A Year In Nintendo Switch Hacks

Discussion in 'Switch - Exploits, Custom Firmwares & Soft Mods' started by T-hug, Mar 5, 2018.

  1. T-hug
    OP

    T-hug Always like this.

    pip Chief Editor
    18
    Oct 24, 2002
    England
    switch_hacks.jpg

    It's been a whole year since the worldwide launch of the Nintendo Switch - and in record time, the fastest selling console in history has already been cracked wide open, allowing the running of unsigned code on the system that is usually referred to as 'homebrew'.


    There was a lot of chatter, pre-launch, surrounding Nintendo's latest hardware and how easy it would be to hack, so let's take a look back over the Switch's first year out in the wild:

    2017

    On March 14th 2017, less than 2 weeks from when the Nintendo Switch hit store shelves, a webkit exploit named PegaSwitch was released by a team of coders calling themselves ReSwitched. While PegaSwitch didn't allow the loading of homebrew specifically, "By taking over WebKit, we are able to read/write memory, call native functions, and otherwise explore the functionality of the Switch from the domain of the WebKit process." Basically, it was an exploit, a starting point, that anyone could use to try and reach the same end-goal, of enabling the running of homebrew on the Switch.

    :arrow: PegaSwitch - A webkit exploit with support for JOP and function calling


    When a new video game platform releases to the hacking community, the first thing to usually happen is the system's games are ripped from whatever media format they are stored on. Whether it be a DVD, Bluray disc - or as is the case with most of Nintendo's hardware; proprietary cartridges. Being able to look at how the data is structured on a game card gives hackers great insight into how the system's hardware works.
    Around 4 months after the launch of the Switch, on July 19th, the piracy scene group known as 'BigBlueBox' (BBB), started uploading data archives created from retail Nintendo Switch cartridges to the internet.
    Currently, BigBlueBox is the only group to release any Switch game cartridge 'dumps' onto the web.

    :arrow: First Nintendo Switch Cartridge Dumps Released


    In late December, at the annual 34C3 Chaos Communication conference in Leipzig, well-renowned hackers Derrek and plutoo demonstrate unsigned code running on a Nintendo Switch.

    :arrow: 34c3 hacker conference starts 27th of December, Switch talk slated


    2018

    Moving into 2018, on Jan 2nd, a well-renowned scene hacking group known as Team Xecuter announce they will be releasing a Nintendo Switch modchip that will be "completely future proof" - a bold claim, but one that is cemented by the team's previous work and reputation in the Xbox hacking and modchip scene. No estimated date of release for the Switch modchip is given.

    :arrow: Team-Xecuter announces future-proof Switch exploit


    Less than a week from TX's modchip announcement, on Jan 7th, another scene group known as fail0verflow release a video on twitter showing off their coldboot exploit proof of concept. A cold boot attack is a process for obtaining unauthorized access to encryption keys stored in the dynamic random access memory (DRAM) chips of Switch units.

    :arrow: fail0verflow releases coldboot exploit proof of concept


    With Nintendo Switch cartridge data now available on the internet via BigBlueBox, of course, the next logical step is an emulator for PC. On January 14th 2018, Yuzu emulator for PC was revealed to the public, actively being developed by coders who worked on the popular Citra 3DS emulator. Yuzu is currently unable to run any of the BBB Switch cartridge dumps.

    :arrow:
    Yuzu Switch Emulator Released


    The very next day after the Yuzu reveal, on January 15th, Team Xecuter reveal some hot info about their upcoming modchip exclusively to GBAtemp; "there is a solder and solderless version." The news is interesting, catering to both the tech-savvy and those who just want to play 30-year-old games on their 2017 hardware.

    :arrow: Team Xecuter reveal info on upcoming Switch modchip


    Less than a week later, on January 20th, a TrustZone exploit known as Jemavuis (meaning 'never seen') was released. In layman's terms, having complete control over TrustZone allows the user to tell the Switch that something is legit, even when it isn't. Coupled with full kernel access, this was the beginning of the end of the Switch's security on lower firmware versions.

