Ah yes, thanks, now that you mention it, i remember that they talked a bit about this regarding the Switch hacking at the 34C3 convesion.
https://youtu.be/Ec4NgWRE8ik?t=700
Ah yes, thanks, now that you mention it, i remember that they talked a bit about this regarding the Switch hacking at the 34C3 convesion.
Yeah, i'm not claiming that its stock FreeBSD or anything like that (as i mentioned, theres much custom stuff added), i'm just saying that bugs in FreeBSD could be applied to the PS4 too. In other words, knowledge of FreeBSD is not a bad thing to have when hacking the PS4. And dumb mistakes are indeed done. Most of the write ups are completely greek for me to be honest, so i need it in more layman terms. Sometimes these write ups ads something like this is in their conclusion, but it can still be quite technical.FreeBSD is just the base this is like saying 'Linux', Sony wrote almost all of its own OS up from that base. You can look to the various write ups from fail0verflow on how many different ways Sony's fork of FreeBSD is... weirdly dumb in its securities. One of the biggest issues as was recently documented, was that the system returned a text file for a crashdump allowing for f0f to reconstruct the entire kernel code.
Nintendo's OS is based on nothing but Nintendo's own work. The Horizon OS in the Switch is a 3DS fork and complete re-write. All the beating the 3DS took is why the Switch's kernel is damn near impervious, its been running a long, long gambit of security tests by the community haha.
The bugs in the Switch are hardware/driver related, which is a very different entry point from usual but its also a near necessity because there's no currently know way to defeat Nintendo's own security monitor and kernel. For the Switch, we're hijacking nVidia's bad code to achieve ACE, not Nintendo's. Nintendo's code is kind of stranded after the hardware itself is compromised. This is why said, right now its largely Nintendo patching out nVidia's vulnerabilities.
According the Fail0verflow, this bug cant be fixed as a software patch (firmware update). It has to be fixed at factory level.For how much of a crapshoot nVidia's software is, they've done a pretty good job. The next firmware is likely (or strongly believed) to break almost all of the current exploit chains.
Ah ok, i understand :)Yes, that's what I mean. Its telephoned as in the message has become confused and muddled by things like a comic making a grandstanding on '4'.
Yeah, i'm not claiming that its stock FreeBSD or anything like that (as i mentioned, theres much custom stuff added), i'm just saying that bugs in FreeBSD could be applied to the PS4 too. In other words, knowledge of FreeBSD is not a bad thing to have when hacking the PS4. And dumb mistakes are indeed done. Most of the write ups are completely greek for me to be honest, so i need it in more layman terms. Sometimes these write ups ads something like this is in their conclusion, but it can still be quite technical.
I dont think we can say that the Switch kernel is near impenetrable as they have access to the kernel on the Switch already. This only works up to firmware 3.0.0 however, but with further research, more bugs/exploits can be found, and i dont doubt that this will happen (as with basically any gaming systems). But entry points are needed to execute the exploits.
What did you mean with the USB stuff by the way? Mabe you quoted me right before i added that in as an edit.
According the Fail0verflow, this bug cant be fixed as a software patch (firmware update). It has to be fixed at factory level.
When do you think Nintendo will sell Switch consoles that have patched this in hardware level?The USB has been used to deliver payloads, meaning its not secure in its access to higher permissions. Like the SD card on the Wii.
They have access to the Switch kernel by defeating other elements of the tegra on which the kernel has to run, when you have lower level permissions already then the things running on top of those permissions are compromised. ;)
Yes, a bootloader bug in the Tegra. It cannot be patched in a sold unit as the bootloader is write-only, at factory they can (and will) flash a new patch eventually.
This isn't particularly new, they are just fucking around. They had a linux distro running a little while ago already. :P
This isn't particularly new, they are just fucking around. They had a linux distro running a little while ago already. :P
Mixed feelings about this. On one hand, it will be cool to have homebrew apps on the Switch since it's such an amazing portable platform, but on the other hand I hope the potential for piracy doesn't deter indie devs from supporting the system
When do you think Nintendo will sell Switch consoles that have patched this in hardware level?
