So can we delete the firmware files from the cart dump or replace them with <=3.0.0 firm files.
Last edited by aykay55,
They are, but as I said we can only get decrypted dumps from games we have keys for. Can't access 3.0.1+ games, can't decrypt them, so as I said you would be stuck with the first 7 months of releases
It would likely fall under a digital install and would most likely run into the same issues as if it was downloaded from the eshop itself.
--------------------- MERGED ---------------------------
Once a cart is written to, it can't be written over, including the firmware update partition.
Last edited by Tapri,
Not the cart, the dumped files on your computer. Can that be changed? Is it also write-locked?
Presumably, yes with the right keys. But even then it wouldn't do much good without cfw or kernel access.
right on, so they could swap the game files and have a frankenstiened piracy thing.
but for over 301 games they couldnt at all because it's impossible to play on a lower firmware. Regardless of spoofing or whatever the 301 games need 301 fw in order to launch.
Emunand will take a boot level hack. You need to load an emulated nand before an efuse check, otherwise as soon as that emulated nand loads POP goes your efuse check and then either crashes or blows the relevant fuse, at which point next time you boot up your Switch your fuses are higher than your FW and you have a brick.
Then ofc you have the issue of the boot lv0 check every time you load a game, without a hacked boot POP goes your fuse check again and your Switch at best crashes.
Then ofc you have the key changes with each encrypted game on a new FW which means you have to have hacked that FW to decrypt the game.
Lastly you have the fact that you need to somehow get a FW update decrypted to install, now this might be possible if you have a boot level hack but it again checks your fuses and then POP goes your Switch again.
Is it possible, yes Wii had a boot hack. Nothing on 3DS or Wii U was early enough in the boot though to be relevant. Vita hasn't managed to create an emunand either but it's not a Switch so..
Efuses are a physical hardware related security feature, it's not as simple as just 'hacking' a check you have to completely rewrite the code to remove the check at boot, at update and at game launch otherwise those fuses are either burnt or they're not.
Remember we don't even have a kernel hack yet let alone a boot level hack, and before someone sais we have a bootrom dump well we have a bootrom dump of the Wii U for 4 years and still don't have a hack, we have a kernel dump on Switch but still don't have a hack.
Nobody knows what magic might get the teams around these checks, but unless some team is purely and whole heartedly focussed on Piracy why would they bother, you don't need to hack the boot for homebrew so it's not worth the risk. Is anyone going to bother with such a small fractured user base remaining under 3.0.0.
There will be many many Bricked Switches testing any kind of hacks pertaining to efuses and FW checks, are there even enough Switchs under 3.0.0 to risk.
Who knows.
How long? Years. If ever.
Then ofc you have the issue of the boot lv0 check every time you load a game, without a hacked boot POP goes your fuse check again and your Switch at best crashes.
Then ofc you have the key changes with each encrypted game on a new FW which means you have to have hacked that FW to decrypt the game.
Lastly you have the fact that you need to somehow get a FW update decrypted to install, now this might be possible if you have a boot level hack but it again checks your fuses and then POP goes your Switch again.
Is it possible, yes Wii had a boot hack. Nothing on 3DS or Wii U was early enough in the boot though to be relevant. Vita hasn't managed to create an emunand either but it's not a Switch so..
Efuses are a physical hardware related security feature, it's not as simple as just 'hacking' a check you have to completely rewrite the code to remove the check at boot, at update and at game launch otherwise those fuses are either burnt or they're not.
Remember we don't even have a kernel hack yet let alone a boot level hack, and before someone sais we have a bootrom dump well we have a bootrom dump of the Wii U for 4 years and still don't have a hack, we have a kernel dump on Switch but still don't have a hack.
Nobody knows what magic might get the teams around these checks, but unless some team is purely and whole heartedly focussed on Piracy why would they bother, you don't need to hack the boot for homebrew so it's not worth the risk. Is anyone going to bother with such a small fractured user base remaining under 3.0.0.
There will be many many Bricked Switches testing any kind of hacks pertaining to efuses and FW checks, are there even enough Switchs under 3.0.0 to risk.
Who knows.
How long? Years. If ever.
No. You seem to be grossly simplifying how it work. It shows you don't even really have a basic understanding of how the system works.
