Ah yes, thanks, now that you mention it, i remember that they talked a bit about this regarding the Switch hacking at the 34C3 convesion.
https://youtu.be/Ec4NgWRE8ik?t=700
-
Ever wanted an RSS feed of all your favorite gaming news sites? Go check out our new Gaming Headlines feed! Read more about it here.
-
We have made minor adjustments to how the search bar works on ResetEra. You can read about the changes here.
Arbitrary code execution achieved on Switch firmware 4.x [Mod Edit - Read OP]
- Thread starter Deleted member 15428
- Start date
https://youtu.be/Ec4NgWRE8ik?t=700
Yeah, i'm not claiming that its stock FreeBSD or anything like that (as i mentioned, theres much custom stuff added), i'm just saying that bugs in FreeBSD could be applied to the PS4 too. In other words, knowledge of FreeBSD is not a bad thing to have when hacking the PS4. And dumb mistakes are indeed done. Most of the write ups are completely greek for me to be honest, so i need it in more layman terms. Sometimes these write ups ads something like this is in their conclusion, but it can still be quite technical.
I dont think we can say that the Switch kernel is near impenetrable as they have access to the kernel on the Switch already. This only works up to firmware 3.0.0 however, but with further research, more bugs/exploits can be found, and i dont doubt that this will happen (as with basically any gaming systems). But entry points are needed to execute the exploits.
What did you mean with the USB stuff by the way? Mabe you quoted me right before i added that in as an edit.
EDIT: CTurt (PS4 hacker) talked a bit about FreeBSD and PS4 regarding the firmware 1.76 hack, saying that its possible that many of the exploits found in the FreeBSD kernel can be present on PS4 as well. Of course its no guarantee, but its a possibility.
https://cturt.github.io/ps4.html
According the Fail0verflow, this bug cant be fixed as a software patch (firmware update). It has to be fixed at factory level.
Ah ok, i understand :)
Last edited:
The USB has been used to deliver payloads, meaning its not secure in its access to higher permissions. Like the SD card on the Wii.
They have access to the Switch kernel by defeating other elements of the tegra on which the kernel has to run, when you have lower level permissions already then the things running on top of those permissions are compromised. ;)
Yes, a bootloader bug in the Tegra. It cannot be patched in a sold unit as the bootloader is write-only, at factory they can (and will) flash a new patch eventually.
This isn't particularly new, they are just fucking around. They had a linux distro running a little while ago already. :P
When do you think Nintendo will sell Switch consoles that have patched this in hardware level?
Going from CLI to GUI with touch support, working screen brightness etc within 2 weeks is quite impressive though I'd say.
Because indie devs really stay away from the PC, where piracy is arguably the most rampant...
We likely won't know until someone bricks their console trying to run this and it turns out the bootloader patches have changed. In general, though, these bootloader exploits require hardware glitching to seize control. They aren't reliable and long-term are damaging. A general enduser isn't going to want these solutions.
This will almost assuredly sneak in over time and many not even be marked with any revision renumbering.
Oh that's definitely cool, I was speaking more on the general jist. Once they had a distro running, it was a matter of time when they got support ported. And this is a very well documented hardware for linux.
It still makes me worry about the future of the Switch in regards to 3rd Party support, Indie Support, and online play seeing this all go down before the system is even out a full year. Not a fan.
None of this has in so far enabled any of what you mentioned...
...and any one dumb enough to take a hacked Switch online will be in for a rude awakening that, unlike the 3DS, isn't able to be worked around.
Not yet, you mean?
I'm just paranoid about this whole "Switch is a success" thing coming crashing down and ruining the most fun I've had with gaming in a long time.
I'm assuming once people figure out custom firmware they'll be able to take multiplayer games online and cheat away, but I don't know much about this kind of thing so I could be wrong.
What this thread is about specifically won't be user-available for a LONG time, like over a year or multiple more. How many people out there have a 1.0.0 or a 3.0.0 Switch to do you reckon? I think its <0.01% of the population of Switch owners.
And of them, how many do you think are both savvy enough to do any of this AND are even interested in doing any of the things you worry about?
If indies were worried about piracy, they wouldn't release on any console except for the Xbox. Same for any third party.
That is the end-goal... BUT... there are layers of security embedded in telemetry data exchanged between the console and Nintendo's servers, and that always risks tripping flags and banning a console. Once a console is banned, its gone for good because of the certificate process with the Switch.
