Hacking Switch bootrom warmboot exploit

[IPLbug]

Might be possible once basic interpreters like fuze and smilebasic show up.

There no escalation of privileges off save files.it well know with the current state of openness of the console that save files would be the mostly used area for attempts to escalate with and have yet to yield any result that's not a panic in the kernel. there a reason there a bounty by the devs for anyone that can manage it and no one has claimed it.

 

[adrifcastr]

wow ,2.x.x switch and finally get my SX pro dongle in the mail yesterday and this happens literally the next day
still have not activated it yet tho ,waiting on 256gb msd
maybe i should dump it for a profit and get the OS instead?

the existence of jamais vu and deja vu is known since half a year.

 

[The3rdknuckles]

Did somebody say adventure?

 

[BlastedGuy9905]

Only if you have 5 or less fuses burnt. Otherwise, you would have to use the current bootrom exploit anyways to load your 4.1 NAND dump.

Hey, can you not downgrade with the rajkosto method? (even though that would defeat the purpose of a warmboot cause... you need rcm to get into your downgraded firm, right?)

 

[weatMod]

the existence of jamais vu and deja vu is known since half a year.

i know but now with all of this drama and the exploit being outer it makes a release more likely

 

[leon315]

Inb4 the exploit is leaked

IS THIS the famous trump card which hackers are holding all this time to counter New Fusée Gelée patched Switches??

 

[V-Temp]

IS THIS the famous trump card which hackers are holding all this time to counter New Fusée Gelée patched Switches??

Only if they were <4.1 and as a possible ace-in-the-hole on Mariko but that's screwed now.

But its sort of obvious that Nintendo's know about this flaw for half a year or more now.

 

[leon315]

Only if they were <4.1 and as a possible ace-in-the-hole on Mariko but that's screwed now.

But its sort of obvious that Nintendo's know about this flaw for half a year or more now.

SO if Nintendo already known this exploit, then ''K'' must leaked this exploit many months earlier? then things got heated up only recent because K was caught playing double agent all this time?

 

[Phoenixrite]

Only if they were <4.1 and as a possible ace-in-the-hole on Mariko but that's screwed now.

But its sort of obvious that Nintendo's know about this flaw for half a year or more now.

So why watch people struggling to make dongles to launch the payload when you can have tetherless booting and there's no need to keep the exploit secret coz big N ran the numbers

 

[N0n@me]

So why watch people struggling to make dongles to launch the payload when you can have tetherless booting and there's no need to keep the exploit secret coz big N ran the numbers

It seems like nintendo hasn't fully patched it yet on the latest update so theythey are probably waiting for nintendo to fully patch it since releasing it now will put it at a higher priority to fix. Any ways making a dongles is simple enough.

 

[V-Temp]

SO if Nintendo already known this exploit, then ''K'' must leaked this exploit many months earlier? then things got heated up only recent because K was caught playing double agent all this time?

Nintendo probably found it themselves, its a common flaw in TX1. ktemkin mentioned that it an open source flaw.

So why watch people struggling to make dongles to launch the payload when you can have tetherless booting and there's no need to keep the exploit secret coz big N ran the numbers

It seems like nintendo hasn't patched it yet on the latest update so theythey are probably waiting for nintendo to fully patch it since releasing it now will put it at a higher priority to fix. And making a dongles is simple enough.

They know about the flaw, not necessarily all of the execution paths to it. They've mitigated it hard in 5.0, but maybe not entirely. But as you draw attention to it and talk about how possible it is, you make Nintendo look into it more.

Mariko may have carried the flaw.

We don't know if its possible on 5.0 or higher we just know it exists. It will always exist because its hardware but exploiting may be fully theory and not practical.

 

[Draxzelex]

Hey, can you not downgrade with the rajkosto method? (even though that would defeat the purpose of a warmboot cause... you need rcm to get into your downgraded firm, right?)

Hmm, that's a good question. I don't believe the patched units come with the fuses already burnt so if you could hijack the first bootup of the console with RCM, load either Hekate or SX OS V1.3, check how many fuses are burnt with briccmii V2, you should load a firmware that matches however there are burnt or not. I could be wrong though but it definitely is worth testing out.

 

[adrifcastr]

Hmm, that's a good question. I don't believe the patched units come with the fuses already burnt so if you could hijack the first bootup of the console with RCM, load either Hekate or SX OS V1.3, check how many fuses are burnt with briccmii V2, you should load a firmware that matches however there are burnt or not. I could be wrong though but it definitely is worth testing out.

Well I'm certainly pretty sure that the initial firmware flash burns the needed fuses, as the bootloader would otherwise panic upon boot.

 

[V-Temp]

Hmm, that's a good question. I don't believe the patched units come with the fuses already burnt so if you could hijack the first bootup of the console with RCM, load either Hekate or SX OS V1.3, check how many fuses are burnt with briccmii V2, you should load a firmware that matches however there are burnt or not. I could be wrong though but it definitely is worth testing out.

Its burned on flash at factory.

 

[kumikochan]

well the people that were constantly asking to update and did so because they wanted to use SXOS are basicly fucked now

 

[vstar]

well the people that were constantly asking to update and did so because they wanted to use SXOS are basicly fucked now

Such hate for SX lel.

 

[tecfreak]

well the people that were constantly asking to update and did so because they wanted to use SXOS are basicly fucked now

Why? FG is all you need. Only those who buy the new patched units and update their FW are fucked. And it won't be long and they all will be shipped with FW >4.1.

 

[Kioku]

well the people that were constantly asking to update and did so because they wanted to use SXOS are basicly fucked now

No, not really...

 

[kumikochan]

Such hate for SX lel.

No hate at all, just funny that people were constantly saying to not update and then they do. Don't twist what I said, it just has to do with updating and nothing to do with SXOS what I said. No need for xecuter drama

--------------------- MERGED ---------------------------

No, not really...

it does, only up to 4.1.0

 

[Kioku]

No hate at all, just funny that people were constantly saying to not update and then they do. Don't twist what I said, it just has to do with updating and nothing to do with SXOS

--------------------- MERGED ---------------------------


it does, only up to 4.1.0

Still have homebrew access and the ability to play backups (should I choose to). So, I'll live.