Going from CLI to GUI with touch support, working screen brightness etc within 2 weeks is quite impressive though I'd say.
It still makes me worry about the future of the Switch in regards to 3rd Party support, Indie Support, and online play seeing this all go down before the system is even out a full year. Not a fan.
None of this has in so far enabled any of what you mentioned...
...and any one dumb enough to take a hacked Switch online will be in for a rude awakening that, unlike the 3DS, isn't able to be worked around.
Not yet, you mean?
I'm just paranoid about this whole "Switch is a success" thing coming crashing down and ruining the most fun I've had with gaming in a long time.
I'm assuming once people figure out custom firmware they'll be able to take multiplayer games online and cheat away, but I don't know much about this kind of thing so I could be wrong.
What this thread is about specifically won't be user-available for a LONG time, like over a year or multiple more. How many people out there have a 1.0.0 or a 3.0.0 Switch to do you reckon? I think its <0.01% of the population of Switch owners.
And of them, how many do you think are both savvy enough to do any of this AND are even interested in doing any of the things you worry about?
If indies were worried about piracy, they wouldn't release on any console except for the Xbox. Same for any third party.
Touché, but PC has a much wider install base than the Switch at presentBecause indie devs really stay away from the PC, where piracy is arguably the most rampant...
Can you explain this a bit more? I read what you're saying that its possible to insert an USB stick into PS4 and load a payload directly to the PS4 without having to do anything else, just like it is on the Wii as you mention, and how it was on PS3 with firmware 3.41, but maybe i'm misunderstanding. I tried to search on Google, but i found nothing. I only found that people are able to load e.g a Linux payload from USB, but thats after having done the kernel exploit, but having access to use the USB inputs when you have kernel access is something i would take for granted.The USB has been used to deliver payloads, meaning its not secure in its access to higher permissions. Like the SD card on the Wii.
Yeah, its probably already being prepared. It would leave about ~15 million Switch units that wont(?) be able to be patched. Still remains to see what further developement will lead to however.Yes, a bootloader bug in the Tegra. It cannot be patched in a sold unit as the bootloader is write-only, at factory they can (and will) flash a new patch eventually.
Sure, but thats somewhat a pity in regards to the other security, in the sense that every other security links in the chain might become useless if the top link is broken.They have access to the Switch kernel by defeating other elements of the tegra on which the kernel has to run, when you have lower level permissions already then the things running on top of those permissions are compromised. ;)
Can you explain this a bit more? I read what you're saying that its possible to insert an USB stick into PS4 and load a payload directly to the PS4 without having to do anything else, just like it is on the Wii as you mention, and how it was on PS3 with firmware 3.41, but maybe i'm misunderstanding. I tried to search on Google, but i found nothing. I only found that people are able to load e.g a Linux payload from USB, but thats after having done the kernel exploit, but having access to use the USB inputs when you have kernel access is something i would take for granted.
Yeah, its probably already being prepared. It would leave about ~15 million Switch units that wont(?) be able to be patched. Still remains to see what further developement will lead to however.
Sure, but thats somewhat a pity in regards to the other security, in the sense that every other security links in the chain might become useless if the top link is broken.
It shall also be interesting to see how this will result in further developement of hacks. If those Switch units already sold cant be patched, it would also mean that every single firmware version coming will be available for examination. Its not like Nintendo can refuse firmware updates to the already sold Switch units.
Why don't they speak about it then? They've been so quiet regarding the VC when VC support was so disjointed last gen with the 3DS and WiiU. It was a freaking mess. The Switch on the other hand fixes that. It's one system and the power to run VC games but again Nintendo has been hush hush. People want to play old games on the Switch. I want to play old games on the Switch.Nintendo has the liberty to decide its own rhythm in releases, and how they want to do the marketing for each release. It's not as simple as to releasing a game or releasing a new feature. Nintendo's incredible classic lineup is one of their highlights, and they have invested hundred of million of dollars between the decades to keep these titles relevant today, sometimes investing in new releases for the most niche titles only to complain their fans.
