Worst case scenario you wait longer if you are on higher firmware for stuff like custom firmware, but even that is not certain.
-
Ever wanted an RSS feed of all your favorite gaming news sites? Go check out our new Gaming Headlines feed! Read more about it here.
-
We have made minor adjustments to how the search bar works on ResetEra. You can read about the changes here.
fail0verflow just released the SwitchX hack method (Read OP)
- Thread starter L.O.R.D
- Start date
Worst case scenario you wait longer if you are on higher firmware for stuff like custom firmware, but even that is not certain.
with the kind of exploit theyve found chances are most hardware revisions will become hackable at some point if not right away.not much nintendo can do wrt a flaw in the tegra chip-set itself.
This not true, they are holding on sofmod for firmwares 3.0.1-4.0.1 because they want to see if it will work on the newer Mariko units, but there is no guarantee it will work at all.
For anyone who wants to hack their Switch the best recommendation is to buy one asap before Mariko comes.
They've patched most of the exploit chains because they get turned in routinely through HackerOne or Nintendo finding them out themselves through heavy auditing, there's some major players in the background reporting exploit chains to Nintendo as they've basically patched everything ReSwitched and others have found. There's very little working room left, one of the major sources of compromise was nVidia's drivers (they are a literal meme at this point when it comes to security incompetence) but that was patched with 5.0.0.
Nintendo's kernel itself is fairly laudable on a security standpoint, so once we've run out of nVidia memes, we're probably out of major compromising vectors.
At this point, the few security holes left are being clutched tightly to attempt to leverage them on Mariko as the boot packages and encryption are completely different (as can be seen by looking into firmware 5.0.0) making them completely inaccessible at current, and it is unlikely that there is a boot-level exploit in Mariko as it is based on a TX2-backport, removing this exploit from consideration outright. If all software exploits get burned, it means that the scene will be stranded on a finite supply of rev1 switches.
It would also make entry into the scene quite difficult in a few years time, as rev1 Switches are... in my opinion, not the most well built-to-last consoles. The TegraX1 is a crappy, hot-running pile of garbage to be quite honest.
Thanks for the response .
The softmod is likely still months away right ?
Dude got the Red Switch with Mario odyssey as a digital code so he obv. kinda wants/need to update to access the eShop. If its like a wait for 3-4 weeks ill say him to stick around and play his physical games....if its longer he should just go ahead and hope that +5.0 versions get the best possible support down the line. Even then you rarely cold boot your Switch anyways.
Their solution is idiotic and will absolutely get you banned. Also openly talking about it is dumb.
Operating an OS in the sysNAND is beyond stupid. Like it's absolutely idiocy and tells you they want this out quickly to profit off of idiots who want piracy.
Operating an OS in the sysNAND is beyond stupid. Like it's absolutely idiocy and tells you they want this out quickly to profit off of idiots who want piracy.
my understanding is that all teh current exploits and hack depend on the initial hardware/ Bootmode exploit that Nintendo is already patching up, remove that is basically back to square 0
Neon models are more likely to come with a higher fw as they are restocked more often, if you go with grey it's like a 99% chance you will get <=4.1. I purchased one about 2 weeks ago on amazon.fr and it was on 3.0.1. So far there hasn't been a single report of one coming with 5.0+
This thread can help you figure out what fw it will come with based on the serial: https://gbatemp.net/threads/switch-firmware-by-serial-number.481215/page-56
Damn, I really want a neon one, since my first one is grey. Thank you for the link, I will check the Serial as soon as it arrives. Maybe I'm lucky, its not from Amazon but from a smaller, more local chain in Germany, so they don't sell so many Switches.
Well my Switch auto-updated to 5.1.0, but I assume it'll get modded too eventually. Is there any way to stop it from updating automatically?
- Change your Primary DNS to 104.236.106.125
- Change your Secondary DNS to 62.210.147.20
Or, much easier, go to System Settings, System, Automatic Software Updates --> Off. My Switch never auto updated.
I have this off and it didn't stop the Switch from getting the system update.
I'm a bit confused about all of this. I see people talking about how 4.x is better than 5.0.x but then I see homebrew that seems to only work on 5.0.x with talks of "a possible port to 4.x." What is the current situation here? What are the advantages and disadvantages of keeping a switch on 4.x vs 5.0.x?
Firmware below 5.X will allow coldboot (Booting into CFW without using rcm/jig). It's possible coldboot will come later for other firmwares but it unknown at this point.
The current compatibility problems are due to certain APIs and system features being only compatible on certain firmwares. Being on 3.X or 4.X etc. won't be a problem when you are emulating a nand of a higher firmware.
Basically:
4.X or lower advantages:
Coldboot soon
4.X or lower disadvantages:
Having to wait a short while for proper CFW to arrive.
Having to use emunand for latest games/certain homebrew.
5.X advantages:
Run pretty much all homebrew now.
No emunand needed as long as newer firmwares get new payloads.
5.X disadvantages:
No coldboot.
Lots of people want a real softmod essentially - or, the hope of a genuine coldboot.
