Hacking Nintendo Switch bootrom dumped.

[Xathya]

this is quit the spectacular news!
now i can have the hombebrew sooners thank temp!.

 

[DocAmes1980]

There's a new custom shell for the left joycon that gives it a proper dpad instead of buttons

Do you have a link, sir? I did a search but I can't find a d-pad shell for sale. I see people have modded their own though.

 

[Xenon Hacks]

I just realized that PPSSPP might be a thing at some point

 

[V-Temp]

Nintendo consoles dating all the way back to the NES with the lockout chip have always been the red headed stepchild to hackers/modders/exploiters. Always being the target of a good flogging. And I think it may have something to do with Nintendo's philosophy. You play by our rules, do as we say, and maybe, just maybe, you'll turn a profit. People started making NES cartridges that bypassed the lockout chip, because Nintendo wasn't playing nice with their licensing program. At least that's how it started out. Now, I have no idea.

Either way, it's funny that Nintendo has taken this long to tackle security for their consoles in a serious manner. Now...if only they put that much effort into their online services...

The Yamauchi Era of Nintendo was a few steps short of the Yakuza. But at that time they also single-handedly saved the western market, so you can definitely see how they thought they had all the power and all the chips on the table. This was shattered by SEGA and later Sony entering the scenes.

But with Yamauchi's passing on the leadership and Iwata's tenure before his passing (though Iwata has most assuredly redefined the nature of Nintendo), they shifted away from the Yakuza and went more to being... My Neighbor Totoro. They never focused on online and, because of it, their security lagged because for a long time their consoles were isolated boxes (with some really dumb security holes like with the GC/Wii and DS). They started to catch up somewhat with the 3DS/WiiU but there were still major flaws therein.

NERD, nowadays, are some top-class engineers though.

--------------------- MERGED ---------------------------

Do you have a link, sir? I did a search but I can't find a d-pad shell for sale. I see people have modded their own though.

Here: https://www.amazon.com/BASSTOP-Portable-Replacement-Controller-Electronics/dp/B076C97N83/ref=sr_1_2?ie=UTF8&qid=1507730079&sr=8-2&keywords=basstop+nintendo+switch&th=1

 

[TheCyberQuake]

Do you have a link, sir? I did a search but I can't find a d-pad shell for sale. I see people have modded their own though.

Amazon, seller BASSTOP. Includes other shell parts of various colors.

 

[DocAmes1980]

I hardware mod my equipment. I can make it have delicious M&Ms for buttons if I wanted. Its quite the fun little project, and even if you screw up its just 50-60$ bucks and not a bricked Switch!

I expect Nintendo to launch d-pad joy-cons any way.

That's what I plan to do if a good 1st/3rd party solution doesn't present itself. Mod in a d-pad that it. Not the M&M buttons. Though since they melt in your mouth, not in your hand, it might be a good implementation. That could be frustrating for friends who are playing your Switch though.

Friend: What button jumps?
You: The 'M' button.
Friend: Which 'M' button?!

 

[V-Temp]

That's what I plan to do if a good 1st/3rd party solution doesn't present itself. Mod in a d-pad that it. Not the M&M buttons. Though since they melt in your mouth, not in your hand, it might be a good implementation. That could be frustrating for friends who are playing your Switch though.

Friend: What button jumps?
You: The 'M' button.
Friend: Which 'M' button?!

 

[DocAmes1980]

Here: https://www.amazon.com/BASSTOP-Portable-Replacement-Controller-Electronics/dp/B076C97N83/ref=sr_1_2?ie=UTF8&qid=1507730079&sr=8-2&keywords=basstop+nintendo+switch&th=1

Thank you. I ordered the red one. In stock November 5th. Now I'm actually excited to use the Switch as an emulator when the time comes. I might actually be able to enjoy playing Blaster Master Zero in handheld too.

 

[MelodieOctavia]

From what I'm gleaning of the Switch's security, downgrades are impossible, combined with specific version upgrades being difficult (can only upgrade through online AFAIK), if an exploit is version specific, folks are really going to have to be careful about how and when they update their Switch.

 

[V-Temp]

From what I'm gleaning of the Switch's security, downgrades are impossible, combined with specific version upgrades being difficult (can only upgrade through online AFAIK), if an exploit is version specific, folks are really going to have to be careful about how and when they update their Switch.

You can cart upgrade, but do have to mindful of print runs and changes in the loaded firmware (and other signed patches) in newer runs. Exploits being version specific is a problem because of the downgrade protections. Going up is always easy, going down is impossible.

So the problem will always be that someone will find themselves at a higher firmware and be stuck.

Being at a lower firmware will take all of one visit to eBay to find the right cartridge!

 

[MelodieOctavia]

You can cart upgrade, but do have to mindful of print runs and changes in the loaded firmware (and other signed patches) in newer runs. Exploits being version specific is a problem because of the downgrade protections. Going up is always easy, going down is impossible.

So the problem will always be that someone will find themselves at a higher firmware and be stuck.

Being at a lower firmware will take all of one visit to eBay to find the right cartridge!

So they're still doing upgrade-on-cart nonsense? I thought they would have learned by now.

 

[V-Temp]

So they're still doing upgrade-on-cart nonsense? I thought they would have learned by now.

How would someone who has no internet play the game if they were on older fw with none of the newly signed encryption keys?

 

[Digital_0xFF]

still confused about the fuse system... since the burned fuse count changes from fw to fw there must be some sort of data flow which tells how many fuses should be burned in the current fw. Can someone explain to me why it should be impossible to intercept that flow (on a compromised system) and compromise the value?

(Sure this won't be enough to fw spoof (keys missing) but im curious about this fact)

 

[thurp]

nice

 

[Soluble]

still confused about the fuse system... since the burned fuse count changes from fw to fw there must be some sort of data flow which tells how many fuses should be burned in the current fw. Can someone explain to me why it should be impossible to intercept that flow (on a compromised system) and compromise the value?

(Sure this won't be enough to fw spoof (keys missing) but im curious about this fact)

Some say impossible... XB360 had Efuses... The only thing anyone should state is 'Currently not possible'

 

[Searinox]

It only depends on how early you have system access. With bootrom access, it's possible to patch the fuse read/pop functions to return a satisfactory value and not pop fuses respectively.

 

[BvanBart]

Ok, Nintendo will announce a console in 3 weeks. It was a short but nice lifespan for the Switch.

--------------------- MERGED ---------------------------

First Vampires win the Splatfest, then I find out I have a game that's worth 400 bucks and some other expensive games laying around in my house and now this? What a great night.

Wondering what that game was ?

 

[Risingdawn]

It means, effectively nothing. It provides a further insight into how the console works but that is it.
At most it provides access to the keys location however that would still need to be compromised and decrypted to be of any use.
I should remind people Wii U bootrom was hacked years ago and nothing boot level has ever come of that.
Maybe take a look at some of Fail0verfl0w information on hacked bootroms to get a better idea of it's functionality.

 

[jt_1258]

Backing a name off of what it uses is different from using the same naming scheme for almost every exploit. It's lazy to simply take the exploited item and slap *hax on the end. No creativity in most 3ds exploit names.

the only reason I havent had an issue with the hax thing is that without context I wouldn't even know pegaswitch is realted to hacking the switch, not everyone is always in the ring of knowing everything going on

 

[dinoson631]

people are really jumping the gun with their conclusions, let these people work in peace. I bet this is why most of these things are kept secret before going public