Hacking News: Patched Nintendo Switch Systems on FW 4.1.0 can now run CFW and PS3HEN 2.3.0 released with faster exploit and fixes
Ever since day one, the Fusée Gelée vulnerability was central to the Nintendo Switch hacking scene as it’s an unpatchable hardware-based exploit. However, Nintendo has since released new Switch models that have this vulnerability patched thus making these models unhackable but now, that’s changed thanks to Caffeine! Other than that, we’ll also be looking at PS3HEN 2.3.0, which brings a faster exploit in this article.
Switch News: Patched consoles on FW 4.1.0 are now hackable thanks to the Caffeine exploit
We’ve known that efforts to get CFW on ipatched (fusee-gelee patched) Nintendo Switch consoles have been going on for a while but now, something significant has been released. This release is an update to the Caffeine exploit (by lieurvehc/deer) which is a warmboot Déjà Vu-based (SciresM) exploit meaning that it doesn’t make use of vulnerabilities in the Switch’s RCM mode but of vulnerabilities found in Horizon OS.
Initially, this exploit was only compatible with Switch FW 2.0.0-3.0.0 but now, it’s been updated to support FW 4.0.0 and 4.1.0, the latter being the first firmware bundled with ipatched Switch consoles. In light of this update, PegaScape, which is a program that’s used to reboot an unhacked Switch console to CFW/emuMMC, has been updated with support for FW 4.0.0/4.1.0 using Caffeine meaning that you can boot Atmosphere on ipatched systems for the first time!
While this is very exciting news, it must be noted that a high degree of caution must be exercised since incorrect permanent modifications to SysNAND can lead to a hard bricked console since you can’t use RCM to save your console on ipatched systems. AutoRCM MUST NOT BE USED UNDER ANY CIRCUMSTANCES and it is very highly recommended to create a NAND backup and dump all keys with Hekate and Lockpick_RCM respectively before hacking an ipatched console!
On another note, it must be said that the Déjà Vu exploit (which Caffeine is based on) no longer works as is on FW 5.0.0+ but it wasn’t fully patched until FW 8.0.0. This means that if you have an ipatched Switch console and you want hacks, do not update your FW at all costs if it’s on a firmware below FW 8.0.0 since the lower the firmware, the less time you’ll probably have to wait for the Déjà Vu exploit to be updated.
To grab PegaSwitch and run CFWs like Atmosphere on your ipatched Switch, check out this link but if unless you’re pretty experienced, it’s better to wait for an installation guide 😉
PS3 News: PS3HEN 2.3.0 released with a faster exploit and more
Even though PS3HEN been out for around 2 months, it’s still receiving updates and the most recent is PS3HEN 2.3.0 which was released yesterday. PS3HEN is a hack for noCFW PS3 consoles (minver of 3.60 or above) which lets you install homebrew/use CFW-like features and version 2.3.0 brings along:
- Faster exploit initialisation thus resulting in a faster exploit overall
- The HEN plugin has been updated with a fix to an infinite loop and with the ability to soft reboot the console if HEN doesn’t initialise properly
- Some optimisations relating to stack size in syscalls were done, more blackscreen issues got fixed and the SELF Decryptor received some bug fixes among other minor changes found in the changelog (above)
To install PS3HEN 2.3.0, you may use the HEN Updater found in “Network->Hybrid Firmware Tools->PS3HEN Updater->Update PS3HEN” if you already have PS3HEN installed; if it isn’t, follow the instructions in this link. For more info on PS3HEN, check out PSX-Place’s excellent FAQ
With the Switch news above, the expression “Good things come to those who wait” is pretty well demonstrated in practice. While few folks with patched Switch consoles may be on FW 4.1.0 now, the Déjà Vu will probably be updated to support up to FW 7.0.1 in the future so until then, hold on and don’t update your Nintendo Switch even it’s patched!!