This is essentially already possible with RCM however people are using that wrong - so, the Xbox 360 had coldboot hacks. It had you abuse the JTAG ports used for factory testing, super similar to what the Switch is doing. These people just don't want to shove something into the joy con rail each boot or don't want to deal with "auto rcm" which makes your Switch tethered to a PC/phone to boot a payload.
If you're on a lower firmware - and this is more for like 1.0 consoles, a no nonsense boot exploit isn't impossible but this is not a 3DS. The exploit now is basically amazing but people are just lazy and either want a softmod that reboots into a hacked NAND on the SD card or a "coldboot" hack.
IMO, pretty much if you have 5 seconds to spare you already have the best hack available. Coldboot means booting from nothing, and this is what this is. You have a subset of people holding out for lazy version of that essentially.
As far back as the Wii this method doesn't stop forced updates.
Use the DNS change method for absolute peace of mind.
The tool is a complete scam. Here's why:
1.) Its purely designed for piracy.
2.) Its designed to run in sysNAND (so it is not a CFW, it is just a hijack layer on the firmware).
3.) It depends on you updating the firmware to maintain software/firmware compatibility for the system, because the 'OS' does not actually do any sort of bypassing or updating of anything itself. Games made on higher firmware will break on lower firmware just out of software compatibility evolution.
4.) Because it depends on Nintendo's firmware distributions, you are forced to have compromised sysNAND talk to and effectively send out compromising logs to Nintendo's servers. If the dauth token is revoked, they could also revoke firmware update access.
5.) It will need routine updates that you cannot push yourself because it is DRMed software (see: brickway), and every firmware update has a high possibility of breaking the hijack exploit chain even with a boot-level exploit. Forcing you keep waiting on updates for a DRMed pile of garbage.
5.) If you get banned from dauth tokens and the update server, the tool is now useless.
If you want to use it as a payload package, you can make one for much less and not be stuck with a DRMed OS nor supporting a piracy group that tried to profit off of a zero-day exploit in a common chipset.
4.x isn't getting coldboot. Nothing but 1.0 is getting actual coldboot, 4.x will eventually get user-input boot execution from software without the need for a dongle but it will not be a straight coldboot.
4.x isn't getting this any time soon at all. All exploits past 3.x are being kept private until Mariko hits because they're our best/only hopes for bypassing Nintendo's secure kernel. There will not be a hardware level exploit on it, we've already burned that thanks to TX (wasting the most valuable exploit for a hardware ever).
Oh...sorry. I really thought that's everything I did and my Switch never updated. My bad. I don't really know what I did then.
There's lot of misinformation on this page regarding differences between FW.
Every FW up to the newly released 5.1 will support Atmosphere CFW (and possibly Xecuter though they haven't officially confirmed 5.1 afaik) right when it releases.
<= 3.0.1 may eventually get an unthetered coldboot solution. The vulnerability is known, but it's very difficult to exploit and so far it hasn't been done. Chances are slim according to SciresM.
<= 4.1 will get soon after Atmosphere is released (or at worst once the Switch mariko revision is out) an unthetered software hax. It will still require user intervention but you won't need any jig etc.
>4.1 for the foreseeable future and maybe forever you are stuck with the tethered RCM payload (Fusée Gelée).
If you're currently on <=4.1 do NOT update unless you are going with the Xecuter CFW. Atmosphere will support EmuNAND and that's what will be updated to the latest FW.
Every FW up to the newly released 5.1 will support Atmosphere CFW (and possibly Xecuter though they haven't officially confirmed 5.1 afaik) right when it releases.
<= 3.0.1 may eventually get an unthetered coldboot solution. The vulnerability is known, but it's very difficult to exploit and so far it hasn't been done. Chances are slim according to SciresM.
<= 4.1 will get soon after Atmosphere is released (or at worst once the Switch mariko revision is out) an unthetered software hax. It will still require user intervention but you won't need any jig etc.
>4.1 for the foreseeable future and maybe forever you are stuck with the tethered RCM payload (Fusée Gelée).
If you're currently on <=4.1 do NOT update unless you are going with the Xecuter CFW. Atmosphere will support EmuNAND and that's what will be updated to the latest FW.
No, so far every Switch is hackable but it's less convenient on 5.x. You have to use a jig to enter RCM and send a payload with either a PC/Phone/USB dongle.
Repeatedly doing RCM isn't just a convenience thing, recovery modes aren't made to be abused so it will have consequences. The most obvious is that over time the battery desync will require disconnecting the battery and reconnecting to fix the calibration.
No one is taking a droid through CWM at every boot to patch a flash, and doing so is never good long term.
You can buy one on ebay for a few dollars, or make one yourself. Be aware that some of them use thick wire (like a paperclip) and it can scratch up your contact points. One with copper wire should be good.
If DIY, do mind which pin you're shorting where. The live pin (4) will fry your board if you short it.
DO NOT do a full aluminum wrap or other conductive material. It has a very high probability of bridging pin 4 to any number of ground points, this will run a large current (relative) over your board, frying everything.
Last edited:
If that's possible, you would be seeing game mods and patches that would add rom hacks and stuffs already.
Is it (still) true that the exploit is unpatchable by Nintendo? Can I safely update my launch Switch to its latest system update so I can play online with my friends? Note that I haven't installed any hacks; I would prefer doing that later, when everything is more developed.
