EurAsiayour console hacking resource
Select topic
  Create an account Home  ·  Your Account  ·  Online Shop  ·  Forums  ·  Downloads new  ·  Wiki  
Main Menu
· Home
· About Us
· Downloads
· FAQ
· Forums
· Info Pages
· Members List
· Online Shop
· PDA - AvantGo
· Private Messages
· Search Stories
· Statistics
· Stories Archive
· Submit Story
· Top 10
· Topics
· Upload
· WAP
· Web Links
· Wiki
· Your Account
· Switch to HTTPS!

Online Shop
Credit Card

Bitcoin

EurAsia Online Shop
enter

new products
· HAKKO SSPON 18G
· NS-Atmosphere
· PsNee modchip PSX
· R4i Gold 3DS RTS
· Mars Pro GM-816HD
· EurAsia File Collection 2017
· Matrix Infinity 2.0
· Modbo 5.0
· Screwdriver GC/SNES
· X360ACE V3
· E3 NOR Flasher
· Corona Postfix Adapter V2
· SuperCIC cart key
· SuperCIC SNES kit
· Gateway 3DS
· X360ACE V1
· 3k3y 3KR (SATA)
· Mtx Glitcher v1
· HAKKO WICK
· HAKKO PRESTO 980

complete price list

Tor Hidden Service
Tor Project
EurAsia Onion URL: wrqgfbrcgttkp6pi.onion

Who's Online
There are currently 505 guest(s) and 11 member(s) online.

baraka73 - captao_comando - cyberrep - fdgexe - IQzero - jotas - nextria - Ottoman90 - smatson - theagedgamer - xboxreality

Welcome honored guest. You can register for free by clicking here.

Site Protection
INFOSEC
BM

Hot Wikis
· Xbox One Dev Mode
· PS4 Exploit using Raspberry Pi
· Switch Key List
· PS4 firmware updates
· 3k3y nokeys ISO tutorial
· 3DS game fw updates
· 3k3y microSD recovery
· PS3 SKU Models
· PS3 Metldrpwn
· Xk3y microSD recovery
· Xbox360 motherboards
· Xbox360 Reset Glitch Hack
· PS3 Blu-ray Drive
· Homemade Sputnik360
· PS3 BD drive swap
· PSP Crypto Keys
· PS3_Crypto_Keys
· PS3 Hypervisor RE
· PS3 Dongle User Guide
· PSGroove tutorial
· Xecuter LT Fakir
· PS3 YLOD Fix
· NSMB Modchip Tutorial
· PS3 Glitch Hack
· Xbox360NoDvdRom
· Ps3FactoryRestore
· Free60JtagHack
· Ps3HddDecrypt
· WiiKey2EjectFix
· SaveMiiFree
· WiiHwDiagram
· Ps3OsRels
· PandoraNoHomebrewPsp
· GcOsMultiGameWiiHowTo
· Xbox360LinuxBurn
· Xbox360EraserFix
· Xbox360Kernel
· Xbox360DisasmXtreme
· Ps2HdlPatchTutorial
· Ps2VersionTable
· XboxErrorCodes
· XboxVersionTable
· GameCubeLaserTweak
· ModchipSolderingGuide
· PspUmdIsoHaxorLinux

RSS Feed
News & Downloads & Wiki

IRC
#eur
EFnet

Hosted By

Ad

Respected Sites
· Home of the Hitmen
· radare
· gc-forever
· pouet.net
· English Amiga Board
· GXArena OFW Repo
· WiiBrew
· WiiUBrew
· 3DBrew
· SwitchBrew
· Games and Consoles
· Maxconsole.com
· Console Wizard
· GameCube Linux
· Xbox Linux
· Xbox-Scene.com
· XboxHacker.Net
· xbins.org
· Doom9.net
· bunnie's blog
· debugmo.de
· GX-Mod.com
· ElOtroLado.net
· uCON64
· GBADEV.ORG
· GBAtemp.net
· PocketHeaven.com
· PDRoms
· GameSX.com
· ASSEMbler
· phrack.org
· Woz.org

Support...

Bitcoin

Namecoin

radare

OpenCores
LibreCores
Electronic Frontier Foundation
Amnesty International

Nectarine Radio

Demovibes Radio

GNU
Linux
Mozilla

Total Page Views
We received
162837834
page views since June 2002


Moderated by: Robert

EurAsia : Index » » Switch » » Atmosphere v0.8.0 released for Switch
New Topic   Post Reply
Author Atmosphere v0.8.0 released for Switch
modrobert



donor

Registered: 2003-10-17
From: Bangkok
Messages: 6479
Status: Offline
 _#36251 posted 2018-11-30 @ 03:24 GMT   
SciresM has released Atmosphère 0.8.0 for Switch over at GitHub where keys for firmware 6.2.0 are automatically derived without user input.

Code:
The following was changed since the last release:      

