Hacking up to 4.x exploitable, but lower firmware is better

blinkzane

Panic at your moms house
OP
Member
Joined
Jul 24, 2012
Messages
944
Trophies
1
Location
Florida
XP
1,640
Country
United States
http://hexkyz.blogspot.com/2018/01/the-switch-state-of-affairs.html
This is NOT my work but it is hexkyz
Here are the main bullet points
  • Switch is exploitable up to 4.1 to run homebrew, but this method will not be released until another firmware update removes it
  • this means that if you updated past 3.0, do not continue updating.
  • If nintendo releases an update, wait a week before you decide to do so (if you are on the latest AND want to continue playing games while waiting for the exploit to be released) we can assume that ninty did not patch the exploit
  • LOWER FIRMWARE IS ALWAYS BETTER

The Switch - State of Affairs

Let's kick off the new year with a new blog post!

Since this last year's CCC talk where derrek, naehrwert and plutoo showcased their progress on hacking the Switch, tons of misinformation began floating around about which firmware is necessary for homebrew.
I believe it's now time to put up a nice and comprehensive FAQ on all things Switch hacking related.
So, buckle up, and if you have the questions, here are the answers.


Q: Who the hell are you and why should I take your answers seriously?
A: I've been working on hacking the Switch since day 1. I've found bugs and developed exploits on my own at first and eventually ended up integrating a small loose crew of hackers that share the same interests. While we work together on a certain level, we also work either individually or among other groups (Switchbrew, ReSwitched, etc.).

Q: Were you involved in 34c3?
A: Not directly. Just like many others who were credited during the talk, I've worked with derrek, naehrwert and plutoo on hacking the Switch, but what was presented during the talk is a reflection of these hackers separate work.

Q: I have been told for quite a while that firmware 3.0.0 is where I should be at. They even said so during the talk! What does that mean?
A: Firmware 3.0.0 introduced a specific bug that allowed for userland code execution, but the same bug was patched immediately after on the next firmware update. This created the perfect starting point for publicly disclosing this vulnerability and laying down the foundations of homebrew.
The idea was simple: get as many people as possible on firmware 3.0.0 so everybody can start working on writing homebrew right away. What wasn't particularly clear is that this is ultimately an advice for homebrew developers and not the average end user.

Q: And what about [insert firmware version here]?
A: Here's something that you probably don't know yet: ALL current firmware versions are exploitable up to the point of running your own code.
Yes, you read that right. This includes firmware 1.0.0 all the way up to 4.1.0.

Q: So, can I just update my Switch?
A: Yes and no. This is a question many have been asking and conflicting answers are causing a great deal of confusion among people.
The basic principle is the following: if you have no reason to upgrade from your current firmware version (regardless of what it is), then simply don't upgrade.

However, the real answer is quite more nuanced. Increasing firmware versions obviously include additional patches for a myriad of vulnerabilities, therefore, the lowest firmware version (1.0.0) is the most vulnerable. Obviously, for a number of reasons, not everybody will be able to get their hands on a launch day system, so there's always interest in exploiting new updates.

In an effort to clear the air and promote a less toxic environment, here comes the current state of affairs regarding Switch hacks:
- Firmware 1.0.0:
-> Contains critical system flaws that allow code execution up to the TrustZone level;
-> Most of what was showcased during 34c3 originally targeted this firmware version;
-> Allows for a full blown emuNAND/CFW setup.

- Firmware 2.0.0-2.3.0:
-> Contains system flaws that allow code execution up to the kernel level;
-> Can be exploited to run homebrew using private methods (e.g.: nvhax).

- Firmware 3.0.0:
-> Contains system flaws that allow code execution on the userland level;
-> Can be exploited to run homebrew using private methods (e.g.: nvhax);
-> Can be exploited to run homebrew using public methods (e.g.: rohan).

- Firmware 3.0.1-4.1.0:
-> Contains system flaws that allow code execution on the userland level;
-> Can be exploited to run homebrew using private methods (e.g.: nvhax).

As you can see, the higher the firmware version, the less options you have. However, code execution for homebrew is still assured across all firmware versions.

Q: Wait, did I read that right? Firmware 2.0.0 to 2.3.0 can be exploited up to the kernel?
A: Yes, but no additional information will be disclosed at this point.

Q: What is that nvhax thing?
A: This is currently a private method that I originally discovered and exploited. Joined by SciresM and plutoo, we have successfully used it to exploit pretty much all firmware versions to the point where running homebrew is possible.

Q: Will nvhax be released? When?
A: Yes, but there are no plans to release it any time soon. Having code execution on the latest firmware version available is a privilege that ought to be maintained for as long as possible.
That said, when it stops being useful it will be released as an alternative for people on firmware versions above 3.0.0 to enjoy homebrew.

Q: Ok, so, I'm a developer with a strong passion for homebrew and would love to start right away. What do you suggest?
A: Update your Switch to firmware version 3.0.0, read about rohan and get to work!

