Hacking qlutoo got a talk at 34c3's console hacking/security section!

ken28

Well-Known Member
Member
Joined
Oct 21, 2010
Messages
1,181
Trophies
1
XP
1,693
Country
Germany
There's plenty of people in this forum that did, and from what I see, only a few that didn't and are this bitter about it. If you bought a switch to play games, then go play your games and stop worrying about it. If you don't give a fuck about homebrew then I guess you made the right decision for yourself.

Do you think the people that are working on this stuff are doing it for you? Newsflash for ya buds, they're not. They're doing it because they like to do it and are learning and/or need it for their own purposes. Nobody gives a shit whether or not you can pirate games except you.
and where did i state that i am bitter about it? When i updated to play Mario and XC 2 i knew the risk well. Dont just assume things that suit your argenda.
 

Ceuse

Well-Known Member
Member
Joined
Jul 23, 2017
Messages
134
Trophies
0
Age
36
XP
769
Country
Germany
Im just happy it moves forwars. Even though i did update and intend to update for every game i want its still good to see that hb and perhaps even a emunand is coming for lower fw. If there is another vulnerability in the future everything will be ready. And if not still awsome to see such stuff happening
 

chippy

Well-Known Member
Member
Joined
Dec 21, 2017
Messages
321
Trophies
0
Age
124
XP
967
Country
Australia
so the pit 0 bug was fixed in 3.0.1
that's a big fix seeing that got them into the kernel and beyond.
for >3.0.0 would need another serious bug like that
 
  • Like
Reactions: TheGreek Boy

snoofly

Well-Known Member
Member
Joined
Aug 18, 2015
Messages
1,012
Trophies
0
Age
54
XP
2,133
Country
United Kingdom
so the pit 0 bug was fixed in 3.0.1
that's a big fix seeing that got them into the kernel and beyond.
for >3.0.0 would need another serious bug like that
my recall from the talk was that it was the carveout pagehandler exploit that got them kernel and was fixed in 2.0.0

pid0/sm:hax ‘only’ allows userland access to all the base level services
 

ken28

Well-Known Member
Member
Joined
Oct 21, 2010
Messages
1,181
Trophies
1
XP
1,693
Country
Germany
my recall from the talk was that it was the carveout pagehandler exploit that got them kernel and was fixed in 2.0.0

pid0/sm:hax ‘only’ allows userland access to all the base level services
sm:hax only allows userland but they also outlined how you can get kernel. someone just needs to to autromate it.
 

Astoria

Well-Known Member
Member
Joined
Aug 26, 2009
Messages
658
Trophies
1
XP
1,271
Country
Costa Rica
sm:hax only allows userland but they also outlined how you can get kernel. someone just needs to to autromate it.
Yes. But that's only for 1.0. SciresM has confirmed there's no kernelhax on 3.0 and there won't be one for a long while, public or private.
 

DayVeeBoi

Well-Known Member
Member
Joined
Aug 17, 2015
Messages
528
Trophies
0
Location
Canada
XP
968
Country
Canada
sm:hax only allows userland but they also outlined how you can get kernel. someone just needs to to autromate it.
I thought that's what he was saying at the end part of the talk. Where he was callinh it the "UnTrust Zone". From what I caught it seems like the deep sleep function may be vulnerable? I'm not an expert or anything though, I just watched the talk and try to follow along.
 

ken28

Well-Known Member
Member
Joined
Oct 21, 2010
Messages
1,181
Trophies
1
XP
1,693
Country
Germany
I thought that's what he was saying at the end part of the talk. Where he was callinh it the "UnTrust Zone". From what I caught it seems like the deep sleep function may be vulnerable? I'm not an expert or anything though, I just watched the talk and try to follow along.
its not a vuln persay but something wanted. It just can be exploitet du other bugs.
 

DayVeeBoi

Well-Known Member
Member
Joined
Aug 17, 2015
Messages
528
Trophies
0
Location
Canada
XP
968
Country
Canada
its not a vuln persay but something wanted. It just can be exploitet du other bugs.
Pretty sure he said that when it goes to sleep the keyslots are stored in the main eMMC and when its waking up theres a point where the keyslots are vulnerable to being read. Then he said something like "Thats not important for homebrew, but could lead to other interesting possibilities". Seemingly pointing to piracy etc
 
Last edited by DayVeeBoi,

ken28

Well-Known Member
Member
Joined
Oct 21, 2010
Messages
1,181
Trophies
1
XP
1,693
Country
Germany
Pretty sure he said that when it goes to sleep the keyslots are stored in the main eMMC and when its waking up theres a point where the keyslots are vulnerable to being read. Then he said something like "Thats not important for homebrew, but could lead to other interesting possibilities". Seemingly pointing to piracy etc
from what i got, the switch saves all important data decrypted on the eMMC the problem is that it doesnt verify the decryption and the files it get when waking up or so.
would like to be corrected if i remember/understood it false.
 
Last edited by ken28,

DayVeeBoi

Well-Known Member
Member
Joined
Aug 17, 2015
Messages
528
Trophies
0
Location
Canada
XP
968
Country
Canada
So I just watched that chunk again, and what he says is that the keys can be encrypted/decrypted to and from keyslots which enables you to do "secure key derivation". It would allow you to decrypt one key into another slot without it having to leave memory. Then he says "Maybe you could think of some cool things to do with that".