Those with CFW online are either (a.) going to be normal users with CFW or (b.) idiots who get banned overnight.
Thanks for explaining. This makes me feel a little better, I think.
Though I still worry about whatever NVidia flaw or whatever is in there that can't be fixed without hardware modification. =_=
Touché, but PC has a much wider install base than the Switch at present
Also it needs to be stressed some of this stuff will *never* see the light of day because the long-reaching implications on the general Tegra are potentially disastrous for users unrelated to the Switch.
Some of this work borderline enables rootkits for phones and spying.
And the fact that these vulns are now known about thanks to the Switch scene is going to lead to hackers who are not nearly as friendly or concerned with homebrew to start looking for vulnerabilities that reach into the pockets of general users that are completely unrelated and unaware of these things.
Some of this work borderline enables rootkits for phones and spying.
And the fact that these vulns are now known about thanks to the Switch scene is going to lead to hackers who are not nearly as friendly or concerned with homebrew to start looking for vulnerabilities that reach into the pockets of general users that are completely unrelated and unaware of these things.
I remember hearing about an app for Switch that would enable remote play like a Steam Link, I hope we get something like that eventually through this.
Can you explain this a bit more? I read what you're saying that its possible to insert an USB stick into PS4 and load a payload directly to the PS4 without having to do anything else, just like it is on the Wii as you mention, and how it was on PS3 with firmware 3.41, but maybe i'm misunderstanding. I tried to search on Google, but i found nothing. I only found that people are able to load e.g a Linux payload from USB, but thats after having done the kernel exploit, but having access to use the USB inputs when you have kernel access is something i would take for granted.
Yeah, its probably already being prepared. It would leave about ~15 million Switch units that wont(?) be able to be patched. Still remains to see what further developement will lead to however.
Sure, but thats somewhat a pity in regards to the other security, in the sense that every other security links in the chain might become useless if the top link is broken.
It shall also be interesting to see how this will result in further developement of hacks. If those Switch units already sold cant be patched, it would also mean that every single firmware version coming will be available for examination. Its not like Nintendo can refuse firmware updates to the already sold Switch units.
Last edited:
You would still need userland access to get access such that a payload could be used. Getting kernel gives you a lot of permissions and usually results in handing over access to the USB file services. What I am talking about was the NAND dumping through Arduino in the USB slot, one of the original major piracy breaks on the PS4 post 1.76's completely borked kernel.
USB payloads that are already on compromised systems are sort of irrelevant, since you can just deliver everything over the network then. :P
It still requires glitching which is damaging and unstable. So regardless of ~15 million, almost all of them won't want to do any of this. :P
Also as I said in a later post, this bug has ramifications way above the Switch. No one will/should release this, ever.
Switch's stuff has been audited heavily already by the scene, its secure. Its all nVidia stuff that's screwed up, which is why no on wants to give up any exploits early because Nintendo's been securing the vulns.
Nintendo security is very solid this time around and they have routine audits of their own on the vulnerabilities that the scene finds (or are reported to them). So they are quite serious in generally keeping the system secure and they're doing it in the 'best' way one can, really. Their hands are sort of tied by nVidia, though. At least until a Switch 2.
A lot of their new stuff also comes from what they learned of the 3DS, and it seems they hired some new and good software security engineers, heh.
Last edited:
Why don't they speak about it then? They've been so quiet regarding the VC when VC support was so disjointed last gen with the 3DS and WiiU. It was a freaking mess. The Switch on the other hand fixes that. It's one system and the power to run VC games but again Nintendo has been hush hush. People want to play old games on the Switch. I want to play old games on the Switch.
Ah, you mean the NAND cloning from one PS4 to another PS4 to play pirated games? If so, that i know about, but as far as i know, this required desoldering of the NAND chip, it was not done by connecting an Arduino or Raspberry Pi to USB on the PS4. It also didnt require any userland exploit since it was mainly a hardware hack. I think the first userland exploit for PS4 was released with the firmware 1.76 hack. You also mention "payloads" (plural), which different playloads are you referring to? Do you have a source to the method you're talking about? Its possible that i've missed something or that we're talking about two different things :)
The PS4 kernel wasnt completely borked, or what do you mean?
Exactly, that i why i was wondering what you were referring to, since i havnt heard about a PS4 hack that relies on the usage of the PS4 USB :) In the begining you used the word "is", it being about present time, also saying that multiple of payloaders work through USB, so i took this as the USB ports on the PS4 could be used for exploiting the system, connecting an USB stick to the system and inject the PS4 with different payloads to exploit the system. Thats why i asked :)
According the Fail0verflow, they say that you dont need a modchip to pull this off. This can mean different things, but i read it as that its not required to modify the hardware to use it. Of course there must be a method to trigger the exploit, but we'll see how complicated it will be.
I dont think the ramifications will be noticably big. Old devices are usually often filled with unpatched bugs regardless. Look at all the Android phones that wont recieve newer versions of Android of example. That doesnt stop people from publically release information about the exploits. Maybe this bug is confined to Tegra X1 in specific as well.
Sure, everyone tries to do their best in regards to securing their systems and are serious about it. Nintendo (and everyone else for that matter) has also been doing audits for exploits for many years now, since when an exploit is released, it usually doesnt take long before a firmware update is released. I dont think that Nintendo (and the others for that sake) was less serious about security before than what they are now, but who knows. I think its more a thing that security gets more and more complex, so it takes time to find new exploits.
I dont think that it can be claimed that Nintendo's own code is basically 100% secure (to be fair, maybe you're not claiming that, but it looks a bit like that to me). For example, the bug in Switch firmware 3.0.0 is due to Nintendo's doing, as far as i know. It also rely on a Webkit exploit, so its not just Nvidia whos at fault there. But these security systems are complex, so its often near impossible to cover every single little thing.
But as we've seen before, nothing is 100% secure. Security get better and better as time goes by because they learn from past mistakes indeed, and thats also why people might wait to release exploits as you mention, since it can take time before the next one is found. This is also one reason why it was a long time between the 1.76 hack and the 4.05 hack on PS4 for example. People holding off information for later use. We'll see what they do on the Switch. Maybe they keep holding on to the exploits, so that more people can use them in the future.
The Switch is also quite young, about one year old. It took like 2-3 years before someone hacked the 3DS if i'm remembering correctly, and like 4 years for the Vita. Right now, it looks like the Xbox One might be a system that wont be touched.
Last edited:
Ultimately, if the Switch is hacked wide open like the PSP, u can't really blame the hackers who are simply seeing it as a challenge to break open a new videogame system. The onus should be on Nintendo make their console hack proof and ensure that it doesn't meet the same fate as other consoles which were hacked early on. Otherwise it deserves the same fate due to negligence from Nintendo.
I'm waiting for the Virtual Console as much as you, because I love classic gaming and this will be the first console catalogue of classic games that you will be able to use in a LCD screen with CRT shaders, to recreate the original look of these games in an old tube TV.
But honestly, we have yet a lot of systems running emulators. You have the GPD Win if you want a portable console with emulators, which is able to run shaders to improve the quality of image. You have a lot of affordable options, like the Raspberry Pi devices. You can run emulators in your current PC or Mac desktop. You can run emulators in a lot of consoles that were hacked such as the New Nintendo 3DS or the Playstation Vita.
My point is that while I will love to see in the future my Switch as the definitive classic gaming emulation device, I think that at this point, if a software exploit is released in 2018, it will hurt the software library. If the most hardcore audience decide to pirate their consoles, seeing things like NIS America taking the time to port 'Ys VIII: Lacrimosa of Dana' to Nintendo Switch, will be more unusual. This will not hurt to Nintendo or to games with big budgets. We saw this same situation in the PSP era. PSP has one of the best Japanese software libraries in any system. But some of the best games released in Japan, were never translated to English due to piracy. And PSP was doing amazing hardware numbers in western countries. While Vita with a much more smaller user base, saw a ton more of English translations released in the US and Europe, in comparison to PSP.
I think that it's a good thing for video game preservation than any system ever made, is eventually hacked. In this way, you will have an alternate option of accessing your digital purchases if for example, Nintendo decides to close the servers.
But these type of solutions, from an ethical and moral standpoint, should never be released while the system is still active or in its peak years. Because a look at the numbers and how this worked in past consoles, show that an affordable and easy hack solution, always damage small companies, not the bigger ones. And make software libraries much more reduced. Vita saw a lot more of releases in its last years than 3DS. Sure, 3DS saw the bigger ones, with well-known stablished IPs doing great numbers. But these stories of success were reduced to Nintendo's own IPs and bigger franchises such as 'Monster Hunter'. But for example, a company as important as NIS America concentrated their efforts in localizing games or releasing small niche games in Vita, for a good reason.