Very interesting thread, appreciate all the input by tempers who know a lot more about this that I do! I was considering getting another switch on low fw but I don't think I'll bother now. Thanks everyone for saving me some cash!
So, what would the hacking groups need to get "keys" for 301+ games? Another major (their words) security flaw on those firmwares?
I remember the old PS3 days where sony changed the keys (if i remember correctely) but people could pirate them anyway until a cartain "big firmware update" when it stopped (maybe sony got to the hackers).
What an amazing thread, helped me to understand the situation a lot.
Essentialy yes we need another security flaw on a higher version to get the keys for more titles. Nintendo's already changed the keys a few times so far, with 3.0.0 being the last version we have access to keys for the moment.
But point still stands that they are doing everything possible to prevent piracy, so it's really something that shouldn't be hoped for in the matter of months. It could be a few years before we even see some sort of piracy due to the great lengths of measures they've put in.
The Switch eFuses would like to have a word with you.
PS3 had a lv0 hack, which meant everyone had access to the master keys and could decrypt updates then sign and encrypt a CFW based on that update version, as lv0 is boot level, right after the boot loader in fact and before every FW module you could basically do whatever you wanted to everything except the bootloader. You have to remember though that PS3 did not have efuses.
What I don't know is if the efuses are checked even before lv0, maybe at bootloader, god maybe even the bootrom does the check, you'd need the big boys for that level of information.
Regardless though to better understand the hack needed for any type of CFW to bypass the efuses you need, at least, a hack after both Userland and Kernel, essentially:
userland<kernel<lv0<bootloader<bootrom.
^--we are here
we need to be----------^here.
This is why you can't emunand the Switch and then update that, emunand comes after boot and lv0, the fuses don't match.
You need CFW, and for that to run a 3.0.1+ game that needs to be from a decrypted resigned FW and to do that you need the lv0 keys, on a 3.0.1+
You can see how much extra work is needed to even play a 3.0.1+ game, let alone piracy which is another story.
However they wouldn't be called hackers if they followed the rules now would they, and anything could happen.
Woah! @TheCyberQuake you seem really pissed. I do somewhat know how the system works, from a hacker's POV, with encryption and eFuses and crap, but security is always changing and reinventing itself. If the eFuses don't see any files saying how many of them should be burnt, would it still panic? Or would it boot?
Piracy on the switch, hackers probably will find a way. Am I waiting for it? Nintendo has my money $370. I like the idea of not having to pay for games, but it's always better to support the developers.
Oh it would. Each update blow X amount of fuses. That tells the Switch which version it's suppose to be on. Any newer will blow X amount and therefore cannot be backed.
EDIT: Heck if someone would try to install a older firm, it would blow fuses. Then the firmware would see the wrong amout of efuses blown and panic.
Last edited by linuxares,
I wasn't even remotely upset. More just saying those who don't understand should probably read up about the security if they are interested in what will come of the switch.
All systems have different security. What you knew from one system won't usually work for another
Last edited by TheCyberQuake,
Thank you so much for the explanation. I thought we (obiously not me) already were at the bootrom level. They "dumped" it last week (there´s a thread about it) could a hack in the bootrom allow for piracy of games in any firmware?? I asume no, as no one on this thread seems very optimistic about the posibbility of piracy...
Similar threads
- No one is chatting at the moment.
-
-
-
-
-
-
@
BigOnYa:
You ask your questions there, create a new thread if its not already answered, then eventually a 3ds genius will respond. -
-
-
@
BigOnYa:
@K3Nv2 I got some cheapies at wallys, that are pretty good, already have lost a few expensive ones (one falls out and gone, can't find) while cutting grass so bought some cheap ones, and of course never lose these cheap ones. (Cheap meaning only $35, compared to air buds which I only have 1 of 2 now)
-
-
-
-
-
@
BigOnYa:
You would think, esp using bluetooth, not GPS, like a "your getting hot-er" meter on your phone.
-
@
BigOnYa:
I think they should tie up diddy, and let all the victims come and abuse him, we'll make a holiday of it every year. (jk, maybe)
-
-
-
-
-
-
-
-
-
-
@
Veho:
Click on your profile pic in the top right corner, and you'll get the profile menu popup, with the profile icon highlighted at the top, and the "bookmarks" banner next to it in gray. Click on that icon and you'll get a list of your bookmarks.+2
