Hacking Team-Xecuter coming to your Nintendo Switch console!

[TheCyberQuake]

The way I would do it would be to run the signature check multiple times with random delays and randomly have some tests that will pass and some that will fail. Making sure that all the tests have to run for the code to work, not just an "if" test at the end.

You are assuming way too much about this exploit. We know nothing about it. You can't say what it does or doesn't do. Hence why I said in my original post "If it works as advertised" because none of us know how it works.
Also with how early this appears to be in the boot process (given the custom logo in the video), I would bet if nintendo did add more security checks like that, you could likely just patch them out with a cfw update. It will be like 3ds when we had to wait and see if it was safe before updating.

 

[TotalInsanity4]

The way I would do it would be to run the signature check multiple times with random delays and randomly have some tests that will pass and some that will fail. Making sure that all the tests have to run for the code to work, not just an "if" test at the end.

That's a wonderful way to make your bootloader super fucking unstable

 

[V-Temp]

That's a wonderful way to make your bootloader super fucking unstable

I mean, glitching your bootloader is a good way to make your console inoperable to begin with. Especially if it has to do so at every cold-boot.

 

[DinohScene]

I remember RGHing my xbox 360 and by the third year i could barely use it due to the booting times.

That is likely due to bad soldering and or bad placement of wires/wire length.

RGH isn't rocket science but the later revision chips are more stable then the first revision chips

What are the chances of us being able to go online with these hardmods? Were the hardmodded xboxes able to go online?

Not without stealth servers.
Security in the 360 is a hell of a lot different then Nintendo.
Unlike Nintendo, MS actively bans people having modified xboxes.

I mean, glitching your bootloader is a good way to make your console inoperable to begin with. Especially if it has to do so at every cold-boot.

RGH slows down the CPU, glitches it at verification of one of the bootloaders, resets it and speeds it back up again.
If successful, the CPU will continue to boot, if not, the process starts over again until it succeeded.

 

[Chrushev]

Comparing to the games, the console is relatively cheap, at least in where I'm from. 4 - 6 new games will cost you the same as a new console. Same story for the PS4 and Xbox One.

Sure, but most people dont buy games brand new for $60 (even on day one all games via Amazon are $48). You can pick up most of them for $30 or cheaper 6 months out, or even a lot of brand new ones go on buy one get one 50% off or even get 2 get 1 free deals etc.. and you can actually play online with them etc..

Also there is this whole caveat where you cant play games if you are on older firmware like Mario or anything that releases from here on out. So whats the point of that second switch that you are saving on old firmware? You cant play even retail games on it that came out after mario (including mario). So thats where the whole argument about buying games vs second console falls apart. You cant play any new games on that switch so its just going to collect dust.

Now as Ive said numerous times if there is an exploit worth having (like one that allows you to play any game) then it will be on later firmware anyways, making buying that second switch a pointless idea.

Just no matter how you look at it its a bad idea to buy a second switch and keep one on old firmware. If its hackable you are restricted to crappy college student games, if its not hackable then its collecting dust. If you can play new games on it, well then you can do that on updated switch too.

now lets wait and see what this Xecutor thing is. From the sounds of it switch firmware doesnt matter. So again showing that its stupid to buy a second switch just to keep old one not updated. And this Xecuter thing may be the hack worth having.

 

[DayVeeBoi]

already is from what I've read.

I hate the term jailbreak for consoles. It just sounds like someone who only knows about iphones decided to name it.

I think the term "Jailbreak" is technically correct for PS4 as it is FreeBSD based uses a sandbox-like security concept that is actually called Jail. You can see here--> https://www.freebsd.org/doc/handbook/jails.html and here--> https://cturt.github.io/ps4.html

 

[Don Jon]

@moderators why are there two threads about this?

 

[TotalInsanity4]

@moderators why are there two threads about this?

There are actually 4 threads last I checked, but two seem to have died and we are left with 2.
For those who want homebrew, piracy, and playing the newer games the modchip is the best choice unless you already have a 1.0.0 switch.
People are saying "there will be a free software exploit" do realize that software exploits are very unlikely to persist across updates and without the keyblob bug in 1.0.0 trustzone you won't be playing newer games for later firmwares. If this hardmod works as advertised, you will have homebrew and piracy on latest firmware with no way to patch it due to it being a hardware vulnerability.

 

[Thirty3Three]

@moderators why are there two threads about this?

There were like 4, and Costello said, "Thanks for the news!" to the 4th post. Not so sure they care lmao.

 

[alepman90]

@moderators why are there two threads about this?

Both posted at he same time and both active

 

[smf]

I would bet if nintendo did add more security checks like that, you could likely just patch them out with a cfw update. It will be like 3ds when we had to wait and see if it was safe before updating.

Sure, but you said that the chip would mean you could update to any version while a softmod wouldn't. As if you believe a CFW is impossible when discussing a softmod, but completely possible when discussing a hard mod.

Nintendo could already be working on anti glitching firmware, which could be out before the chips become available & you won't know.

That's a wonderful way to make your bootloader super fucking unstable

If the switch can't cope with a loop and random numbers then it would appear that you're wasting your time trying to mod them because they plain don't work and any memories you have of playing a game on them are a psychotic episode.

 

[_______]

Sure, but most people dont buy games brand new for $60 (even on day one all games via Amazon are $48). You can pick up most of them for $30 or cheaper 6 months out, or even a lot of brand new ones go on buy one get one 50% off or even get 2 get 1 free deals etc.. and you can actually play online with them etc..

