChibiMofo, Dat0_ and AlphaBravo
RednaxelaNnamtra said:
The browser doesn't have jit enabled, so code execution in the browser is limited to rop and interpreted Javascript. Rop is something you can use for some poc stuff, but not really for a homebrew ecosystem with usefull apps.
So to make anything usable, we would need to also take over other system modules with higher privileges, likely more then one.

And for full on cfw, which would allow for rom hacking, full homebrew execution (but also piracy) and emunand (useful depending on the entrypoint, to allow normal online usage while staying on the exploitable firmware) , we need to at least take over the kernel, better the trustzone. But both are so small, that there is not a lot of attack surface, which is why we don't have any soft mods on anything more recent on the switch either.

New hardware protections likely also make attacking via glitching likely much harder, so its much harder to get consistent glitching in a small end user level device.

People will likely look into the switch 2, and maybe nvidia or Nintendo fucked up somewhere or everyone missed something, that would be nice, but being realistic, it's not too likely we get something everyone can use anytime soon.
Much better to go at it that way, and get positively surprised in case something is found, then to expect it to happen and never getting anything.
Click to expand...
Time to peg gbatemp again.

With the switch 2 slowly starting to look like the winchester 360 if not the xbox one altogether, we start to steadily lose hope. So far we didn't lose much.
So what do we have..
* browser ROP framebuffer poc (WOW!)
* the bluenx hoax with mh-hm systemd

I still remain optimistic.
My thoughts still loop on some funny nintendo-tier mistake that they'll definitely make.
And among those I want to see a bootrom fail, which, so far, nintendo has consistently done that.. flawed boot1b allowing for bootmii on the wii; unlaunch on the DSi; sighax on the 3ds; isfshax on the wii u; RCM smash on the NX.. yeah people will argue that the NX was flawed because of a mistake on nvidia's side, but agree with me: with such a chain, you want to attribute the fail to nintendo.

Then, continuing discussion..
So there's a ROP chain executed somehow. No clue how with all of the ASLR stuff. And probably the lack of knowledge on what is where.
I guess there's going to be something more advanced, and I'm placing my bets on compromising a proper title. So just how it was on Nintendo systems, applets with low hardware access and titles with proper hardware, etc, we compromise some app, make it run homebrew launcher through the magic of АХАЛАЙ-МАХАЛАЙ!, and then watch the entire community depend on whatever that method is.

So something like ninjhax is what I envision. Though if anything happens I'll be impressed. Everyone feels pessimistic.
Of course I also really hope it doesn't end up like collateral damage... hey guys I have an xbox one that can be updated to support collateral damage.. any assistance getting gamescript installed? store is not an option ofc...

I guess we'll see what happens, if anything. So yeah let's wait for next CCC. :P
 
  • Like
Reactions: urmother1992
After playing on the Switch 2 I've tried the original, but it just feels like a kid's toy now in comparison. Can't go back to the NS1, although I'll keep buying its games.

/ot
 
  • Love
Reactions: ChibiMofo
NO111ONE said:
Time to peg gbatemp again.

With the switch 2 slowly starting to look like the winchester 360 if not the xbox one altogether, we start to steadily lose hope. So far we didn't lose much.
So what do we have..
* browser ROP framebuffer poc (WOW!)
* the bluenx hoax with mh-hm systemd

I still remain optimistic.
My thoughts still loop on some funny nintendo-tier mistake that they'll definitely make.
And among those I want to see a bootrom fail, which, so far, nintendo has consistently done that.. flawed boot1b allowing for bootmii on the wii; unlaunch on the DSi; sighax on the 3ds; isfshax on the wii u; RCM smash on the NX.. yeah people will argue that the NX was flawed because of a mistake on nvidia's side, but agree with me: with such a chain, you want to attribute the fail to nintendo.

Then, continuing discussion..
So there's a ROP chain executed somehow. No clue how with all of the ASLR stuff. And probably the lack of knowledge on what is where.
I guess there's going to be something more advanced, and I'm placing my bets on compromising a proper title. So just how it was on Nintendo systems, applets with low hardware access and titles with proper hardware, etc, we compromise some app, make it run homebrew launcher through the magic of АХАЛАЙ-МАХАЛАЙ!, and then watch the entire community depend on whatever that method is.

So something like ninjhax is what I envision. Though if anything happens I'll be impressed. Everyone feels pessimistic.
Of course I also really hope it doesn't end up like collateral damage... hey guys I have an xbox one that can be updated to support collateral damage.. any assistance getting gamescript installed? store is not an option ofc...

I guess we'll see what happens, if anything. So yeah let's wait for next CCC. :P
Click to expand...
There isn't really any big noteworthy difference in permissions between an applet and an application, nintendo doesn't trust either of them. So unless a potentially found escalation has some very specific requirements, we will likely would get a web kit entrypoint for it. But we know most of the os from the switch already, so unless Nintendo made a big mistake in the switch 2 specific code, there is likely no cfw allowing attack surface. And if an escalation is found, it's more likely something, that it will barely be enough for homebrew exexution, so the consoles usage would likely be very limit in usage, outside running homebrew, because there would be no way to run updates for newer titles and online, unless you get cfw level permissions.
About the bootrom, this time, nintendo likely made sure nvidias bootrom code is properly audited, especially for the security relevant parts, so its unlikely we get something as big.

All in all, unless someone actually finds something, there is likely no reason to expect something to be found eventually, I will follow the scene and it's affords, and it would be nice, if something were to be found, but still it's unlikely to happen.
 
  • Like
Reactions: Dat0_ and AshWeststar
skunk_ said:
Does anyone think that it might be possible to replace the SD card slot on the Switch 2 with a m.2 2230 nvme slot instead? They both use PCI-E for communication after all, would it be relatively simple to do so?
Click to expand...
Seems there are modders working on this now.
https://www.tomshardware.com/video-...that-could-even-theoretically-support-an-egpu
https://github.com/NVNTLabs/switch2-SDEX2M2/tree/main
https://github.com/timonsku/SD-Express-Template-and-Adapters

They've said it's just about larger/cheaper storage, but is there any way a true SSD would be better at allowing homebrew than a Express card? Would it be accessible storage without needing the SD card firmware download from Nintendo's server?
 
  • Like
Reactions: peteruk
RustyMongoose said:
is there any way a true SSD would be better at allowing homebrew than a Express card? Would it be accessible storage without needing the SD card firmware download from Nintendo's server?
Click to expand...
Categorically, no. You'd need an exploit unrelated, and the exfat firmware is required, and the device being connected has to present itself as an express SD card for the native switch 2's functionality to install games on it rather than the 256gb internal nand
 
  • Like
  • Love
Reactions: ChibiMofo and Calipup
I am not someone with the level of technical expertise for understanding how to hack the switch2 but could this be a avenue worth investigating

The DamAGEcard sd express vulnerability?

(Would post link but not allowed)
 

Site & Scene News

Go to forum More news

Popular threads in this forum

Why was there almost no outrage about game keys?

bought a switch 2 from amazon.de(europe) and its banned,what are my chances nitendo unbans it?(i dint know if its seconds hand or not

Gaming  Pokemon Wind/Wave will be the first Pokemon game since X/Y that won't be datamined

STARFOX DIRECT!

Lack of Proper Game Streaming...

Hardware  Mobapad M12 HD

Gaming  Are you enjoying Yoshi and the Mysterious Book?

The Switch interface beats the Wii U's in one aspect