Toggle sidebar

Hacking Speculations about Switch 2 hacking

  • Thread starter Thread starter KeeperCP1
  • Start date Start date
  • Views Views 305,951
  • Replies Replies 806
  • Likes Likes 10
ronin47 said:
But, is this the first time that the NAND is encrypted in a console?
Click to expand...
The internal storage has been encrypted on every Nintendo console since Wii. Since the Switch 2 has no software exploits (and may never get some), we don't have the ability to read the contents via software, nor get the encryption keys for direct physical access.
 
  • Like
  • Love
Reactions: ChibiMofo, peteruk and Dat0_
DigBar said:
i talked a bit with this dude, i dont think he meant rcm, he just called it that, still dont think its real bc of the font in the picutre
Click to expand...

The most obvious one is his winscp "proof" picture, which implies the following:
1. he supposedly has all the switch 2 encryption/decryption keys to point he's able to mount the emmc/nand storage
2. that the switch 2 firmware has sha256 match with "0100000000000000" type titleids mixed in (switch 1 firmware ncas) with its firmware files. Why? because the titleids are embedded in both header and npdm, which would make the sha256 of the ncas be different. the switch 2's titleid format is "0400000000000000"

https://switchbrew.org/wiki/Switch_2:_Title_list

(incase you people are unaware, or forgot, all nca names are half of the sha256 value of the nca.
and the programid (ex: 0100000000000033, 0400000000000033) is in the encrypted part of the header of the nca.
even just there, ignoring the pfs/exefs partition with the npdm, already there the sha256 would be different, even if the code was identical for switch 1 and 2.

nca.jpg



this is switch 1, 21.2.0, firmware ncas (notice instant match from their "proof".)
2120.png




this is their "proof":
proof1.png
 
Last edited by bth,
  • Like
Reactions: mathew77, [Truth], Newhouse-Estates and 2 others
  • Like
Reactions: pogisanpolo and DigBar
ihaveahax said:
The internal storage has been encrypted on every Nintendo console since Wii. Since the Switch 2 has no software exploits (and may never get some), we don't have the ability to read the contents via software, nor get the encryption keys for direct physical access.
Click to expand...
how can you call yourself "ihaveahax" and then NOT have a hack for the switch 2?? 🤔🤔🤔
 
  • Like
Reactions: hippy dave
Newhouse-Estates said:
Yeah so apparently the guy just used a tool to fake sign photo's and videos.
Click to expand...
wait so... if you can fake-sign photos and videos into the album... wouldnt it be theoretically possible to make a homebrew payload that the system interprets as a "photo" or "video" in the album before you load it? we could just do Letterbomb 2 here if that's possible. of course it'd have to be after we find a way into the console first but still
 
Last edited by novabear0,
novabear0 said:
wait so... if you can fake-sign photos and videos into the album... wouldnt it be theoretically possible to make a homebrew payload that the system interprets as a "photo" or "video" in the album before you load it? we could just do Letterbomb 2 here if that's possible. of course it'd have to be after we find a way into the console first but still
Click to expand...
Signing something is not the same as executing it. Modern crytography don't even trust the signature of anything and will do various checks to ensure the signature is valid, like the good old bounds check, which will make letterbombs impossible
 
  • Love
Reactions: ChibiMofo
emmauss said:
Signing something is not the same as executing it. Modern crytography don't even trust the signature of anything and will do various checks to ensure the signature is valid, like the good old bounds check, which will make letterbombs impossible
Click to expand...
Going further with that, the Switch 2 security system seems to assume user land is exploited. So like everyone else has said, you aren't going to accomplish anything with just user land. Expanding on that, there will never be a kernel exploit. This thread gets worse and worse as it progresses.
 
  • Love
  • Like
Reactions: ChibiMofo and _iggyman_
OrGoN3 said:
Going further with that, the Switch 2 security system seems to assume user land is exploited. So like everyone else has said, you aren't going to accomplish anything with just user land. Expanding on that, there will never be a kernel exploit. This thread gets worse and worse as it progresses.
Click to expand...
So if there will "never" be a kernel exploit, is that it? Are we done here? I don't fully know how this all works, but that sounds pretty damning. I'm dying to play Pokopia, Kirby Air Riders, DK Bananza, the Yakuza and Fallout ports, and so much more, but my Switch 2 is on Day 1 firmware, so I'm wary to give up.
 
  • Haha
Reactions: ChibiMofo
Eye-V-Sore said:
So if there will "never" be a kernel exploit, is that it? Are we done here? I don't fully know how this all works, but that sounds pretty damning. I'm dying to play Pokopia, Kirby Air Riders, DK Bananza, the Yakuza and Fallout ports, and so much more, but my Switch 2 is on Day 1 firmware, so I'm wary to give up.
Click to expand...
To each their own. I can't tell you what to do.
 

"Impenetrable" and "never" are words that have aged badly every single console generation without exception.

The PS3 is the textbook case. Sony called it unhackable, and for years nobody seriously challenged that, not because it was true but because OtherOS gave the homebrew scene what it needed. The moment Sony yanked it, the community shifted focus, and within a relatively short timeframe the whole thing got popped with a five-dollar USB device running custom firmware plugged into the front port. A five-dollar device.

Security on any platform is just a ratio of time, effort, and money on the table. If someone publicly offered a million dollars for a working full exploit right now, there is a very realistic chance it lands within 8 to 10 months. It always comes down to whether the target is worth the grind, not whether it is actually possible.

The bigger barrier right now is probably not the hardware itself but Nintendo's legal posture. Nintendo has become the most aggressive litigator in the console space, making it commercially and legally toxic to market any exploitation tool publicly. The Switch is already thoroughly compromised, which removes the "just for the fun of it" motivation for targeting Switch 2, and anyone who does find something meaningful has strong reason to stay quiet rather than risk landing in Nintendo's crosshairs. The friction is not technical, it is legal.
 
  • Like
  • Love
  • Haha
Reactions: pogisanpolo, lemres, ChibiMofo and 3 others

Site & Scene News

Go to forum More news

Popular threads in this forum

bought a switch 2 from amazon.de(europe) and its banned,what are my chances nitendo unbans it?(i dint know if its seconds hand or not

Why was there almost no outrage about game keys?

STARFOX DIRECT!

Lack of Proper Game Streaming...

Hardware  Mobapad M12 HD

Gaming  Are you enjoying Yoshi and the Mysterious Book?

Am I really the only one who would take longer boot/load times...

The Switch interface beats the Wii U's in one aspect