Hacking Could you make custom zelda launch links?

[PotatisKnug]

So, there's these "tips from the wild" things on the switch homescreen which has a button you press. If you do, it launches the game and puts items infront of you. Could you perhaps mod the link and launch it from the built in browser to achieve the same effect with like the hylian shield for example? But copying the link so that it's visible may prove difficult...

Maybe an os dump or watching dns traffic?

 

[PatrickJr]

I was thinking the same some time ago but I did not how to word it correctly so never made a post.

 

[PotatisKnug]

I was thinking the same some time ago but I did not how to word it correctly so never made a post.

Glad i did. I've thought about it too for sometime.

 

[BvanBart]

That would indeed be awesome . We would need the following:

1. Know how the news channel is filled
2. Filter the news channel for Zelda only (is something you can do on the Switch, so no hacking required)
3. See if there is a signing or some protection on the message to the Switch

If we have some packets then we can open them and try to figure out were the packets are going.

 

[PotatisKnug]

That would indeed be awesome . We would need the following:

1. Know how the news channel is filled
2. Filter the news channel for Zelda only (is something you can do on the Switch, so no hacking required)
3. See if there is a signing or some protection on the message to the Switch

If we have some packets then we can open them and try to figure out were the packets are going.

I have the feeling that is like 1. Launch game 2. wait for save to be loaded successfully 3. Spawn item X

 

[BvanBart]

There is a check indeed. When you do not have a save game with the Flight patch you cannot use it.

 

[PotatisKnug]

There is a check indeed. When you do not have a save game with the Flight patch you cannot use it.

Flight patch? Do you mean the paraglider??

 

[jt_1258]

perhaps a check for an update

 

[PotatisKnug]

perhaps a check for an update

What do you mean?

 

[_______]

I think those were just URL schemes that was wrote within the game. Once we figure out what the link is and we might know. If its a bit complicate and got to do with some reverse engineering, we'd need to reverse the game to achieve that.

But wouldn't that be easier if we can just backup and edit the save? I wish they could add an example script about FS stuff.

 

[aykay55]

WAY too complicated to figure out. And if we did figure out how it worked, then a dev with enough time (no one) would have to insert the code into X website, redirect with DNS, test, test, and test, and test again to ensure functionality. Not likely. However, figuring it out would open the door to new homebrew exploits, with the ability to inject code into a game when launching. Keep dreaming but we won't see that until at least March 2018.

 

[PotatisKnug]

WAY too complicated to figure out. And if we did figure out how it worked, then a dev with enough time (no one) would have to insert the code into X website, redirect with DNS, test, test, and test, and test again to ensure functionality. Not likely. However, figuring it out would open the door to new homebrew exploits, with the ability to inject code into a game when launching. Keep dreaming but we won't see that until at least March 2018.

 

[blinkzane]

Probably similar to using pegaswitch to trick the time in the switch and launch nes golf. Just gotta find the parameters and what the item keys are. I say that like it's easy but it's an idea.

 

[aykay55]

Disclaimer: Take this info without warrant. I only know what I know and in a post this long there are bound to be mistakes.

If you wanna help start dumping URL Packets using Wireshark on your PC/Mac. Capture the packets going to the Nintendo Switch when you open News. Then keep them safe until we figure out what to do with them. If you have some OpenDNS experience, then go ahead and redirect the urls to your own site, then create some form of news article according to how the Switch does it. Then see if it works! After we test it works, then we'll have to find out what exact system allows the software to open with some kind of 'cookie' affecting the game. Then we can figure out how to make it work using our own custom code. If you're not aware Wii U browserhax worked by crashing the Wii U, injecting code into the Mii Maker app, and opening the Mii Maker, making the Wii U forget the browser was open. Similarly, the Swtch will have to crash the browser, inject the code, and open the Breath of the Wild game which, though it sounds like a home run, may not work.

You see, the Wii U could hack Mii Maker because there were 2 ways of opening it: Using the System Menu to load the normal app, or the button in the NNID menu which would let you change your User Mii, also using the 'cookie' system to open a secret part of the app. The Switch also has 2 ways of opening Breath of the Wild: The System Menu and the News section. It seems we can run the code similarly in the browser after an exploit is done. We may even gain access to the Kernel using the browser, meaning CFW and custom apps and piracy.

Hope this answers your question and makes you understand how much the devs actually do for you guys, for no pay!

 

[SciresM]

So, there's these "tips from the wild" things on the switch homescreen which has a button you press. If you do, it launches the game and puts items infront of you. Could you perhaps mod the link and launch it from the built in browser to achieve the same effect with like the hylian shield for example? But copying the link so that it's visible may prove difficult...

Maybe an os dump or watching dns traffic?

Those news links spawn a BotW process and pass arguments describing what to give to the player. If you could modify the arguments that get pssed, there's no reason you couldn't give other shit.

Problem: The items given are stored inside the news archives which are stored inside the BCAT system savefile because news is downloaded as bcat containers.

bcat containers are both encrypted, and signed.

You could edit the news archives in the news system save with hax, I guess, but at that point you may as well just edit the BotW savegame?

You're not gonna be spoofing those any time soon, or probably ever. There still aren't really BOSS spoofing tools yet, which is the old bcat equivalent.

 

[Dann_]

The game is probably opened with some magic launch options which spawn your items. If someone could look into the news channel's pages (I believe we have the certs to decrypt them on <3.0) or code (idk if its dumped yet) then we could probably figure out the launch commands and since we can just get any service with pegaswitch we can get the service which launches apps and launch it as far as I can see.

 

[_______]

Those news links spawn a BotW process and pass arguments describing what to give to the player. If you could modify the arguments that get pssed, there's no reason you couldn't give other shit.

Problem: The items given are stored inside the news archives which are stored inside the BCAT system savefile because news is downloaded as bcat containers.

bcat containers are both encrypted, and signed.

You could edit the news archives in the news system save with hax, I guess, but at that point you may as well just edit the BotW savegame?

You're not gonna be spoofing those any time soon, or probably ever. There still aren't really BOSS spoofing tools yet, which is the old bcat equivalent.

Are we able to dump/live editing saves with those FS related service yet if I may asked? I looked around the APIs documented and found some regarding this matter but not really clear.