Hacking fail0verflow releases coldboot exploit proof of concept

[BvanBart]

I think a lot of people in this thread are forgetting that like any team of developers, fail0verflow owes us nothing. We're not entitled to a release of any of their, or any other team's work. Everything we have at this point have been gifts.

While a PoC is surely not as fun as a public release, it still shows what can be done on the system.

You are correct! They can do as they please .

 

[AkitoUF]

I'm sorry for my ignorance but what does exactly "cold-boot" means and why would this mean a problem for Team-Xecuter? As far as I know we know nothing of how Xecuter will release their stuff.

 

[yardie]

I'm sorry for my ignorance but what does exactly "cold-boot" means and why would this mean a problem for Team-Xecuter? As far as I know we know nothing of how Xecuter will release their stuff.

Cold boot means booting from a power off state.
You could have googled it and found out in 2 seconds tho.

And it's not a prob for TX because they won't release it

 

[weatMod]

Cold boot means booting from a power off state.
You could have googled it and found out in 2 seconds tho.

And it's not a prob for TX because they won't release it

but it's EL2 , hypervisor , can we even do everything from there?
or do we need kernel ? maybe TX has a better solution anyways

 

[m_babble]

Well, I'm paying attention.

 

[V-Temp]

but it's EL2 , hypervisor , can we even do everything from there?
or do we need kernel ? maybe TX has a better solution anyways

Switch does not have EL2, its not enabled in the system. Switch has EL0, EL1, and EL3. (You can find more on the Exception Levels here: http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.ddi0488d/CHDHJIJG.html)

It is, however, unlikely that they have all of this execution without also having control of EL3 but we won't know till we see later on... (same applies to TX). Or we may never see. Who knows.

What we do know is that they are pointing us (and everyone watching, including Nintendo) at the ARMv4T, the power controller, for the Switch and code execution from that core.

 

[Kioku]

Well, I'm paying attention.

If you were smart you'd ignore it.

 

[weatMod]

Switch does not have EL2, its not enabled in the system. Switch has EL0, EL1, and EL3. (You can find more on the Exception Levels here: http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.ddi0488d/CHDHJIJG.html)

It is, however, unlikely that they have all of this execution without also having control of EL3 but we won't know till we see later on... (same applies to TX). Or we may never see. Who knows.

What we do know is that they are pointing us at the ARMv4T, the power controller, for the Switch and code execution from that core.

but then why did F0 name the exploit shofEL2 ?
also what is shof i wonder
if EL 2 is hypervisor on the switch then would that allow a cold boot ,i thought EL1 kernel would be needed for something like that

 

[V-Temp]

but then why did F0 name the exploit shofEL2 ?
also what is shof i wonder
if EL 2 is hypervisor on the switch then would that allow a cold boot ,i thought EL1 kernel would be needed for something like that

I think they were just making a joke (pun/play on a name), the important data isn't in a non-existent hypervisor (unless they built one...) but that they were using the ARMv4T, the power chip, seemingly either as their attack point or their run-point, or both.

They spelled out the boot flaw, at least one, for the world to see.

 

[dAVID_]

I just can't wait for all the "I bricked blu screen switch dont work halp" threads.
We are really going to need another help thread like the 3ds one. It is very exciting to see the scene in progress...

 

[Slimmmmmm]

It will be released when it's ready

 

[yardie]

It will be released when it's ready

it wont be released

 

[Newwaverap]

They won't release it, it'll be the same as the Wii U. This was to challenge themselves and to prove that it was possible.

Yeah Fail0verflow won't release anything. I'm sure Nintendo is already reaching out to these companies offering some sort of "hush money". There is NO coincidence that the WiiU was completely hacked around the exact time the Switch was coming to retailer shelves. Nintendo probably stopped feeding these guys or the agreement expired. Fail0verflow doesn't owe us anything and for that matter, none of these companies owe us anything but because the Switch is the hottest system out there and the fact that multiple companies are working on exploit/hacks I think something is coming. My money is on Team Xecuter based on reputation and history.

 

[Kioku]

Yeah Fail0verflow won't release anything. I'm sure Nintendo is already reaching out to these companies offering some sort of "hush money". There is NO coincidence that the WiiU was completely hacked around the exact time the Switch was coming to retailer shelves. Nintendo probably stopped feeding these guys or the agreement expired. Fail0verflow doesn't owe us anything and for that matter, none of these companies owe us anything but because the Switch is the hottest system out there and the fact that multiple companies are working on exploit/hacks I think something is coming. My money is on Team Xecuter based on reputation and history.

Lolwat


Nintendo is paying independent hackers to keep their work quiet? Uhhhhhhh.. Dafuq?

 

[Newwaverap]

Lolwat


Nintendo is paying independent hackers to keep their work quiet? Uhhhhhhh.. Dafuq?

So you're telling me that an independent hacker group or indivisual who got no money other than donations and their 9-5's wouldn't take a check for staying quiet? Rather than release their findings to get nothing but "recognition" they'll accept a couple of grand from Ninty to keep their findings limited to youtube concept videos. What else would fail0verflow gain from releasing something as valuable as a hack other than 15 minutes of fame? Keep an open mind sir.

 

[Kioku]

So you're telling me that an independent hacker group or indivisual who got no money other than donations and their 9-5's wouldn't take a check for staying quiet? Rather than release their findings to get nothing but "recognition" they'll accept a couple of grand from Ninty to keep their findings limited to youtube concept videos. What else would fail0verflow gain from releasing something as valuable as a hack other than 15 minutes of fame? Keep an open mind sir.

I think you're feeding into conspiracies in the weirdest ways.

 

[chrisrlink]

but the wii u never had any commercial back up enabling products ever released for it, no chip and no ODE
the ps3 had the OG JB dongle which was short lived and probably motivated them to release some of their work for it
they say " to all switch hax0rs" and "interesting times ahead"
they know Xecuter has something in the works , maybe sky3ds team also , they know backups are already inevitable
they will release something eve if it is through back channels

though highly unlikely FoF may relese their findings to prevent XE and sky from making money off piracy (if the exploit FoF has and is software/unpatchable once installed) it would be much more cost effective and less risky than installing a mod chip if i think what it is nintendo can patch the entry point on later firmware just not the exploit itself like 360's JTAG

 

[Minox]

So is this something they're actually going to release or is it just a teaser aimed at making Team Xecuter's modchip look worse?

 

[Kioku]

So is this something they're actually going to release or is it just a teaser aimed at making Team Xecuter's modchip look worse?

Why not both? Afaik there's been mention of this being stuck 3.0.0 and below. Whereas TX is advertising any firmware.

 

[Minox]

Why not both? Afaik there's been mention of this being stuck 3.0.0 and below. Whereas TX is advertising any firmware.

That's not quite an answer to my question though, I'm interested in knowing if there are plans to release this or not. Otherwise it really just looks like a timed attack at making their opponents look worse.