Atmosphère 0.8.0 fait (déjà) tomber le firmware 6.2.0
Avec le firmware 6.2.0, Nintendo avait profondément modifié les algorithmes de génération des clés, rendant dès lors le hack caduque…mais c’était sans compter sur la team ReSwitched, qui, par le biais de SciresM, propose aujourd’hui une nouvelle version de son excellent Custom Firmware « Atmosphère ». Et vous l’aurez compris, les nouvelles protections mises en place ont été totalement détricotées, le firmware 6.2.0 est donc désormais pleinement supporté ! Parmi les autres nouveautés, on notera également de nouveaux garde-fous qui devraient rendre les utilisateurs plus sereins, puisque certaines zones-mémoire de la NAND (Boot0, partitions BIS) sont par défaut en lecture seule, tandis que d’autres sont carrément interdites (Cal0) pour les homebrews exécutés en mode userland. Néanmoins, la team indique qu’un homebrew malicieux pourra toujours outrepasser ces protections basiques (ce n’est qu’une question de développer le nécessaire pour bypasser ces quelques verrous rudimentaires, il ne fait aucun doute que ça n’arrêtera pas les mauvaise intentions de certains).
Cette nouvelle version est accompagnée également d’une mise à jour du payoad fusee-primary, attention donc à bien utiliser la dernière version en date au moment de l’injecter en mode RCM avec la méthode de votre choix.
It's June 15th today — Atmosphere 0.8.0 has released: https://t.co/hIHfIUxzwS
This is a feature update: a new fatal sysmodule was added, some protections were added for NAND partitions, and 6.2.0 support was added.
Many thanks to @elmirorac and @naehrwert for their help. 🙂
— Michael (@SciresM) November 29, 2018
Nouveautés / Corrections :
fusee-primary was last updated in: 0.8.0.
The following was changed since the last release:
- A custom
fatalsystem module was added.- This re-implements and extends Nintendo’s fatal module, with the following features:
- Atmosphère’s
fataldoes not create error reports. - Atmosphère’s
fataldraws a custom error screen, showing registers and a backtrace. - Atmosphère’s
fatalattempts to gather debugging info for all crashes, and not just ones that include info. - Atmosphère’s
fatalwill attempt saving reports to the SD, if a crash report was not generated bycreport.
- Atmosphère’s
- This re-implements and extends Nintendo’s fatal module, with the following features:
- Title flag handling was changed to prevent folder clutter.
- Instead of living in
atmosphere/titles/<tid>/%s.flag, flags are now located inatmosphere/titles/<tid>/flags/%s.flag- The old format will continue to be supported for some time, but is deprecated.
- Flags can now be applied to HBL by placing them at
atmosphere/flags/hbl_%s.flag.
- Instead of living in
- Changes were made to the mitm API, greatly improving caller semantics.
smnow informs mitm services of a new session’s process id, enabling custom handling based on title id/process id.
- smhax is no longer enabled, because it is no longer needed and breaks significant functionality.
- Users with updated HBL/homebrew should see no observable differences due to this change.
- Functionality was added implementing basic protections for NAND from userland homebrew:
- BOOT0 now has write protection for the BCT public key and keyblob regions.
- The
nssysmodule is no longer allowed to write the BCT public keys; all other processes can.- This should prevent system updates from removing AutoRCM.
- No processes should be allowed to write to the keyblob region.
- The
- By default, BIS partitions other than BOOT0 are now read-only, and CAL0 is neither readable nor writable.
- Adding a
bis_writeflag for a title will allow it to write to BIS. - Adding a
cal_readflag for a title will allow it to read CAL0.
- Adding a
- An automatic backup is now made of CAL0 on boot.
fs.mitmmaintains a file handle to this backup, so userland software cannot read it.
- To facilitate this,
fs.mitmnow mitms all sessions for non-system modules; content overriding has been made separate from service interception. - Please note: these protections are basic, and sufficiently malicious homebrew can defeat them.
- Please be careful to only run homebrew software from sources that you trust.
- BOOT0 now has write protection for the BCT public key and keyblob regions.
- A bug involving HDCP titles crashing on newer firmwares was fixed.
- Support was added for system version 6.2.0; our thanks to @motezazer for his invaluable help.
- By default, new keys will automatically be derived without user input.
- Support is also present for loading new keys from
atmosphere/prod.keysoratmosphere/dev.keys
- General system stability improvements to enhance the user’s experience.
Un grand Bravo à la team Reswitched et à motezazer qui a apporté une grande aide pour supporter le firmware 6.2.0. Maintenant que tout le travail pour déplomber les protections a été fait (gratuitement) par les gentils hackers bénévoles, il ne fait aucun doute que la team Xecuter va annoncer en grandes pompes avoir trouvé toute seule, comme une grande, le nécessaire pour sa solution payante…la guerre de com’ va pouvoir reprendre de plus belle, sortez le pop-corn !
⇪ Atmosphère 0.8.0 / fusee-primary.bin (0.8.0)
⌂ Sujet officiel / GitHub
