Hacking [Question] Arduino to inject Fusee payload?

[Elveman]

We use the USB connection between PC and USB to inject the payload. As we know, Arduino (or Teensy) can be used to simulate USB-HID inputs to Switch. USB-HID is drastically different from things we use here, but Arduino still uses USB-Serial to transfer data through USB even when not used in USB-HID mode. The question is, can we in theory use Arduino (or similar boards) with USB-OTG to inject the payload into Switch? If so, can we use Arduino's GND to shorten Pin 10 or there's some sort of galvanic isolation between the Switch and Joy-Cons involved? Thanks.

 

[mnemonicpunk]

Injecting the payload using an Arduino is most definitely possible. In fact that is probably one of the cheapest methods to build your own mod dongle. I'm eyeing a Raspberry Pi personally, they have sleek NES-looking cases available for them and attaching a fucking NES to your Switch to hack it is one of the coolest things I can imagine.

I'm not sure why you would want to wire up your Arduino to your joycon rail though. You will still need to make a closed circuit and plugging your Arduino itself into it for no reason doesn't make sense to me.

 

[Elveman]

Injecting the payload using an Arduino is most definitely possible. In fact that is probably one of the cheapest methods to build your own mod dongle. I'm eyeing a Raspberry Pi personally, they have sleek NES-looking cases available for them and attaching a fucking NES to your Switch to hack it is one of the coolest things I can imagine.

I'm not sure why you would want to wire up your Arduino to your joycon rail though. You will still need to make a closed circuit and plugging your Arduino itself into it for no reason doesn't make sense to me.

I'm basically asking if Switch USB GND and Switch Joy-Con rail GND are the same. If they are, there's no difference between connecting Arduino's GND and Joy-Con rail's GND to Pin 10

 

[mnemonicpunk]

I'm basically asking if Switch USB GND and Switch Joy-Con rail GND are the same. If they are, there's no difference between connecting Arduino's GND and Joy-Con rail's GND to Pin 10

GND is only ever GND for the circuit it is part of. If that were not the case you could go into RCM by touching Pin 10 and holding the other end in your hand.

While there are a few options as to what point to use as GND (e.g. pin 1, pin 9, the third screw in the rail or the fan casing) arbitrary points designated GND from other devices are not viable just for also being called GND.

 

[T-Error]

The Arduino nano sadly has no HID-support but it isn't impossible to do. Arduino leonardo has HID-support. The GND shoud be the same as you can use the heatsink as GND but like mnemonicpunk said why would you do that? Cables running from the bottom to the right? I think a printed jig is the nicer solution.

GND is only ever GND for the circuit it is part of. If that were not the case you could go into RCM by touching Pin 10 and holding the other end in your hand.

While there are a few options as to what point to use as GND (e.g. pin 1, pin 9, the third screw in the rail or the fan casing) arbitrary points designated GND from other devices are not viable just for also being called GND.

But if the device(arduino or rPi) is connected to the USB it is part of that circuit.

 

[Elveman]

GND is only ever GND for the circuit it is part of. If that were not the case you could go into RCM by touching Pin 10 and holding the other end in your hand.

While there are a few options as to what point to use as GND (e.g. pin 1, pin 9, the third screw in the rail or the fan casing) arbitrary points designated GND from other devices are not viable just for also being called GND.

When you connect Arduino to the Switch through USB, the Arduino's GND becomes the same potential as USB GND of the Switch. Imagine the wire connected to GND. Now you connect another wire to the same GND. Do the wires have the same potential? Yes, they do.

 

[notimp]

You are seeing about 30% of the picture.

You can either use vanilla Linux on a PC with an xHCI controller (USB 3.0, or any USB port on most recent systems), or a PC with an EHCI (USB 2.0) controller and this kernel patch.

https://fail0verflow.com/blog/2018/shofel2/

(This is the explaination, why "not every arduino like device might work", for the PI you had to use a patched (as in non standard) kernel afaik.)

If you are into kernel coding and can make this work with an arduino - all power to you, but chances are, that a group of a few people in Shenzhen might be better at sourcing the right hardware/software solution for a small form factor, than you.)

Yes GND is GND - and there are solder points inside of the Switch that could be used to enable RCM as well.

(But as soon as you ground pin 10 permanently - the switch registers "hidden home button pressed permanently" - and the Bannhammer controlboard at Nintendos end, lights up like a christmas tree. Just grounding pin 10 for a short period (as in using a 3d printed Jig) should be fine, as even the normal Switch controller grounds Pin 10 once in a while - "mistakingly".)

Turns out you are not smarter, or more economical - than the chinese manufacturer with the turnkey solution. (Thats kind of the short summery).

 

[Elveman]

You are seeing about 30% of the picture.


https://fail0verflow.com/blog/2018/shofel2/

(This is the explaination, why "not every arduino like device might work", for the PI you had to use a patched (as in non standard) kernel afaik.)

Yes GND is GND - and there are solder points inside of the Switch that could be used enable RCM as well.

But as soon as you ground pin 10 permanently - the switch registers "hidden home button pressed permanently" - and the Bannhammer controlboard at Nintendos end, lights up like a christmas tree.

Turns out you are not smarter, or more economical - than the chinese manufacturer with the turnkey solution. (Thats kind of the short summery).

Thanks for the link. About detecting the permanent grounding - guessed so. So Joy-Con rails and USB don't have galvanic isolation, good to know, thanks

 

[notimp]

Don't quote me on that. Maybe wait for a second opinion.

edit:

This sounds very convincing, on second thought.

GND is only ever GND for the circuit it is part of. If that were not the case you could go into RCM by touching Pin 10 and holding the other end in your hand.

While there are a few options as to what point to use as GND (e.g. pin 1, pin 9, the third screw in the rail or the fan casing) arbitrary points designated GND from other devices are not viable just for also being called GND.

 

[RednaxelaNnamtra]

You are seeing about 30% of the picture.

https://fail0verflow.com/blog/2018/shofel2/

(This is the explaination, why "not every arduino like device might work", for the PI you had to use a patched (as in non standard) kernel afaik.)

If you are into kernel coding and can make this work with an arduino - all power to you, but chances are, that a group of a few people in Shenzhen might be better at sourcing the right hardware/software solution for a small form factor, than you.)

Yes GND is GND - and there are solder points inside of the Switch that could be used to enable RCM as well.

(But as soon as you ground pin 10 permanently - the switch registers "hidden home button pressed permanently" - and the Bannhammer controlboard at Nintendos end, lights up like a christmas tree. Just grounding pin 10 for a short period (as in using a 3d printed Jig) should be fine, as even the normal Switch controller grounds Pin 10 once in a while - "mistakingly".)

Turns out you are not smarter, or more economical - than the chinese manufacturer with the turnkey solution. (Thats kind of the short summery).

Nintendo can't use this as reason to ban you, there are to many other possible ways the pin could be grounded, like defects. But they can use software checks to check for behaviors that are different in cfw from original fw.

 

[The Real Jdbye]

Nintendo can't use this as reason to ban you, there are to many other possible ways the pin could be grounded, like defects. But they can use software checks to check for behaviors that are different in cfw from original fw.

Do you think they would care if a few legitimate users got banned and they had to sort them out on a case by case basis?
When Pokemon Sun/Moon came out they even banned legitimate users who got the game early, with no chance of an unban.

We use the USB connection between PC and USB to inject the payload. As we know, Arduino (or Teensy) can be used to simulate USB-HID inputs to Switch. USB-HID is drastically different from things we use here, but Arduino still uses USB-Serial to transfer data through USB even when not used in USB-HID mode. The question is, can we in theory use Arduino (or similar boards) with USB-OTG to inject the payload into Switch? If so, can we use Arduino's GND to shorten Pin 10 or there's some sort of galvanic isolation between the Switch and Joy-Cons involved? Thanks.

Arduinos (at least some models) do have a programmable USB, I'm just not sure it's able to act as a USB Host since that works very differently, which would be needed for sending the payload over to the Switch.
You'd also need somewhere to store the payload to be sent, the Arduino's built in flash might be too small.
Teensy has a lot more flash memory integrated, and is a lot faster so it should be able to send the payload over faster as well. And since it's a much more advanced (compared to Arduino) ARM Cortex M4 for the newer models, chances that it can act as USB Host in OTG mode are higher (there might be some documentation on this online, I haven't checked)
But it costs more than a Raspberry Pi Zero, so is there really any point?

 

[notimp]

Nintendo can't use this as reason to ban you, there are to many other possible ways the pin could be grounded, like defects. But they can use software checks to check for behaviors that are different in cfw from original fw.

I'll give them a great option, because ideas are free..

Three strikes rule.

1. Ban the user.
2. Tell him/her, that he can send in his system to get unbanned if technical issue.
3. Replace all units sent in with mariko revisions.

If this is economical or not, might depend on how many users will do it. But I'd say once that rule is enforced... The numbers would quickly decrease..

 

[LUCKASS]

Hello guys!
I want to buy my own dongle from an Adafruit trinket m0, but I found that arduino was way cheaper so I ordered some of these but I forgot to check if Arduino was compatible to inject payloads..
Thanksfully I paid 2$ for each so it's not a big deal.
I ordered an Arduino Mini Pro 3.3v ; an Arduino Lilypad ; and an Arduino Nano Mini. (I also ordered an Trinket M0 just in case)
So, is any one of these compatible to inject payloads?

Thanks!