They are doing the correct movement by increasing the value of their classic library, by using heavily marketed releases as the Mini lineup of consoles. Eventually, they will put their classic lineup in Switch. And they will accompany this action with a heavy investment in marketing and a well studied schedule.
And if you don't share the same idea as Nintendo regarding business decisions, this don't give you any moral or ethical arguments to devaluate their IPs through piracy.
Ah, you mean the NAND cloning from one PS4 to another PS4 to play pirated games? If so, that i know about, but as far as i know, this required desoldering of the NAND chip, it was not done by connecting an Arduino or Raspberry Pi to USB on the PS4. It also didnt require any userland exploit since it was mainly a hardware hack. I think the first userland exploit for PS4 was released with the firmware 1.76 hack. You also mention "payloads" (plural), which different playloads are you referring to? Do you have a source to the method you're talking about? Its possible that i've missed something or that we're talking about two different things :)You would still need userland access to get access such that a payload could be used. Getting kernel gives you a lot of permissions and usually results in handing over access to the USB file services. What I am talking about was the NAND dumping through Arduino in the USB slot, one of the original major piracy breaks on the PS4 post 1.76's completely borked kernel.
Exactly, that i why i was wondering what you were referring to, since i havnt heard about a PS4 hack that relies on the usage of the PS4 USB :) In the begining you used the word "is", it being about present time, also saying that multiple of payloaders work through USB, so i took this as the USB ports on the PS4 could be used for exploiting the system, connecting an USB stick to the system and inject the PS4 with different payloads to exploit the system. Thats why i asked :)USB payloads that are already on compromised systems are sort of irrelevant, since you can just deliver everything over the network then. :P
According the Fail0verflow, they say that you dont need a modchip to pull this off. This can mean different things, but i read it as that its not required to modify the hardware to use it. Of course there must be a method to trigger the exploit, but we'll see how complicated it will be.It still requires glitching which is damaging and unstable. So regardless of ~15 million, almost all of them won't want to do any of this. :P
Also as I said in a later post, this bug has ramifications way above the Switch. No one will/should release this, ever.
Sure, everyone tries to do their best in regards to securing their systems and are serious about it. Nintendo (and everyone else for that matter) has also been doing audits for exploits for many years now, since when an exploit is released, it usually doesnt take long before a firmware update is released. I dont think that Nintendo (and the others for that sake) was less serious about security before than what they are now, but who knows. I think its more a thing that security gets more and more complex, so it takes time to find new exploits.Switch's stuff has been audited heavily already by the scene, its secure. Its all nVidia stuff that's screwed up, which is why no on wants to give up any exploits early because Nintendo's been securing the vulns.
Nintendo security is very solid this time around and they have routine audits of their own on the vulnerabilities that the scene finds (or are reported to them). So they are quite serious in generally keeping the system secure and they're doing it in the 'best' way one can, really. Their hands are sort of tied by nVidia, though. At least until a Switch 2.
A lot of their new stuff also comes from what they learned of the 3DS, and it seems they hired some new and good software security engineers, heh.
Why don't they speak about it then? They've been so quiet regarding the VC when VC support was so disjointed last gen with the 3DS and WiiU. It was a freaking mess. The Switch on the other hand fixes that. It's one system and the power to run VC games but again Nintendo has been hush hush. People want to play old games on the Switch. I want to play old games on the Switch.
A system level tweak allowing to change the clocks could significantly benefit performance in docked mode. Not sure what the ramifications would be in the long term for the battery, but the the hypothetical tweak with direct power could open up lots of interesting things.Not going to be worth it since you'd burn a ton of performance for games rendering at 900/1080p but ultimately getting a worse frame rate than when portable.
