What's the "save data exploit" in games like Splatoon 2?

[Ondrashek06]

Wow, am I salty... Sorry to the mod that has to read this.

 

[SylverReZ]

Wow, am I salty... Sorry to the mod that has to read this.

It's okay.

 

[Hayato213]

GIVE ME THE SIX HUNDRED ALREADY.

Lol get your own unpatched switch

 

[Ondrashek06]

It's okay.

I've been bitching about this for years but I know that nothing will change. I just keep getting anger bursts where the amount of salt produced is insane.
It's a cat and mouse game, where the cat has literally killed the mouse and ate it.

 

[SylverReZ]

Lol get your own unpatched switch

They sell for around $200 on eBay.

Post automatically merged: Nov 16, 2022

It depends on where you live in the world. More demand means more expensive.

 

[Hayato213]

They sell for around $200 on eBay.

Post automatically merged: Nov 16, 2022

It depends on where you live in the world. More demand means more expensive.

I know they are no where $600, my modded OLED was $650 lol

 

[CompSciOrBust]

Software exploit above 4.x.x may never exist. Only way to mod any new switch now is through a modchip

Software exploits exist in firmwares up to and including fw 7.x
https://switchbrew.org/wiki/Switch_System_Flaws#Kernel

Why shouldn't I? The modding community has always been THIS CLOSE to finally discovering a second exploit but something tiny always prevents it.

SciresM and every other big name Switch hacker who has contributed anything meaningful to the scene has already said that it's impossible to hack a firmware above 7.0. Not that it's unlikely or that it will take years but that it is 100% mathematically impossible to achieve it even if you understood the Switch's operating system perfectly. The only chance we have is if Nintendo releases a new firmware update and accidentally adds vulnerabilities to it (this did happen on firmware 3.0.0).

That said I do know a few hackers from other console scenes (PS4, PS Vita) who think that Scires is wrong, but Scires has thousands of hours reverse engineering the Switch's firmware that they don't have. Your best hope is that a cheaper and easier hard mod comes out. The Switch actually has several more hardware exploits but all of them are as complex and costly to pull off. That's probably the reason Nintendo hasn't bothered patching the BCT glitching exploit. They know if they do someone will just exploit a different flaw and their engineering time on fixing BCT glitching would be wasted.

 

[SylverReZ]

I know they are no where $600, my modded OLED was $650 lol

Holy shit! I got mine for around £200, I'm gonna be upgrading to an OLED or Lite model in the future.

 

[Hayato213]

Holy shit! I got mine for around £200, I'm gonna be upgrading to an OLED or Lite model in the future.

Do the OLED if you can find a HWFLY OLED.

 

[SylverReZ]

Do the OLED if you can find a HWFLY OLED.

I'll sure do perhaps.

 

[Ondrashek06]

Your best hope is that a cheaper and easier hard mod comes out.

Like a flashcard-based exploit? NTRBoot on 3DS is magical.

 

[nero99]

Like a flashcard-based exploit? NTRBoot on 3DS is magical.

flash cards will never be a thing on the switch. your only option is to either learn soldering skills and install a modchip your self, or buy the modchip and contact modsvilleUSA on here, youtube, or his personal website, he does installs.

 

[CompSciOrBust]

Like a flashcard-based exploit? NTRBoot on 3DS is magical.

All a flashcard exploit would do is enable piracy of retail games, no homebrew software. The reason NTRBoot exists on 3DS is because Nintendo used it as a recovery mode a lot like how the Switch has RCM mode. It was intended for people at the factory to do repairs and diagnostics but hackers found it and found a way to break it. The Switch's bootrom doesn't interface with the game card slot at all so there's no way to mess with that by messing with the GC. Maybe if you hack the game card slot itself to get code execution you could use that as a primary exploit to trigger a kernel exploit, but the main issue with Switch hacking is there are no known kernel exploits (according to SciresM there are zero, and he has reverse engineered the entire kernel to make Mesosphere).

All of the hardware exploits that I know of involve some form of glitching, it's just that they glitch different parts of the bootrom / bootloader. I know of 2 in addition to what is publicly available (HWFly BCT glitching). If you want to know more about hardware glitching check out this great blog post by YifanLu from the Vita scene: https://yifan.lu/2019/08/16/glitching-a-20k-piece-of-history/

There are possibly non-glitching based hardware exploits but if there are any I haven't heard of them and I'm in quite a few private group chats with developers from various console scenes.

