mirror of
https://github.com/hacks-guide/Guide_Switch-OLD.git
synced 2024-11-27 11:30:21 +00:00
116 lines
4.3 KiB
Plaintext
116 lines
4.3 KiB
Plaintext
---
|
|
title: "PegaSwitch"
|
|
---
|
|
|
|
{% include toc title="Table of Contents" %}
|
|
|
|
### Required Reading
|
|
|
|
PegaSwitch is a developer-focused exploitation toolkit for the Switch developed by ReSwitched. It is compatible with firmware versions 1.0.0 - 3.0.0.
|
|
|
|
The toolkit uses a combination of vulnerabilities to take over the WebKit-based browser, giving the user a shell which can be used to read / write memory, call native functions, and otherwise explore the functionality of the Switch.
|
|
|
|
Note that the current homebrew exploit has the side-effect of corrupting your device's Mii Database. While this effect is harmless, it will result in the loss of any user-created Miis.
|
|
{: .notice--warning}
|
|
|
|
### What You Need
|
|
|
|
* A supported operating system
|
|
+ MacOS and most linux distributions are supported
|
|
+ Windows is best supported using a [Windows Subsystem for Linux](https://docs.microsoft.com/en-us/windows/wsl/install-win10) distribution
|
|
* The [git](https://git-scm.com/) version control system
|
|
* The [Node.JS](https://nodejs.org/en/download/package-manager/) JavaScript runtime (current release)
|
|
|
|
### Instructions
|
|
|
|
#### Section I - Network Configuration
|
|
|
|
PegaSwitch works by hosting a [captive portal](https://en.wikipedia.org/wiki/Captive_portal) using DNS redirection.
|
|
|
|
For this to work, your device must be able to connect to your PC over the network.
|
|
|
|
1. Ensure no other applications are bound to UDP port 53 or TCP ports 80 and 8100
|
|
+ WSL: look at the "Listening Ports" section of the "Network" tab in `resmon.exe`
|
|
+ Linux / MacOS: view the output of `sudo netstat -tulpn`
|
|
1. Ensure your firewall does not block incoming connections to any of these ports
|
|
|
|
#### Section II - Running PegaSwitch
|
|
|
|
~~~ bash
|
|
# clone the repository
|
|
git clone https://github.com/reswitched/pegaswitch
|
|
|
|
# install dependencies
|
|
cd pegaswitch
|
|
npm install
|
|
|
|
# start PegaSwitch
|
|
# Windows users: omit the 'sudo'
|
|
sudo node start.js
|
|
~~~
|
|
|
|
#### Section III - DNS Configuration
|
|
|
|
Note that these DNS servers will need to be set on each network you connect your device to for it to be able to trigger the exploit.
|
|
{: .notice--info}
|
|
|
|
1. Launch System Settings on your device
|
|
1. Navigate to `Internet` -> `Internet Settings`
|
|
1. Select your current network
|
|
+ This is signified by a green check mark next to the network
|
|
1. Select "Change Settings"
|
|
1. Set "DNS Settings" to "Manual"
|
|
1. Set "Primary DNS" and "Secondary DNS" to your PC's IP address
|
|
+ This will be displayed in PegaSwitch
|
|
1. Save the network settings
|
|
1. Return to `Internet Settings`
|
|
|
|
#### Section IV - Initial Connection
|
|
|
|
1. Navigate to `Internet` -> `Internet Settings`
|
|
1. Select your current network
|
|
1. Select "Connect to this Network"
|
|
1. If the DNS connection was successful, you will see the message "Registration is required to use this network."
|
|
1. Select "Next"
|
|
1. The PegaSwitch webpage will load
|
|
1. If the exploit was successful, you will now have a PegaSwitch shell connected to your console
|
|
|
|
#### Section V - Alternative Browser Applets (Optional)
|
|
|
|
There are actually [multiple](http://switchbrew.org/index.php?title=Internet_Browser#Browser_Applets) internet browsers on the Switch, and any of them can be used to trigger the browser exploit.
|
|
|
|
While we used the connection test browser applet to initially trigger the exploit, it may be more convenient in the future to use another browser applet.
|
|
|
|
Triggering the browser exploit using either of these methods will have the same effect as triggering the exploit through the Connection Test method we used before.
|
|
|
|
##### eShop Sign In Prompt
|
|
|
|
To use this method, create a second account on your device. Do not connect it to a Nintendo Account.
|
|
|
|
1. Launch Nintendo eShop
|
|
1. Select the second account
|
|
1. Select "Sign In and link"
|
|
1. The browser applet will launch
|
|
|
|
##### Game Update Prompt
|
|
|
|
To use this method, you must have at least one game on your home screen.
|
|
|
|
Note that, if you were not connected to the correct DNS servers, this method would *update* your device. It is dangerous!
|
|
{: .notice--danger}
|
|
|
|
1. Press (+) with any game highlighted
|
|
1. In the "Software Update" tab, select "Via the Internet"
|
|
1. The browser applet will launch
|
|
|
|
___
|
|
|
|
You can now easily connect to your device using the PegaSwitch environment.
|
|
{: .notice--success}
|
|
|
|
For debugging purposes, you may want to [enable extra error info](troubleshooting#enable-extra-error-info).
|
|
{: .notice--info}
|
|
|
|
### Return to [Homebrew Development](homebrew-development)
|
|
{: .notice--primary}
|