(Example: BotW)
Ah, you mean the NAND cloning from one PS4 to another PS4 to play pirated games? If so, that i know about, but as far as i know, this required desoldering of the NAND chip, it was not done by connecting an Arduino or Raspberry Pi to USB on the PS4. It also didnt require any userland exploit since it was mainly a hardware hack. I think the first userland exploit for PS4 was released with the firmware 1.76 hack. You also mention "payloads" (plural), which different playloads are you referring to? Do you have a source to the method you're talking about? Its possible that i've missed something or that we're talking about two different things :)
The PS4 kernel wasnt completely borked, or what do you mean?
Exactly, that i why i was wondering what you were referring to, since i havnt heard about a PS4 hack that relies on the usage of the PS4 USB :) In the begining you used the word "is", it being about present time, also saying that multiple of payloaders work through USB, so i took this as the USB ports on the PS4 could be used for exploiting the system, connecting an USB stick to the system and inject the PS4 with different payloads to exploit the system. Thats why i asked :)
According the Fail0verflow, they say that you dont need a modchip to pull this off. This can mean different things, but i read it as that its not required to modify the hardware to use it. Of course there must be a method to trigger the exploit, but we'll see how complicated it will be.
I dont think the ramifications will be noticably big. Old devices are usually often filled with unpatched bugs regardless. Look at all the Android phones that wont recieve newer versions of Android of example. That doesnt stop people from publically release information about the exploits. Maybe this bug is confined to Tegra X1 in specific as well.
Sure, everyone tries to do their best in regards to securing their systems and are serious about it. Nintendo (and everyone else for that matter) has also been doing audits for exploits for many years now, since when an exploit is released, it usually doesnt take long before a firmware update is released. I dont think that Nintendo (and the others for that sake) was less serious about security before than what they are now, but who knows. I think its more a thing that security gets more and more complex, so it takes time to find new exploits.
I dont think that it can be claimed that Nintendo's own code is basically 100% secure (to be fair, maybe you're not claiming that, but it looks a bit like that to me). For example, the bug in Switch firmware 3.0.0 is due to Nintendo's doing, as far as i know. It also rely on a Webkit exploit, so its not just Nvidia whos at fault there. But these security systems are complex, so its often near impossible to cover every single little thing.
But as we've seen before, nothing is 100% secure. Security get better and better as time goes by because they learn from past mistakes indeed, and thats also why people might wait to release exploits as you mention, since it can take time before the next one is found. This is also one reason why it was a long time between the 1.76 hack and the 4.05 hack on PS4 for example. People holding off information for later use. We'll see what they do on the Switch. Maybe they keep holding on to the exploits, so that more people can use them in the future.
The Switch is also quite young, about one year old. It took like 2-3 years before someone hacked the 3DS if i'm remembering correctly, and like 4 years for the Vita. Right now, it looks like the Xbox One might be a system that wont be touched.
I see. I dont think there was an USB method. This would have been pretty big news, simply dumping the NAND directly from the USB port without any exploits or something like that. Also, in this case, an Arduino or Raspberry Pi shouldnt really be needed either from what i understand, since you could then just connect any PC to the USB and run the dumping software. The reason why such device was used is to be able to read/dump the NAND, which has to be connected directly to the device, either by desoldering the NAND chip first or reading the pins directly from the motherboard. Thats how i understand it at least.Yes, the NAND cloning did not require any permissions escalation because the USB wasn't signed and the Arduino could redirect a NAND dump.
1.76 was kernel, and plurality was that there was, I believe, a method for 1.76 to actually do the same break over USB. Userland is fairly common/boring. 4.05 is also kernel.
1.76 was what I was referring to, though its been a while and I may have crossed some wires but I am fairly certain there was a USB method.
I know that glitching is about changing the power as you mention, but a modchip should be able to do that, no? To glitch the hardware, you need some equipment to do that, and a modchip is additional hardware that could be programmed to perform such task. When they claim that a modchip isnt needed, i take it as that you dont need to alter the hardware in any more serious way to achieve the results. But we'll see how its being done sooner or later i think :)You're confusing glitching and modchips. Glitching is a matter of tampering with power and voltage clocks, doesn't require modchips.
