Homebrew Switch Hacking & Homebrew Discussion

[Megadriver94]

Downloads from the eShop are now authenticated in a way that makes freeshop impossible. The same thing was done to the 3DS, which is why freeshop on it doesn't work anymore either.

I mean a Switch version of 3DS CIAngel and/or PS Vita PKG, not freeshop itself. Also, there is always reverse-engineering.
>INB4 it won't happen
They said the same thing about the 10NES authentication chip, the SNES lockout chip, and more recently, the Sega Saturn's copy protection mechanisms.

 

[Lacius]

I mean a Switch version of 3DS CIAngel and/or PS Vita PKG, not freeshop itself. Also, there is always reverse-engineering.
>INB4 it won't happen
They said the same thing about the 10NES authentication chip, the SNES lockout chip, and more recently, the Sega Saturn's copy protection mechanisms.

It's the same principle. Neither is possible on the Switch.

See these threads for more information. The Switch works similarly.
https://gbatemp.net/threads/freesho...s-will-no-longer-work-with-many-games.514400/
https://gbatemp.net/threads/the-beg...t-party-titles-no-longer-downloadable.514370/

 

[Megadriver94]

It's the same principle. Neither is possible on the Switch.

Where there's a will, there's a way. As I said before, people said that it wasn't possible to reverse engineer the 10NES authentication chip, the SNES lockout chip, crack the Saturn's copy protection scheme, and to add a couple more, the Xbox 360's security checks and the PS3 hardware failsafes & copy protection. Yet, they all got circumvented in time.

 

[Lacius]

Where there's a will, there's a way. As I said before, people said that it wasn't possible to reverse engineer the 10NES authentication chip, the SNES lockout chip, crack the Saturn's copy protection scheme, and to add a couple more, the Xbox 360's security checks and the PS3 hardware failsafes & copy protection. Yet, they all got circumvented in time.

Don't hold your breath.

 

[Jhynjhiruu]

In this case it really will never be possible. In order to download from the CDN, a legitimately-signed ticket is required, because the server now performs the same checks that were patched out on the console with CFW. We cannot create legitimately-signed tickets without Nintendo's private key, which Nintendo keeps absolutely secret and we cannot bruteforce.
TL;DR: To download from the CDN, we need something we do not and will never have the ability to make.

The 10NES chip was decoded initially by stealing the source code (something Nintendo keeps secret), then afterwards by studying the chip and its contents. The Saturn and 360 were defeated because we are able to take advantage of hardware on the motherboard. We don't know what software runs on Nintendo's servers; we can't see it and figure out how it works. Even if we could, it is almost certain (99.999% chance) that the signature checks are implemented perfectly. We obviously can't modify the software running on the servers.

The servers require us to send a legitimiate ticket to download content; without Nintendo's private key we can't make legitimate tickets. Unlike on the console itself, we can't bypass this. It is impossible.

 

[Draxzelex]

Where there's a will, there's a way. As I said before, people said that it wasn't possible to reverse engineer the 10NES authentication chip, the SNES lockout chip, crack the Saturn's copy protection scheme, and to add a couple more, the Xbox 360's security checks and the PS3 hardware failsafes & copy protection. Yet, they all got circumvented in time.

We will probably have untethered coldboot on the Switch Lite way before we can abuse CDN downloading again.

 

[Megadriver94]

We will probably have untethered coldboot on the Switch Lite way before we can abuse CDN downloading again.

TEGNEN managed to get the source code for the 10NES authentication chip with whatever they could muster (in that case, false claims). So, why can't a Nintendo employee go Rouge or a hacker from, say some Eastern European or SE Asian nation snatch a copy of the contents of the private key someday?

 

[Draxzelex]

TEGNEN managed to get the source code for the 10NES authentication chip with whatever they could muster (in that case, false claims). So, why can't a Nintendo employee go Rouge or a hacker from, say some Eastern European or SE Asian nation snatch a copy of the contents of the private key someday?

Because, much like the person who tried to steal the secret recipe for Coca Cola, these types of things are under tight lock and key. The key for signing the sept payload is known by more people yet there is no indication of that being leaked.

 

[Jhynjhiruu]

TEGNEN managed to get the source code for the 10NES authentication chip with whatever they could muster (in that case, false claims). So, why can't a Nintendo employee go Rouge or a hacker from, say some Eastern European or SE Asian nation snatch a copy of the contents of the private key someday?

