Hacking Possibly a new exploit?

1

14Par

Member
OP
Newcomer
Level 1
Joined
Apr 17, 2021
Messages
14
Trophies
0
Age
25
XP
77
Country
United States
Would it be possible to run code to the switch from Super Smash Bros. Ultimate with a custom game replay (probably not video)? I know you can move videos from smash from the sd card, what about replays or custom replays with data to execute code? Since its an app it has full access to the RAM unlike system apps like the album.
 
L

lolcatzuru

Well-Known Member
Member
Level 10
Joined
Apr 20, 2012
Messages
1,458
Trophies
1
XP
2,241
Country
United States
14Par said:
Would it be possible to run code to the switch from Super Smash Bros. Ultimate with a custom game replay (probably not video)? I know you can move videos from smash from the sd card, what about replays or custom replays with data to execute code? Since its an app it has full access to the RAM unlike system apps like the album.
Click to expand...


My guess is that it probably wouldn't be possible, as the firmware blocks unsigned code. However if you could enter RCM somehow, maybe.
 
SciresM

SciresM

Developer
Developer
Level 19
Joined
Mar 21, 2014
Messages
973
Trophies
3
Age
33
XP
8,294
Country
United States
14Par said:
Would it be possible to run code to the switch from Super Smash Bros. Ultimate with a custom game replay (probably not video)? I know you can move videos from smash from the sd card, what about replays or custom replays with data to execute code? Since its an app it has full access to the RAM unlike system apps like the album.
Click to expand...

No, this is not how hacking works, and the switch uses ASLR so memory corruption bugs are useless in non-scripting engines.

Smash bros replays are not a scripting engine.

Also, generally, hacking userland games/applets isn't particularly difficult, it's just pointless because it doesn't enable homebrew because the rest of the OS is secure.

lolcatzuru said:
My guess is that it probably wouldn't be possible, as the firmware blocks unsigned code. However if you could enter RCM somehow, maybe.
Click to expand...

Entering RCM is trivial on all devices (just short the relevant pins), but this has no security/exploit implications because RCM is secure/not bugged on patched Erista units and Mariko units.
 
Last edited by SciresM,
  • Like
Reactions: AngryCinnabon, BaamAlex, almmiron and 7 others
CompSciOrBust

CompSciOrBust

🤔
Member
Level 11
Joined
Sep 9, 2019
Messages
904
Trophies
1
Location
Switch scene
Website
github.com
XP
2,663
Country
Korea, North
SciresM said:
No, this is not how hacking works, and the switch uses ASLR so memory corruption bugs are useless in non-scripting engines.

Smash bros replays are not a scripting engine.

Also, generally, hacking userland games/applets isn't particularly difficult, it's just pointless because it doesn't enable homebrew because the rest of the OS is secure.



Entering RCM is trivial on all devices (just short the relevant pins), but this has no security/exploit implications because RCM is secure/not bugged on patched Erista units and Mariko units.
Click to expand...
I keep seeing the no homebrew thing come up because hos is secure but why would that block userland homebrew if someone gains ace in a game? I know lots of homebrew needs full access to services but not everything does. Before b9s I loved playing with userland homebrew on the 3DS, would something like that not be possible on the Switch (excluding fw 3.0.0 since that had access to all services via ro:han)?

Edit: Specifically what I'm asking is what part of hos prevents you from running homebrew in userland unless you can get privileged code execution?
 
Last edited by CompSciOrBust,
SciresM

SciresM

Developer
Developer
Level 19
Joined
Mar 21, 2014
Messages
973
Trophies
3
Age
33
XP
8,294
Country
United States
CompSciOrBust said:
I keep seeing the no homebrew thing come up because hos is secure but why would that block userland homebrew if someone gains ace in a game? I know lots of homebrew needs full access to services but not everything does. Before b9s I loved playing with userland homebrew on the 3DS, would something like that not be possible on the Switch (excluding fw 3.0.0 since that had access to all services via ro:han)?

Edit: Specifically what I'm asking is what part of hos prevents you from running homebrew in userland unless you can get privileged code execution?
Click to expand...

You cannot get ACE in a game.

You can get ROP.

The ability to run arbitrary code requires compromising Loader, FS, RO, or the kernel, all of which are secure.
 
  • Like
Reactions: KiiWii, Lightyose, peteruk and 2 others
Draxzelex

Draxzelex

Well-Known Member
Member
Level 23
Joined
Aug 6, 2017
Messages
19,012
Trophies
2
Age
29
Location
New York City
XP
13,393
Country
United States
14Par said:
Would it be possible to run code to the switch from Super Smash Bros. Ultimate with a custom game replay (probably not video)? I know you can move videos from smash from the sd card, what about replays or custom replays with data to execute code? Since its an app it has full access to the RAM unlike system apps like the album.
Click to expand...
Unless you're an experienced hacker, you're not going to discover an exploit by randomly suggesting ideas.
 
  • Like
Reactions: ciaomao
T

thesjaakspoiler

Well-Known Member
Member
Level 8
Joined
Nov 20, 2018
Messages
983
Trophies
0
Age
124
XP
1,494
Country
Afghanistan
14Par said:
Would it be possible to run code to the switch from Super Smash Bros. Ultimate with a custom game replay (probably not video)? I know you can move videos from smash from the sd card, what about replays or custom replays with data to execute code? Since its an app it has full access to the RAM unlike system apps like the album.
Click to expand...
SmashBros is also running inside a secure sandbox, just like the Album app.
What you need is a bug/exploit in the kernel functions that SmashBros uses.
Atmosphere CFW maker MScires said that he thinks everything is pretty much patched at this moment so chances of finding something will be quite difficult.
But as we have seen with the PS3/PS4 it sometimes just takes a while before someone finds something.
 
Deleted member 560282

Deleted member 560282

Well-Known Member
Newcomer
Level 4
Joined
May 27, 2021
Messages
89
Trophies
0
XP
365
Country
Mexico
14Par said:
Would it be possible to run code to the switch from Super Smash Bros. Ultimate with a custom game replay (probably not video)? I know you can move videos from smash from the sd card, what about replays or custom replays with data to execute code? Since its an app it has full access to the RAM unlike system apps like the album.
Click to expand...
No, this is not the Wii anymore
 
  • Like
Reactions: ToxicRadio
soup1

soup1

Active Member
Newcomer
Level 2
Joined
Sep 26, 2020
Messages
38
Trophies
0
XP
218
Country
United Kingdom
thesjaakspoiler said:
SmashBros is also running inside a secure sandbox, just like the Album app.
What you need is a bug/exploit in the kernel functions that SmashBros uses.
Atmosphere CFW maker MScires said that he thinks everything is pretty much patched at this moment so chances of finding something will be quite difficult.
But as we have seen with the PS3/PS4 it sometimes just takes a while before someone finds something.
Click to expand...
what do you mean by sandbox?
 

Site & Scene News

Go to forum More news

Popular threads in this forum

Hacking Misc  Getting the MIG Switch to load an XCI dump without its original Initial Data

Emulation Homebrew  duckstation for Switch

Can you trade in a banned switch for an unbanned one?

Why is Atmosphere so dominant?

Crosscode Hacking thread

Hacking  Loader.kip for AMS 1.7.0 with FW 17.0.1 - sys-clk error ??

Migswitch backups without certificate files

Hacking Hardware  Picofly on "old" Samsung EMMC glitching fails sometimes

General chit-chat
Help Users
  • No one is chatting at the moment.
    SylverReZ @ SylverReZ: https://www.youtube.com/watch?v=shdHKa4iBbE