Hacking Switch bootrom warmboot exploit

[tivu100]

Nintendo have the exploit hasn't been formally released might take a while if the reswitched people don't release what they know about the warmboot xploit, is team xecuter going to persue this xploit?

They may need to make it compatible when it gets released but unlikely they would actively develop it themselves. This exploit hit right at their dongle selling business. No one want to spend resource and time to develop something that kill their own business.

 

[leon315]

That's not what he said. Where does it say 1.0.0 is definite?

Source: https://gbatemp.net/threads/firmware-status.495078/

he shall change all ''at launch'' to TBD, with recent drama We have no idea when they are going to release CFW

 

[M7L7NK7]

The cartridge part could actually become a HUGE problem if someone gets a full softmod that would require a certain game as a entry point, however most likely they would probably support entering RCM and use something like LayeredFS that could do the trick too instead of needing to actually have the cartridge game.

I just launched the browser with Puyo Japan with SX and when I go back down to 1.0.0 I'm sure Pegaswitch would work, so surely you wouldn't need an original cart

 

[mariogamer]

I thought I'd regret updating my 4.1 switch to latest firmware, but for what exactly?
I'd have to use a 32Gb emunand, but I only have 64gb on my sd.... but it would be for what, since I won't have pirated games? And even there, I'd only use some homebrew, since most of them are re implementation of little games. Better just use rcm and boot into hb if needed. (and, at worse, use lakka for emu's.

Also, for people thinking SX is better, it's not (OS wise, the dongle is quite neat, if they could sell it alone). They made nothing, and I mean nothing, new (btw, should I also they they copy/paste a lot of stuff?) except kernel patches which remove sigchecks, which aren't needed for homebrews (or anything else, since most atmosphere feature right now doesn't require sigchecking) (this is probably why it wasn't implemented, and probably won't be).

 

[adrifcastr]

I thought I'd regret updating my 4.1 switch to latest firmware, but for what exactly?
I'd have to use a 32Gb emunand, but I only have 64gb on my sd.... but it would be for what, since I won't have pirated games?

Using and Emulated nand is optional, noone forces you to do so, as for the space, actually you're just loosing 2.6 gigs which is the system partition, everything else just acts as the emunands internal memory, just like the actual emmc. Also what you are loosing on updating past 4.1 is a trustzone takeover exploit which enables a tetherless warmboot with ace.

 

[Deleted_444986]

So if the OP description is real and if it where it has been descriptted ?

 

[adrifcastr]

So if the OP description is real and if it where it has been descriptted ?

SciresM has a writeup on reddit. Also jamais vu is already public.

 

[Deleted_444986]

SciresM has a writeup on reddit. Also jamais vu is already public.

yes but the warmboot of this thread is what ?
And is this related to @ktemkin drama ?

 

[rrocha]

SciresM has a writeup on reddit. Also jamais vu is already public.

which sub?

 

[NoNAND]

I'm on 5.1 is there still hope?

 

[kumikochan]

I'm on 5.1 is there still hope?

Only rcm

 

[kamesenin888]

I'm on 5.1 is there still hope?

Dude deja vu is mostly for people that dont want to use rcm, or cant use it, the rcm is very easy to use deja vu not that easy

 

[mariogamer]

Dude deja vu is mostly for people that dont want to use rcm, or cant use it, the rcm is very easy to use deja vu not that easy

Depends on the userland entrypoint. If it is nspwn (unnofficial code on the home menu, by "linking" to another executable on sd/nand), you can load hbm-> any homebrew to escalate privileges to trustzone.

 

[kamesenin888]

Even sciresm said it wasnt a friendly user exploit, rcm is far better but it requries the jig or a mod

 

[mariogamer]

I'm on 5.1 is there still hope?

Are you willing to use always rcm?
Yes: no problemo. You can even update.
No: Buy/exchange/whatever a new switch, before the mariko units.

Using and Emulated nand is optional, noone forces you to do so, as for the space, actually you're just loosing 2.6 gigs which is the system partition, everything else just acts as the emunands internal memory, just like the actual emmc. Also what you are loosing on updating past 4.1 is a trustzone takeover exploit which enables a tetherless warmboot with ace.

Welp you loose the space on the system (internal), and for me it's kind off a lot. (And loosing the ability to put new files on sd's used space)

(Also using an emunand is kind of a need if you want any online feature)

 

[smf]

I'll just like to know if it's a limitation that's forcing them to use that route or personal choice.

There are no exploits released or in private that allow you to boot from cold boot untethered. You only have fusee Gelee or exploits that require you to boot ofw and then run user triggered exploits, which may require you to have a WiFi network connection.

If you replace ofw with cfw on your mmc then you will need to use RCM on every single boot, if you boot cfw from SD then you only need to go into RCM when booting cfw

 

[mariogamer]

Even sciresm said it wasnt a friendly user exploit, rcm is far better but it requries the jig or a mod

I thought about that, but maybe it's just that it wasn't ported to an hb payload? Idk.

By the way, just to point out how simple and good fg is:
-you don't modify anything on youre NAND, unlike sighax/arm9loaderhax on the 3ds (tho Nintendo did absolutely nothing)
-You *just* need a pc/smartphone (who doesn't have that in 2018/ can't afford that while they bought a switch) + anything to enter rcm
-At worse, you buy something to make a dongle
-Gives you full access over the switch

 

[Mr. Wizard]

-Gives you full access over the switch

You should rephrase that.

 

[tivu100]

Even sciresm said it wasnt a friendly user exploit, rcm is far better but it requries the jig or a mod

It is a task for the developer to make it work cleanly =!= not end user friendly. Think of DS profile exploit for older FW 3DS. Gateway flashcart uses them to eliminating the need for having to connecting to wifi and go to exploit page for quite sometimes before newer hack, CFW and exploits were released.

RCM is not far better in any means. It's easy enough but not very convenient when you requires another device to upload payload, be it SX dongle, DIY dongle, Phone, Android, PC...

Developing means having an eye for the future, exploring new horizon not just stand still. There is a reason, there continue research and the need to preserve exploit for as long as possible in case it can be implemented on new hardware.

Edit: if rumor about RCM being removed from new hardware revision then there would be no more RCM for future new Switch. In the end old Switch would run out. Nobody can say their Switch can last forever. Your Switch can get stolen down the road. Your Switch may developing problem and you need it replaced. You may end up paying over the odd for old version Switch down the road if there is no research devlopement for new exploits.

 

[FR0ZN]

Are all the untethered softmod solutions coming at launch coldboot exploits like on the 3DS? Or would one have to trigger the exploit every time the switch restarts?