Switch Hacking & Homebrew Discussion

Discussion in 'Switch - Emulation, Homebrew & Software Projects' started by EpicLPer, Mar 12, 2017.

  1. RadDude McCoolguy

    RadDude McCoolguy GBAtemp Regular

    Member
    4
    Jan 4, 2015
    United States
    Is there an alternative to the Kosmos Toolbox for stock Atmosphere?
    I want to be able to toggle sysmodules
     
  2. Dreamboum

    Dreamboum Member

    Newcomer
    2
    Aug 21, 2018
    France
    Is there a way to change the icon of a switch game by myself?
     
  3. Purple_Shyguy

    Purple_Shyguy GBAtemp Advanced Fan

    Member
    7
    Nov 8, 2008
    Republic of Ireland
    Nevermind.
     
    Last edited by Purple_Shyguy, May 29, 2019
  4. terrabyte25

    terrabyte25 Member

    Newcomer
    1
    Jan 29, 2019
    United States
    How can I launch the profile selector applet programmatically using libnx?
     
  5. Romreactor

    Romreactor Member

    Newcomer
    1
    Feb 7, 2019
    United States
    Hey everyone, I had a quick question in regards to Homebrew and the new game Astrol Chains that's coming out by P*. I'm currently on version 4.1 and waiting for new Switch release before installing cf on it. Question is if I buy Astrol Chains in August which would probably require latest version internal update, would I be able to have homebrew access in the long run like by new switch release and after?

    Also, I haven't been keeping up to development due to being busy with work, but since I remmeber version closer to 3.0 was as close to the last gold mine unit to homebrew as you could get, is it best for me to stay on 4.1 and just not get the game for now or are there no benefits at this point since its not 3.0 to keep 4.1?
     
  6. Draxzelex

    Draxzelex GBAtemp Legend

    Member
    18
    Aug 6, 2017
    United States
    New York City
    The current exploit used is hardware-based, not software. What this means is that your firmware is not at all relevant when it comes to hacking the console. What matters is making sure your hardware is vulnerable which we check via the serial number. You can find a full list of patched and unpatched serial numbers here.

    However that doesn't mean you should update immediately. Lower firmware versions may have access to better exploits in the future such as a hypothetical untethered coldboot hack. So the question is how do you update your firmware whilst still being able to take advantage of future exploits on lower firmware versions? By updating your firmware without burning fuses. Fuses are normally designed to prevent you from downgrading. They are burnt when the console turns on normally while you are running a firmware version higher than the current fuse count. Part of the exploit involves sending a payload via USB and this payload can also act as a custom bootloader bypassing this fuse check allowing us to run higher firmware versions without burning additional fuses. This is achieved by enabling AutoRCM which ensures that the console is only turned on when using a custom bootloader. As for how to update without burning fuses, the best way is with the homebrew application ChoiDujourNX.
     
    Romreactor likes this.
  7. Romreactor

    Romreactor Member

    Newcomer
    1
    Feb 7, 2019
    United States
    Oh awesome, I remember when I got the switch I made sure the serial numbers checked and they were in the green zone from that thread. Also, to my understanding, basically once I install custom firmware with the jig method, and back up the system Nand, I can use the custom homebrew application ChoiDojourNX to update my system to latest firmware and play any new switch game released without burning any fuses which are responsible to locking boot-loader from downgrading to my initial older version that down the line can be used to initiate cold boot hacks if and when they come out.

    Last question would online play also work with ChoiDojourNX or its not recommended and best used to only play new games offline?

    Hopefully I understood that correctly, let me know and thanks =)
     
  8. Draxzelex

    Draxzelex GBAtemp Legend

    Member
    18
    Aug 6, 2017
    United States
    New York City
    Its not a good idea to play a hacked console online with or without ChoiDujourNX. You also do not install CFW on the Switch. Lastly, we technically already have cold boot; the current exploit, Fusee Gelee, translates to frozen rocket which is in reference to sending payloads in cold boot.
     
  9. Romreactor

    Romreactor Member

    Newcomer
    1
    Feb 7, 2019
    United States
    Sweet, k so to my understanding, with my 4.1 FM and system hardware, I can flash Fusee Gelee with an RCM Jig, and from there use Fusee Gelee to back up my Nand and then use ChoiDojourNX to update my firmware to play new games, like Astrol Chains offline with out burning any fuses. All with the benefit of cold booting, where there is no need to insert the RCM Jig every time to boot Fusee Gelee.

    Hope I got that correctly, and sorry for my newbiness just don't want to get this wrong and break my device =D. Thanks.
     