So I want to see the Switch hacked. But only when Nintendo decides to release a new hardware, and companies have moved to the next system.
A system level tweak allowing to change the clocks could significantly benefit performance in docked mode. Not sure what the ramifications would be in the long term for the battery, but the the hypothetical tweak with direct power could open up lots of interesting things.
Hey that's neat. I saw the recent console hacking talk at 34C3 and it seemed like people were making steady progress at cracking the Switch, good to know they had a breakthrough.
Yes, the NAND cloning did not require any permissions escalation because the USB wasn't signed and the Arduino could redirect a NAND dump.
1.76 was kernel, and plurality was that there was, I believe, a method for 1.76 to actually do the same break over USB. Userland is fairly common/boring. 4.05 is also kernel.
1.76 was what I was referring to, though its been a while and I may have crossed some wires but I am fairly certain there was a USB method.
You're confusing glitching and modchips. Glitching is a matter of tampering with power and voltage clocks, doesn't require modchips.
No, they are big. ReSwitched has gone over that and by the person behind their version of this exploit. It affects everything that uses this bootROM or even derivatives of it, its not just a TX1 bug. Ramifications are bad.
Nah, Nintendo's security before sometime in the 3DS/Switch era was fairly bad. They've made some major changes since then now. The issue with 3.0.0 is a Nintendo flub, yes, I did forget they moved the sm modules out of a secure world in that patch which was a "???" move that they very rapidly corrected. But the major breaks into actual kernel and TZ are from nVidia and hijacking the hardware.
3DS was actually hacked almost immediately, but the groups then weren't as public.
No one has a reason to hack the X1, it lets you run homebrew already. :P
And unless Nintendo starts suing the hackers, the dev times between Nintendo systems and Sony systems will always be different. Sony has forever left a stink on their scene with the geohot shenanigans.
I see. I dont think there was an USB method. This would have been pretty big news, simply dumping the NAND directly from the USB port without any exploits or something like that. Also, in this case, an Arduino or Raspberry Pi shouldnt really be needed either from what i understand, since you could then just connect any PC to the USB and run the dumping software. The reason why such device was used is to be able to read/dump the NAND, which has to be connected directly to the device, either by desoldering the NAND chip first or reading the pins directly from the motherboard. Thats how i understand it at least.
I usually try to follow the console hacking scene, so i would be quite surprised if i missed this piece of news, but i cant catch everything, so if you're very sure that such solution was present, it would be nice to get a link/source with more info. I've tried to do several of searches on Google (like USB PS4 hack, exploit, not signed), i've also checked the PS4 archive over at Wololo.net, but unfortunately i cant find anything of relevance to this. I personally dont care that much about homebrew and such usage for my own use, but i find information and progress about hacking to be interesting, so a source would be appreciated :)
Yeah, 4.05 is a kernel exploit indeed. I think 1.76 is also a kernel exploit. Not sure about the public hack available, but the 1.76 hack did also allow kernel access from what i know.
On a side note to this, the ability to dump the NAND and clone it to another PS4, i think this was an oversight. I think this solution has been patched by now.
I know that glitching is about changing the power as you mention, but a modchip should be able to do that, no? To glitch the hardware, you need some equipment to do that, and a modchip is additional hardware that could be programmed to perform such task. When they claim that a modchip isnt needed, i take it as that you dont need to alter the hardware in any more serious way to achieve the results. But we'll see how its being done sooner or later i think :)
Regarding the bug being more widespread, ok, i see. I still dont think theres big ramifications since the Tegra chip isnt exactly very much used, relatively speaking. When we get information about things like Heartbleed (granted, this can be patched), i dont really see information being spared for the Tegra exploit. It can still take a while before that information is available though.
Oh, sure, i didnt mean to say that Nintendo had great security before. I just mean to say that i think they took it seriously before as well. Not like that they skimped out on security measures and said something like "this is good enough, lets just hope for the best", at least i hope not :) I think they did what they could within their knowledge to protect their systems. And when exploits did became known, they tried to patch it.
That said, its possible that they've ramped up even more focus on the system security with the Switch. Not having access to the save games and not having a browser (at least with easy access) are some things related to security i would guess. Its also true that the Nvidia bugs were the main part for the Switch hack as you mention, i dont deny that, but it still requires some work. For example, even knowing the Nvidia bugs, the intial exploit only worked on firmware 3.0.0, so they dont have access to everything, at least not yet.
