Hacking SafeSysUpdater Switch?

SirByte

Well-Known Member
OP
Member
Joined
Dec 30, 2012
Messages
524
Trophies
1
XP
1,059
Country
Canada
Now that the talk is over, libnx released, there's going to be a rush to get to 3.0.0 for those on a lower firmware (including myself). As far as we know now, only obtaining a cartridge of Pokken Tournament DX will do the trick. The problem is that I don't care about the game and don't want to shell out 80 bucks Canadian + sales tax for it, just to update my switch.

On the Nintendo 3DS, there's a tool called SafeSysUpdater which will allow you to update your 3DS, given you have all the correct update files.

Would it be technically possible to have something similar for 1.x/2.x Switches, given you have a dump of the 3.0.0 update files from the PT DX cartridge and a usermode access point is found or is there a special update mode that only works from an inserted game cartridge?
 

Agent Moose

Well-Known Member
Member
Joined
Dec 6, 2014
Messages
407
Trophies
0
Age
33
XP
552
Country
United States
I would think it is possible, but it will be a long time until one does come out, I think it took a couple of years for somethng like that to even show up on the 3ds scene,
 

SirByte

Well-Known Member
OP
Member
Joined
Dec 30, 2012
Messages
524
Trophies
1
XP
1,059
Country
Canada
The thing is that in the talk they were saying they were able to get a load of keys, after they got a few at first. It also doesn't need to be very stable (it's fine to have to try 20 times before it works). Unfortunately a memeber of the audience asked about what changed so it wouldn't work on 2.3.0 but did work in 3.00 which they didn't answer (only the second part about 3.0.1 which we already knew the answer to).

Our bugs for Switch 2.0-2.3 PegaSwitch work on 3.0. Feel free to update; Homebrew will be safe. (When the time comes) :) #reswitched

— Cody Brocious (@Daeken) June 20, 2017

It's a bit like the flash dumper for PS3, it first got released for OFW 4.82, then soonish was ported to lower firmwares. All we need for the lower-firmware stuff is an updater, not full libnx/homebrew compatability.

NOTE: we'd also need a MicroSDXC license installer since it seems to upgrade firmware as well.
 
Last edited by SirByte,
  • Like
Reactions: peteruk

SirByte

Well-Known Member
OP
Member
Joined
Dec 30, 2012
Messages
524
Trophies
1
XP
1,059
Country
Canada
I've been looking into this, and there is a dump of Pokken Tournament DX "available" that includes the 3.0.0 update partition (or so they say).

Is it technically possible to let the switch update itself from those files (software-wise, not a Flashcart-type solution)? Are they very different from an Internet update (e.g. you copy the files to a certain location on eMMC/NAND e.g. using a 2.x.0 bug/exploit that Team Reswitched was talking about, reboot, and the Switch says an update is available, would you like to install it?

This only applies to 2.x.0 users, as per SciresM above.
 

thla

Active Member
Newcomer
Joined
Jul 30, 2017
Messages
36
Trophies
0
XP
677
Country
Denmark
The thing is that in the talk they were saying they were able to get a load of keys, after they got a few at first. It also doesn't need to be very stable (it's fine to have to try 20 times before it works). Unfortunately a memeber of the audience asked about what changed so it wouldn't work on 2.3.0 but did work in 3.00 which they didn't answer (only the second part about 3.0.1 which we already knew the answer to).



It's a bit like the flash dumper for PS3, it first got released for OFW 4.82, then soonish was ported to lower firmwares. All we need for the lower-firmware stuff is an updater, not full libnx/homebrew compatability.

NOTE: we'd also need a MicroSDXC license installer since it seems to upgrade firmware as well.

It's not really a secret, it was documented shortly after 3.0.1 I believe.

They split a sysmodule into two to reduce the attack surface of the module and introduced a new feature that basically allowed unsigned code execution.

The new sysmodule would of course check if it's allowed, but smhax made it possible to bypass those checks, but that was fixed in 3.0.0
 
Last edited by thla,

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
  • No one is chatting at the moment.
    LeoTCK @ LeoTCK: yes for nearly a month i was officially a wanted fugitive, until yesterday when it ended