Hacking Switch on 6.0 OFW, but RCM not working

[Mr. Wizard]

No i did not. I said the vulnerability lies in the tegra boards, which is what allows users to enter RCM, never did i say or even imply that RCM itself was a vulnerability

Ok so by definition pressing F8 on a PC to enter the BIOS is a vulnerability. Nobody thinks of it this way as it's a common tool used daily by millions of people. I have only witnessed a handful of places where bios lock down was a policy.

Entering RCM on a tegra board would be in the same category, an entry point by design, a diagnostic tool. It is used on tegra boards in a multitude of devices, not just the switch, so putting it in the same category as fusee gelee, which was not by design and is what I would consider a true vulnerability, is just asinine.

The true vulnerability was in RCM.

Source: https://nvidia.custhelp.com/app/ans...curity-notice:-nvidia-tegra-rcm-vulnerability

Without that, RCM is just what it is, a diagnostic tool, useless to the end users. As we can see with the ipatched units.

Until another vulnerability is found.

 

[Ashura66]

Ok so by definition pressing F8 on a PC to enter the BIOS is a vulnerability. Nobody thinks of it this way as it's a common tool used daily by millions of people. I have only witnessed a handful of places where bios lock down was a policy.

You are correct. HOWEVER, RCM on the tegra boards is not the same thing, since general users are not MEANT to be able to access it, at least not on the Switch while the BIOS on a PC, we are meant to use, as you said


From the article you linked:" A researcher indicates that a person with physical access to older Tegra-based processors could connect to the device's USB port, bypass the secure boot and execute unverified code." Meaning that the vulnerability lies in the BOARD ITSELF. You said it yourself, the vulnerability is not RCM, it lies in the board itself

This comes from a Fusee FAQ: "The relevant vulnerability is the result of a 'coding mistake' in the read-only bootrom found in most Tegra devices"

And again fusee is not a vulnerability, it's an exploit, designed to exploit the vulnerability present in the bootrom of the boards

 

[Kafluke]

Holy hell who cares you two!

 

[Mr. Wizard]

And again fusee is not a vulnerability, it's an exploit

Vulnerability Disclosure: Fusée Gelée
This report documents Fusée Gelée, a coldboot vulnerability that allows full, unauthenticated arbitrary
code execution from an early bootROM context via Tegra Recovery Mode (RCM) on NVIDIA's Tegra line
of embedded processors.
As this vulnerability allows arbitrary code execution on the Boot and Power
Management Processor (BPMP) before any lock-outs take effect, this vulnerability compromises the
entire root-of-trust for each processor, and allows exfiltration of secrets e.g. burned into device
fuses.

Source: My sig.

This comes from a Fusee FAQ: "The relevant vulnerability is the result of a 'coding mistake' in the read-only bootrom found in most Tegra devices"

And again fusee is not a vulnerability, it's an exploit, designed to exploit the vulnerability present in the bootrom of the boards

I just noticed you contradicted yourself there...

 

[Ashura66]

Vulnerability Disclosure: Fusée Gelée
This report documents Fusée Gelée, a coldboot vulnerability that allows full, unauthenticated arbitrary
code execution from an early bootROM context via Tegra Recovery Mode (RCM) on NVIDIA's Tegra line
of embedded processors.
As this vulnerability allows arbitrary code execution on the Boot and Power
Management Processor (BPMP) before any lock-outs take effect, this vulnerability compromises the
entire root-of-trust for each processor, and allows exfiltration of secrets e.g. burned into device
fuses.

Source: My sig.

And yet the FAQ refers to it SEVERAL TIMES as an exploit

And no i didn't contradict myself as that bit i quoted perfectly states that the vulnerability is in the tegra board's bootrom, not fusee

 

[Mr. Wizard]

And yet the FAQ refers to it SEVERAL TIMES as an exploit

What, the fusee test payload and launcher?

Exploits. The term exploit is commonly used to describe a software program that has been developed to attack an asset by taking advantage of a vulnerability.

Source: https://www.icann.org/news/blog/threats-vulnerabilities-and-exploits-oh-my

 

[JepoyAlva]

Hi, my unit is a week old but RCM is not working also. Not on the patched unit list.
TIA

 

[Ashura66]

Hi, my unit is a week old but RCM is not working also. Not on the patched unit list.
TIA

A week old? Is it new or refurbished or second hand or what?What is you system's serial? First 5 digits

 

[Tasoberry]

I was also curios because I'm on 5.0 serial is xaw10050. Says I have vulnerable unit. But by updating did I ipatch it doing So?

 

[Ashura66]

I was also curios because I'm on 5.0 serial is xaw10050. Says I have vulnerable unit. But by updating did I ipatch it doing So?

Ipatching can't be done via standard updates, only in the factory

 

[Tasoberry]

Ipatching can't be done via standard updates, only in the factory

So on that note, if I update to 6.0 from here to use the eshop and such, would it be best if I attempt to backup my Nand for the first time?
I wish to use the team xecutor software and usb mod or perhaps even some thing else so I can play my own backups without switch carts in the coming month. I don't want to ruin my switch lottery of having a vulnerable system from a update.
Thanks for the help so far Ashura66

 

[Ashura66]

So on that note, if I update to 6.0 from here to use the eshop and such, would it be best if I attempt to backup my Nand for the first time?
I wish to use the team xecutor software and usb mod or perhaps even some thing else so I can play my own backups without switch carts in the coming month. I don't want to ruin my switch lottery of having a vulnerable system from a update.
Thanks for the help so far Ashura66

You should have done a NAND backup already but do one before updating, just in case. HOWEVER, remember, if you use CFW you forgo the uses of any online services. Meaning that if you start using SX OS you will not be able to use any online features or risk being banned