Hacking Question Possibilities of Exploit NSwitch with FW 3.0.x or 4.x.x by means of modified saved game

[Imancol]

If with the introduction of current exploits and there is a Homebrew that makes backup of saved games. If I upload or inject an altered game on a Nintendo Switch with FW 3.0.0 or lower, and transfer that game to a console 3.0.1 or higher (4.x.x).

- Could the console of 4.x.x be modified by means of an exploit in a Videogame with the altered savegame?.

-There's a possibility?.

- What risks would a brick ?.

Leave your opinion.

 

[Ryab]

If with the introduction of current exploits and there is a Homebrew that makes backup of saved games. If I upload or inject an altered game on a Nintendo Switch with FW 3.0.0 or lower, and transfer that game to a console 3.0.1 or higher (4.x.x).

- Could the console of 4.x.x be modified by means of an exploit in a Videogame with the altered game ?.

-There's a possibility?.

- What risks would a brick ?.

Leave your opinion.

pretty sure saves are saved to the switch not cart

 

[mustafag32g]

clickbait title! Change it before people rage

 

[Ryab]

clickbait title! Change it before people rage

its tagged as a question and you cant change titles

 

[Imancol]

clickbait title! Change it before people rage

I would add off-topic, if I could. The same is a question that invites to comment, I do not assure that there is an exploit of this type currently in process.

 

[Mnecraft368]

its tagged as a question and you cant change titles

You can ask a mod to change it.
And already got over 50 people baited to the thread (unless they are actually reading)

Also, unless their is an actual exploit in the system that can be abused by a game save, then no this isnt possible. Brick level probably 0 if userland (thats if this exists).

 

[Imancol]

pretty sure saves are saved to the switch not cart

I just open a topic, and it's useless. The consoles must have the same update of FW (from 4.x.x) to perform transfer of saved games. only, if this type of exploit were to exist, it seems to me inevitable that the source console must be updated with the modified saved game to carry out the modification ...


https://www.nintendo.es/Atencion-al...-usuario-y-los-datos-de-guardado-1294746.html

 

[yardie]

take this thread out to the barn and shoot it

 

[Bedel]

Afaik, any. I recall it was comented at the 34c3, that games have no access to the kernel so it's not possible to do this.

 

[TotalInsanity4]

Address randomization would make VERY difficult, if not impossible

 

[DinohScene]

Say you're correct and you can modify save games on carts.
You'd still need a vulnerability on the other console to exploit.

 

[yardie]

wait for team xecuter

 

[Kubas_inko]

Don't worry. Just because of you, we are going to make sure these apps/mods are going to have 100% brick rate.

 

[puelo]

Switch uses ASLR (Address space layout randomization) in the complete user-space (i believe). This is what makes save-game exploits extremly difficult because it is very hard to predict where in memory your save game will be loaded to or where you need to jump.

 

[Quantumcat]

Doesn't the Switch save the save games on the console? So the target would have to have access to homebrew already to import the save.

 

[sarkwalvein]

Of course it saves in the console. The game cards contain no save data at all.

 

[Uumas]

The way to transfer the hacked save to a new console could be updating the hacked console and then doing a normal transfer. The hard part is creating a save that could be used as a exploit.

 

[TheCyberQuake]

We've already discussed this. Switch is not likely to have save game exploits. You need at least two vulnerabilities; an info leak and a buffer overflow. Very unlikely to get both in one game. On top of that you wouldn't be able to transfer the save from a homebrew-compatible device because that feature was introduced into later firmwares and likely uses server verification before the transfer.

 

[Imancol]

Switch uses ASLR (Address space layout randomization) in the complete user-space (i believe). This is what makes save-game exploits extremly difficult because it is very hard to predict where in memory your save game will be loaded to or where you need to jump.

I understand then it is probably null for a vulnerability to come out from a saved game, and ASRL, reminds me of something like online video games, where they prevent cheating. In any case, the softmod is the only salvation for FW 3.0.1 and higher. I'll keep thinking about the possibilities, even if I'm not a modder.

And to think that to hack Ps3 consoles with FW 3.55 or higher, you should do Downgrade for SoftMOD. leave the PS3 scene and today I saw that, thanks to the Webkit, you can hack most consoles with the latest OFW 4.82 for Software. I love ethical hacking. <3