(Created page with "{{Infobox Switch Homebrews |title=Nereba |image=nerebaswitch.png |description=A warmboot bootrom exploit for the Nintendo Switch. |author=pixel-stuck |lastupdated=2019/04/19 |type=Exploits |version=0.1 |license=GPL-2.0 |download=https://dlhb.gamebrew.org/switchhomebrews/nerebaswitch.7z |website=https://gbatemp.net/threads/nereba-exploit-reboot-to-fusee-gelee-payload-from-stock-firmware.536409/ |source=https://github.com/pixel-stuck/nereba |donation= }} {{#seo: |title=Sw...") |
No edit summary |
||
| Line 3: | Line 3: | ||
|image=nerebaswitch.png | |image=nerebaswitch.png | ||
|description=A warmboot bootrom exploit for the Nintendo Switch. | |description=A warmboot bootrom exploit for the Nintendo Switch. | ||
|author=pixel-stuck | |author=pixel-stuck | ||
|lastupdated=2019/04/19 | |lastupdated=2019/04/19 | ||
| Line 20: | Line 19: | ||
|image_alt=Nereba | |image_alt=Nereba | ||
}} | }} | ||
Nereba is a warmboot bootrom exploit for the Nintendo Switch. | |||
* The exploit is not a Horizon OS vulnerability, but a vulnerability in the bootrom of the Tegra X. | |||
* The name "nereba" comes from a conjugation of the Japanese verb neru, "to sleep", meaning roughly "if I sleep, then…". | |||
* The exploit works by taking advantage of a vulnerability in the bootrom during the Switch's sleep mode. The bootrom assumes that certain parameters do not change during a "coldboot" (power on reset), but Nvidia forgot to verify them during warmboot. | |||
* The exploit allows for arbitrary writes, which can be used to take control of the bootrom using the built-in ipatch system. | |||
* Exploitation on 1.0 is simple, as the region where the RAM parameters are stored is accessible easily with the nspwn exploit. | |||
* Using this on firmware versions higher than 1.0 requires more complex exploits. | |||
* The initial release of this exploit only works on Switch firmware version 1.0.0. | |||
== | ==How To Run== | ||
To use this release, extract the zip onto the SD card, add a payload of your liking to the nereba folder and name it "nereba.bin", connect your console to pegaswitch and run nspwn @Sdcard:/nereba.nsp, then press the home button and launch the album applet. | |||
==Changelog== | ==Changelog== | ||
'''v.1 | '''v.0.1''' | ||
* | * This release works only on Switch firmware version 1.0.0. Eventually, support for 2.0-3.0 will be added. | ||
== External links == | == External links == | ||
* Gbatemp - https://gbatemp.net/threads/nereba-exploit-reboot-to-fusee-gelee-payload-from-stock-firmware.536409/ | * Gbatemp - https://gbatemp.net/threads/nereba-exploit-reboot-to-fusee-gelee-payload-from-stock-firmware.536409/ | ||
* Github - https://github.com/pixel-stuck/nereba | * Github - https://github.com/pixel-stuck/nereba | ||
Latest revision as of 03:02, 22 May 2024
| Nereba | |
|---|---|
 | |
| General | |
| Author | pixel-stuck |
| Type | Exploits |
| Version | 0.1 |
| License | GPL-2.0 |
| Last Updated | 2019/04/19 |
| Links | |
| Download | |
| Website | |
| Source | |
Nereba is a warmboot bootrom exploit for the Nintendo Switch.
- The exploit is not a Horizon OS vulnerability, but a vulnerability in the bootrom of the Tegra X.
- The name "nereba" comes from a conjugation of the Japanese verb neru, "to sleep", meaning roughly "if I sleep, then…".
- The exploit works by taking advantage of a vulnerability in the bootrom during the Switch's sleep mode. The bootrom assumes that certain parameters do not change during a "coldboot" (power on reset), but Nvidia forgot to verify them during warmboot.
- The exploit allows for arbitrary writes, which can be used to take control of the bootrom using the built-in ipatch system.
- Exploitation on 1.0 is simple, as the region where the RAM parameters are stored is accessible easily with the nspwn exploit.
- Using this on firmware versions higher than 1.0 requires more complex exploits.
- The initial release of this exploit only works on Switch firmware version 1.0.0.
How To Run
To use this release, extract the zip onto the SD card, add a payload of your liking to the nereba folder and name it "nereba.bin", connect your console to pegaswitch and run nspwn @Sdcard:/nereba.nsp, then press the home button and launch the album applet.
Changelog
v.0.1
- This release works only on Switch firmware version 1.0.0. Eventually, support for 2.0-3.0 will be added.