Toggle menu
Toggle personal menu
Not logged in
Your IP address will be publicly visible if you make any edits.

Nereba Switch

From GameBrew
Nereba
Nerebaswitch.png
General
Authorpixel-stuck
TypeExploits
Version0.1
LicenseGPL-2.0
Last Updated2019/04/19
Links
Download
Website
Source

Nereba is a warmboot bootrom exploit for the Nintendo Switch.

  • The exploit is not a Horizon OS vulnerability, but a vulnerability in the bootrom of the Tegra X.
  • The name "nereba" comes from a conjugation of the Japanese verb neru, "to sleep", meaning roughly "if I sleep, then…".
  • The exploit works by taking advantage of a vulnerability in the bootrom during the Switch's sleep mode. The bootrom assumes that certain parameters do not change during a "coldboot" (power on reset), but Nvidia forgot to verify them during warmboot.
  • The exploit allows for arbitrary writes, which can be used to take control of the bootrom using the built-in ipatch system.
  • Exploitation on 1.0 is simple, as the region where the RAM parameters are stored is accessible easily with the nspwn exploit.
  • Using this on firmware versions higher than 1.0 requires more complex exploits.
  • The initial release of this exploit only works on Switch firmware version 1.0.0.

How To Run

To use this release, extract the zip onto the SD card, add a payload of your liking to the nereba folder and name it "nereba.bin", connect your console to pegaswitch and run nspwn @Sdcard:/nereba.nsp, then press the home button and launch the album applet.

Changelog

v.0.1

  • This release works only on Switch firmware version 1.0.0. Eventually, support for 2.0-3.0 will be added.

External links

Advertising: