Huge Nintendo Switch exploit (potential hack) found on firmware 3.0.0

#1
If you haven't updated your Switch to version 3.0.1 yet and are interested in homebrew you are in luck as a huge exploit has been found on firmware 3.0.0.

Exploit description from Switchbrew:

Prior to 3.0.1, the service manager ("sm") built-in system module treats a user as though it has full permissions if the user creates a new "sm:" port session but bypasses initialization.
In 3.0.1, "sm" returns error code 0x415 if Initialize has not been called yet.
This is huge because it gives anyone full permissions to any service in the OS.


SciresM, a known 3DS (and currently Switch) hacker said on Twitter:

It can't be understated how big this bug was. If you want switchhax, don't update to 3.0.1. It might take significantly longer if you do.

For context: the sm bug is what's enabled basically everything from game-romfs/savefile/sysmodule code dumping to even other known bugs. RIP
With this exploit, the Switch has been hacked. Now it's just a matter of time for the release of the first usable exploit for end users. Homebrew is coming.
 
#4
Super Meat Boy with the original soundtrack, Binding of Isaac and Skyrim mods, custom Mario Odyssey mods, endless possibilities

And the obvious other "things" to come with homebrew
 
#18
I assume most would already have updated their firmware. Weird that Nintendo has such seemingly sloppy protection in the Switch after the 3DS.
 
#25
Hopefully N is able to contain the bad that comes with this, would be a shame to see the system go the way of the PSP/Wii U. I'm a huge fan of the homebrew community, but it seems like the good stuff is always followed by the bad.
 
#26
I'm down to hack mine for some virtual console. We know Nintendo ain't doing it in a timely manner so this will do.

I wanna play Mario 64 on my Switch. This is on you Nintendo.
 
#27
Um, wow.

Seems like we'll never have to worry about offenses like this anymore



I need to be ableto play splatoon online so sorry homebrew you have to take a massive backseat to online multiplayer.
Like almost every other case, there will likely be ways to bypass those requirements and allow people to play online with spoofed firmware versions
 
#31
Yeah this is too little too late for most people. I believe you have to be on Firmware 3.2.0 to play Splatoon online.
3.2? Mine is 3.0.1 and says it's up to date?

I have another Switch brand new sitting in a closet. I'm curious if there will be a way to update it to 3.0 manually, or if anyone on older firmware will be fucked also. Guess we'll see.
 
#34
I'm surprised this happened so quickly. You would think that Nintendo would be slightly better about their security after the 3DS was blown open.
 
#44
Ugh, way too early in the consoles lifecycle for my liking. As if third parties need another excuse.
I'm talking completely out of my depth here, but Sony has effectively stopped people from being able to play new Vita games on hacked systems. They will straight up not run without upgrading your firmware, and the word on the streets is that there is nothing to be done about it. So, maybe Nintendo will figure out something similar if this exploit goes anywhere.
 
#47
I'm talking completely out of my depth here, but Sony has effectively stopped people from being able to play new Vita games on hacked systems. They will straight up not run without upgrading your firmware, and the word on the streets is that there is nothing to be done about it. So, maybe Nintendo will figure out something similar if this exploit goes anywhere.
That's the case already, I think. You need to update your system to play Splatoon 2.
 
#48
Maybe down the line there will be some creative hacks for <3.0.1 users that allow them to spoof versioning or to download and patch the updates, but ultimately the reason I wouldn't have tried this on Wii U until Breath of the Wild had released is the same reason I won't be trying anything like this on Switch. It's the same reason I never really dabbled with it on other systems until they were past their supported lifetime as well. Its just a game of cat and mouse, and I'd rather not be locked out of online services or games.

The best deterrent they can have for this sort of thing is including the features people want.
 
#49
That's the case already, I think. You need to update your system to play Splatoon 2.
Stuff like that has always been the case. But, previously the hackers have figured out ways around it. I believe on the 3DS they just spoof the firmware number or some shit. The Vita is the first time I've heard of the company actually managing to totally stop it, to the point that the community has pretty well said it's never going to happen. Granted, the Vita is also essentially a dead system, so there isn't much motivation to even try.
 
#50
I guess not using my switch since splatoon 2 beta paid off lol just checked and have 3.0 on my switch. Gonna wait before updating since I don't see any point of it right now.