Team-Xecuter revealed in a teaser a method to bypass all Switch security in a manner that they claim will never be patched by Nintendo and is compatible with every firmware available!

In the video, they show a custom boot image and have publicly posted the Stage2 Bootloader key (package 1.1) which has been confirmed to be legit as proof of their pwnage over the device.

This solution will work on ANY Nintendo Switch console regardless of the currently installed firmware, and will be completely future proof. This is *the* solution for opening up CFW (Custom FirmWare) on the Nintendo Switch. We want to move the community forward and provide a persistent, stable and fast method of running your own code and custom firmware patches on Nintendo's latest flagship product. And we think we've succeeded!

Below you can find a quick video showcasing a Nintendo Switch booting up, but there s something funny going on, can you spot it?

This is expected to be a DRM/paid "device", speculated to be a tx1 glitch style modchip that will enable CFW and full access to the system, which unfortunately(?) includes piracy.

A T-X forum admin expects release around Spring of 2018

Source

 

[Burai-ha]

2020: people complain about Nintendo releasing all their games on mobile phone and wonder why they won't make a new console anymore.

2018: People still whine about the effect piracy never had on sales.

 

[Arck]

It wouldnt be hard to change it out yourself lol

only if they don't protect their work.

2020: people complain about Nintendo releasing all their games on mobile phone and wonder why they won't make a new console anymore.

mobile phone game, meh

 

[Ethan34]

i have the question for the technic boys/ hackers:
in the ccc34 hacking conference, the pluto and derrek mentionned an `bootrom update chip` or something that update the bootroms, which is normally what allows us to have permanant exploits (like on the 3ds). could this be used to update the bootromz on switch (with fw updates?) so the executive exploit is useless?

 

[Zonark]

I’m pretty sure they said this same thing about the Wii U but didn’t ever release anything

 

[YuseiFD]

>Exploit
>Will never be patched
>Works on every firmware and Nintendo Switch

What ? impossible, softmods are always patchable !

>is hardmode
WELL NO SHIT SHERLOCK ! -_-

 

[cearp]

people have to realize that we can't always have a software option, and software options are not always better than hardware.
for example, you cannot have a playstation 1 ode without a hardware device (http://ps-io.com/) - it's just not possible to do that sort of thing in software.
good luck playing backups properly on a gc without buying anything at all (a modchip, or the special memory card sd thing)

so, although the switch can be hacked as we have seen (qlutoo etc), having a hardware based hack is different, and can allow for different things.
i'm not sure why people say this is drm based.
i wouldn't say modchips are drm based, the only time that i know of where drm was pretty close to piracy was the trueblue dongle for ps3, where they resigned previously unplayable eboots and they only worked with their dongle. (right?)

for wii and psp, they both had modchips, and later became virtually junk and software hacks became easier and better, and of course free.
but, for wii and psp it became a while until the free hacks were perfect.
for 3ds, it was years until we got true fw-independant hacks that will work 'all the time every time'.
for switch, because of stuff like the efuses and what not, it might not be possible to have a software based ultimate hack that works on every firmware.
i was happy to buy my gateways, at the time it was the only option to play backups, and so of course i don't regret it.
and if i have to spend $100 to buy a modchip that lets me play my backups, on the latest fw, i think that's a good deal and i'm happy to pay!

i'm just dreading the installation!

--------------------- MERGED ---------------------------

>Exploit
>Will never be patched
>Works on every firmware and Nintendo Switch

What ? impossible, softmods are always patchable !

>is hardmode
WELL NO SHIT SHERLOCK ! -_-

odes on ps3 became unusable/highly annoying due to firmware updates

--------------------- MERGED ---------------------------

Could they patch this with a hardware revision? It obviously won’t stop older consoles from doing it.

of course it's a little like if someone copied your front door key.
you can just change the lock on your door.
nintendo will be able to see how this modchip is working, and work around it by changing their hardware.
they did stuff like that for wii.

 

[FAST6191]

What ? impossible, softmods are always patchable !

Not really. Get it high enough up the boot chain or via a high privilege area (typically debug or failure analysis options but certainly not limited to those) you can not easily reach out and touch via updates, or indeed have your signing keys leak/be rendered useless, and you can have a software launched exploit you can not solve without a hardware revision.

The object of secure systems design is to prevent such things, and there are certainly things you can do to shift it back to the hardware boys and make things to frustrate those seeking such an attack, but it is not like a system someone aimed to have secure has never failed before.

 

[Ethan34]

people have to realize that we can't always have a software option, and software options are not always better than hardware.
for example, you cannot have a playstation 1 ode without a hardware device (http://ps-io.com/) - it's just not possible to do that sort of thing in software.
good luck playing backups properly on a gc without buying anything at all (a modchip, or the special memory card sd thing)

so, although the switch can be hacked as we have seen (qlutoo etc), having a hardware based hack is different, and can allow for different things.
i'm not sure why people say this is drm based.
i wouldn't say modchips are drm based, the only time that i know of where drm was pretty close to piracy was the trueblue dongle for ps3, where they resigned previously unplayable eboots and they only worked with their dongle. (right?)

for wii and psp, they both had modchips, and later became virtually junk and software hacks became easier and better, and of course free.
but, for wii and psp it became a while until the free hacks were perfect.
for 3ds, it was years until we got true fw-independant hacks that will work 'all the time every time'.
for switch, because of stuff like the efuses and what not, it might not be possible to have a software based ultimate hack that works on every firmware.
i was happy to buy my gateways, at the time it was the only option to play backups, and so of course i don't regret it.
and if i have to spend $100 to buy a modchip that lets me play my backups, on the latest fw, i think that's a good deal and i'm happy to pay!

i'm just dreading the installation!