    :arrow: jamais vu - a 1.0.0 TrustZone Code Execution Exploit for Nintendo Switch


    February 2nd saw yet another important milestone for early Switch hacking, when scene release group BBB released a 'master key' within one of their Switch game cartridge dump archives. The key, which is actually a 32 character string of letters and numbers, is useless to the general public, but by releasing this key, BBB is enabling other hackers to decrypt any Switch firmware and game cartridge files, up to firmware version 2.3.0.

    :arrow: Pirate group release Switch Master Key


    fail0verflow return on February 6th with another tweet, this time posting a single image, which appears to show Linux running on a Switch. It's significant because it means they now have substantial control over the Switch hardware.

    :arrow: fail0verflow tease Linux on Switch


    Whether the fast progress in software hacking was the reason or not, Team Xecuter announce they are delaying their Nintendo Switch modchip on Feb 15th, stating "we have experienced a few issues with the reliability of our entry point". The team go on to reiterate that the Switch modchip will still be released in the future, but no expected release window is given.

    :arrow: Team Xecuter Delay Switch Modchip


    The Switch scene is now really heating up, as just 2 days later on Feb 17th, it is announced that TrustZone exploits have now also been achieved on firmware versions 4.x.

    :arrow: Switch TrustZoneHax on 4.x


    Also on the 17th, fusée gelée (meaning 'Frozen Rocket') was yet another coldboot exploit revealed, this time by GBAtemp member @ktemkin

    :arrow: fusée gelée -- coldboot proof-of-concept for the Tegra X1


    Following on from their original tease 11 days earlier, on February 17th fail0verflow now officially show Linux running on Switch with a video released on twitter.

    :arrow: Fail0verflow shows off Linux running on the Nintendo Switch


    February was a big month in the Switch hacking scene - 11 months since the Switch released to the public. On the 18th, the goal of running homebrew on retail Switch units was now a reality with the release of an exploitative application known as 'HBL 3.0.0'.
    Potentially, any Switch owner can now download the exploit and run unsigned code on their system, such as emulators and ftp clients. But there is one huge caveat; in order to do this, as the filename suggests - Switch owners must not have updated their unit's firmware any higher than version 3.0.0.
    Usually homebrew is released as open source, so others can see how it works and help improve the code if they so wish, but HBL was released with its installer code encrypted, to try and thwart other hackers from using the same exploit to enable piracy on the system.

    :arrow: Switch Homebrew Launcher 3.0.0 Released


    2019?

    For now, that is where the Switch hacking scene is up to, at least in the public eye. Behind closed doors, however, there are still lots of teams working on hacking the Switch. Hacking a new system, this early on, is like an elaborate puzzle, where different groups of individuals discover and release snippets of technical information regarding the Switch's security online. Eventually, someone fits all the pieces of the puzzle together and we start to see more exploits appear, at first paving the way for homebrew applications and custom firmwares, but ultimately leading to backup loaders and piracy. It can be fascinating to watch from the sidelines as it's a real show of technical skill, to see who can do it, who is first - but it's also a blatant disregard for the platform holder's security measures and original intentions for the system.

    With so much already achieved in just 12 months in the world of Switch hacks, it will be interesting to see what is next for Nintendo's youngest platform, and what state it is in another year from now.


    :arrow: GBAtemp Nintendo Switch Hacking & Homebrew Forum
     
    olive069, tomman321, NoNAND and 42 others like this.
  2. RedoLane

    RedoLane GBAtemp Advanced Fan

    Member
    5
    Sep 16, 2016
    Israel
    May we hope for more years of Switch hacking to come!
     
  3. SirBeethoven

    SirBeethoven Do good, be good. Let's fight injustice together.

    Member
    5
    Nov 26, 2015
    United States
    Hey, what's the difference between TrustZone vs Kernal exploits?
     
    Xyphoseos likes this.
  4. BlueFox gui

    BlueFox gui SOMEONE

    Member
    8
    Feb 4, 2016
    Brazil
    NAS TERRAS DE HUE BR
    yay piracy
    fuck this damn console
     
  5. medoli900

    medoli900 Open the Benzenes Gates

    Member
    4
    GBAtemp Patron
    medoli900 is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    Jan 7, 2013
    Lavender Town
    Jemavuis?
    It's Jamais vu :rofl:
     
    Baoulettes likes this.
  6. BORTZ

    BORTZ Tired of being the good guy

    Supervisor
    21
    GBAtemp Patron
    BORTZ is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    Dec 2, 2007
    United States
    Pittsburgh
    Uh I know its just a watermark to keep that Switch image our own, but I would shell out for Tempy themed Joycons.
     