That's a lot of speculations here. Yes, you might be able to get cheaper games, still even purchases all of them in half price will stack up to a price of a console pretty quick. You also lose the option to play latest games when they were released. Your "savings" depends on less of available options, which might be ok for a non-gamer like you but not everyone.

Also there is this whole caveat where you cant play games if you are on older firmware like Mario or anything that releases from here on out. So whats the point of that second switch that you are saving on old firmware? You cant play even retail games on it that came out after mario (including mario). So thats where the whole argument about buying games vs second console falls apart. You cant play any new games on that switch so its just going to collect dust.

For Homebrew. In this forum, people shouting about they wanted exploits for homebrew not privacy, and now suddenly that doesn't matter now? lol. Yeah sure you can't do that now, but you should be able to do that at some point. The lower fw just give you a higher possibility to get there, if we can all predict the future, you won't have to have these conversations anyways. I'm happy to spend some money on a dust collector than some cry out about higher unhackable fw. See how long does PS3/PS4 got their newer version exploited? It's like forever. And tell that to PSV users with 3.61 and above. You could have easily sell your Switch if you don't want it anymore. Like you said above, lots of people were buying 2nd-hand stuff, no?

Now as Ive said numerous times if there is an exploit worth having (like one that allows you to play any game) then it will be on later firmware anyways, making buying that second switch a pointless idea.

Just no matter how you look at it its a bad idea to buy a second switch and keep one on old firmware. If its hackable you are restricted to crappy college student games, if its not hackable then its collecting dust. If you can play new games on it, well then you can do that on updated switch too.

Again that's your opinion. If you can't afford a 2nd console, so be it. Having a backup plan is always good. Not everyone buys cancer insurance after they were diagnosed. (Unless, you CAN'T afford it.)

now lets wait and see what this Xecutor thing is. From the sounds of it switch firmware doesnt matter. So again showing that its stupid to buy a second switch just to keep old one not updated. And this Xecuter thing may be the hack worth having.

Yeah, talks like Ninty never update their hardware. Unpatchable usually means hardware flaw, which only applies to current revision. We haven't yet seen the product, and you knew it's perfect? It's cheap? Or we can have a software alternative for free like we did on 3DS, IF you kept a low fw. (And we can still update and play all the backups on 3DS, without a chip.)

 

[mendezagus]

Keys are used to decrypt software for the system to boot, run software, and do pretty much anything. Switches have console unique keys everywhere but by hijacking the system you could get them for your console. This isn't easy nor would it make a very intuitive mod. No solution for the Switch is going to be exactly 'easy' mind you. (And you'd have to do this every time Nintendo updates their keyblobs to get the info out.)

Their "proof" of their capabilities is to this end by leaking a key.

Wait, so the key they leaked is for one particular Switch? if so whats the point of the proof?, no one is gong to be able to test it.

 

[yardie]

Wait, so the key they leaked is for one particular Switch? if so whats the point of the proof?, no one is gong to be able to test it.

it was tested already
get up to date man

 

[TheCyberQuake]

Sure, but you said that the chip would mean you could update to any version while a softmod wouldn't. As if you believe a CFW is impossible when discussing a softmod, but completely possible when discussing a hard mod.

Nintendo could already be working on anti glitching firmware, which could be out before the chips become available & you won't know.

I said softmod is unlikely to have a persistent exploit that carries across updates, which is completely true given the status of the switch and it's software security.
And again you seem to keep making assumptions about the device while having no knowledge about it. If they are correct with what they said, Nintendo won't be able to update firmware to fix it. I already told you not all hardware glitching exploits can be patched in software, it completely depends on how the attack works, which we have no info on.

 

[TotalInsanity4]

If the switch can't cope with a loop and random numbers then it would appear that you're wasting your time trying to mod them because they plain don't work and any memories you have of playing a game on them are a psychotic episode.

The issue isn't random numbers, it's checking a portion of code a random amount of times at random intervals that would, presumably either increase boot times unreasonably a percentage of the time, or interrupt another critical process in the bootloader to check something it should only have to check once, which would either force a reboot or a shutdown

 

[cearp]

RGH slows down the CPU, glitches it at verification of one of the bootloaders, resets it and speeds it back up again.
If successful, the CPU will continue to boot, if not, the process starts over again until it succeeded.

what's the success rate on every boot with rgh? 99%? or something less, like 60%?

 

[FAST6191]

What are the chances of us being able to go online with these hardmods? Were the hardmodded xboxes able to go online?

It is way too early to tell and comparing systems is a tricky game at the best of times, here is it is basically pointless to compare. Nintendo have historically been largely incompetent when it comes to online security but if it is going paid this time around the incentive is there to do better, and it is quite feasible to make a secure online service, stick a whole bunch of checks in the kernel and otherwise frustrate the efforts of hackers to get online. Also it is not even like they have a legacy online system holding them back.
Following the utter farce that was the 3ds online security my opinion of them is very low but I don't know that I would bet on things remaining that easy here.

 

[mendezagus]

it was tested already
get up to date man

Yes i´m a little behind this team xecuter hack. What i dont´get is what exactly has been proven, since the keys are supposed to be unique for each switch console.

--------------------- MERGED ---------------------------

what's the success rate on every boot with rgh? 99%? or something less, like 60%?

For me it was instant boot 99% of the times in the first dates, then it went down drastically in time (around 15% at the end, maybe lower) Sorry for the double post.

 

[cearp]

For me it was instant boot 99% of the times in the first dates, then it went down drastically in time (around 15% in the end, maybe lower) Sorry for the double post.

15%! wow, and how long would it take to restart and try again, and finally succeed?
don't worry about double posting, if you do it quick enough the forum automatically merges them into one post