Yeah, its possible that the 3DS (and other systems as well) were hacked some time before the exploits were released to the public, thats true. I think the 3DS flashcards also were available before the Cubic Ninja hack, unless i remember wrong.
Well, theres always the achievement of being able to break the security and run Linux on it :) I'd say that this is a big driving force for these hacks in general, to simply be able to beat the security. Hacking can also give benefits that the official homebrew solution wont offer (like more control with the hardware). But you're right that if homebrew is possible officially, then theres less reasons to go after such system.
In what regards do you mean that the devtime would be different between the systems? I'm not sure if many really care about the Geohot case now. I mean, it is true that its a part of history and not exactly forgotten, but i dont think that it has any impacts on future hacks being done or not.
Last edited:
How odd. I could have sworn there was something on USB, something something Scorpion? But now I can't find the link. Well until I provide the receipts, I will take the L on this info! I may also have just confused the general USB loaders with a USB payloader but that... I find unlikely. I will go digging. But if its not on Wololo then perhaps I truly have imagined it...Which wouldn't surprise me. USB payloaders don't really make sense when you have local wireless.
The dumping over USB was as I said an oversight in signed permissions. The USB should never have access to the NAND for dumping at least not without extensive signature checks such that only someone at factory could do any such thing. It was an oversight and they patched it by preventing those sorts of permissions from even being entertained by the system. Anything could do this, yes, even a PC. The reason to highlight the Arduino/Pi was more of "look how trivial this is and someone can make this for you" angle, which was what was done at the time. People would sell pre-prepped solutions, and handle the NAND, to just plug in and pop.
Of course, 4.05 doesn't need any such fancy work. You just dump everything trivially now.
There are plenty of ways to play with clocks, don't need a mod chip to do it. Glitching often requires a board but board reqs aren't usually considered 'mod chips'. The whole mod chip thing was f0f taking shots at TX for trying to profiteer off of enabling piracy. They were taking the piss out of that group. But given that they are taking control of the ARMv4T, it very very likely means they glitched past some of the sig checks early, siezed the boot, and then took over. Once you do it once, you're more or less good to go once you've broken the boot and run your own code to take over the sig check process.
Of course, it possible they found a way in from the top down but then that would be a patchable exploit as top-down requires an exploit chain that can be broken. I would be shocked if it wasn't a straight up hardware exploit.
Edit: Actually, ktemkin's exploit sounds like its a software bug in nVidia's boot process. So, ya, that's not going to require glitching.
They've leveraged the nVidia bugs to have everything. ;) Only Nintendo's secure monitor, the TZ code, and kernel remain un-broken directly, they have simply been circumvented and hijacked by going under them due to nVidia's bugs. When Nintendo breaks the exploit chain that enabled this ACE, it will likely be very difficult to recover and, depending on how extensive, it may not be recoverable without completely new exploits. The scene is aware of at least some stuff having either been found or reported, and given current thoroughness of Nintendo's audit and general polish of their own software expectations are that 5.0+ is going to break everything for current exploits. It may even fix the TZ-nVidia exploit.
Xbox in general also just doesn't have much of a scene this time. The same group TX, promised some stuff but then ran away. :P
3DS had Gateway (from stolen work of other groups, as noted, it was hacked very early) in year 1-2. Which was a flashcart, and then their stolen work was RE-ed and then the scene blew up fast. NinjaHax was just another access vector on later patched firmware.
Different ways of handling distribution and some groups don't want to release anything because no one knows when Sony will sue the next dev into jail time. Of course, that hasn't stopped the development of 1.76 and 4.05 but there have been private exploits almost in perpetuity but many of them have been either kept private or used of selling save editors. The save editors, that still work, mean that that group have full kernel control. But they seem to be more interested in making money than releasing their exploits. Nintendo's scene has almost never had this dynamic, any one who tries to profiteer is promptly RE-ed and their work release for free for everyone (see: Gateway and the then brick wars that ensued as Gateway tried to brick systems using alternatives).
Last edited:
EDIT: Nevermind, i didnt see your reply, so i didnt need to quote your last post and comment there :)
And yeah, a public kernel exploit goes a long way. Good news for those who prefer to hack their system.
And yeah, a public kernel exploit goes a long way. Good news for those who prefer to hack their system.
Last edited:
If I can recall, MDave tested the CPU clocks. He got the CPU to run at 2 GHz and the GPU clocks were throttling with ranges between 700 MHz and 200 MHz. He couldn't test the GPU clocks directly.