  7. Joe88

    Joe88 [λ]

    Moderator
    13
    Jan 6, 2008
    United States
    hurry up with the rom loader so I can buy one :rofl:
     
  8. leon315

    leon315 POWERLIFTER

    Member
    6
    Nov 27, 2013
    Italy
    Great job, m$! X1 is the last standing! keep holding, and fight those stingy pirates!
     
    Last edited by leon315, Mar 5, 2018
  9. HaloEliteLegend

    HaloEliteLegend Luminary of Illustrious Colors

    pip Member
    11
    GBAtemp Patron
    HaloEliteLegend is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    Oct 17, 2015
    United States
    Seattle, WA
    The Switch's use of the Tegra chipset made exploitation infinitely easier, I'd imagine. Very fast progress across the entire scene.
     
  10. medoli900

    medoli900 Open the Benzenes Gates

    Member
    4
    GBAtemp Patron
    medoli900 is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    Jan 7, 2013
    Lavender Town
    To be honest, probably no one is even bothering with Xboner because there's no demand for it, to say the least.
     
  11. Tom Bombadildo

    Tom Bombadildo Tom BombaDadlo

    pip Contributor
    20
    GBAtemp Patron
    Tom Bombadildo is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    Jul 11, 2009
    United States
    I forgot
    It's more because the Xbox One's dev mode already allows for homebrew apps for mass users without requiring any kind of hack whatsoever. The only thing you can't do is pirate games which (for the most part, anyways) most devs aren't much interested in releasing exploits for. That's pretty much the only reason none of the private exploits have been released.

    As to the article, that's what you get when you use a bog standard off the shelf SoC with documentation readily available for free. Which is nice, I suppose.
     
    Xabring, Costello and DarthDub like this.
  12. loler55

    loler55 GBAtemp Advanced Fan

    Member
    3
    Jan 4, 2012
    Gambia, The
    great article!
     
    LogicIsHansom and T-hug like this.
  13. Chizko

    Chizko GBAtemp Regular

    Member
    2
    Jan 24, 2015
    Chile
    ???? ??? ???
    I am here, waiting, because i learned from the 3DS hack era.
     
    Leafgreen26 and Lukerz like this.
  14. 8BitWonder

    8BitWonder Small Homebrew Dev

    Member
    7
    Jan 23, 2016
    United States
    47 4F 54 20 45 45 4D
    Pretty sure TZ is where all crypto happens, so if you pwn TZ you have crypto.
    Someone please correct me if I'm wrong.
     
    SirBeethoven likes this.
  15. Zyvyn

    Zyvyn GBAtemp Maniac

    Member
    4
    Aug 9, 2017
    United States
    kernal exploits can be patched trustzone cannot as it has to do with the hardware of the system
     
    SirBeethoven likes this.
  16. Lia

    Lia GBAtemp Advanced Maniac

    Member
    10
    GBAtemp Patron
    Lia is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    Jan 29, 2016
    United Kingdom
    @T-hug 2nd to last link, about the HBL release, isn't working
     
    T-hug likes this.
  17. epickid37

    epickid37 ( ͡° ͜ʖ ͡°)

    Member
    6
    Jan 4, 2017
    United States
    mushroom kingdom
    trustzone is the highest layer of security
     
    kai_dranzer2003 and SirBeethoven like this.
  18. SirBeethoven

    SirBeethoven Do good, be good. Let's fight injustice together.

    Member
    5
    Nov 26, 2015
    United States
    Thanks for helping guys
     
  19. epickid37

    epickid37 ( ͡° ͜ʖ ͡°)

    Member
    6
    Jan 4, 2017
    United States
    mushroom kingdom
    with any console people are going to want piracy.
     
    Darth Oeron likes this.
  20. BlueFox gui

    BlueFox gui SOMEONE

    Member
    8
    Feb 4, 2016
    Brazil
    NAS TERRAS DE HUE BR
    EVERY console
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice