Toggle sidebar

Hacking Switch bootrom warmboot exploit

  • Thread starter Thread starter Deleted User
  • Start date Start date
  • Views Views 49,311
  • Replies Replies 161
  • Likes Likes 19
zoogie said:
Might be possible once basic interpreters like fuze and smilebasic show up.
Click to expand...

There no escalation of privileges off save files.it well know with the current state of openness of the console that save files would be the mostly used area for attempts to escalate with and have yet to yield any result that's not a panic in the kernel. there a reason there a bounty by the devs for anyone that can manage it and no one has claimed it.
 
weatMod said:
wow ,2.x.x switch and finally get my SX pro dongle in the mail yesterday and this happens literally the next day
still have not activated it yet tho ,waiting on 256gb msd
maybe i should dump it for a profit and get the OS instead?
Click to expand...
the existence of jamais vu and deja vu is known since half a year.
 
Draxzelex said:
Only if you have 5 or less fuses burnt. Otherwise, you would have to use the current bootrom exploit anyways to load your 4.1 NAND dump.
Click to expand...
Hey, can you not downgrade with the rajkosto method? (even though that would defeat the purpose of a warmboot cause... you need rcm to get into your downgraded firm, right?)
 
leon315 said:
IS THIS the famous trump card which hackers are holding all this time to counter New Fusée Gelée patched Switches??
Click to expand...

Only if they were <4.1 and as a possible ace-in-the-hole on Mariko but that's screwed now.

But its sort of obvious that Nintendo's know about this flaw for half a year or more now.
 
V-Temp said:
Only if they were <4.1 and as a possible ace-in-the-hole on Mariko but that's screwed now.

But its sort of obvious that Nintendo's know about this flaw for half a year or more now.
Click to expand...
SO if Nintendo already known this exploit, then ''K'' must leaked this exploit many months earlier? then things got heated up only recent because K was caught playing double agent all this time?
 
  • Like
Reactions: TAUSENN
V-Temp said:
Only if they were <4.1 and as a possible ace-in-the-hole on Mariko but that's screwed now.

But its sort of obvious that Nintendo's know about this flaw for half a year or more now.
Click to expand...

So why watch people struggling to make dongles to launch the payload when you can have tetherless booting and there's no need to keep the exploit secret coz big N ran the numbers
 
Phoenixrite said:
So why watch people struggling to make dongles to launch the payload when you can have tetherless booting and there's no need to keep the exploit secret coz big N ran the numbers
Click to expand...
It seems like nintendo hasn't fully patched it yet on the latest update so theythey are probably waiting for nintendo to fully patch it since releasing it now will put it at a higher priority to fix. Any ways making a dongles is simple enough.
 
Last edited by N0n@me,
leon315 said:
SO if Nintendo already known this exploit, then ''K'' must leaked this exploit many months earlier? then things got heated up only recent because K was caught playing double agent all this time?
Click to expand...

Nintendo probably found it themselves, its a common flaw in TX1. ktemkin mentioned that it an open source flaw.

Phoenixrite said:
So why watch people struggling to make dongles to launch the payload when you can have tetherless booting and there's no need to keep the exploit secret coz big N ran the numbers
Click to expand...

N0n@me said:
It seems like nintendo hasn't patched it yet on the latest update so theythey are probably waiting for nintendo to fully patch it since releasing it now will put it at a higher priority to fix. And making a dongles is simple enough.
Click to expand...

They know about the flaw, not necessarily all of the execution paths to it. They've mitigated it hard in 5.0, but maybe not entirely. But as you draw attention to it and talk about how possible it is, you make Nintendo look into it more.

Mariko may have carried the flaw.

We don't know if its possible on 5.0 or higher we just know it exists. It will always exist because its hardware but exploiting may be fully theory and not practical.
 
Last edited by V-Temp,
  • Like
Reactions: N0n@me
BlastedGuy9905 said:
Hey, can you not downgrade with the rajkosto method? (even though that would defeat the purpose of a warmboot cause... you need rcm to get into your downgraded firm, right?)
Click to expand...
Hmm, that's a good question. I don't believe the patched units come with the fuses already burnt so if you could hijack the first bootup of the console with RCM, load either Hekate or SX OS V1.3, check how many fuses are burnt with briccmii V2, you should load a firmware that matches however there are burnt or not. I could be wrong though but it definitely is worth testing out.
 
  • Like
Reactions: RichKK
Draxzelex said:
Hmm, that's a good question. I don't believe the patched units come with the fuses already burnt so if you could hijack the first bootup of the console with RCM, load either Hekate or SX OS V1.3, check how many fuses are burnt with briccmii V2, you should load a firmware that matches however there are burnt or not. I could be wrong though but it definitely is worth testing out.
Click to expand...
Well I'm certainly pretty sure that the initial firmware flash burns the needed fuses, as the bootloader would otherwise panic upon boot.
 
  • Like
Reactions: Zulnoth
Draxzelex said:
Hmm, that's a good question. I don't believe the patched units come with the fuses already burnt so if you could hijack the first bootup of the console with RCM, load either Hekate or SX OS V1.3, check how many fuses are burnt with briccmii V2, you should load a firmware that matches however there are burnt or not. I could be wrong though but it definitely is worth testing out.
Click to expand...

Its burned on flash at factory.
 
kumikochan said:
well the people that were constantly asking to update and did so because they wanted to use SXOS are basicly fucked now
Click to expand...
Why? FG is all you need. Only those who buy the new patched units and update their FW are fucked. And it won't be long and they all will be shipped with FW >4.1.
 
  • Like
Reactions: tbb043
vstar said:
Such hate for SX lel.
Click to expand...
No hate at all, just funny that people were constantly saying to not update and then they do. Don't twist what I said, it just has to do with updating and nothing to do with SXOS what I said. No need for xecuter drama

--------------------- MERGED ---------------------------

Memoir said:
No, not really...
Click to expand...
it does, only up to 4.1.0
 
Last edited by kumikochan,
kumikochan said:
No hate at all, just funny that people were constantly saying to not update and then they do. Don't twist what I said, it just has to do with updating and nothing to do with SXOS

--------------------- MERGED ---------------------------


it does, only up to 4.1.0
Click to expand...
Still have homebrew access and the ability to play backups (should I choose to). So, I'll live.
 
  • Like
Reactions: tbb043

Site & Scene News

Go to forum More news

Popular threads in this forum

Dusk for switch (TLoZ Twilight Princess port)

Homebrew  New Homebrew "Foil Server"?

Homebrew  Full List of N64 Recompilation Switch ports

Hacking  WiFi chip failing and can't boot. is it possible to enable Airplane Mode by editing system save files directly?

Homebrew Tutorial Translation Project  CS2SX — Write Nintendo Switch Homebrew in C#

Is it fixable

Homebrew  Sonic Unleashed Recompiled (Homebrew Port)

Hacking Emulation  Switch Prod Keys downloading from sites okay?