NULL

Switch Hacking & Homebrew Discussion

Discussion in 'Switch - Emulation, Homebrew & Software Projects' started by EpicLPer, Mar 12, 2017.

  1. RadDude McCoolguy

    RadDude McCoolguy GBAtemp Regular

    Member
    4
    Jan 4, 2015
    United States
    Is there an alternative to the Kosmos Toolbox for stock Atmosphere?
    I want to be able to toggle sysmodules
     
  2. Dreamboum

    Dreamboum Member

    Newcomer
    1
    Aug 21, 2018
    France
    Is there a way to change the icon of a switch game by myself?
     
  3. Purple_Shyguy

    Purple_Shyguy GBAtemp Advanced Fan

    Member
    7
    Nov 8, 2008
    Republic of Ireland
    Nevermind.
     
    Last edited by Purple_Shyguy, May 29, 2019
  4. terrabyte25

    terrabyte25 Member

    Newcomer
    1
    Jan 29, 2019
    United States
    How can I launch the profile selector applet programmatically using libnx?
     
  5. Romreactor

    Romreactor Member

    Newcomer
    1
    Feb 7, 2019
    United States
    Hey everyone, I had a quick question in regards to Homebrew and the new game Astrol Chains that's coming out by P*. I'm currently on version 4.1 and waiting for new Switch release before installing cf on it. Question is if I buy Astrol Chains in August which would probably require latest version internal update, would I be able to have homebrew access in the long run like by new switch release and after?

    Also, I haven't been keeping up to development due to being busy with work, but since I remmeber version closer to 3.0 was as close to the last gold mine unit to homebrew as you could get, is it best for me to stay on 4.1 and just not get the game for now or are there no benefits at this point since its not 3.0 to keep 4.1?
     
  6. Draxzelex

    Draxzelex GBAtemp Guru

    Member
    18
    Aug 6, 2017
    United States
    New York City
    The current exploit used is hardware-based, not software. What this means is that your firmware is not at all relevant when it comes to hacking the console. What matters is making sure your hardware is vulnerable which we check via the serial number. You can find a full list of patched and unpatched serial numbers here.

    However that doesn't mean you should update immediately. Lower firmware versions may have access to better exploits in the future such as a hypothetical untethered coldboot hack. So the question is how do you update your firmware whilst still being able to take advantage of future exploits on lower firmware versions? By updating your firmware without burning fuses. Fuses are normally designed to prevent you from downgrading. They are burnt when the console turns on normally while you are running a firmware version higher than the current fuse count. Part of the exploit involves sending a payload via USB and this payload can also act as a custom bootloader bypassing this fuse check allowing us to run higher firmware versions without burning additional fuses. This is achieved by enabling AutoRCM which ensures that the console is only turned on when using a custom bootloader. As for how to update without burning fuses, the best way is with the homebrew application ChoiDujourNX.
     
    Romreactor likes this.
  7. Romreactor

    Romreactor Member

    Newcomer
    1
    Feb 7, 2019
    United States
    Oh awesome, I remember when I got the switch I made sure the serial numbers checked and they were in the green zone from that thread. Also, to my understanding, basically once I install custom firmware with the jig method, and back up the system Nand, I can use the custom homebrew application ChoiDojourNX to update my system to latest firmware and play any new switch game released without burning any fuses which are responsible to locking boot-loader from downgrading to my initial older version that down the line can be used to initiate cold boot hacks if and when they come out.

    Last question would online play also work with ChoiDojourNX or its not recommended and best used to only play new games offline?

    Hopefully I understood that correctly, let me know and thanks =)
     
  8. Draxzelex

    Draxzelex GBAtemp Guru

    Member
    18
    Aug 6, 2017
    United States
    New York City
    Its not a good idea to play a hacked console online with or without ChoiDujourNX. You also do not install CFW on the Switch. Lastly, we technically already have cold boot; the current exploit, Fusee Gelee, translates to frozen rocket which is in reference to sending payloads in cold boot.
     
  9. Romreactor

    Romreactor Member

    Newcomer
    1
    Feb 7, 2019
    United States
    Sweet, k so to my understanding, with my 4.1 FM and system hardware, I can flash Fusee Gelee with an RCM Jig, and from there use Fusee Gelee to back up my Nand and then use ChoiDojourNX to update my firmware to play new games, like Astrol Chains offline with out burning any fuses. All with the benefit of cold booting, where there is no need to insert the RCM Jig every time to boot Fusee Gelee.

    Hope I got that correctly, and sorry for my newbiness just don't want to get this wrong and break my device =D. Thanks.
     
  10. Itsuki235

    Itsuki235 GBAtemp Regular

    Member
    1
    Jun 13, 2019
    United States
    Some terminology fixes:

    "Fusee Gelee [FG]", aka the "RCM bug", refers to the vulnerability itself. A "payload" refers to a "Fusee Gelee compatible payload" that can be used when the switch is in recovery mode [RCM] to run native code. There are many different programs that run native code, like Lockpick_RCM, Hekate (bootloader), various stub loaders, sept and even a Linux distribution.

    To run custom firmware (CFW) using the native switch operating system (called "Horizon"), the switch must first be put into recovery mode. While the switch is OFF, this is done by shorting pin 10 of the right joy-con (typically done by using an "RCM Jig"), holding the volume + button and the power button for 5 seconds. The switch will turn on but nothing will display on the screen. A FG payload needs to be pushed to it.

    The best FG payload to push initially is "Hekate" which is used as a bootloader or chain bootloader for other FG payloads, to perform NAND + Boot0/1 backups, enable AutoRCM and set CFW to autoboot. Hekate, an FG payload, can be pushed from PC using a "TegraRCMGUI" with a USB to USB C cable after installing the correct driver or using a switch "dongle", which is a small rechargeable battery powered circuit board designed to push a stub loader that is statically configured to load a FG payload from the inserted SDXC card in the switch (usually "SD:/payload.bin" or similar).

    After creating a backup, enabling RCM, backing up system info and selecting autoboot, hekate can launch->CFW to boot Atmosphere, which is one possible CFW for the Switch.

    Note that no current cold boot exploit exists for the switch. Enabling AutoRCM WILL negate the need for a "Jig" to enter recovery mode but NOT negate the need for the need to push a FG compatible payload to the switch after cold booting. Basically, Hekate needs to get pushed to the switch after every reboot so usually a "Dongle", "modchip" or "TegraRCMGUI" is still needed. A coldboot exploit would theoretically negate the need for this, thus while FG allows for CFW, it should be considered a "tethered" exploit.

    Enabling AutoRCM is what prevents the burning of fuses since any FG payloads that launch after that will already be past the part of the bootloader/ipatch code that burns fuses. Disabling AutoRCM and cold booting into OFW (without going into recovery mode) is the only way to burn fuses typically.
     
    Romreactor likes this.
Loading...