No, they are big. ReSwitched has gone over that and by the person behind their version of this exploit. It affects everything that uses this bootROM or even derivatives of it, its not just a TX1 bug. Ramifications are bad.
Oh, sure, i didnt mean to say that Nintendo had great security before. I just mean to say that i think they took it seriously before as well. Not like that they skimped out on security measures and said something like "this is good enough, lets just hope for the best", at least i hope not :) I think they did what they could within their knowledge to protect their systems. And when exploits did became known, they tried to patch it.Nah, Nintendo's security before sometime in the 3DS/Switch era was fairly bad. They've made some major changes since then now. The issue with 3.0.0 is a Nintendo flub, yes, I did forget they moved the sm modules out of a secure world in that patch which was a "???" move that they very rapidly corrected. But the major breaks into actual kernel and TZ are from nVidia and hijacking the hardware.
3DS was actually hacked almost immediately, but the groups then weren't as public.
No one has a reason to hack the X1, it lets you run homebrew already. :P
And unless Nintendo starts suing the hackers, the dev times between Nintendo systems and Sony systems will always be different. Sony has forever left a stink on their scene with the geohot shenanigans.
I dont think there was an USB method. This would have been pretty big news, simply dumping the NAND directly from the USB port without any exploits or something like that. Also, in this case, an Arduino or Raspberry Pi shouldnt really be needed either from what i understand, since you could then just connect any PC to the USB and run the dumping software. The reason why such device was used is to be able to read/dump the NAND, which has to be connected directly to the device, either by desoldering the NAND chip first or reading the pins directly from the motherboard. Thats how i understand it at least.
I usually try to follow the console hacking scene, so i would be quite surprised if i missed this piece of news, but i cant catch everything, so if you're very sure that such solution was present, it would be nice to get a link/source with more info. I've tried to do several of searches on Youtube, also checking the PS4 archive over at Wololo.net, but unfortunately i cant find anything of relevance to this. I personally dont care that much about homebrew and such usage for my own use, but i find information and progress about hacking to be interesting, so a source would be appreciated :)
On a side note to this, the ability to dump the NAND and clone it to another PS4, i think this was an oversight. I think this solution has been patched by now.
I know that glitching is about changing the power as you mention, but a modchip should be able to do that, no? To glitch the hardware, you need some equipment to do that, and a modchip is additional hardware that could be programmed to perform such task. When they claim that a modchip isnt needed, i take it as that you dont need to alter the hardware in any more serious way to achieve the results. But we'll see how its being done sooner or later i think :)
Regarding the bug being more widespread, ok, i see. I still dont think theres big ramifications since the Tegra chip isnt exactly very much used, relatively speaking. When we get information about things like Heartbleed (granted, this can be patched), i dont really see information being spared for the Tegra exploit. It can still take a while before that information is available though.
Oh, sure, i didnt mean to say that Nintendo had great security before. I just mean to say that i think they took it seriously before as well. Not like that they skimped out on security measures and said something like "this is good enough, lets just hope for the best", at least i hope not :) I think they did what they could within their knowledge to protect their systems. And when exploits did became known, they tried to patch it.
That said, its possible that they've ramped up even more focus on the system security with the Switch. Not having access to the save games and not having a browser (at least with easy access) are some things related to security i would guess. Its also true that the Nvidia bugs were the main part for the Switch hack as you mention, i dont deny that, but it still requires some work. For example, even knowing the Nvidia bugs, the intial exploit only worked on firmware 3.0.0, so they dont have access to everything, at least not yet.
Yeah, its possible that the 3DS (and other systems as well) were hacked some time before the exploits were released to the public, thats true. I think the 3DS flashcards also were available before the Cubic Ninja hack, unless i remember wrong.
