Hacking Update from FW 6.2.0 to what?

[darkovo]

Hi,
I'm wanting to play some newer games such as FFVII, Tinfoil install ignoring update still doesn't allow this game to work. I may as well update to a later firmware.
I've got an internal modchip and use Atmosphere. SD card has all latest files on ready for a later firmware.

Shall I just update to fw 7.0.1 or go higher? Switch is only used offline.

Also which to use, ChoiDujourNX or ChoiDujour? Conflicting info saying one works and not the other?

Thanks

 

[chrisrlink]

well seeing that (presumably) you have an unpached system (as you can launch atmos) weather you update or not is irreverent if you still want to mess with deja vu just keep it below 8.0 (8.0 completely breaks the exploit (and was done without a leak, nintendo did their own detective work for once -gasps- ) sarcasim aside as for your second question NX works for me at least just remember to chose exfat mode Just in case

 

[darkovo]

Thanks chrisrlink for quick reply, yes unpatched system.
I'll crack on with 7.01 and see if thats enough to play the games for now .

 

[Deleted User]

would recommend a EmuNAND so wait or buy SX OS... ChoiDojour bricks sometimes...

 

[isoboy]

Hi,
I'm wanting to play some newer games such as FFVII, Tinfoil install ignoring update still doesn't allow this game to work. I may as well update to a later firmware.
I've got an internal modchip and use Atmosphere. SD card has all latest files on ready for a later firmware.

Shall I just update to fw 7.0.1 or go higher? Switch is only used offline.

Also which to use, ChoiDujourNX or ChoiDujour? Conflicting info saying one works and not the other?

Thanks

I updated through Nintendo's servers/horizon from 6.2.0 to 8.0.1 today but I installed FF7 with tinfoil on 6.2.0 and played just fine on that.

 

[ScarletDreamz]

would recommend a EmuNAND so wait or buy SX OS... ChoiDojour bricks sometimes...

do you have a source on this? never had an issue with CHoiDuJour, and i don't think no one has, as far as an Emunand, hes too late for the party, as in he already installed some NSP, unless he restore a clean nand, or recreate the nand using rajkosto method, or the manual downgrade stuff, there's no coming back to it, so better just have fun with what he /she has.

 

[stephrk398]

ChoiDojour bricks sometimes...

Sometimes? More like Ultra-Rarely lol.

 

[masagrator]

ChoiDojourNX*
ChoiDojour is a Windows tool and doesn't support newest firmwares.

 

[darkovo]

I updated to fw 7.0.1 using ChoiDujourNX without issue.

The only difficulty encountered is tinfoil now not installing .nsp's from SD card, but does over USB from PC. New keys extracted from my Switch on 7.0.1 using Lockpick_RCM but this didn't get tinfoil working from SD, just errors.

Goldleaf installed FFVII from SD though, so I'm happy

 

[ZachyCatGames]

do you have a source on this? never had an issue with CHoiDuJour, and i don't think no one has, as far as an Emunand, hes too late for the party, as in he already installed some NSP, unless he restore a clean nand, or recreate the nand using rajkosto method, or the manual downgrade stuff, there's no coming back to it, so better just have fun with what he /she has.

On older versions of atmosphere it could cause brick due to atmosphere's brick protection preventing it from writing shit. It's been fixed for awhile though

 

[Wario]

well seeing that (presumably) you have an unpached system (as you can launch atmos) weather you update or not is irreverent if you still want to mess with deja vu just keep it below 8.0 (8.0 completely breaks the exploit (and was done without a leak, nintendo did their own detective work for once -gasps- ) sarcasim aside as for your second question NX works for me at least just remember to chose exfat mode Just in case

I thought @Daeken turned in the deja vu exploit for a bug bounty. I still haven't found out exactly what deja vu is and how it works and why it's still kept secret even after Nintendo fully patched it in FW 8.0. Do I have things mixed up? It gets confusing because home brew authors use the weirdest names with no rhyme or reason.

 

[smf]

I still haven't found out exactly what deja vu is and how it works and why it's still kept secret even after Nintendo fully patched it in FW 8.0.

It's not a secret, the main exploit was disclosed in December when it was added to Kosmos to fix sleep mode on downgraded switches with fuses burned for a higher os version.

https://switchbrew.org/w/index.php?title=Switch_System_Flaws#Hardware

The Tegra X1 bootrom supports saving SDRAM parameters to scratch registers, and using the saved configuration to enable DRAM during warmboot.

The code that parses these parameters does if (params->EmcBctSpareN) *params->EmcBctSpareN = params->EmcBctSpareNPlusOne for most N, without validating either the address or value written to it. There are other arbitrary writes in this code, as well (e.g. BootromPatch parameters intended for patching MISC registers do not check a relative offset to 0x7000000, etc).

This allows a user with access to the PMC registers (via pre-sleep bpmp execution, or otherwise) to gain arbitrary bootrom code execution.

However there are other exploits that are necessary to be able to use this as an entry point and these are different on each OS version. An entire exploit chain has been released for 1.0.0 switches.

There were exploit chains for some newer OS versions (up to 4.x) that cannot be released at the moment because SciresM had a hard drive failure and he lost them & they would need to be re-implemented.

