Hacking Huge exploit found on firmware 3.0.0: smhax

[PoppaDre]

might update my 1.0.0 to 2.3 or whatever splatoon is so I can use some cool features and updates

 

[macia10]

I'm just waiting for the ability to backup my zelda saves that's all that I need ^^

Sent from my SM-G920F using Tapatalk

 

[Deleted User]

rips that do not require 3.0.1 to run will work
online wont work on 3.0.0 FW
DLC on/past 3.0.1 that require a update will not work

info will be release soon that will be more in depth but for now wait for a release to come.

i think he knows more than much more of us

 

[smf]

But with the switch's efuses we won't get the luxury of being able to hardmod downgrade

We'll only know for sure if there are no exploits found. Some of the xbox 360 fuse protection were able to be bypassed if you had the cpu key for example.

 

[Killaclown]

Didn't some of the hackers say that homebrew isn't happening? Atleast it was some shortlived hype, hope too many people didn't buy switches on pre 3.0.1 expecting the rumors to come true.

 

[DocAmes1980]

Didn't some of the hackers say that homebrew isn't happening? Atleast it was some shortlived hype, hope too many people didn't buy switches on pre 3.0.1 expecting the rumors to come true.

Did you update to 3.0.1? You sound salty. Homebrew is coming. Why wouldn't it?

 

[Killaclown]

Did you update to 3.0.1? You sound salty. Homebrew is coming. Why wouldn't it?

I realise it might have sounded a little salty when I read over it. Moreso because I thought the hype was more or less dead. Still on 3.0.0 hoping for the best.

 

[DocAmes1980]

I realise it might have sounded a little salty when I read over it. Moreso because I thought the hype was more or less dead. Still on 3.0.0 hoping for the best.

OK, I see. I just asked because there quite a few users who are trying to pretend that they are glad they updated to 3.0.1 or that they don't really care.

I'm optimistic. They (haX0rs) just reversed engineered the Switch's parental lock master key generation code. Excited to see more progress and hopefully get some PoC even if it's just a "Hello World."

 

[gameboy]

Can anyone confirm what firmware comes on the Mario+Rabbits Kingdom Battle game? i read that some walmarts are already selling them.

 

[TotalInsanity4]

Honestly the reason I'm ok with updating is because this sounds a LOT like Wii U 3.1.0 and 3DS 4.5. The homebrew community has a history of making it happen, so long as there's interested developers

 

[Killaclown]

OK, I see. I just asked because there quite a few users who are trying to pretend that they are glad they updated to 3.0.1 or that they don't really care.

I'm optimistic. They (haX0rs) just reversed engineered the Switch's parental lock master key generation code. Excited to see more progress and hopefully get some PoC even if it's just a "Hello World."

Awesome, nice to see progress being made. Doesn't really hurt all that much to wait a while either. Already bought all the games I want and play them offline when I have a moment to spare. Hopefully the homebrew scene can really flourish, given time.

 

[ARVI80]

@smealum @SciresM
Looking at this for the first time today what I can tell is that theoretically, given I have seen no proof, if the "initialize" handle is removed from the sm session then a bunch of backdoors are available. Can someone else concure or am I missing something?

 

[Deleted User]

OK, I see. I just asked because there quite a few users who are trying to pretend that they are glad they updated to 3.0.1 or that they don't really care.

I'm optimistic. They (haX0rs) just reversed engineered the Switch's parental lock master key generation code. Excited to see more progress and hopefully get some PoC even if it's just a "Hello World."

last night i went to switchdev on irc they told me we wont be able to build any hello world without open sdk and if somebody wants to use the exploit just check the wiki ofc its nothing easy for somebody without knowledge , and another person was saying sdk wont be needed idk why

--------------------- MERGED ---------------------------

Looking at this for the first time today what I can tell is that theoretically, given I have seen no proof, if the "initialize" handle is removed from the sm session then a bunch of backdoors are available. Can someone else concure or am I missing something?

if i did understand right they was able to generate a kind of master key which allowed them to run every single service they wanted on 3.0 with full root rights

 

[MrJason005]

lif i did understand right they was able to generate a kind of master key which allowed them to run every single service they wanted on 3.0 with full root rights

Oh yeah switch has freebsd, completely forgot about that

 

[Deleted User]

Oh yeah switch has freebsd, completely forgot about that

indeed you are right its like an modified version of the 3ds but based on free bsd like PS4

--------------------- MERGED ---------------------------

idk if that could work but maybe the same patches which works for the ps4 could work on the switch

 

[ARVI80]

if i did understand right they was able to generate a kind of master key which allowed them to run every single service they wanted on 3.0 with full root rights

But removing the initailize handles completely would invalidate the need of any such key, full permission would be granted regardless leaving backdoors to exploit everywhere?

 

[Kilim]

just got a switch!! on ver 1.0.0, do you guys think it's safe to stay on this one or should i go cart hunting to get to 2.0.0+ for more features?

i wont be using the thing until an exploit or HB entrypoint is around so im not too worried

 

[insidexdeath]

just got a switch!! on ver 1.0.0, do you guys think it's safe to stay on this one or should i go cart hunting to get to 2.0.0+ for more features?

i wont be using the thing until an exploit or HB entrypoint is around so im not too worried

Makes no difference. The exploit works on 3.0.0 and below.

 

[the_randomizer]

Makes no difference. The exploit works on 3.0.0 and below.

I don't see that changing.

 

[Deleted User]

But removing the initailize handles completely would invalidate the need of any such key, full permission would be granted regardless leaving backdoors to exploit everywhere?

well good question idk if its so easy to remove the initailize because why they would try to get the trust zone key ?

--------------------- MERGED ---------------------------

but wait if the switch is running on an free bsd kernel is there any chance to run ssh?