Jump to content
zapptheman

Nintendo Switch Gets Pwned (Tegra bootrom release)

Recommended Posts

HELLO EVERYONE!!! Today i come to you all with great news. 

 

By now most of you already probably know, but if not, please have a read. 

 

Recently over the past 48 hours, there has been an explosion of releases for the switch scene, i have a video detailing this below! If you would rather listen instead of read, please check that out, otherwise please read on!

 

First things first, it all began back in Oct 2017 when The Reswitched Team announced that they have successfully dumped the Nvidia Tegra's bootrom! Unfortuantely, there was nothing published to the public at the time, likely due to legal reasons and what not. This was the seed which would begin to sprout into the best exploit for all switch users and the it will write history for the switch scene. This promised the full control of the console at the earliest point in the boot process allowing it to occur before the system fully boots, similar to arm9 loaderhax for the 3DS! 

 

Fast forward to 2018. From January all the way to April, there has been news of various hacker groups showing off their work and their own bootrom exploits. This was extremely promising for the switch scene, and hyped everyone up simply due to the fact that we could visually see progress among the various hacker groups, this included xecuter claiming they had a solution for switch hacking which would work on all firmware's. Not long after, failoverflow comes out stating they have a boot exploit and show it off with a short YouTube video, and once again, not long after this, we see team reswitched boasting that they also have boot exploit for the switch. This is great as now the scene can see that there is something in the works, and it will be the ultimate exploit/release for the scene. Of course, at the time, there was no promise of a release but this was confirmation that multiple groups had reached the tegra bootrom and found ways to exploit it to run their own code. It also seems that while there were 3 teams publicly showing their work, there were also other teams working behind the scenes in silence. 

 

Not long after all this, around late February, ktemkin and reswitched, announced a release of their exploit, along with a cfw to leverage it. Failoverflow had begun showing off their port of linux working on the switch and all was looking great.

 

Fast forward another deal of time, now we are in April, about 48 hours ago (23/04/18) A dump of the Tegra bootrom was published anonymously on the web. This was nothing great for the end user directly as it was not something which was weaponized yet for them. On the contrary, this was great for hackers alike as it allowed them to have a poke around and begin looking for possible back doors, or bugs in the code, so they can mess around in an attempt to get a working exploit.

 

As a result of this leak, it triggered an explosion of follow up releases from various groups and hackers. for example, debugging scripts were shared to help debugging the bootrom with reverse engineering tools made available, and other things hackers use to revers engineer ;)

 

Shortly after, another source shared details of the recovery mode exploit used by Fail0verflow, Reswitched and likely other teams. This caused Ktemkin to quickly release her work with a detailed writeup on the vulnerability, shortly followed by Fail0verflow, there is also a video of them commending Reswitched for their work. Reswitched exploit was supposed to be released on the 15th of june, but was obviously pushed forward due to the chain of events over the past few days. It also seems that Fail0verflow intended to release their work on the 25th of april.... right in the middle of all this that has recently happened... hmm makes you wonder who the anonymous sources may have been.

 

To Conclude, this shows that the exploits being leveraged are quite easy to use once implemented, and with the recent release of the Atmosphere CFW for the switch, it seems that the days of native homebrew for all switches has arrived, and will be coming to a switch near you shortly. 

 

I would like to express that i strongly recommend waiting a bit before trying anything that has been recently released, as most of it is not completely finished work, and still may have bugs, so proceed with caution. I would also recommend heading into the shops to purchase a switch as soon as possible as Nintendo has begun releasing switched with revised hardware which will prevent the exploit from running as this is a hardware based exploit.

 

With that all being said, i hope you guys enjoyed this and you're all hyped up for the switch scene just like me!!!

 

Catch you guys next time, Peace!

 

Video 

 

 

 

Image 

 

fusee_gelee_nintendo_switch_hack.jpg

 

Share this post


Link to post
Share on other sites

time to go pick up my switch..1.4.1 I think...

Share this post


Link to post
Share on other sites
1 hour ago, tangotnt said:

time to go pick up my switch..1.4.1 I think...

1.4.1 ?

Share this post


Link to post
Share on other sites
13 hours ago, tangotnt said:

time to go pick up my switch..1.4.1 I think...

 

Just swapped my broken switch for a shiny new 2.0.1 firmware switch, we are good to go boys! Expect content coming in near future from me!

 

11 hours ago, TheZander said:

1.4.1 ?

 

Bahaha i think he is just being extra cautious

Share this post


Link to post
Share on other sites

I bought it with that fw luckily.

Share this post


Link to post
Share on other sites
12 hours ago, tangotnt said:

I bought it with that fw luckily.

1.4.1 ? I've not seen that one. I thought it went 1.0 > 2 

Share this post


Link to post
Share on other sites

when I pick it up I'll post screens

Share this post


Link to post
Share on other sites
On 5/1/2018 at 4:50 PM, tangotnt said:

when I pick it up I'll post screens

sure man sounds good to me :)

Share this post


Link to post
Share on other sites
On 4/30/2018 at 1:10 PM, TheZander said:

1.4.1 ? I've not seen that one. I thought it went 1.0 > 2 

 

just picked  it up for 23 ( and I was so oooo wrong lol) it is 4.01 I'm just not sure what can be done as of yet.

Share this post


Link to post
Share on other sites
On 7/7/2018 at 7:18 AM, tangotnt said:

 

just picked  it up for 23 ( and I was so oooo wrong lol) it is 4.01 I'm just not sure what can be done as of yet.

 

Everything as long as it is the old revision of hardware. You can use the FSM jig and run CFW. Be warned the CFW is not yet finished

Share this post


Link to post
Share on other sites
On 7/9/2018 at 6:27 AM, zapptheman said:

 

Everything as long as it is the old revision of hardware. You can use the FSM jig and run CFW. Be warned the CFW is not yet finished

I've only  some pieces of tutorials

I don't think I wanna try the Fsm jig (looks dangerous) but with everything  being  limited  (I really  wanted dolphin) I think I'ma wait and just play Bayonetta 2

Share this post


Link to post
Share on other sites
On 7/11/2018 at 5:28 PM, tangotnt said:

I've only  some pieces of tutorials

I don't think I wanna try the Fsm jig (looks dangerous) but with everything  being  limited  (I really  wanted dolphin) I think I'ma wait and just play Bayonetta 2

 

XD FSM is the most stable way to go about it but i don't think cfw is up to scratch yet. Apart from Xecuters... (which you need to pay for)

Share this post


Link to post
Share on other sites
12 hours ago, zapptheman said:

 

XD FSM is the most stable way to go about it but i don't think cfw is up to scratch yet. Apart from Xecuters... (which you need to pay for)

Not gonna buy something that could brick my device from me  moving files around. Hekate does not look stable. And the autorcm is scary if you run out of batt.....idk what's good and that layerEdf thing is a joke.... 

Share this post


Link to post
Share on other sites
On 7/19/2018 at 7:48 AM, tangotnt said:

Not gonna buy something that could brick my device from me  moving files around. Hekate does not look stable. And the autorcm is scary if you run out of batt.....idk what's good and that layerEdf thing is a joke.... 

 

Yeah it's pretty wild man XD i'm just waiting for the CFW's to develop more. I don't think i will be using the autorcm method. Seems too dangerous. Will also be waiting for devs to find a way to access online functions without ban hammer. Unless Nintendo makes online paid. Then who cares XD

Share this post


Link to post
Share on other sites

I use autoRCM before any CFW or cool stuff was out I would run into a battery drian issue but all I did was leave it connected to my PC and just kept trying to send a payload until it recognized. Now though I have it booted most times and only leave it off ( or RCM mode ) for a little while.

Share this post


Link to post
Share on other sites
13 hours ago, TheZander said:

I use autoRCM before any CFW or cool stuff was out I would run into a battery drian issue but all I did was leave it connected to my PC and just kept trying to send a payload until it recognized. Now though I have it booted most times and only leave it off ( or RCM mode ) for a little while.

 

I guess that's one way to go about it. Still would worry me too much XD

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×