I don't know if anyone has actually implemented an exploit chain that works on newer OS, but they likely rely on exploits that haven't been patched by Nintendo. I think it's the arbitrary bootrom code execution that was fixed in 8.0.0, so no matter what other exploits are found won't lead to a successful chain.

If you don't get it then think here is an analogy. You may have an exploit that allows you to start any car but you might need a different exploit to open the door of a ford and a different one to open an nissan. Combining the ford car door opening exploit with the start any car exploit gives you an exploit chain for ford cars. While someone found out that the new Lambourghini is going to be using nissan door opening technology, so they are keeping the nissan exploit secret for now.

 

[chrisrlink]

It's not a secret, the main exploit was disclosed in December when it was added to Kosmos to fix sleep mode on downgraded switches with fuses burned for a higher os version.

https://switchbrew.org/w/index.php?title=Switch_System_Flaws#Hardware

The Tegra X1 bootrom supports saving SDRAM parameters to scratch registers, and using the saved configuration to enable DRAM during warmboot.

The code that parses these parameters does if (params->EmcBctSpareN) *params->EmcBctSpareN = params->EmcBctSpareNPlusOne for most N, without validating either the address or value written to it. There are other arbitrary writes in this code, as well (e.g. BootromPatch parameters intended for patching MISC registers do not check a relative offset to 0x7000000, etc).

This allows a user with access to the PMC registers (via pre-sleep bpmp execution, or otherwise) to gain arbitrary bootrom code execution.

However there are other exploits that are necessary to be able to use this as an entry point and these are different on each OS version. An entire exploit chain has been released for 1.0.0 switches.

There were exploit chains for some newer OS versions (up to 4.x) that cannot be released at the moment because SciresM had a hard drive failure and he lost them & they would need to be re-implemented.

I don't know if anyone has actually implemented an exploit chain that works on newer OS, but they likely rely on exploits that haven't been patched by Nintendo. I think it's the arbitrary bootrom code execution that was fixed in 8.0.0, so no matter what other exploits are found won't lead to a successful chain.

If you don't get it then think here is an analogy. You may have an exploit that allows you to start any car but you might need a different exploit to open the door of a ford and a different one to open an nissan. Combining the ford car door opening exploit with the start any car exploit gives you an exploit chain for ford cars. While someone found out that the new Lambourghini is going to be using nissan door opening technology, so they are keeping the nissan exploit secret for now.

and yet for a quick payout they screw us all

 

[smf]

and yet for a quick payout they screw us all

Yes, it's possible that we lost the ability to ever mod mariko because Kosmos added it. As it was only a short term having to downgrade then it was a poor deal.

 

[ZachyCatGames]

Yes, it's possible that we lost the ability to ever mod mariko because Kosmos added it. As it was only a short term having to downgrade then it was a poor deal.

fwiw it was probably gonna be patched in mariko either way with it’s redesigned bootrom. But yea, still a stupid decision for them to do that

 

[smf]

fwiw it was probably gonna be patched in mariko either way with it’s redesigned bootrom.

I don't think it's possible to guess whether they would have found the exploit, we know that looking for similar vulnerabilities will be on their security check list.

 

[Deleted User]

i haven't touched my switch for 3 months, and wanted to play newer Games, still on FW 6.2.0

can somebody confirm to me if Smash Ultimate latest Update and Joker DLC work on 6.2.0 or do i have to use a higher FW

if thats the case which one is needed for it

 

[Albytrozz]

There is no good reason to stay on 6.2... upgrade to the latest (8.0.1) with ChoiDuJoirNX and you can downgrade and upgrade as you wish without burning fuses.

There's no logical reason at all to keep old firmware right now, you'll find any game or update from the last few months or so will not work with 6.0+ and most out lately won't even work with 7.0+ and there is absolutely zero advantage to keeping a lower firmware with Switch right now, there are no exploits that take advantage of it and it's a big pain in the ass for nothing.

 

[Priyam]

i haven't touched my switch for 3 months, and wanted to play newer Games, still on FW 6.2.0

can somebody confirm to me if Smash Ultimate latest Update and Joker DLC work on 6.2.0 or do i have to use a higher FW

if thats the case which one is needed for it

smash joker update needs minimum 7.0.1

 

[Wario]

There is no good reason to stay on 6.2... upgrade to the latest (8.0.1) with ChoiDuJoirNX and you can downgrade and upgrade as you wish without burning fuses.

There's no logical reason at all to keep old firmware right now, you'll find any game or update from the last few months or so will not work with 6.0+ and most out lately won't even work with 7.0+ and there is absolutely zero advantage to keeping a lower firmware with Switch right now, there are no exploits that take advantage of it and it's a big pain in the ass for nothing.

Does ChoiDuJoirNX run on top of CFW like Atmosphere/SXOS or does it run some other way? I'm on really old OFW and have been in agony not being able to log into the eShop to buy digital only games unavailable in cartridge form. Maybe I can go the DNS block option. Does that still work to prevent name resolution using the Nintendo sun and beach servers. Any tips and instructions would be appreciated.