  10. Itsuki235

    Itsuki235 GBAtemp Regular

    Member
    1
    Jun 13, 2019
    United States
    Some terminology fixes:

    "Fusee Gelee [FG]", aka the "RCM bug", refers to the vulnerability itself. A "payload" refers to a "Fusee Gelee compatible payload" that can be used when the switch is in recovery mode [RCM] to run native code. There are many different programs that run native code, like Lockpick_RCM, Hekate (bootloader), various stub loaders, sept and even a Linux distribution.

    To run custom firmware (CFW) using the native switch operating system (called "Horizon"), the switch must first be put into recovery mode. While the switch is OFF, this is done by shorting pin 10 of the right joy-con (typically done by using an "RCM Jig"), holding the volume + button and the power button for 5 seconds. The switch will turn on but nothing will display on the screen. A FG payload needs to be pushed to it.

    The best FG payload to push initially is "Hekate" which is used as a bootloader or chain bootloader for other FG payloads, to perform NAND + Boot0/1 backups, enable AutoRCM and set CFW to autoboot. Hekate, an FG payload, can be pushed from PC using a "TegraRCMGUI" with a USB to USB C cable after installing the correct driver or using a switch "dongle", which is a small rechargeable battery powered circuit board designed to push a stub loader that is statically configured to load a FG payload from the inserted SDXC card in the switch (usually "SD:/payload.bin" or similar).

    After creating a backup, enabling RCM, backing up system info and selecting autoboot, hekate can launch->CFW to boot Atmosphere, which is one possible CFW for the Switch.

    Note that no current cold boot exploit exists for the switch. Enabling AutoRCM WILL negate the need for a "Jig" to enter recovery mode but NOT negate the need for the need to push a FG compatible payload to the switch after cold booting. Basically, Hekate needs to get pushed to the switch after every reboot so usually a "Dongle", "modchip" or "TegraRCMGUI" is still needed. A coldboot exploit would theoretically negate the need for this, thus while FG allows for CFW, it should be considered a "tethered" exploit.

    Enabling AutoRCM is what prevents the burning of fuses since any FG payloads that launch after that will already be past the part of the bootloader/ipatch code that burns fuses. Disabling AutoRCM and cold booting into OFW (without going into recovery mode) is the only way to burn fuses typically.
     
    Romreactor likes this.
  11. laz305

    laz305 GBAtemp Regular

    Member
    3
    Jul 31, 2008
    United States
    Is there no chance they’ll ever get the switch to play cia games?
     
  12. Draxzelex

    Draxzelex GBAtemp Legend

    Member
    18
    Aug 6, 2017
    United States
    New York City
    Just buy a used 3DS or download Citra on your computer.
     
  13. Megadriver94

    Megadriver94 GBAtemp Regular

    Member
    5
    Aug 11, 2017
    United States
    Earth
    HBGshop is overrated, and I'd either rather get Tinfoil(which the ReSwitched HBGshop stole some of its code from), stick to the manual way, OR wait for a Switch version of CIAngel or Vita PKG.
     
  14. Idontknowwhattoputhere

    Idontknowwhattoputhere bruh

    Member
    6
    Jan 19, 2019
    United Kingdom
    What are you smoking?
    ReSwitched does not support piracy
    And CiaAnglel for the switch will never happen
     
    Lacius likes this.
  15. GBADWB

    GBADWB GBAtemp Regular

    Member
    5
    May 12, 2016
    United States
    Anybody know of a mod or homebrew that keeps the tablet screen on while docked exists?
     
  16. Megadriver94

    Megadriver94 GBAtemp Regular

    Member
    5
    Aug 11, 2017
    United States
    Earth
    >ReSwitched does not support piracy
    Oh, ok then.
    >CIAngel for the Switch will never happen
    WRONG, punk!
    LIAR.
     
    Last edited by Megadriver94, Jul 22, 2019
  17. Idontknowwhattoputhere

    Idontknowwhattoputhere bruh

    Member
    6
    Jan 19, 2019
    United Kingdom
    No cdn downloading will happen ever again
     
    Lacius likes this.
  18. Lacius

    Lacius GBAtemp Legend

    Member
    18
    May 11, 2008
    United States
    It's not physically possible at this point anymore. The best you can hope for is HBG or something like it.
     
  19. Megadriver94

    Megadriver94 GBAtemp Regular

    Member
    5
    Aug 11, 2017
    United States
    Earth
    Why not?
     
  20. Lacius

    Lacius GBAtemp Legend

    Member
    18
    May 11, 2008
    United States
    Downloads from the eShop are now authenticated in a way that makes freeshop impossible. The same thing was done to the 3DS, which is why freeshop on it doesn't work anymore either.
     
Loading...