Well, theres always the achievement of being able to break the security and run Linux on it :) I'd say that this is a big driving force for these hacks in general, to simply be able to beat the security. Hacking can also give benefits that the official homebrew solution wont offer (like more control with the hardware). But you're right that if homebrew is possible officially, then theres less reasons to go after such system.
In what regards do you mean that the devtime would be different between the systems? I'm not sure if many really care about the Geohot case now. I mean, it is true that its a part of history and not exactly forgotten, but i dont think that it has any impacts on future hacks being done or not.
It throttles while the gpu is taxed isn't that it? I don't think the gpu would be particularly taxed when emulating GameCube, so the cpu probably runs much faster than the Switch
There was some rumor about a PS4 USB dongle or something from Cobra (the released one for the PS3), maybe thats the one you're thinking of? Cobra, Scorpion, some similarities there :) But that turned out to be fake. There were also a few fakes/scams regarding PS4 jailbreak in the begining from what i can remember.How odd. I could have sworn there was something on USB, something something Scorpion? But now I can't find the link. Well until I provide the receipts, I will take the L on this info! I may also have just confused the general USB loaders with a USB payloader but that... I find unlikely. I will go digging. But if its not on Wololo then perhaps I truly have imagined it...Which wouldn't surprise me. USB payloaders don't really make sense when you have local wireless.
What i mean with oversight is to allow a NAND dump to work on another console like that, basically cloning the system including the games. It wasnt related to how the USB was working. I dont think there ever was any NAND dumping over USB on the PS4. This is what i also was wondering about earlier, information regarding NAND dumping using the USB, not just about USB payloads :) It would be fairly big news in itself to be able to simply dump the NAND chip through the USB port. Do you have any source/information regarding this? I tried to search for this earlier too, but i couldnt find anything on that either unfortunately. I dont see how this is even possible without a userland exploit as a minimum requirement, how would you otherwise trigger the system to do the dump?The dumping over USB was as I said an oversight in signed permissions. The USB should never have access to the NAND for dumping at least not without extensive signature checks such that only someone at factory could do any such thing. It was an oversight and they patched it by preventing those sorts of permissions from even being entertained by the system. Anything could do this, yes, even a PC. The reason to highlight the Arduino/Pi was more of "look how trivial this is and someone can make this for you" angle, which was what was done at the time. People would sell pre-prepped solutions, and handle the NAND, to just plug in and pop.
Of course, 4.05 doesn't need any such fancy work. You just dump everything trivially now.
Fair enough, but also be fair, in this context, if Team Xecuter would offer a commercial solution of hardware that needed to be soldered to the Switch motherboard, i'm pretty sure that it would be regarded as a modchip.There are plenty of ways to play with clocks, don't need a mod chip to do it. Glitching often requires a board but board reqs aren't usually considered 'mod chips'. The whole mod chip thing was f0f taking shots at TX for trying to profiteer off of enabling piracy. They were taking the piss out of that group. But given that they are taking control of the ARMv4T, it very very likely means they glitched past some of the sig checks early, siezed the boot, and then took over. Once you do it once, you're more or less good to go once you've broken the boot and run your own code to take over the sig check process.
Of course, it possible they found a way in from the top down but then that would be a patchable exploit as top-down requires an exploit chain that can be broken. I would be shocked if it wasn't a straight up hardware exploit.
Edit: Actually, ktemkin's exploit sounds like its a software bug in nVidia's boot process. So, ya, that's not going to require glitching.
Its possible, only time will tell regarding further hacking developement :) That goes for any system for that matter.They've leveraged the nVidia bugs to have everything. ;) Only Nintendo's secure monitor, the TZ code, and kernel remain un-broken directly, they have simply been circumvented and hijacked by going under them due to nVidia's bugs. When Nintendo breaks the exploit chain that enabled this ACE, it will likely be very difficult to recover and, depending on how extensive, it may not be recoverable without completely new exploits. The scene is aware of at least some stuff having either been found or reported, and given current thoroughness of Nintendo's audit and general polish of their own software expectations are that 5.0+ is going to break everything for current exploits. It may even fix the TZ-nVidia exploit.
