up to 4.x exploitable, but lower firmware is better

Discussion in 'Switch - Hacking & Homebrew' started by blinkzane, Jan 13, 2018.

  1. blinkzane
    OP

    blinkzane Panic at your moms house

    Member
    GBAtemp Patron
    blinkzane is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    843
    297
    Jul 24, 2012
    United States
    Florida
    http://hexkyz.blogspot.com/2018/01/the-switch-state-of-affairs.html
    This is NOT my work but it is hexkyz
    Here are the main bullet points
    • Switch is exploitable up to 4.1 to run homebrew, but this method will not be released until another firmware update removes it
    • this means that if you updated past 3.0, do not continue updating.
    • If nintendo releases an update, wait a week before you decide to do so (if you are on the latest AND want to continue playing games while waiting for the exploit to be released) we can assume that ninty did not patch the exploit
    • LOWER FIRMWARE IS ALWAYS BETTER

    The Switch - State of Affairs

    Let's kick off the new year with a new blog post!

    Since this last year's CCC talk where derrek, naehrwert and plutoo showcased their progress on hacking the Switch, tons of misinformation began floating around about which firmware is necessary for homebrew.
    I believe it's now time to put up a nice and comprehensive FAQ on all things Switch hacking related.
    So, buckle up, and if you have the questions, here are the answers.


    Q: Who the hell are you and why should I take your answers seriously?
    A: I've been working on hacking the Switch since day 1. I've found bugs and developed exploits on my own at first and eventually ended up integrating a small loose crew of hackers that share the same interests. While we work together on a certain level, we also work either individually or among other groups (Switchbrew, ReSwitched, etc.).

    Q: Were you involved in 34c3?
    A: Not directly. Just like many others who were credited during the talk, I've worked with derrek, naehrwert and plutoo on hacking the Switch, but what was presented during the talk is a reflection of these hackers separate work.

    Q: I have been told for quite a while that firmware 3.0.0 is where I should be at. They even said so during the talk! What does that mean?
    A: Firmware 3.0.0 introduced a specific bug that allowed for userland code execution, but the same bug was patched immediately after on the next firmware update. This created the perfect starting point for publicly disclosing this vulnerability and laying down the foundations of homebrew.
    The idea was simple: get as many people as possible on firmware 3.0.0 so everybody can start working on writing homebrew right away. What wasn't particularly clear is that this is ultimately an advice for homebrew developers and not the average end user.

    Q: And what about [insert firmware version here]?
    A: Here's something that you probably don't know yet: ALL current firmware versions are exploitable up to the point of running your own code.
    Yes, you read that right. This includes firmware 1.0.0 all the way up to 4.1.0.

    Q: So, can I just update my Switch?
    A: Yes and no. This is a question many have been asking and conflicting answers are causing a great deal of confusion among people.
    The basic principle is the following: if you have no reason to upgrade from your current firmware version (regardless of what it is), then simply don't upgrade.

    However, the real answer is quite more nuanced. Increasing firmware versions obviously include additional patches for a myriad of vulnerabilities, therefore, the lowest firmware version (1.0.0) is the most vulnerable. Obviously, for a number of reasons, not everybody will be able to get their hands on a launch day system, so there's always interest in exploiting new updates.

    In an effort to clear the air and promote a less toxic environment, here comes the current state of affairs regarding Switch hacks:
    - Firmware 1.0.0:
    -> Contains critical system flaws that allow code execution up to the TrustZone level;
    -> Most of what was showcased during 34c3 originally targeted this firmware version;
    -> Allows for a full blown emuNAND/CFW setup.

    - Firmware 2.0.0-2.3.0:
    -> Contains system flaws that allow code execution up to the kernel level;
    -> Can be exploited to run homebrew using private methods (e.g.: nvhax).

    - Firmware 3.0.0:
    -> Contains system flaws that allow code execution on the userland level;
    -> Can be exploited to run homebrew using private methods (e.g.: nvhax);
    -> Can be exploited to run homebrew using public methods (e.g.: rohan).

    - Firmware 3.0.1-4.1.0:
    -> Contains system flaws that allow code execution on the userland level;
    -> Can be exploited to run homebrew using private methods (e.g.: nvhax).

    As you can see, the higher the firmware version, the less options you have. However, code execution for homebrew is still assured across all firmware versions.

    Q: Wait, did I read that right? Firmware 2.0.0 to 2.3.0 can be exploited up to the kernel?
    A: Yes, but no additional information will be disclosed at this point.

    Q: What is that nvhax thing?
    A: This is currently a private method that I originally discovered and exploited. Joined by SciresM and plutoo, we have successfully used it to exploit pretty much all firmware versions to the point where running homebrew is possible.

    Q: Will nvhax be released? When?
    A: Yes, but there are no plans to release it any time soon. Having code execution on the latest firmware version available is a privilege that ought to be maintained for as long as possible.
    That said, when it stops being useful it will be released as an alternative for people on firmware versions above 3.0.0 to enjoy homebrew.

    Q: Ok, so, I'm a developer with a strong passion for homebrew and would love to start right away. What do you suggest?
    A: Update your Switch to firmware version 3.0.0, read about rohan and get to work!

    Q: Now, I'm just a regular user that loves homebrew, but has no intent or knowledge to develop my own. I also want to play the latest games on my Switch and don't really mind waiting. What do you suggest?
    A: Update to the latest firmware version and wait.

    Q: What if I'm an avid hacker/developer who wants to explore the system as much as possible?
    A: Find a 1.0.0 unit and stay there.

    Q: And what if I just want to pirate games?
    A: You're barking at the wrong tree.

    Hopefully this FAQ will put to rest some of the doubts people have been expressing lately and help them understand the necessary steps to enjoy homebrew on their consoles.
    More information will be shared when the time is right, but rest assured we are all working hard on really cool stuff and, hopefully, helping to build a strong homebrew community for the Switch.

    Also, stay tuned for a very special blog post in the following days. ;)

    As always, have fun!

    Posted by hexkyz at 10:21 AM
     
    Last edited by blinkzane, Jan 13, 2018
  2. Kubas_inko

    Kubas_inko 3DS Hardmoder

    Member
    1,229
    391
    Feb 3, 2017
    Czech Republic
    Please change title.
     
  3. Im kinda High Right Now
    This message by Im kinda High Right Now has been removed from public view by porkiewpyne, Jan 14, 2018.
    Jan 13, 2018
  4. TotalInsanity4

    TotalInsanity4 GBAtemp Supreme Overlord

    Member
    8,017
    8,038
    Dec 1, 2014
    United States
    Under a rock
    Why? It'd be nice if it said "Hexkyz says...", but it's fine as is
     
  5. V-Temp

    V-Temp GBAtemp Fan

    Member
    390
    492
    Jul 20, 2017
    United States
    I'd say its largely because its sort of meaningless. Every firmware is hackable, the question is if its usable.

    Notice how Scires didn't say anything about 4.x? Its because while you can do stuff with it, you need to be able to do meaningful stuff for it to matter.
     
  6. Kubas_inko

    Kubas_inko 3DS Hardmoder

    Member
    1,229
    391
    Feb 3, 2017
    Czech Republic
    because when anyone sees hackable, they go crazy about cfw and stuff :/
    But here it means HB possible on 4.X
     
  7. blinkzane
    OP

    blinkzane Panic at your moms house

    Member
    GBAtemp Patron
    blinkzane is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    843
    297
    Jul 24, 2012
    United States
    Florida
    "- Firmware 3.0.1-4.1.0:
    -> Contains system flaws that allow code execution on the userland level;
    -> Can be exploited to run homebrew using private methods (e.g.: nvhax)."

    i think not. Its a statement. not a question.
     
  8. Kubas_inko

    Kubas_inko 3DS Hardmoder

    Member
    1,229
    391
    Feb 3, 2017
    Czech Republic
    I cant see word "hack" anywhere there.
    And 3.0.1 and 3.0.2 has kernelhax
     
    Last edited by Kubas_inko, Jan 13, 2018
  9. ReDEyeDz

    ReDEyeDz Advanced Member

    Newcomer
    54
    18
    Dec 10, 2015
    Serbia, Republic of
    "We have something, but we're not showing anything anytime soon"
    Ok, whatever
     
  10. yardie

    yardie GBAtemp Advanced Fan

    Member
    919
    951
    Mar 27, 2016
    United States
    Thanks for repeating the same thing over and over again
     
  11. blinkzane
    OP

    blinkzane Panic at your moms house

    Member
    GBAtemp Patron
    blinkzane is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    843
    297
    Jul 24, 2012
    United States
    Florida
    sent in a request.
     
  12. DSpider

    DSpider GBAtemp Fan

    Member
    410
    220
    Mar 14, 2015
    Romania
    It's probably a complicated method, not meant for the average user. The "average user" would probably brick their device, then complain. It's cooking. Let it cook. It's gonna be delicious, I'm sure.
     
    mech likes this.
  13. Memoir

    Memoir A Hero to Zero

    Member
    GBAtemp Patron
    Memoir is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    6,181
    6,133
    Jun 24, 2007
    United States
    Wyoming
    This is one of those "no shit" moments.. But everyone chose to believe that 3.0.0 was the end of hackable firmwares..
     
  14. Eix

    Eix GBAtemp's Best Waifu (now lewd-ish)

    Member
    581
    961
    May 27, 2017
    United States
    Vanilmirth
    cool
    id trust this
    but i also dont have a switch to mess with
    or a way to contact hexkyz
    so i cant have stupid questions answered
    but i have a way to contect a different switch person so i still have a possibility of getting stupid question answered
     
  15. Kubas_inko

    Kubas_inko 3DS Hardmoder

    Member
    1,229
    391
    Feb 3, 2017
    Czech Republic
    Just a little correction.
    3.0.0, 3.0.1 and 3.0.2 also have kernel access.
     
    blinkzane likes this.
  16. V-Temp

    V-Temp GBAtemp Fan

    Member
    390
    492
    Jul 20, 2017
    United States
    In theory. Its not actually tested for 3.x>0
     
    Memoir likes this.
  17. Kubas_inko

    Kubas_inko 3DS Hardmoder

    Member
    1,229
    391
    Feb 3, 2017
    Czech Republic
    SciresM has it
    Warning: Spoilers inside!
     

    Attached Files:

    Last edited by Kubas_inko, Jan 13, 2018
    lordelan, whateverg1012 and Memoir like this.
  18. Justinde75

    Justinde75 VGM Addict

    Member
    1,702
    2,148
    Feb 14, 2016
    Germany
    Stray Sheep Bar
    Im on the latest rn, but seeing the improvements in the scene I wont update anytime soon
     
  19. Memoir

    Memoir A Hero to Zero

    Member
    GBAtemp Patron
    Memoir is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    6,181
    6,133
    Jun 24, 2007
    United States
    Wyoming
    I'm thinking I'll stay put as well. Got the games I want to play, and it will last a while.
     
  20. tpax

    tpax Advanced Member

    Newcomer
    87
    41
    Nov 16, 2014
    Gambia, The
    Yeah, he can go duck sicks. Waiting for the true saviour, TX.
     
  21. V-Temp

    V-Temp GBAtemp Fan

    Member
    390
    492
    Jul 20, 2017
    United States
    I know, I am saying its only tested up to 3.0, as I said. In theory. Since the bug is not believed to be fixed.