A custom fatal system module was added.
This re-implements and extends Nintendo's fatal module, with the following features:
Atmosphère's fatal does not create error reports.
Atmosphère's fatal draws a custom error screen, showing registers and a backtrace.
Atmosphère's fatal attempts to gather debugging info for all crashes,
and not just ones that include info.
Atmosphère's fatal will attempt saving reports to the SD,
if a crash report was not generated by creport.
Title flag handling was changed to prevent folder clutter.
Instead of living in atmosphere/titles//%s.flag,
flags are now located in atmosphere/titles//flags/%s.flag
The old format will continue to be supported for some time, but is deprecated.
Flags can now be applied to HBL by placing them at atmosphere/flags/hbl_%s.flag.
Changes were made to the mitm API, greatly improving caller semantics.
sm now informs mitm services of a new session's process id,
enabling custom handling based on title id/process id.
smhax is no longer enabled, because it is no longer needed and breaks significant functionality.
Users with updated HBL/homebrew should see no observable differences due to this change.
Functionality was added implementing basic protections for NAND from userland homebrew:
BOOT0 now has write protection for the BCT public key and keyblob regions.
The ns sysmodule is no longer allowed to write the BCT public keys; all other processes can.
This should prevent system updates from removing AutoRCM.
No processes should be allowed to write to the keyblob region.
By default, BIS partitions other than BOOT0 are now read-only,
and CAL0 is neither readable nor writable.
Adding a bis_write flag for a title will allow it to write to BIS.
Adding a cal_read flag for a title will allow it to read CAL0.
An automatic backup is now made of CAL0 on boot.
fs.mitm maintains a file handle to this backup, so userland software cannot read it.
To facilitate this, fs.mitm now mitms all sessions for non-system modules;
content overriding has been made separate from service interception.
Please note: these protections are basic, and sufficiently malicious homebrew can defeat them.
Please be careful to only run homebrew software from sources that you trust.
A bug involving HDCP titles crashing on newer firmwares was fixed.
Support was added for system version 6.2.0; our thanks to @motezazer for his invaluable help.
By default, new keys will automatically be derived without user input.
Support is also present for loading new keys from atmosphere/prod.keys or atmosphere/dev.keys
General system stability improvements to enhance the user's experience.



Project releases: https://github.com/Atmosphere-NX/Atmosphere/releases

[ This message was edited by modrobert on 2018-11-30 @ 03:28 GMT ]
  _____________________________ ____________     __________________ /\________
  \    __________________      \      _____/____/     _    \       /_        /
 /     /       |       l/     _/    ____)     _/      _     \     \/  cREAM /
/______________l_______/       \______________\_______|      \_   /________/
 -+--Mo!-------------- \________/ ------------------- l_______/_____\ -----+-

 Profile  pm  www    Quote
garyopa



lt

Registered: 2003-11-06
From: Toronto
Messages: 83
Status: Offline
 _#36252 posted 2018-11-30 @ 05:21 GMT   
sadly with it now using tsec exploit how to make it give up the keys in its source code, means for sure nintendo will patch it, or they know nintendo already has, that is why they decided to include it.

_Bison_ explains it like so:

Quote:

I can answer this, since I fully understand how this sploit works (and wrote it independently myself).

They did not pwn TSEC at all. What the sploit does is fool TSEC into thinking it's running with sole full control of the system (it thinks the CPUs / DMA are halted). Only then will it continue to generate the keys and decrypt the package1. To fool the TSEC, it needs to read the same constant values from MMIO memory space. This can be done by remapping the address space into DRAM by using SMMU translation. If a single bit from this space is different (like say the BPMP CPU is still running, the IO space would reflect that) then the TSEC would detect it. But by mimicing the same values in DRAM, the TSEC is fooled and continues decrypting package1.

To actually pwn TSEC you need to get code execution in the authenticated mode of the TSEC, which can then be used to reveal TSEC secrets. To date, nobody (and I'm pretty sure not even reswitched or switchbrew) has managed to do this.



In reply to will big 'N' patch it:

Quote:

Yes they can. Mimicing MMIO with exactly the same behavior from a CPU is not trivial. What the TSEC now checks is mostly static data. If they change the TSEC to start to check for dynamic behavior of MMIO memory, well let's say it may not be possible to bypass it. There are also probably more than just one way to detect this hack.



Source: https://gbatemp.net/threads/atmosphere-0-8-released-6-2-0-working.524769/page-2#post-8405499
  ________                         ________    __________    _____     
 /  _____/ _____  _______  ___.__. \_____  \   \______   \  /  _  \    
/   \  ___ \__  \ \_  __ \<   |  |  /   |   \   |     ___/ /  /_\  \   
\    \_\  \ / __ \_|  | \/ \___  | /    |    \  |    |    /    |    \  
 \______  /(____  /|__|    / ____| \_______  //\|____|  /\\____|__  //\
        \/      \/         \/              \/ \/        \/        \/ \/
                                                                       

 Profile  pm  Email  www   skype   Quote
modrobert



donor

Registered: 2003-10-17
From: Bangkok
Messages: 6479
Status: Offline
 _#36253 posted 2018-11-30 @ 10:50 GMT   
Wish I knew, read this right now...

Quote:
I don't know how I feel about ppl dropping 0days like it's nothing..



https://twitter.com/naehrwert/status/1068448129463111680
  _____________________________ ____________     __________________ /\________
  \    __________________      \      _____/____/     _    \       /_        /
 /     /       |       l/     _/    ____)     _/      _     \     \/  cREAM /
/______________l_______/       \______________\_______|      \_   /________/
 -+--Mo!-------------- \________/ ------------------- l_______/_____\ -----+-

 Profile  pm  www    Quote
BonerBoy



lt

Registered: 2006-02-22
Messages: 78
Status: Offline
 _#36254 posted 2018-12-01 @ 01:39 GMT   
--.--
Looks like we're seeing a rare, twice-in-a-row June 15th: Atmosphere 0.8.1 has released: https://github.com/Atmosphere-NX/Atmosphere/releases/tag/0.8.1 …

This contains a hotfix for a race condition that could cause AutoRCM protection to not apply (sorry about that!), as well as a bunch of minor features.

Enjoy!
--.--

read on twitter -> https://twitter.com/SciresM/status/1068623546182709248

      )
     (
      )
  _.-~(~-.
 (@\`---'/.             Tea,     
('  `._.'  `)             anyone?
 `-..___..-' 

 Profile  pm    Quote
_
New Topic   Post Reply
Jump To
 

All trademarks and copyrights on this page are owned by their respective owners.
Comments and forum messages are owned by the Poster.