Toggle menu
Toggle personal menu
Not logged in
Your IP address will be publicly visible if you make any edits.

Nereba Switch: Difference between revisions

From GameBrew
(Created page with "{{Infobox Switch Homebrews |title=Nereba |image=nerebaswitch.png |description=A warmboot bootrom exploit for the Nintendo Switch. |author=pixel-stuck |lastupdated=2019/04/19 |type=Exploits |version=0.1 |license=GPL-2.0 |download=https://dlhb.gamebrew.org/switchhomebrews/nerebaswitch.7z |website=https://gbatemp.net/threads/nereba-exploit-reboot-to-fusee-gelee-payload-from-stock-firmware.536409/ |source=https://github.com/pixel-stuck/nereba |donation= }} {{#seo: |title=Sw...")
 
No edit summary
 
Line 3: Line 3:
|image=nerebaswitch.png
|image=nerebaswitch.png
|description=A warmboot bootrom exploit for the Nintendo Switch.
|description=A warmboot bootrom exploit for the Nintendo Switch.
|author=pixel-stuck
|author=pixel-stuck
|lastupdated=2019/04/19
|lastupdated=2019/04/19
Line 20: Line 19:
|image_alt=Nereba
|image_alt=Nereba
}}
}}
{{cleanup|article|Needs cleanup}}
Nereba is a warmboot bootrom exploit for the Nintendo Switch.
A warmboot bootrom exploit for the Nintendo Switch.
* The exploit is not a Horizon OS vulnerability, but a vulnerability in the bootrom of the Tegra X.
 
* The name "nereba" comes from a conjugation of the Japanese verb neru, "to sleep", meaning roughly "if I sleep, then…".
 
* The exploit works by taking advantage of a vulnerability in the bootrom during the Switch's sleep mode. The bootrom assumes that certain parameters do not change during a "coldboot" (power on reset), but Nvidia forgot to verify them during warmboot.
==Media==
* The exploit allows for arbitrary writes, which can be used to take control of the bootrom using the built-in ipatch system.
<youtube></youtube>
* Exploitation on 1.0 is simple, as the region where the RAM parameters are stored is accessible easily with the nspwn exploit.
 
* Using this on firmware versions higher than 1.0 requires more complex exploits.
* The initial release of this exploit only works on Switch firmware version 1.0.0.


==Screenshots==
==How To Run==
https://dlhb.gamebrew.org/switchhomebrews/nerebaswitch-01.png
To use this release, extract the zip onto the SD card, add a payload of your liking to the nereba folder and name it "nereba.bin", connect your console to pegaswitch and run nspwn @Sdcard:/nereba.nsp, then press the home button and launch the album applet.
https://dlhb.gamebrew.org/switchhomebrews/nerebaswitch-02.png
https://dlhb.gamebrew.org/switchhomebrews/nerebaswitch-03.png
https://dlhb.gamebrew.org/switchhomebrews/nerebaswitch-04.png
https://dlhb.gamebrew.org/switchhomebrews/nerebaswitch-05.png
https://dlhb.gamebrew.org/switchhomebrews/nerebaswitch-06.png
https://dlhb.gamebrew.org/switchhomebrews/nerebaswitch-07.png
https://dlhb.gamebrew.org/switchhomebrews/nerebaswitch-08.png


==Changelog==
==Changelog==
'''v.1.0'''
'''v.0.1'''
* First Release.
* This release works only on Switch firmware version 1.0.0. Eventually, support for 2.0-3.0 will be added.


== External links ==
== External links ==
* Gbatemp - https://gbatemp.net/threads/nereba-exploit-reboot-to-fusee-gelee-payload-from-stock-firmware.536409/
* Gbatemp - https://gbatemp.net/threads/nereba-exploit-reboot-to-fusee-gelee-payload-from-stock-firmware.536409/
* Github - https://github.com/pixel-stuck/nereba
* Github - https://github.com/pixel-stuck/nereba
* Reddit -

Latest revision as of 03:02, 22 Mayıs 2024

Nereba
Nerebaswitch.png
General
Authorpixel-stuck
TypeExploits
Version0.1
LicenseGPL-2.0
Last Updated2019/04/19
Links
Download
Website
Source

Nereba is a warmboot bootrom exploit for the Nintendo Switch.

  • The exploit is not a Horizon OS vulnerability, but a vulnerability in the bootrom of the Tegra X.
  • The name "nereba" comes from a conjugation of the Japanese verb neru, "to sleep", meaning roughly "if I sleep, then…".
  • The exploit works by taking advantage of a vulnerability in the bootrom during the Switch's sleep mode. The bootrom assumes that certain parameters do not change during a "coldboot" (power on reset), but Nvidia forgot to verify them during warmboot.
  • The exploit allows for arbitrary writes, which can be used to take control of the bootrom using the built-in ipatch system.
  • Exploitation on 1.0 is simple, as the region where the RAM parameters are stored is accessible easily with the nspwn exploit.
  • Using this on firmware versions higher than 1.0 requires more complex exploits.
  • The initial release of this exploit only works on Switch firmware version 1.0.0.

How To Run

To use this release, extract the zip onto the SD card, add a payload of your liking to the nereba folder and name it "nereba.bin", connect your console to pegaswitch and run nspwn @Sdcard:/nereba.nsp, then press the home button and launch the album applet.

Changelog

v.0.1

  • This release works only on Switch firmware version 1.0.0. Eventually, support for 2.0-3.0 will be added.

External links

Advertising: