Hacking PSA: Reports of Fusee gelee patched units in the wild

[tecfreak]

am i the only one slightly confused

Apparently. You can't patch it after it left the factory but you can patch it during the manufacturing process.

--------------------- MERGED ---------------------------

Realistically, Nintendo can patch this exploit on all current Switch units

I dont think that this is possible. Once alle the involved fuses are burnt, no one can make changes to the bootROM, not even Nintendo or Nvidia.

 

[Draxzelex]

I dont think that this is possible. Once alle the involved fuses are burnt, no one can make changes to the bootROM, not even Nintendo or Nvidia.

A (slightly) extreme scenario I can imagine is they disassemble the Switch and put it back together.

 

[CreAtor135]

Recently, it has been speculated that a factory-level Nintendo Switch hardware revision was the cause of a coldboot exploit, Fusee Gelee, being patched.
​

Despite this however, Team Xecuter has released a video showcasing their SX Pro functioning properly on said hardware revision.​

TX has voiced that they would like the community's help in narrowing down what the actual problem is with these hardware units.
​

Today, we got sent a video showing that SX PRO is working fine on one of these so-called 'problem consoles', the mainstream media and other sites are working that Nintendo patched the f-g exploit, as such RCM and Jigs don't work anymore on these models 'HAC-S-JXE-C3' that are shipping from factory mainly in asia/hk area with v4.1.0 firwmare with iPatches that block the usage of Jig to get into RCM mode and to send up a payload.

Team-Xecuter has already bought 5 of these problem consoles, and all are working fine, but they need the community out there with SX PRO to report on the issues directly to them via their 'contact us' page, not with 'other ways' of loading payloads, but using SX PRO exclusively itself, with latest SX OS v1.3, and depending on the info you give them they will be in touch asking for more details and are offering to send the person money that owns a 'problem console' or a compatible console plus cost for shipping & handling to us, so they can collect it and properly diagnose and fix all the issues.

​

Source​

 

[gamesquest1]

A (slightly) extreme scenario I can imagine is they disassemble the Switch and put it back together.

the fuses would be burnt during manufacturing, once the board is off the production line that's it

 

[Draxzelex]

the fuses would be burnt during manufacturing, once the board is off the production line that's it

RIP. Maybe Nintendo could pull some wizardry and transfer all of your data into a patched Switch unit

 

[RAGER]

A (slightly) extreme scenario I can imagine is they disassemble the Switch and put it back together.

They can swap your mainboard with patched one...

 

[gamesquest1]

RIP. Maybe Nintendo could pull some wizardry and transfer all of your data into a patched Switch unit

just brick every old switch and offer free "replacement"

 

[V-Temp]

RIP. Maybe Nintendo could pull some wizardry and transfer all of your data into a patched Switch unit

They'd just replace the entire unit for anything they got if they were that adamant. If you send it in for repair, for example, you may not get the unit back.

 

[_Shebang]

Recently, it has been speculated that a factory-level Nintendo Switch hardware revision was the cause of a coldboot exploit, Fusee Gelee, being patched.

Despite this however, Team Xecuter has released a video showcasing their SX Pro functioning properly on said hardware revision.​

TX has voiced that they would like the community's help in narrowing down what the actual problem is with these hardware units.
​

​

​

Source​

This isn't the correct 'revision', note the serial number. All affected units so far have been of the form XAJ7004XXXXXX. Even then, one user has one starting with XAJ700418 and his boots payloads just fine.

 

[CreAtor135]

This isn't the correct 'revision', note the serial number. All affected units so far have been of the form XAJ7004XXXXXX. Even then, one user has one starting with XAJ700418 and his boots payloads just fine.

i made that thread like two hours ago, shortly after the information released. It was in "User Submitted News" and was moved here, though admittedly at the time I hadn't known about the margin of error from the reports that had been out at the time. That being said, the current results are not to say that TX's post was made with malice in mind, as there just isn't enough to go off of when determining what a revision unit is and isn't.

 

[stephrk398]

i sold my extra one for 480 + another 50 for tx pro dongle
gonna buy another one to flip

Did you open it first before selling to confirm it wasn't a patched unit?

 

[jakkal]

Did you open it first before selling to confirm it wasn't a patched unit?

ive had my extra one since launch

 

[bitteorca]

I purchased a Switch with the serial number XAW700183***** and I can confirm that payload injection doesn't work.

