Hacking jamais vu - a 1.0.0 TrustZone code execution exploit for the Nintendo Switch

[Waze0613]

It's always been like that. Not everyone codes the same. Not everyone has the same hacking goals. Plutoo and co dont really care for much else other than Homebrew. SciresM wants to crack open the switch. The latter has always said to stay on the lowest firmware possible (for obvious reasons) while the former suggested to update to 3.0 asap unless you were on 1.0.

Of course 1.0 has something the others don't - a different entryway that has been patched on later releases. Other than that it's identical (as far as I know) to the rest.

Thus SciresM is planning to release code for 1.0.0 but not (yet ?) for upper firmwares ?
Otherwise why advising people to stay on 1.0.0 ?

 

[Deleted-355425]

Thus SciresM is planning to release code for 1.0.0 but not (yet ?) for upper firmwares ?
Otherwise why advising people to stay on 1.0.0 ?

Lower is always better.

 

[Sephirosu]

Thus SciresM is planning to release code for 1.0.0 but not (yet ?) for upper firmwares ?
Otherwise why advising people to stay on 1.0.0 ?

Exactly, not yet because of what Mech said a post ago. Earlier versions will get it first. Later versions will get it later specially because a vulnerability thats used for versions higher than 1.0 hasn't been patched on newer versions.

Unless you want to wait longer for 2.0's version, like me, or even longer for say 3.0.2 which is the latest known exploitable version why would you want to update?

 

[Waze0613]

Exactly, not yet because of what Mech said a post ago. Earlier versions will get it first. Later versions will get it later specially because a vulnerability thats used for versions higher than 1.0 hasn't been patched on newer versions.

Unless you want to wait longer for 2.0's version, like me, or even longer for say 3.0.2 which is the latest known exploitable version why would you want to update?

Ok, got it, thanks.

 

[FliP0x]

SciresM just answered in another post that the exploit that allows TrustZone execution in 3.x is still present in 4.x, but cannot be triggered (yet). This should also make it clear for some why lower firmwares will get releases sooner. Just because they are hacked, it doesn't mean the hacks and exploits are consumer friendly yet.

 

[Waze0613]

Besides, SciresM said that he will release stuff only once CFW is out.
Does it mean that he's waiting for Xecuter CFW ? Is anyone else working on a CFW currently ?

 

[FliP0x]

Besides, SciresM said that he will release stuff only once CFW is out.
Does it mean that he's waiting for Xecuter CFW ? Is anyone else working on a CFW currently ?

SciresM himself is working on a CFW.

Source

 

[Rauliki]

According to "up to 4.x exploitable, but lower firmware is better" thread (sorry I can't insert the link apparently) :

1.0.0 is the only firmware permitting an emuNAND/CFW setup.
It would be a shame to give up future exploit support on this firmware in my opinion.

If you read what the guy I commented wrote, he meant to upgrade to 2.3 or 3.0 after CFW for this firmware versions were available.

 

[tivu100]

False.

It's been said time and time again (people even want to sticky it but apparently that's not possible for whatever reason) that up to 3.0.2 you can set up emuNAND/CFW because sciresM has access to the switch's trustzone from 1 up to 3.x.

I am confused? Was SciresM not saying 4.x still hae the same trustzone vulnerability, which is the the core of CFW? The problem with 4.x is the access to trustzone is complicated in laymen's term, right?

 

[Sephirosu]

The entry point was patched. 4.x still Hass the same vulnerability yes but you can't use it if you can't access it. The Memory control module was patched iirc