Hacking Discussion Coldboot and you: Learning to love the tether

[kumikochan]

I know I am not spreading misinformation.
And that's still not answering my question, why do you think RCM does not count as warmboot?

I did not say it is but the way you said it made it seem like RCM is equal to warmboot that users below 4.0.1 will get wich is not

 

[GBA rocks]

Kubas_inko your “might” could prove pretty misleading if the chance is 0.000001%.

The useful message is: stay on 4.1 if you hope in a softwarehax with user interaction at every boot and don’t get your hopes up for a real persistent coldboot.

 

[Kubas_inko]

Kubas_inko your “might” could prove pretty misleading if the chance is 0.000001%.

The useful message is: stay on 4.1 if you hope in a softwarehax with user interaction at every boot and don’t get your hopes up for a real persistent coldboot.

I gave you guys image of what sciresm said on discord. My "might" means "might" which means nobody knows. So no misinformation here again.

--------------------- MERGED ---------------------------

I did not say it is but the way you said it made it seem like RCM is equal to warmboot that users below 4.0.1 will get wich is not

That's not how I wanted it to sound. I just meant that RCM is warmboot and not coldboot as OP said.

 

[kumikochan]

I gave you guys image of what sciresm said on discord. My "might" means "might" which means nobody knows. So no misinformation here again.

No he said a coldboot might come but the warmboot will happen on release for users below 4.0.1. You should read that tweet again because that is what it says

 

[Kubas_inko]

No he said a coldboot might come but the warmboot will happen on release for users below 4.0.1. You should read that tweet again because that is what it says

And you should read my messages. I am TALKING ABOUT OP HERE, not SciresM.
What OP wrote is wrong.

and that's what I was answering the whole time. FG = RCM is not coldboot but warmboot.

And about the tweet: once again, might = might, so no misinformation here... again

 

[YamiZee]

why cant the fusee exploit be used to bypass the need for an exploit to get coldboot like it was suggested that low firmwares could (possibly in the future). doesnt it allow us to run whatever we want?

 

[Maximilious]

why cant the fusee exploit be used to bypass the need for an exploit to get coldboot like it was suggested that low firmwares could (possibly in the future). doesnt it allow us to run whatever we want?

Because FG (RCM) requires a payload to be sent to it right now. I'm not sure on specifics but it may also be too high in the boot chain to do anything with the file system/eMMC chip since it is a CPU vulnerability. Down the road someone may be able to make a BootMii variant payload from the Wii days, but it's too early for that. It may also not be possible, I'm honestly not sure.

 

[mnemonicpunk]

Since there still seems to be confusion about this: FG is considered a coldboot exploit, because it bypasses the actual bootrom and process of the Switch. It can not, however, alter it. Without injecting a payload from a tethered device it can not function.

Why? Because when you turn your Switch on, the first thing that runs is the bootrom, which calculates a hash of the firmware and compares it to the value it derives from the public key stored in the fuses of the Tegra. Both the bootrom and the pubic key can not be altered (they are burnt into the hardware and can not be written to) and if the firmware is not properly signed it will simply refuse to boot.

So why can Nintendo update the firmware? They have the private key, a solution to a very complicated mathematical calculation that allows them to sign the firmware as authentic. If you know the public key that corresponds to it, you can verify "Aha, it was indeed Nintendo, the owner of the private key who signed this firmware.". Trying to find out this key is considered more or less impossible, since finding it by brute force will take longer than the time the universe will still exist.