Steps to recreate:
1. Copied the Switch Starterkit root files to the root of my FAT32 SDcard from my PC
2. Inserted SDcard into Switch, then booted into RCM mode with paperclip jig
3. Plugged Switch into PC, used Zandig to install the libusbK drivers, confirmed APX came up as a device in device manager
4. Tried to run the NX bootkit 64-bit executable, the Switch screen remains black and the cmd prompt window displayed some code then counted down from 5 seconds to close the window

Is it possible that my USB-C cable (came with my phone) is the culprit here or is it likely that I have a patched Switch?

 

[gamesquest1]

I purchased a Switch with the serial number XAW700183***** and I can confirm that payload injection doesn't work.

Steps to recreate:
1. Copied the Switch Starterkit root files to the root of my FAT32 SDcard from my PC
2. Inserted SDcard into Switch, then booted into RCM mode with paperclip jig
3. Plugged Switch into PC, used Zandig to install the libusbK drivers, confirmed APX came up as a device in device manager
4. Tried to run the NX bootkit 64-bit executable, the Switch screen remains black and the cmd prompt window displayed some code then counted down from 5 seconds to close the window

Is it possible that my USB-C cable (came with my phone) is the culprit here or is it likely that I have a patched Switch?

seems to be a low serial, whats the date code on the switch?

might be worth trying a different USB port/pc, unfortunately I feel like anyone having troubles with setup at this point are going to be "arrrgh its a patched switch!!!!"

 

[Draxzelex]

I purchased a Switch with the serial number XAW700183***** and I can confirm that payload injection doesn't work.

Steps to recreate:
1. Copied the Switch Starterkit root files to the root of my FAT32 SDcard from my PC
2. Inserted SDcard into Switch, then booted into RCM mode with paperclip jig
3. Plugged Switch into PC, used Zandig to install the libusbK drivers, confirmed APX came up as a device in device manager
4. Tried to run the NX bootkit 64-bit executable, the Switch screen remains black and the cmd prompt window displayed some code then counted down from 5 seconds to close the window

Is it possible that my USB-C cable (came with my phone) is the culprit here or is it likely that I have a patched Switch?

If you had some video documenting the process, it would be easier to critique whether you are doing everything right or if you messed up on one or more of the steps.

Also, I don't believe the USB cable is the culprit here as your PC was able to detect the Switch as an APX device when it was plugged in.

 

[bitteorca]

seems to be a low serial, whats the date code on the switch?

might be worth trying a different USB port/pc, unfortunately I feel like anyone having troubles with setup at this point are going to be "arrrgh its a patched switch!!!!"

Sorry where do I find the date code? I purchased it today

And I just tried again on my other laptop and the same thing happened

 

[gnilwob]

Sorry where do I find the date code? I purchased it today

And I just tried again on my other laptop and the same thing happened

Can you try tegrarcmsmash with biskeydump ?
Go to https://switchtools.sshnuke.net/ to download the files.
And run this command when you connect your RCM switch to your pc.

TegraRcmSmash.exe -w biskeydump.bin BOOT:0x0

Then capture the output on the command line windows and post it here please.

It should look like this:

 

[stephrk398]

ive had my extra one since launch

You going open your next extra? That's my dilemma, I want to sell it as New but want to be absolutely sure it can launch payloads. =/

I purchased a Switch with the serial number XAW700183***** and I can confirm that payload injection doesn't work.

Steps to recreate:
1. Copied the Switch Starterkit root files to the root of my FAT32 SDcard from my PC
2. Inserted SDcard into Switch, then booted into RCM mode with paperclip jig
3. Plugged Switch into PC, used Zandig to install the libusbK drivers, confirmed APX came up as a device in device manager
4. Tried to run the NX bootkit 64-bit executable, the Switch screen remains black and the cmd prompt window displayed some code then counted down from 5 seconds to close the window

Is it possible that my USB-C cable (came with my phone) is the culprit here or is it likely that I have a patched Switch?

Went from "confirmed" to "likely" in the same post. Guess I'll add another grain of salt to my pile.

 

[V-Temp]

Since this is an XAW unit, its very possible our XAJ expectations for serial do not match up, so do keep that in mind.

 

[gamesquest1]

Since this is an XAW unit, its very possible our XAJ expectations for serial do not match up, so do keep that in mind.

yeah, would be the first US model (I assume) that has the new patches