 

[SylverReZ]

flash cards will never be a thing on the switch. your only option is to either learn soldering skills and install a modchip your self, or buy the modchip and contact modsvilleUSA on here, youtube, or his personal website, he does installs.

ModzvilleUSA is very talented with modding, I find watching his videos very satisfying.

Post automatically merged: Nov 16, 2022

@Modzvilleusa, if you see this, hi.

 

[Ondrashek06]

All a flashcard exploit would do is enable piracy of retail games, no homebrew software. The reason NTRBoot exists on 3DS is because Nintendo used it as a recovery mode a lot like how the Switch has RCM mode. It was intended for people at the factory to do repairs and diagnostics but hackers found it and found a way to break it. The Switch's bootrom doesn't interface with the game card slot at all so there's no way to mess with that by messing with the GC. Maybe if you hack the game card slot itself to get code execution you could use that as a primary exploit to trigger a kernel exploit, but the main issue with Switch hacking is there are no known kernel exploits (according to SciresM there are zero, and he has reverse engineered the entire kernel to make Mesosphere).

All of the hardware exploits that I know of involve some form of glitching, it's just that they glitch different parts of the bootrom / bootloader. I know of 2 in addition to what is publicly available (HWFly BCT glitching). If you want to know more about hardware glitching check out this great blog post by YifanLu from the Vita scene: https://yifan.lu/2019/08/16/glitching-a-20k-piece-of-history/

There are possibly non-glitching based hardware exploits but if there are any I haven't heard of them and I'm in quite a few private group chats with developers from various console scenes.

Any possibilities of a non-soldering HW-based inexpensive exploit?
It would be even more cool if it was something like a modification to the dock or something that plugs in to the USB port, but that's sadly unlikely.

On the Wii U, it's now possible to unbrick a bricked device with using a relatively inexpensive USB plug-in device.

Post automatically merged: Nov 16, 2022

flash cards will never be a thing on the switch. your only option is to either learn soldering skills and install a modchip your self, or buy the modchip and contact modsvilleUSA on here, youtube, or his personal website, he does installs.

Sadly his install services are not an option. Assuming I manage to get myself a chip, shipping a Switch + the chip to the USA would take months and the customs fees would triple the price.

 

[Jokey_Carrot]

You could get a beat-up unpatched switch (bad battery, bad screen etc) and transplant the motherboard into your good switch.

 

[SylverReZ]

You could get a beat-up unpatched switch (bad battery, bad screen etc) and transplant the motherboard into your good switch.

That is if you're lucky enough to come across one that is decent.

 

[Hayato213]

You could get a beat-up unpatched switch (bad battery, bad screen etc) and transplant the motherboard into your good switch.

Except if you run into the case of non compatible game cartridge reader, touchscreen problem lol

 

[CompSciOrBust]

Any possibilities of a non-soldering HW-based inexpensive exploit?
It would be even more cool if it was something like a modification to the dock or something that plugs in to the USB port, but that's sadly unlikely.

On the Wii U, it's now possible to unbrick a bricked device with using a relatively inexpensive USB plug-in device.

I actually had the same question about using a dock mod to hack the Switch. On it's surface it sounds like a stupid question because the dock doesn't do anything to the Switch other than supply power and process the outgoing video signal, but the whole idea of hardware glitching is that you mess with the power supply to induce software bugs. The TL;DR though is that it's not possible because of several reasons, especially not on Mariko consoles as they have random delays in the bootrom that the dock can't detect (but a mod chip can since it can read eMMC traffic).

I don't know if any non-solder based hardware exploits exist, but it is a possibility, unlike softmods that are absolutely not happening on current firmwares.

There's a lot I could say but I don't like repeating what I've heard in private publicly. If you want to get access to private information you have to gain people's trust and leaking stuff is an easy way to lose it. I will say that there is a very real possibility we will see cheaper soldered mod chips eventually. I'm surprised no one in China is manufacturing them yet. HWFly are gouging the prices right now but even if they sold the chips for the same price it costs to produce them they probably cost about $20-30 to produce. HWFly copied Xecuter's architecture 1:1. If you're willing to start from scratch there's a lot of components on the HWFly that isn't needed to perform the exploit. The FPGA for example is only used so they can send out firmware updates without giving everyone trying to clone it access to the entire firmware. If you get rid of the FPGA that's like $10 saved. The issue with that is it breaks compatibility with current open source chip firmwares that HWFly steals and they probably don't want to make their own chip firmware.

 

[Anxiety_timmy]

So does that mean... USERLAND EXPLOIT TIME?

Nah the switch uses ASLR, so no