Since the webkit vulnerability and Pegaswitch were released on the Nintendo Switch a few day after the console’s launch, several hackers have been digging into the internals of the console to learn about its system.
Hacker Plutoo of 3DS/Wii U Fame confirmed yesterday that he has been able to grab what appears to be data/API call names from one of the modules on the Nintendo Switch. The module in question, according to the hacker, is NS, which might be the equivalent of the module of the same name on the 3DS. Plutoo has however stated that given the differences in API names, it appears that this is not based on 3DS firmware code.
The webkit exploit lets hackers look at some parts of the RAM (and of the filesystem) of the Nintendo Switch, the same RAM that was accessible to the webkit process. In that RAM, some modules of the system have been loaded for webkit to interact with the system, and that’s what hackers can poke within the Webkit exploit.
Hackers are interested in knowing what’s in RAM, not only to “draw the map” but because one of the modules accessible to Webkit can potentially be leveraged to break out of the webkit process. Typically with a privilege escalation vulnerability. So the idea here is to reverse engineer the modules loaded in ram, understand what they do, and find a bug in one of them.
There’s nothing of use for the typical end user yet. But if you’re interested in how systems get hacked from scratch, you’re at the right point in time to watch this evolve for the Nintendo Switch.
As a reminder, the webkit exploit was patched in Nintendo Switch Firmware update 2.1.
- Qwertyoruiop claims PS4 is pwned on f... — Qwertyoruiop is in the news again now claiming to have cracked the PS4 on firmware 4.50 – 4.55 4.50, should work on 4.55 too pic.twitter.com/zWvshihocp — qwertyoruiop (@qwertyoruiopz) April 19, 2017 This comes days after qwertyoruiop publicly released a webkit exploit for firmwares below 4.07 . qwertyoruiop has confirmed that the both the webkit and 4.50 [...]
- Xbox One hack: Xbox One Exploit Proof... — Developer unknownv2 has released a proof of concept exploit for the Xbox One. The exploit leverages a series of known vulnerabilities in the Microsoft Edge Browser (CVE-2016-7200 and CVE-2016-7241). This is an exploit of the ridiculously rebranded Interenet explorer browser dubbed Microsoft Edge. In November last year, several critical vulnerabilities were found in the Edge [...]
- PS4 Webkit hack: SpecterDev explains ... — A few days ago, hacker qwertyoruiop released a Webkit exploit for the PS4, compatible up to firmware 4.07 included. He has since then improved the exploit to include a ROP Chain and basic syscalls, but providing only compatibility for 4.06, the firmware on which he is personally working. SpecterDev, self described as a programmer interested [...]
- PSvita Adrenaline-2 and Easy installe... — Adrenaline version 2 is finally out after being promised by TheFlow in February. Of course, that doesn’t mean that TheFlow wasn’t busy with the Vita as he added USB mass storage device support for easy file transfer and the ability to use a pen drive or external S/HDD via VitaShell. Changelog Allowing you to [...]
- PS4 Jailbreak: qwertyoruiop states he... — A lot seems to be happening on the PS4 homebrew scene since Qwertyoruiop released a webkit exploit for the PS4 on firmwares below 4.07 Quertyoruiop has been busy updated the exploit to provide a few basic system calls so other devs can start to peek and poke at the system. More importantly Quertyoruiop has stated [...]