In sake of completeness, I don't know if any of that is FW dependant and if he's referring only to version 1.0 but it sounds like this is to do with the way the crypto hardware works so maybe it is relevant for any FW that is exploitable? I dont know.

from what i got, the switch saves all important data decrypted on the eMMC the problem is that it doesnt verify the decryption and the files it get when waking up or so.
That's correct, he does say something like this, I remembered it wrong. I was just pointing this part of the talk out in my first reply because it seemed like the most valid part in regards to piracy and it seems like everyone forgot about it or didnt watch it that far or something.
 
Last edited by DayVeeBoi,

ploggy

WAKA! WAKA!
Member
Joined
Aug 29, 2007
Messages
4,811
Trophies
2
XP
7,806
Country
United Kingdom
I maybe jumping the gun here but the guys said in their talk that a Homebrew Launcher was coming soon.. But in what form? will it be installed to the switch like an app or will it be more of a Homebrew Launcher that boots apps from the browser?
 

Astoria

Well-Known Member
Member
Joined
Aug 26, 2009
Messages
658
Trophies
1
XP
1,271
Country
Costa Rica
I maybe jumping the gun here but the guys said in their talk that a Homebrew Launcher was coming soon.. But in what form? will it be installed to the switch like an app or will it be more of a Homebrew Launcher that boots apps from the browser?
Probably like Wii U, requires opening the browser every time.

To install titles you need kernelhax and that will only work on 1.0, not 3.0.
 

Giodude

GBAtemp's official rock
Member
Joined
May 17, 2015
Messages
5,094
Trophies
1
Age
23
Location
New York
XP
2,761
Country
United States
I maybe jumping the gun here but the guys said in their talk that a Homebrew Launcher was coming soon.. But in what form? will it be installed to the switch like an app or will it be more of a Homebrew Launcher that boots apps from the browser?
I'm assuming it'll be akin to the similar operating systems of the 3ds and Wii u, where a higher kernel access is required to install custom channels, and will instead be launched either via a payload on the sd card or through the web applet.
 

smf

Well-Known Member
Member
Joined
Feb 23, 2009
Messages
6,638
Trophies
2
XP
5,834
Country
United Kingdom
I'm assuming it'll be akin to the similar operating systems of the 3ds and Wii u, where a higher kernel access is required to install custom channels, and will instead be launched either via a payload on the sd card or through the web applet.

The impression I got from the talk was that you trigger the exploit in the web applet and that loads apps from sd card.
 

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
  • K3Nv2 @ K3Nv2:
    I guess Ancientboi would be Peter
    +2
  • SylverReZ @ SylverReZ:
    Loooooool :rofl2:
  • SylverReZ @ SylverReZ:
    So true
  • BigOnYa @ BigOnYa:
    @K3Nv2 Snow Day is pretty fun. My only bitch would be the camera controls, when you move around, say down, you have to move the right stick left or right to get camera to turn and get your view, other than that I like it so far.
  • K3Nv2 @ K3Nv2:
    From what people say pvp isn't even worth it
  • BigOnYa @ BigOnYa:
    I just been playing offline, and they give you a few bots here n there on your team to help battle. I don't think it's as funny as the other games tho, more battle oriented than humor, which kinda sucks, but I'm still early in it
  • Xdqwerty @ Xdqwerty:
    @BigOnYa, doesnt the game have a campaign mode?
  • BigOnYa @ BigOnYa:
    Yea, and co-op, but you can also start a pvp session and battle just with friends. You get special skill cards (powers) the more you play. And higher value cards, but you can only enable so many cards at a time.
  • K3Nv2 @ K3Nv2:
    If you can find enough for it
  • BigOnYa @ BigOnYa:
    Toilet paper is considered the money, you collect and buy stuff with TP, kinda funny. Graphics are def better than the other games tho, I think they used Unity 5 engine.
  • Psionic Roshambo @ Psionic Roshambo:
    Look if I zoom in enough I can see the herpes!!!
    +1
  • BigOnYa @ BigOnYa:
    In fact I'm gonna go make a drink, roll a fatty n play some, good night to all!
    +2
  • Xdqwerty @ Xdqwerty:
    I bet most people at the time still watched it in black and white
  • SylverReZ @ SylverReZ:
    @Xdqwerty, Many of them did before colour television was common.
  • SylverReZ @ SylverReZ:
    Likely because black and white TV was in-expensive.
    +1
  • K3Nv2 @ K3Nv2:
    It certainly wasn't inexpensive it cost the same as a new car back then
  • K3Nv2 @ K3Nv2:
    How much did a 1965 color TV cost?

    For example, a 21-inch (diagonal) GE color television in 1965 had an advertised price of $499, which is equal to $4,724 in today's dollars, according to the federal government's inflation calculator.
  • Xdqwerty @ Xdqwerty:
    @K3Nv2, take into consideration how economy was back then
  • K3Nv2 @ K3Nv2:
    Yeah that's why they listed inflation rates
  • Xdqwerty @ Xdqwerty:
    Sorry didnt read that part
  • BakerMan @ BakerMan:
    @LeoTCK don't worry i knew he was joking
    +1
    BakerMan @ BakerMan: @LeoTCK don't worry i knew he was joking +1