Hacking Question Wondering about Atmosphere and <4.1.0

[Ian095]

I recently updated to 5.1.0 and burned a fuse (I know stupid idea) but I was thinking if the Tegra exploit lets anything boot before the OS how come lower firmware is more accessible?
Couldn't someone just write up a payload that boots everything into order to overwrite the whole thing with a custom OS/FW? I'm sure it's a lot more complicated than that but I mean we kinda have full access already..?
I mean logically speaking I'm sure it's possible I just don't understand how it isn't suggested at this current time unless it isn't possible for some reason...

 

[kumikochan]

I recently updated to 5.1.0 and burned a fuse (I know stupid idea) but I was thinking if the Tegra exploit lets anything boot before the OS how come lower firmware is more accessible?
Couldn't someone just write up a payload that boots everything into order to overwrite the whole thing with a custom OS/FW? I'm sure it's a lot more complicated than that but I mean we kinda have full access already..?
I mean logically speaking I'm sure it's possible I just don't understand how it isn't suggested at this current time unless it isn't possible for some reason...

You mean coldboot. only up to 3.0.2 will get that eventually, everything above probably never

 

[Ian095]

You mean coldboot. only up to 3.0.2 will get that eventually, everything above probably never

Yeah, not 100% on it all kinda gave up on the idea since its taking so long and I was on 4.1.0 which was unclear if it would get anything in the future just hints.
Still though why is it not possible to just use the Tegra exploit to rewrite the whole thing on any Firmware? I'm not a genius when it comes to programming & security but it seems like there's full access.

 

[GBADWB]

we have full access via going through the RCM exploit. Potential cold boot solutions will probably not use RCM at all. I think your assumption is that the potential coldboot will still utilize that function.

 

[Ian095]

we have full access via going through the RCM exploit. Potential cold boot solutions will probably not use RCM at all. I think your assumption is that the potential coldboot will still utilize that function.

I'm thinking of it as an access route, boot into RCM use a payload and some overlaying files which enables installation of a new OS/FW. Then no need for RCM again well unless the consoles bricks, etc.
I'm sure it's probably not possible since nobody has talked about it (from what I've seen) just doesn't make sense to me couldn't someone just rewrite code that completely diverts from the OFW entirely? I'm definitely missing something

 

[Thatcher]

4.x.x and below will eventually get Deja Vu which is a warm boot, this was demonstrated a while ago and is yet to be patched so holding onto 4.x.x will have it's benefits. This does not involve a jig and USB.

 

[Ian095]

4.x.x and below will eventually get Deja Vu which is a warm boot, this was demonstrated a while ago and is yet to be patched so holding onto 4.x.x will have it's benefits. This does not involve a jig and USB.

Yeah I heard about that was taking forever to release though and I just wanted to play newer titles. I think my sisters Switch is on a super low FW so I still have a second chance in the future.

 

[kumikochan]

I'm thinking of it as an access route, boot into RCM use a payload and some overlaying files which enables installation of a new OS/FW. Then no need for RCM again well unless the consoles bricks, etc.
I'm sure it's probably not possible since nobody has talked about it (from what I've seen) just doesn't make sense to me couldn't someone just rewrite code that completely diverts from the OFW entirely? I'm definitely missing something

I don't know how it works entirely but from what I saw coldboot is not something so easily achieved, even with full access this generation. 1.0 will get it for sure and everything above up to 3.0.2 eventually in the future but don't hold your hopes up for anything higher then that

 

[guily6669]

You mean coldboot. only up to 3.0.2 will get that eventually, everything above probably never

3.02 is excluded, its upto 3.01 for coldboot...

And 3.02 to 4.1 included is known to have warmboot exploit.

 

[Ian095]

I don't know how it works entirely but from what I saw coldboot is not something so easily achieved, even with full access this generation. 1.0 will get it for sure and everything above up to 3.0.2 eventually in the future but don't hold your hopes up for anything higher then that

Yeah, I'm supposing it won't happen for years for anything over that version, there is always a way though no program is 100% foolproof

 

[kumikochan]

3.02 is excluded, its upto 3.01 for coldboot...

And 3.02 to 4.1 included is known to have warmboot exploit.

Oh really thought it was up to 3.0.2. well i'm on 3.0 either way

 

[GBCTEMP]

You mean coldboot. only up to 3.0.2 will get that eventually, everything above probably never

Is this confirmed? In another thread (as a new member I can't post links so here's the url with a space before net: gbatemp. net/threads/4-1-0-sx-os-do-i-update-to-5-1.512412/#post-8165981) it was stated only up to 3.0.1 would be capable of a coldboot.

Edit: Looks like it's been answered

 

[kumikochan]

Is this confirmed? In another thread (as a new member I can't post links so here's the url with a space before net: gbatemp. net/threads/4-1-0-sx-os-do-i-update-to-5-1.512412/#post-8165981) it was stated only up to 3.0.1 would be capable of a coldboot.

Edit: Looks like it's been answered

yeah it's up to 3.0.1, don't mind what I said. Sorry for that

 

[guily6669]

Things keep changing all the time, but if I remember well what have been reported is coldboot is theoretically possible upto 3.01 including it and from 3.02 to 4.1 including both have a theoretical warm boot possibility.

I don't know if it still remains like that or not. But nothing excludes that in the future someone could find a new total different exploit to get coldboot or warmboot above those firmwares, but 4 now above 4.1 = Your F* if you want to get those exploits...

ps: almost nothing is publicly known about them, so if no one ever release them or make use of them, we won't ever have them . Theres no ETA and only FW1.0 was confirmed to get all the magic very soon, but I have no clue if its still a valid sentence with all the dark crap going on...

 

[Draxzelex]

So people understand where coldboot stands

I intend to be fully transparent about this shit, especially going forwards. At present, I'm not aware of any non-RCM means of getting code execution from coldboot. To the best of my knowledge, nobody else is, either.

 

[Ian095]

So people understand where coldboot stands

From what I can take from that it's definitely possible just far too difficult to be done anytime soon, lol. I'm sure Nintendo hasn't seen its last set of slip-ups anyways.

 

[kumikochan]

so I was correct it being up to 3.0.2

 

[kumikochan]

so I was correct it being up to 3.0.2

 

[kumikochan]

so I was correct it being up to 3.0.2

 

[kumikochan]

so I was correct it being up to 3.0.2

--------------------- MERGED ---------------------------

and here go the duplicate comments again lol can a mod delete the duplicates

 

[Draxzelex]

so I was correct it being up to 3.0.2

He uses a less than sign, not a less than or equal to sign so its only 3.0.1 and not 3.0.2

 

[kumikochan]

He uses a less than sign, not a less than or equal to sign so its only 3.0.1 and not 3.0.2

ah okay thanks for pointing that out

 

[guily6669]

I think no because in other posts I think he reported as <=4.1 for warmboot and <3.02 if I remember well which means its below 4.1 including for warmboot and below 3.02 not including (including 3.01 and below) for coldboot.

3.02 and 4.1 are reported to be the same in terms of exploiting, they will probably have the same or very similar steps for the warmboot exploit if it ever gets released.

ps: But someone please correct me if I'm wrong!!!