is little different for older consoles... older consoles, of course, had less of exploitation surface because use cannot simply input things of his own. eg with ps1 user can just pop disc and play, nothing else, which is why the hardmods is needed. gamecube? same thing. no browser, no way of injecting outside code without hardware extra, which is 100% normal.
now look at the wii. since we had the extra things user could modify and use (sd cards, channels, internet browser), increased the possibilities of exploits a LOT. same for the DS and 3ds: the first can barely connect to internet, so of course a hardware product is needed. 3ds however? can read files from sd, can miiverse and has a webkit browser, custom themes, etc. so much things and possibilities....
same with the switch. these days, softwares is simply nicer to exploit because much less costs and user is less scared of clicking on link than soldering a chip to his console. do you see what i mean fish sir?
and about fuses... about that, apparently, the bootloader check for fuses accotding to switchbrew; using the keys from nintendo inc. we could sign our own bootloader and remove fuse checking code from it (and incorporate grub or some neat option for dual booting D) and bye little fuses! and then we could use it on all the firmwares!!

--------------------- MERGED ---------------------------

>Exploit
>Will never be patched
>Works on every firmware and Nintendo Switch

What ? impossible, softmods are always patchable !

>is hardmode
WELL NO SHIT SHERLOCK ! -_-

not necessarily mr yusei... b9s has the key sign exploit from 3ds bootroms, which makes it impossible for nintendo to patch, since bootroms is impossible to rewrite (hence the "roms" in name ), yet you can install it purely with softwares.

 

[8BitWonder]

2020: people complain about Nintendo releasing all their games on mobile phone and wonder why they won't make a new console anymore.

Phones are hacked and modded much more frequently than consoles are. What's your point?

In regards to the topic; this seems really neat! This gives me a reason to learn how to properly solder, though I'd be lying if I said I wasn't hoping it's a solderless chip.

 

[Ethan34]

Phones are hacked and modded much more frequently than consoles are. What's your point?

In regards to the topic; this seems really neat! This gives me a reason to learn how to properly solder, though I'd be lying if I said I wasn't hoping it's a solderless chip.

maybe it will even be a dock exploit? like using a custom pcb inside custom dock to transfer some bootroms execution instruction with usb poweron, like seen on modern computers with intel management engine and amd psp

 

[Skeet1983]

Hi guys. My Switch is on 4.1 and I have been holding out hope for hacking/exploits. Now that this has been announced, I am really excited, but also worried/concerned. If it is a Hardmod/Mod Chip, I have no idea how to install one as I have absolutely no soldering experience, let alone a Soldering Iron... Should I be worried? Thoughts and help greatly appreciated

 

[Kioku]

Hi guys. My Switch is on 4.1 and I have been holding out hope for hacking/exploits. Now that this has been announced, I am really excited, but also worried/concerned. If it is a Hardmod/Mod Chip, I have no idea how to install one as I have absolutely no soldering experience, let alone a Soldering Iron... Should I be worried? Thoughts and help greatly appreciated

There will be services to install if it's a modchip.

 

[Ethan34]

Hi guys. My Switch is on 4.1 and I have been holding out hope for hacking/exploits. Now that this has been announced, I am really excited, but also worried/concerned. If it is a Hardmod/Mod Chip, I have no idea how to install one as I have absolutely no soldering experience, let alone a Soldering Iron... Should I be worried? Thoughts and help greatly appreciated

you can either learn to do the soldering; isn't THAT hard with practicing. After a few weeks you should be very confident in your skills. Or you could hire a professional soldering ironer (the price depends on region and taxes) to do the job for you. but no NOT attemp to glue the wires to replace solder as it could result in permanent damage to your switch and its battery/cpu, and glue is not solder so it wouldnt work at all.

 

[skydancer93]

It’s not possible to “pwn” a device forever...
In the worst case there will be new revision of the console that will have a different bootloader and the modchip won’t work on those models

New Nintendo 2DS XL says Hi....

 

[Ethan34]

New Nintendo 2DS XL says Hi....

actually it isnt just new 2ds but every 3ds family console in existence

 

[skydancer93]

actually it isnt just new 2ds but every 3ds family console in existence

I know that, but my point was that the New Nintendo 2DS XL was hackable before it even came out, so if it's an exploit like that, no new Switch model is going to be able to close that hole.

 

[Ethan34]

I know that, but my point was that the New Nintendo 2DS XL was hackable before it even came out, so if it's an exploit like that, no new Switch model is going to be able to close that hole.

actually, it can. if nintendo releases a new switch models with updated bootroms (or the thing the executor team is using) then it would be patched for good. Just as they did with newer wiis, and as they could have done with new2dsxl if b9s had been released sooner.

 

[linuxares]

Well if it's a modchip of somekind, I guess I need to bug @gamesquest1 about a service (Can I call dibs?)

 

[Athlon-pv]

actually, it can. if nintendo releases a new switch models with updated bootroms (or the thing the executor team is using) then it would be patched for good. Just as they did with newer wiis, and as they could have done with new2dsxl if b9s had been released sooner.

This is where you start assuming things if it comes to redesigning hardware you might as well assume that there are more backdoors in hardware to exploit and in the new patched hardware design might end up with more exploits ...

 

[Ethan34]

This is where you start assuming things if it comes to redesigning hardware you might as well assume that there are more backdoors in hardware to exploit and in the new patched hardware design might end up with more exploits ...

???????????? what do you mean?
just saying if the vulnerability is fixed in new revision then newer firmwares might not be exploitable. Again look at the wii, the very early models all had the boot rsa signature flaw which allowed them to have something simillar to b9s on 3ds, yet newer hardware revisions cant have that because has been fixed...

--------------------- MERGED ---------------------------

and also why are you talking about backdoors? do you even know what a backdoor is?