In order for a rogue Nintendo employee to get the private key, they would first have to practically become CEO of the company. The chance of the very top individual in a company like Nintendo going rogue is exactly 0.
It would be very, very stupid of Nintendo to store the private key on a computer with access to the Internet. No software hack in the world is going to allow a computer to steal information from another computer that's not connected to it, through multiple layers of walls.
The TENGEN case is completely unrelated. Nintendo had to submit their source code to obtain their patent; all TENGEN had to do was pretend they needed it, ish. Nintendo's private key does not leave their company headquarters, and has certainly not been submitted to a patent office.

 

[mettalik]

Hi

I got a question. I just bought a switch. For hacking. Linux et homebrews. I have a switch no patch with 8.1.0 firmware.

I have one 128gb sd card.

I want linux (l4t) and atmosphere for nsp.

Can I have a kind of dual (third with nintendo OS) boot where I can choose witch OS I want?
I don't have pc. I am a traveller, thats why switch is good for electric consumption (and game). I have to use NX loader or Rekado. Nx loader seems to be not update when I compare to Rekado. Rekado is a good choice?

Atmosphere seems to be one of the most useful OS. But SX OS is also very famous (because modchip). Atmosphere is the best choice?

To save my Nand, I have a 32gb sd card. Save on it and use a another sd card for doing what I want is the best solution?

Thanks

 

[mettalik]

Lakka/Ubuntu/atmosphere/nintendo os

On one sd

 

[Dlited96]

Hey guys, I've been asking around but it seems no one wants to help me out. So I just got Fire Emblem Three houses, and I really want to try hacking etc. But the main problem is that I have no idea how to get started and the guides seem overwhelming(Comapared to the 3ds which was the good old powersaves ) Anyhow can you guys tell me what I need in order to get started and perhaps even the first steps?

 

[FunThomas]

Hey guys, I've been asking around but it seems no one wants to help me out. So I just got Fire Emblem Three houses, and I really want to try hacking etc. But the main problem is that I have no idea how to get started and the guides seem overwhelming(Comapared to the 3ds which was the good old powersaves ) Anyhow can you guys tell me what I need in order to get started and perhaps even the first steps?

https://gbatemp.net/threads/noexs-hacking-guide.543733/
https://gbatemp.net/threads/cheat-codes-ams-and-sx-os-add-and-request.520293/

 

[TheGlow]

Disregard

 

[BernardoOne]

Hey. My switch is a few versions behind, both in regards to Atmosphere and in regards to the firmware. What is the correct way to go about updating both?

 

[Xen0]

When SwitchRoot was anounced people said rebooting to payload from android would be in development... Haven´t heard anything of that yet, are there any news?

 

[Csmrcc]

When SwitchRoot was anounced people said rebooting to payload from android would be in development... Haven´t heard anything of that yet, are there any news?

Actually it is implemented right now, on advanced options.

 

[supereuropa]

I am a bit confused about going online with a hacked switch. I have a retail version of Jackbox Drawful 2 on my atmosphere running switch. I also have some NSPs installed. If I try to launch it while in atmosphere with the DNS-adjusted wi-fi settings, I cannot get Drawful to connect to online services.
I remember reading that if you played the retail version at least once before hacking the switch, going online should not be a problem.
How should I proceed without getting banned?
Should I use the stock firmware and launch it?
Or stock firmware with dns-adjusted wi-fi settings?
Or if I go online using the stock firmware, having had NSPs installed, I’ll get banned?

 

[Zkajavier]

Or if I go online using the stock firmware, having had NSPs installed, I’ll get banned?

Yes, going online with any NSP installed is likely getting you banned, no matter what you do. DNS settings and Incognito methods are there to prevent your switch from reaching Nintendo servers, so you can't play online with any game using them.
Basically, you are not supposed to go online with a hacked switch, at all, ever. That unless you have a hacked Emunand and a Clean Sysnand, and you only use the stock untampered Sysnand to go online.

 

[SMVB64]

Hey. My switch is a few versions behind, both in regards to Atmosphere and in regards to the firmware. What is the correct way to go about updating both?

Hello guys, same issue here as well. Just got my emunand working for Atmosphere but I am on version 3.00. How should I go about this?
Thanks,
Sm