[LiveOverflow]

I'm really interested in some technical tidbits :)

Quickly looking over the code I think you use a slightly different way to achieve the r/w than qwerty - you don't misalign a pointer, correct? Can you give a short description how you do it?

I wondered how to not crash the switch when done, and you seem to simply set everything to 0 `this.bufs[i] = 0;` and that solves that issue. Could you say a few words on why that is the case?

Any information yet you want to share about the execution environment? Is there some kind of sandbox? Anything interesting you can already access, or surprisingly not access?

Edit: One more question. Did you guys get to play any BotW yet? :D

I really love the overengineering of this toolkit <3

[daeken]

Yeah, so the approach I took to writing the core of the exploit (control over memory, basically) was very different than any other exploit I've seen for this vulnerability. Others smashed it with a bunch of buffers, with which you'd then attempt to get an overlap. Rather than that, I make a single ArrayBuffer and then a ton (2M) of Uint32Array views into that buffer. This makes controlling memory much more stable -- we have a 99.86% hit rate within the first 3 tries, all of which are automatic.

In terms of not crashing, it really comes down to appeasing the garbage collector. If there are non-object-objects on the heap (e.g. raw pointers just sitting there), the GC will explode and the whole thing crashes. So we take great care to ensure that only real JS objects exist at any point, outside of a few critical paths (which only last a few ms at worst). This leads to an insanely stable exploit base.

We're not really talking much about the execution environment yet, but what we can say is that it's really an upgraded (potentially rewritten?) 3DS OS.

[Operyl]

There are around 30 or so people contributing ideas and what have you to the project, or wherever we can. Those listed on the actual site are just people who committed code to the repo. A lot of us play BotW though :p.

[Retr0spectrum]

Slightly random question, how did the group form? Have you been working together on previous consoles?

[Operyl]

Daeken posted on an HN post regarding the Switch before launch, that's how I found it and joined. A lot of members have joined since then, mostly by invitations from people within the general 3ds communities I suppose.

EDIT: Found the comment, https://news.ycombinator.com/item?id=13675898

[daeken]

Actually, this one grew totally organically. I used to do console hacking many years ago, and decided I wanted to get back into it with the Switch. People just started joining up, and bringing in trusted folks with them. A comment I made on HN a month ago or so really accelerated this.

[joshschreuder]

Are you guys related to /r/switchhacks on Reddit? I see it's private but I still check every day or two hoping there'll be a big announcement :)

[daeken]

IIRC, there are several folks from /r/switchhacks around our server. I imagine the subreddit will get big once someone drops an end-user exploit.

[chii]

I really enjoyed your video https://www.youtube.com/watch?v=xkdPjbaLngE&t=0s about it! Hope you make more on it ;)

[yupferris]

I'm up to like 62 shrines and all the memories... if that counts as some kind of metric :)