Xbox in general also just doesn't have much of a scene this time. The same group TX, promised some stuff but then ran away. :P
3DS had Gateway (from stolen work of other groups, as noted, it was hacked very early) in year 1-2. Which was a flashcart, and then their stolen work was RE-ed and then the scene blew up fast. NinjaHax was just another access vector on later patched firmware.
Different ways of handling distribution and some groups don't want to release anything because no one knows when Sony will sue the next dev into jail time. Of course, that hasn't stopped the development of 1.76 and 4.05 but there have been private exploits almost in perpetuity but many of them have been either kept private or used of selling save editors. The save editors, that still work, mean that that group have full kernel control. But they seem to be more interested in making money than releasing their exploits. Nintendo's scene has almost never had this dynamic, any one who tries to profiteer is promptly RE-ed and their work release for free for everyone (see: Gateway and the then brick wars that ensued as Gateway tried to brick systems using alternatives).
What i mean with oversight is to allow a NAND dump to work on another console like that, basically cloning the system including the games. It wasnt related to how the USB was working. I dont think there ever was any NAND dumping over USB on the PS4. This is what i also was wondering about earlier, information regarding NAND dumping using the USB, not just about USB payloads :) It would be fairly big news in itself to be able to simply dump the NAND chip through the USB port. Do you have any source/information regarding this? I tried to search for this earlier too, but i couldnt find anything on that either unfortunately. I dont see how this is even possible without a userland exploit as a minimum requirement, how would you otherwise trigger the system to do the dump?
I dont think using Pi etc. was only to show how trivial it was, but rather that this was used to dump the NAND chip directly. If you could just connect any PC to the PS4 USB port and simply run a piece of software to do the NAND dump, that sounds a lot easier, no need for any "extra" hardware like a Pi in that case.
Fair enough, but also be fair, in this context, if Team Xecuter would offer a commercial solution of hardware that needed to be soldered to the Switch motherboard, i'm pretty sure that it would be regarded as a modchip.
It shall be interesting to see how the process works i think.
I see what you mean. I'm not sure if theres much difference in other gaming hacking scenes in that regards however. I remember when the first PS3 jailbreak dongle for firmware 3.41 was released. This was a commercial unit that was sold. It did not take that long before someone dumped the payload and released it to the public. Doing so ment that there were basically no need to buy any solution from one distributior. The same thing happened with the next PS3 jailbreak dongle as well, called True Blue. True Blue allowed games requiering firmware 3.6+ to be played on firmware 3.55. This payload was also eventueally dumped and released to the public. There are individuals that try to stop people from profiting on these type of hacks.
Hehe, no worries man :) I was just trying to clearify it. I dont read everything, so it was possible that i've missed something.I went and re-read the original article and you're right, the Pi/Arduino are actually the pins to the NAND to then copy it to then dump it out to a PC via USB serial. So I was a dumb-dumb. :P
I guess the whole concept of it telephoned in my own head over time. That said, the actual method is itself fairly easy for any one with any system experience and soldering (which is a given since it was done in shops to sell cloned PS4s in 3rd World countries).
You have me bested! ;)
Thats possible. Personally i dont expect to see any commercial product from them any time soon at least.I have a suspicion TX has basically nothing right now, recent delays make me think they puffed up a PoC that they have trouble standardizing.
Thats true. Its also harder to profit from it i guess, since people can reverse engineer it and make their own solution, and most hack these days are purely software based (not really any need for modchips or flashcards).There's been a decent number of court cases now about selling these sorts of things, and wins have been handed to hardware manufacturer for damages in both US and EU. Its getting harder to sell these things.
Most interesting thing about that video was the focusing on the tweet saying it's a bootrom exploit and can't be patched. But just to be sure, is there a surefire way of avoiding the Switch updating, other than leaving it on airplane/disabling wifi?
This is really cool.
Right now, it looks like the Xbox One might be a system that wont be touched.