Nereba Switch: Difference between revisions

Nereba
Nereba
General
Author	pixel-stuck
Type	Exploits
Version	0.1
License	GPL-2.0
Last Updated	2019/04/19
Links
	Download
	Website
	Source

Latest revision as of 03:02, 22 Mayıs 2024

Nereba is a warmboot bootrom exploit for the Nintendo Switch.

The exploit is not a Horizon OS vulnerability, but a vulnerability in the bootrom of the Tegra X.
The name "nereba" comes from a conjugation of the Japanese verb neru, "to sleep", meaning roughly "if I sleep, then…".
The exploit works by taking advantage of a vulnerability in the bootrom during the Switch's sleep mode. The bootrom assumes that certain parameters do not change during a "coldboot" (power on reset), but Nvidia forgot to verify them during warmboot.
The exploit allows for arbitrary writes, which can be used to take control of the bootrom using the built-in ipatch system.
Exploitation on 1.0 is simple, as the region where the RAM parameters are stored is accessible easily with the nspwn exploit.
Using this on firmware versions higher than 1.0 requires more complex exploits.
The initial release of this exploit only works on Switch firmware version 1.0.0.

How To Run

To use this release, extract the zip onto the SD card, add a payload of your liking to the nereba folder and name it "nereba.bin", connect your console to pegaswitch and run nspwn @Sdcard:/nereba.nsp, then press the home button and launch the album applet.

Changelog

v.0.1

This release works only on Switch firmware version 1.0.0. Eventually, support for 2.0-3.0 will be added.

External links

@@ Line 3: / Line 3: @@
 |image=nerebaswitch.png
 |description=A warmboot bootrom exploit for the Nintendo Switch.
 |author=pixel-stuck
 |lastupdated=2019/04/19
@@ Line 20: / Line 19: @@
 |image_alt=Nereba
 }}
-{{cleanup|article|Needs cleanup}}
+Nereba is a warmboot bootrom exploit for the Nintendo Switch.
-A warmboot bootrom exploit for the Nintendo Switch.
+* The exploit is not a Horizon OS vulnerability, but a vulnerability in the bootrom of the Tegra X.
+* The name "nereba" comes from a conjugation of the Japanese verb neru, "to sleep", meaning roughly "if I sleep, then…".
+* The exploit works by taking advantage of a vulnerability in the bootrom during the Switch's sleep mode. The bootrom assumes that certain parameters do not change during a "coldboot" (power on reset), but Nvidia forgot to verify them during warmboot.
-==Media==
+* The exploit allows for arbitrary writes, which can be used to take control of the bootrom using the built-in ipatch system.
-<youtube></youtube>
+* Exploitation on 1.0 is simple, as the region where the RAM parameters are stored is accessible easily with the nspwn exploit.
+* Using this on firmware versions higher than 1.0 requires more complex exploits.
+* The initial release of this exploit only works on Switch firmware version 1.0.0.
-==Screenshots==
+==How To Run==
-https://dlhb.gamebrew.org/switchhomebrews/nerebaswitch-01.png
+To use this release, extract the zip onto the SD card, add a payload of your liking to the nereba folder and name it "nereba.bin", connect your console to pegaswitch and run nspwn @Sdcard:/nereba.nsp, then press the home button and launch the album applet.
-https://dlhb.gamebrew.org/switchhomebrews/nerebaswitch-02.png
-https://dlhb.gamebrew.org/switchhomebrews/nerebaswitch-03.png
-https://dlhb.gamebrew.org/switchhomebrews/nerebaswitch-04.png
-https://dlhb.gamebrew.org/switchhomebrews/nerebaswitch-05.png
-https://dlhb.gamebrew.org/switchhomebrews/nerebaswitch-06.png
-https://dlhb.gamebrew.org/switchhomebrews/nerebaswitch-07.png
-https://dlhb.gamebrew.org/switchhomebrews/nerebaswitch-08.png
 ==Changelog==
-'''v.1.0'''
+'''v.0.1'''
-* First Release.
+* This release works only on Switch firmware version 1.0.0. Eventually, support for 2.0-3.0 will be added.
 == External links ==
 * Gbatemp - https://gbatemp.net/threads/nereba-exploit-reboot-to-fusee-gelee-payload-from-stock-firmware.536409/
 * Github - https://github.com/pixel-stuck/nereba
-* Reddit -