Homebrew Switch Hacking & Homebrew Discussion

[Deleted User]

Is there an alternative to the Kosmos Toolbox for stock Atmosphere?
I want to be able to toggle sysmodules

 

[Dreamboum]

Is there a way to change the icon of a switch game by myself?

 

[Purple_Shyguy]

Nevermind.

 

[terrabyte25]

How can I launch the profile selector applet programmatically using libnx?

 

[Romreactor]

Hey everyone, I had a quick question in regards to Homebrew and the new game Astrol Chains that's coming out by P*. I'm currently on version 4.1 and waiting for new Switch release before installing cf on it. Question is if I buy Astrol Chains in August which would probably require latest version internal update, would I be able to have homebrew access in the long run like by new switch release and after?

Also, I haven't been keeping up to development due to being busy with work, but since I remmeber version closer to 3.0 was as close to the last gold mine unit to homebrew as you could get, is it best for me to stay on 4.1 and just not get the game for now or are there no benefits at this point since its not 3.0 to keep 4.1?

 

[Draxzelex]

Hey everyone, I had a quick question in regards to Homebrew and the new game Astrol Chains that's coming out by P*. I'm currently on version 4.1 and waiting for new Switch release before installing cf on it. Question is if I buy Astrol Chains in August which would probably require latest version internal update, would I be able to have homebrew access in the long run like by new switch release and after?

Also, I haven't been keeping up to development due to being busy with work, but since I remmeber version closer to 3.0 was as close to the last gold mine unit to homebrew as you could get, is it best for me to stay on 4.1 and just not get the game for now or are there no benefits at this point since its not 3.0 to keep 4.1?

The current exploit used is hardware-based, not software. What this means is that your firmware is not at all relevant when it comes to hacking the console. What matters is making sure your hardware is vulnerable which we check via the serial number. You can find a full list of patched and unpatched serial numbers here.

However that doesn't mean you should update immediately. Lower firmware versions may have access to better exploits in the future such as a hypothetical untethered coldboot hack. So the question is how do you update your firmware whilst still being able to take advantage of future exploits on lower firmware versions? By updating your firmware without burning fuses. Fuses are normally designed to prevent you from downgrading. They are burnt when the console turns on normally while you are running a firmware version higher than the current fuse count. Part of the exploit involves sending a payload via USB and this payload can also act as a custom bootloader bypassing this fuse check allowing us to run higher firmware versions without burning additional fuses. This is achieved by enabling AutoRCM which ensures that the console is only turned on when using a custom bootloader. As for how to update without burning fuses, the best way is with the homebrew application ChoiDujourNX.

 

[Romreactor]

The current exploit used is hardware-based, not software. What this means is that your firmware is not at all relevant when it comes to hacking the console. What matters is making sure your hardware is vulnerable which we check via the serial number. You can find a full list of patched and unpatched serial numbers here.

However that doesn't mean you should update immediately. Lower firmware versions may have access to better exploits in the future such as a hypothetical untethered coldboot hack. So the question is how do you update your firmware whilst still being able to take advantage of future exploits on lower firmware versions? By updating your firmware without burning fuses. Fuses are normally designed to prevent you from downgrading. They are burnt when the console turns on normally while you are running a firmware version higher than the current fuse count. Part of the exploit involves sending a payload via USB and this payload can also act as a custom bootloader bypassing this fuse check allowing us to run higher firmware versions without burning additional fuses. This is achieved by enabling AutoRCM which ensures that the console is only turned on when using a custom bootloader. As for how to update without burning fuses, the best way is with the homebrew application ChoiDujourNX.

Oh awesome, I remember when I got the switch I made sure the serial numbers checked and they were in the green zone from that thread. Also, to my understanding, basically once I install custom firmware with the jig method, and back up the system Nand, I can use the custom homebrew application ChoiDojourNX to update my system to latest firmware and play any new switch game released without burning any fuses which are responsible to locking boot-loader from downgrading to my initial older version that down the line can be used to initiate cold boot hacks if and when they come out.

Last question would online play also work with ChoiDojourNX or its not recommended and best used to only play new games offline?

Hopefully I understood that correctly, let me know and thanks =)

 

[Draxzelex]

Oh awesome, I remember when I got the switch I made sure the serial numbers checked and they were in the green zone from that thread. Also, to my understanding, basically once I install custom firmware with the jig method, and back up the system Nand, I can use the custom homebrew application ChoiDojourNX to update my system to latest firmware and play any new switch game released without burning any fuses which are responsible to locking boot-loader from downgrading to my initial older version that down the line can be used to initiate cold boot hacks if and when they come out.

Last question would online play also work with ChoiDojourNX or its not recommended and best used to only play new games offline?

Hopefully I understood that correctly, let me know and thanks =)

Its not a good idea to play a hacked console online with or without ChoiDujourNX. You also do not install CFW on the Switch. Lastly, we technically already have cold boot; the current exploit, Fusee Gelee, translates to frozen rocket which is in reference to sending payloads in cold boot.

 

[Romreactor]

Its not a good idea to play a hacked console online with or without ChoiDujourNX. You also do not install CFW on the Switch. Lastly, we technically already have cold boot; the current exploit, Fusee Gelee, translates to frozen rocket which is in reference to sending payloads in cold boot.

Sweet, k so to my understanding, with my 4.1 FM and system hardware, I can flash Fusee Gelee with an RCM Jig, and from there use Fusee Gelee to back up my Nand and then use ChoiDojourNX to update my firmware to play new games, like Astrol Chains offline with out burning any fuses. All with the benefit of cold booting, where there is no need to insert the RCM Jig every time to boot Fusee Gelee.

Hope I got that correctly, and sorry for my newbiness just don't want to get this wrong and break my device =D. Thanks.

 

[Itsuki235]

Sweet, k so to my understanding, with my 4.1 FM and system hardware, I can flash Fusee Gelee with an RCM Jig, and from there use Fusee Gelee to back up my Nand

Some terminology fixes:

"Fusee Gelee [FG]", aka the "RCM bug", refers to the vulnerability itself. A "payload" refers to a "Fusee Gelee compatible payload" that can be used when the switch is in recovery mode [RCM] to run native code. There are many different programs that run native code, like Lockpick_RCM, Hekate (bootloader), various stub loaders, sept and even a Linux distribution.

To run custom firmware (CFW) using the native switch operating system (called "Horizon"), the switch must first be put into recovery mode. While the switch is OFF, this is done by shorting pin 10 of the right joy-con (typically done by using an "RCM Jig"), holding the volume + button and the power button for 5 seconds. The switch will turn on but nothing will display on the screen. A FG payload needs to be pushed to it.

The best FG payload to push initially is "Hekate" which is used as a bootloader or chain bootloader for other FG payloads, to perform NAND + Boot0/1 backups, enable AutoRCM and set CFW to autoboot. Hekate, an FG payload, can be pushed from PC using a "TegraRCMGUI" with a USB to USB C cable after installing the correct driver or using a switch "dongle", which is a small rechargeable battery powered circuit board designed to push a stub loader that is statically configured to load a FG payload from the inserted SDXC card in the switch (usually "SD:/payload.bin" or similar).

After creating a backup, enabling RCM, backing up system info and selecting autoboot, hekate can launch->CFW to boot Atmosphere, which is one possible CFW for the Switch.

Note that no current cold boot exploit exists for the switch. Enabling AutoRCM WILL negate the need for a "Jig" to enter recovery mode but NOT negate the need for the need to push a FG compatible payload to the switch after cold booting. Basically, Hekate needs to get pushed to the switch after every reboot so usually a "Dongle", "modchip" or "TegraRCMGUI" is still needed. A coldboot exploit would theoretically negate the need for this, thus while FG allows for CFW, it should be considered a "tethered" exploit.

Enabling AutoRCM is what prevents the burning of fuses since any FG payloads that launch after that will already be past the part of the bootloader/ipatch code that burns fuses. Disabling AutoRCM and cold booting into OFW (without going into recovery mode) is the only way to burn fuses typically.

 

[laz305]

Is there no chance they’ll ever get the switch to play cia games?

 

[Draxzelex]

Is there no chance they’ll ever get the switch to play cia games?

Just buy a used 3DS or download Citra on your computer.

 

[Megadriver94]

HBGshop is overrated, and I'd either rather get Tinfoil(which the ReSwitched HBGshop stole some of its code from), stick to the manual way, OR wait for a Switch version of CIAngel or Vita PKG.

 

[Idontknowwhattoputhere]

HBGshop is overrated, and I'd either rather get Tinfoil(which the ReSwitched HBGshop stole some of its code from), stick to the manual way, OR wait for a Switch version of CIAngel or Vita PKG.

What are you smoking?
ReSwitched does not support piracy
And CiaAnglel for the switch will never happen

 

[GBADWB]

Anybody know of a mod or homebrew that keeps the tablet screen on while docked exists?

 

[Megadriver94]

What are you smoking?
ReSwitched does not support piracy
And CiaAnglel for the switch will never happen

>ReSwitched does not support piracy
Oh, ok then.
>CIAngel for the Switch will never happen
WRONG, punk!

 

[Idontknowwhattoputhere]

>ReSwitched does not support piracy
Oh, ok then.
>CIAngel for the Switch will never happen
WRONG, punk!
View attachment 173765

No cdn downloading will happen ever again

 

[Lacius]

>CIAngel for the Switch will never happen
WRONG, punk!

It's not physically possible at this point anymore. The best you can hope for is HBG or something like it.

 

[Megadriver94]

It's not physically possible at this point anymore. The best you can hope for is HBG or something like it.

Why not?

 

[Lacius]

Why not?

Downloads from the eShop are now authenticated in a way that makes freeshop impossible. The same thing was done to the 3DS, which is why freeshop on it doesn't work anymore either.