Q: Now, I'm just a regular user that loves homebrew, but has no intent or knowledge to develop my own. I also want to play the latest games on my Switch and don't really mind waiting. What do you suggest?
A: Update to the latest firmware version and wait.

Q: What if I'm an avid hacker/developer who wants to explore the system as much as possible?
A: Find a 1.0.0 unit and stay there.

Q: And what if I just want to pirate games?
A: You're barking at the wrong tree.

Hopefully this FAQ will put to rest some of the doubts people have been expressing lately and help them understand the necessary steps to enjoy homebrew on their consoles.
More information will be shared when the time is right, but rest assured we are all working hard on really cool stuff and, hopefully, helping to build a strong homebrew community for the Switch.

Also, stay tuned for a very special blog post in the following days. ;)

As always, have fun!

Posted by hexkyz at 10:21 AM
 
Last edited by blinkzane,

V-Temp

Well-Known Member
Member
Joined
Jul 20, 2017
Messages
1,227
Trophies
0
Age
34
XP
1,342
Country
United States
Why? It'd be nice if it said "Hexkyz says...", but it's fine as is

I'd say its largely because its sort of meaningless. Every firmware is hackable, the question is if its usable.

Notice how Scires didn't say anything about 4.x? Its because while you can do stuff with it, you need to be able to do meaningful stuff for it to matter.
 

Kubas_inko

"Something funny goes here."
Member
Joined
Feb 3, 2017
Messages
6,324
Trophies
1
Age
24
Location
I gues on earth.
XP
5,230
Country
Czech Republic
"- Firmware 3.0.1-4.1.0:
-> Contains system flaws that allow code execution on the userland level;
-> Can be exploited to run homebrew using private methods (e.g.: nvhax)."

i think not. Its a statement. not a question.
I cant see word "hack" anywhere there.
And 3.0.1 and 3.0.2 has kernelhax
 
Last edited by Kubas_inko,
D

Deleted User

Guest
cool
id trust this
but i also dont have a switch to mess with
or a way to contact hexkyz
so i cant have stupid questions answered
but i have a way to contect a different switch person so i still have a possibility of getting stupid question answered
 

Kubas_inko

"Something funny goes here."
Member
Joined
Feb 3, 2017
Messages
6,324
Trophies
1
Age
24
Location
I gues on earth.
XP
5,230
Country
Czech Republic
In theory. Its not actually tested for 3.x>0
SciresM has it
upload_2018-1-13_20-37-47.png

 

Attachments

  • upload_2018-1-13_20-36-9.png
    upload_2018-1-13_20-36-9.png
    2.4 KB · Views: 516
Last edited by Kubas_inko,

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
  • No one is chatting at the moment.
  • K3Nv2 @ K3Nv2:
    Yes uremum didn't tell me about her transition and begged me to make it my background
  • K3Nv2 @ K3Nv2:
    I couldn't hurt his or hers feelings
  • TechieSaru tempBOT:
    TechieSaru has joined the room.
  • SylverReZ @ SylverReZ:
    @K3Nv2, Don't ask him where to get lemonade. ;)
  • K3Nv2 @ K3Nv2:
    Psi fondles big red lemons to make lemonaides
    +1
  • K3Nv2 @ K3Nv2:
    Always wanting my lemons he can't have them
  • K3Nv2 @ K3Nv2:
    Jeb stole bigonyas pants
    +1
  • BigOnYa @ BigOnYa:
    Jokes on you, I don't have any on.... "Cause I'm free.... Free ballin'"
  • SylverReZ @ SylverReZ:
    @BigOnYa, Sounds like you and AncientBoi get along together TOO well.
    +1
  • BigOnYa @ BigOnYa:
    Thank God we are 20 states away from each tho. Kenny's almost neighbors with him.
  • K3Nv2 @ K3Nv2:
    I live in kc you dingus
  • BigOnYa @ BigOnYa:
    Ok still closer to him than me, perv boi
  • BigOnYa @ BigOnYa:
    Not to mention you guys share the same last name.
  • K3Nv2 @ K3Nv2:
    I thought you were Mrs.bigboi
    +2
  • BigOnYa @ BigOnYa:
    Nuh twice divorced, I took my maiden name
  • K3Nv2 @ K3Nv2:
    Mrs. bigancientboi?
    +2
  • BigOnYa @ BigOnYa:
    Ms. now, We divorced.
  • K3Nv2 @ K3Nv2:
    I'd keep the Mrs. He's got more years on you
  • BigOnYa @ BigOnYa:
    The end of this game, in the house, is like Texas chainsaw massacre house, is crazy. I just gotta find Chris n kill him.
  • BigOnYa @ BigOnYa:
    Damn it, Chris was not the original werewolf.
  • K3Nv2 @ K3Nv2:
    I didn't think I'd like these dumb xreals but being able to use my phone while having a big screen floating about is pretty cool
    +1
  • duskfall @ duskfall:
    :yaysp:these emojis are great
    duskfall @ duskfall: :yaysp:these emojis are great