Damn it you got me too..
no matter how many times you change your username you're so easy to spot by the foul behaviour you treat others here.
- Joined
- Sep 9, 2019
- Messages
- 904
- Trophies
- 1
- Location
- Switch scene
- Website
- github.com
- XP
- 2,663
- Country
In order to get custom firmware you need multiple exploits of different types. You need a userland exploit (game / browser), a kernel exploit (a bug in the core functionality of the OS) and preferably a trustzone exploit (I'm not too sure what that does other than crypto). Having a single bug in any of these components are useless without bugs in the others. Trustzone bugs can only be exploited from the kernel and you can only get kernel access if you can find a bug that can be triggered from a game that you have code execution in. The kernel has been completely reverse engineered and there are no bugs in it so it doesn't matter what bugs you might find in a game (e.g cubic ninja) because those bugs are useless unless you have a bug for the kernel (none exist). Your only hope is that Nintendo fucks up a future update to the kernel and introduces new bugs that can be used to gain code execution.
There are a couple of exceptions to this, for example if you can gain code execution before the firmware has been loaded you can just boot a modified firmware without security (which is what Fusee-Gelee does) or you can use hardware to introduce bugs that don't actually exist (which is what the SX Core does) but the bootrom source code has been leaked and there are no bugs in that and you said you don't care about hardware hacks. The one hope I think you have is that the official RCM payloads that Nintendo uses gets leaked and they contain bugs that can be used to get pre-bootloader code execution.
There is no point in trying to come up with your own ideas for exploits if you don't have the slightest clue about how computer systems work. Companies pour hundreds of thousands if not millions of dollars in to securing their hardware and operating systems these days and it's unlikely that a 21 year old who's first thought is "No one has thought of exploiting a game like we did in every other of generation of console" is going to be able to come up with any new ideas that veteran scene members with degrees in computer science (or freaky genetics where you only have to sleep for 3 hours a night if you're Scires) haven't already thought of.
If you do want to put in the time and effort in to understanding how consoles are hacked and what challenges reverse engineers face I suggest reading up on the following things.
https://en.wikipedia.org/wiki/Chain_of_trust
https://en.wikipedia.org/wiki/Protection_ring
https://en.wikipedia.org/wiki/Kernel_(operating_system)
https://en.wikipedia.org/wiki/User_space
https://en.wikipedia.org/wiki/Microkernel (this one is especially relevant to Switch but not other consoles)
It would also help to have a formal education in computer science although it is not technically required as long as you're willing to dedicated years of your life to reading about how computers work on their deepest level, not just a high level understanding like what is required to build a PC.
There is also this talk from 2016 where the people behind a lot of the 3DS exploits talked about how they went about reverse engineering the Switch.
Edit: TL;DR there is nothing to try.
There are a couple of exceptions to this, for example if you can gain code execution before the firmware has been loaded you can just boot a modified firmware without security (which is what Fusee-Gelee does) or you can use hardware to introduce bugs that don't actually exist (which is what the SX Core does) but the bootrom source code has been leaked and there are no bugs in that and you said you don't care about hardware hacks. The one hope I think you have is that the official RCM payloads that Nintendo uses gets leaked and they contain bugs that can be used to get pre-bootloader code execution.
There is no point in trying to come up with your own ideas for exploits if you don't have the slightest clue about how computer systems work. Companies pour hundreds of thousands if not millions of dollars in to securing their hardware and operating systems these days and it's unlikely that a 21 year old who's first thought is "No one has thought of exploiting a game like we did in every other of generation of console" is going to be able to come up with any new ideas that veteran scene members with degrees in computer science (or freaky genetics where you only have to sleep for 3 hours a night if you're Scires) haven't already thought of.
If you do want to put in the time and effort in to understanding how consoles are hacked and what challenges reverse engineers face I suggest reading up on the following things.
https://en.wikipedia.org/wiki/Chain_of_trust
https://en.wikipedia.org/wiki/Protection_ring
https://en.wikipedia.org/wiki/Kernel_(operating_system)
https://en.wikipedia.org/wiki/User_space
https://en.wikipedia.org/wiki/Microkernel (this one is especially relevant to Switch but not other consoles)
It would also help to have a formal education in computer science although it is not technically required as long as you're willing to dedicated years of your life to reading about how computers work on their deepest level, not just a high level understanding like what is required to build a PC.
There is also this talk from 2016 where the people behind a lot of the 3DS exploits talked about how they went about reverse engineering the Switch.
Edit: TL;DR there is nothing to try.
Last edited by CompSciOrBust,
Some time ago I read a post on GBATemp mentioning that the 3DS also has a microkernel. I also did a quick search and found this, which also mentions it being a microkernel.
Funny enough, it also mentions that the 3DS's OS is called Horizon too. I guess Nintendo just updated the living bejeezus out of it to get rid of kernel bugs/exploits on the Switch version they made.
Either that or they were just so lazy with naming this time that they didn't even add the "New" to it
Sell your current switch and buy an unptached one off eBay, or wait possibly forever
Its possible for a device to be unhackable when the security team do a good job at it. Knowing Nintendo's history when it comes to anti-piracy, they definitely want to protect the switch if its selling very well
- Joined
- Sep 9, 2019
- Messages
- 904
- Trophies
- 1
- Location
- Switch scene
- Website
- github.com
- XP
- 2,663
- Country
The Switch's OS is based on the 3DS' but it was completely rewritten and changed a bit to make it more secure. The 3DS' OS was based on the one written for the DSI too so it's got a bit of history. Having a decade worth of knowledge about how people tried to attack the 3DS has probably helped Nintendo harden their Security for the Switch. If they had designed an entirely new OS from scratch it may not have been as secure.Some time ago I read a post on GBATemp mentioning that the 3DS also has a microkernel. I also did a quick search and found this, which also mentions it being a microkernel.
Funny enough, it also mentions that the 3DS's OS is called Horizon too. I guess Nintendo just updated the living bejeezus out of it to get rid of kernel bugs/exploits on the Switch version they made.
Either that or they were just so lazy with naming this time that they didn't even add the "New" to it
Nintendo did amazing with their security on the Switch, it's NVIDIA who fucked up
The culmination of what is the OLED device is damn near perfection. I mean hiding a critical pad on the circuit board? Come on man. That’s Security as art.
Enjoy your Switch. Nintendo’s next platform is going to be tighter than a bug’s butthole.
Similar threads