There was some rumor about a PS4 USB dongle or something from Cobra (the released one for the PS3), maybe thats the one you're thinking of? Cobra, Scorpion, some similarities there :) But that turned out to be fake. There were also a few fakes/scams regarding PS4 jailbreak in the begining from what i can remember.
What i mean with oversight is to allow a NAND dump to work on another console like that, basically cloning the system including the games. It wasnt related to how the USB was working. I dont think there ever was any NAND dumping over USB on the PS4. This is what i also was wondering about earlier, information regarding NAND dumping using the USB, not just about USB payloads :) It would be fairly big news in itself to be able to simply dump the NAND chip through the USB port. Do you have any source/information regarding this? I tried to search for this earlier too, but i couldnt find anything on that either unfortunately. I dont see how this is even possible without a userland exploit as a minimum requirement, how would you otherwise trigger the system to do the dump?
I dont think using Pi etc. was only to show how trivial it was, but rather that this was used to dump the NAND chip directly. If you could just connect any PC to the PS4 USB port and simply run a piece of software to do the NAND dump, that sounds a lot easier, no need for any "extra" hardware like a Pi in that case.
Fair enough, but also be fair, in this context, if Team Xecuter would offer a commercial solution of hardware that needed to be soldered to the Switch motherboard, i'm pretty sure that it would be regarded as a modchip.
It shall be interesting to see how the process works i think.
Its possible, only time will tell regarding further hacking developement :) That goes for any system for that matter.
Yeah, i remember TX was talking about something, but it never happened indeed.
Ah yes, i forgot about Gateway. I knew about the flashcards, but forgot about Gateway, that was the most known/popular one, i remember now that you mentioned it.
I see what you mean. I'm not sure if theres much difference in other gaming hacking scenes in that regards however. I remember when the first PS3 jailbreak dongle for firmware 3.41 was released. This was a commercial unit that was sold. It did not take that long before someone dumped the payload and released it to the public. Doing so ment that there were basically no need to buy any solution from one distributior. The same thing happened with the next PS3 jailbreak dongle as well, called True Blue. True Blue allowed games requiering firmware 3.6+ to be played on firmware 3.55. This payload was also eventueally dumped and released to the public. There are individuals that try to stop people from profiting on these type of hacks.
Last edited:
I went and re-read the original article and you're right, the Pi/Arduino are actually the pins to the NAND to then copy it to then dump it out to a PC via USB serial. So I was a dumb-dumb. :P
I guess the whole concept of it telephoned in my own head over time. That said, the actual method is itself fairly easy for any one with any system experience and soldering (which is a given since it was done in shops to sell cloned PS4s in 3rd World countries).
You have me bested! ;)
I have a suspicion TX has basically nothing right now, recent delays make me think they puffed up a PoC that they have trouble standardizing.
There's been a decent number of court cases now about selling these sorts of things, and wins have been handed to hardware manufacturer for damages in both US and EU. Its getting harder to sell these things.
Excellent news. Homebrewing my Wii was the best gaming decision I've ever made, here's hoping the Switch has as bright a homebrew future as the Wii did.
I'd just like to thank the posters who are deeper in the scene for giving us a window into it - this stuff is always fascinating.
Hehe, no worries man :) I was just trying to clearify it. I dont read everything, so it was possible that i've missed something.
Yeah, the dumping process seems relatively easy indeed if you have some soldering skills as you mention.
Thats possible. Personally i dont expect to see any commercial product from them any time soon at least.
Thats true. Its also harder to profit from it i guess, since people can reverse engineer it and make their own solution, and most hack these days are purely software based (not really any need for modchips or flashcards).
Thanks for the discussion by the way. Its nice to be able to discuss in a friendly manner like this :)
You can set it to a DNS that blocks updates.
It is patchable at factory for new units (and its strongly believed Nintendo is aware of this boot exploit but when or if they will patch it is not something we will know until suddenly a unit shows up with it patched, hell it could be patched and we just don't know because no one has tested a new unit), but old units will be unpatchable. But the coldboot exploit isn't what this thread is about, the topic of this thread *is* patchable (also will be patched in next firmware because at least part of the chain is known to be reported).
Doesn't need to, you can run RetroArch, PPSSPP and all homebrew via Dev Mode currently. Easy to set up as well.
This is pretty damn cool. My Switch sits at 3.0.0, can't wait to see RetroArch running and released.