├── .travis.yml
├── Dockerfile
├── LICENSE
├── README.MD
├── commands.sh
└── runExploit.sh


/.travis.yml:
--------------------------------------------------------------------------------
 1 | sudo: required
 2 | language: C
 3 | services:
 4 | - docker
 5 | before_install:
 6 | - docker info
 7 | - docker build -t dark1asp1s/linux-switch .
 8 | before_script:
 9 | - docker run -it -v $PWD:/opt dark1asp1s/linux-switch /bin/bash -c "cd /opt; ./commands.sh"
10 | script:
11 | - docker images | grep -q dark1asp1s/linux-switch
12 | after_script:
13 | - ls $PWD/shofel2/usb_loader | grep -q switch.scr.img
14 | 


--------------------------------------------------------------------------------
/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM ubuntu:17.10
 2 | 
 3 | LABEL maintainer="darkiaspis <darkiaspis@gmail.com>"
 4 | 
 5 | RUN apt-get update && \
 6 |     apt-get -y upgrade && \
 7 |     apt-get -y install git build-essential gcc-arm-linux-gnueabi gcc-aarch64-linux-gnu python python-dev swig m4 libssl-dev bison flex curl zlib1g-dev bc linux-firmware wget && \
 8 |     wget https://chromium.googlesource.com/chromiumos/third_party/linux-firmware/+/f151f016b4fe656399f199e28cabf8d658bcb52b/brcm/brcmfmac4356-pcie.txt?format=TEXT && \
 9 |     mv ./brcmfmac4356-pcie.txt?format=TEXT /lib/firmware/brcm/brcmfmac4356-pcie.txt
10 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | This is free and unencumbered software released into the public domain.
 2 | 
 3 | Anyone is free to copy, modify, publish, use, compile, sell, or
 4 | distribute this software, either in source code form or as a compiled
 5 | binary, for any purpose, commercial or non-commercial, and by any
 6 | means.
 7 | 
 8 | In jurisdictions that recognize copyright laws, the author or authors
 9 | of this software dedicate any and all copyright interest in the
10 | software to the public domain. We make this dedication for the benefit
11 | of the public at large and to the detriment of our heirs and
12 | successors. We intend this dedication to be an overt act of
13 | relinquishment in perpetuity of all present and future rights to this
14 | software under copyright law.
15 | 
16 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
17 | EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
18 | MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
19 | IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
20 | OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
21 | ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
22 | OTHER DEALINGS IN THE SOFTWARE.
23 | 
24 | For more information, please refer to <http://unlicense.org>
25 | 


--------------------------------------------------------------------------------
/README.MD:
--------------------------------------------------------------------------------
 1 | [![](https://images.microbadger.com/badges/image/dark1asp1s/linux-switch-docker.svg)](https://microbadger.com/images/dark1asp1s/linux-switch-docker "Get your own image badge on microbadger.com")[![Build Status](https://travis-ci.org/darkiaspis/linux-switch-docker.svg?branch=master)](https://travis-ci.org/darkiaspis/linux-switch-docker)
 2 | # Linux-Switch Docker
 3 | This repository contains the automatic build of a Docker image with a minimal configuration for getting started with the compilation of different tools, most provided by [fail0verflow] team (awesome). Thanks to them (and other hacking teams involved into Tegra/Nintendo hacking scene) for the done great job.
 4 | The aim is to provide a toolchain for cross compile the code meant to be executed onto the switch; the end-user still has the chore of compile onto the host machine the usb-loader.
 5 | The procedure is tightly derived from the [fail0verflow shofEL2] repo, so please refer to it in case of troubles.
 6 | 
 7 | --------
 8 | ## Prerequisites
 9 | Make sure that you have installed on your operating system platform (I do consider only Linux-based and Mac OSs. I do not exclude to try the procedure under MS Windows, but could be tricky somepoint):
10 |   - the latest [Docker]
11 |   - a working native gcc toolchain
12 |   - the libusb v1.0
13 |   - python
14 | 
15 | ## Getting the Docker image
16 | By your own, you can clone the whole repo and locally build a Docker image 
17 | ```sh
18 | $ git clone https://github.com/darkiaspis/linux-switch-docker.git
19 | $ cd linux-switch-docker
20 | $ docker build -t <image-name> .
21 | ```
22 | Otherwise, if you are not a docker enthusiast, just pull it out from the [Docker-Hub]:
23 | ```sh
24 | $ docker pull dark1asp1s/linux-switch-docker
25 | ```
26 | 
27 | ## X-Compiling
28 | Actually, we use the docker image for getting the [fail0verflow] repositories and for cross-compiling by arm-gcc toolchains. The whole commands are included in commands.sh file. So just be sure that the current repository is cloned onto your pc host, then:
29 | ```sh
30 | $ cd linux-switch-docker
31 | $ docker run -it -v $PWD:/opt dark1asp1s/linux-switch /bin/bash -c "cd /opt; ./commands.sh"
32 | ```
33 | And grab a long coffee... depending on the machine (and on the Docker configuration, too) it takes long time to completion. Anyway, once terminated you should see the all the outputs put into the shofEL2 folder, ready to be launched.
34 | 
35 | ## Getting the USB-Loader
36 | We have to compile the imx-usb-loader directly onto our host target, hence for this step we do not need for our docker image, instead just be sure to have previously listed prerequisites.
37 | ```sh
38 | $ cd linux-switch-docker/imx_usb_loader
39 | $ git reset --hard 0a322b01cacf03e3be727e3e4c3d46d69f2e343e
40 | $ make
41 | ```
42 | 
43 | ### Troubleshoots
44 | I experienced onto the MacOS an error of clang compiler which is not able to seek for the libusb.h, altough it is properly included by the corresponding Makefile entry. It is caused by the fact that the pkg-config returns the full path to reach the header file, while the source code include it by referring to the parent folder (namely libusb-1.0/libusb.h).
45 | One fix could be to pull-out the single compilation command and using your absolute system path for the libusb, for instance:
46 | ```sh
47 | $ cc -c imx_usb.c -o imx_usb.o -pipe -ggdb `-I/opt/local/include/` -Wall -Wstrict-prototypes -Wno-trigraphs -DSYSCONFDIR='"/usr/etc"'
48 | ```
49 | 
50 | ## Just complete the launching
51 | Now you can directly execute commands by the [fail0verflow shofEL2] repo. I report them here for your comodity.
52 | ```sh
53 | $ cd shofel2/exploit
54 | $ ./shofel2.py cbfs.bin ../../coreboot/build/coreboot.rom
55 | $ cd ../usb_loader
56 | $ ../../imx_usb_loader/imx_usb -c .
57 | ```
58 | ---------
59 | ### LICENSE
60 | Actually, I released the code inside this repository unlicensed. Please, read the LICENSE file.
61 | 
62 | ### Contributing
63 | Github is for social coding.
64 | If you want to write code, I encourage contributions through pull requests from forks of this repository.
65 | 
66 | #### Acknowledgment
67 | Do not miss to thank [fail0verflow] and other involved teams for their publicy-available work.
68 | 
69 |    [Docker]: <https://docker.com>
70 |    [Docker-Hub]: <https://hub.docker.com>
71 |    [fail0verflow]: <https://fail0verflow.com/>
72 |    [fail0verflow shofEL2]: <https://github.com/fail0verflow/shofel2>
73 | 


--------------------------------------------------------------------------------
/commands.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | 
 3 | #Let clone fail0verflow repositories
 4 | cd /opt/
 5 | #Grab a coffee... downloading quite massive amount of bytes!
 6 | git clone https://github.com/fail0verflow/shofel2.git && \
 7 | git clone --recursive https://github.com/fail0verflow/switch-coreboot.git coreboot && \
 8 | git clone https://github.com/fail0verflow/switch-u-boot.git u-boot && \
 9 | git clone https://github.com/fail0verflow/switch-linux.git linux && \
10 | #Albeit we are not going to compile the usb-loader, we just clone it from the container by exploiting the git command \
11 | git clone https://github.com/boundarydevices/imx_usb_loader.git
12 | 
13 | #Build the shofEL2
14 | cd /opt/shofel2/exploit
15 | make
16 | 
17 | #Build the u-boot
18 | cd ../../u-boot
19 | export CROSS_COMPILE=aarch64-linux-gnu-
20 | make nintendo-switch_defconfig
21 | make -j4
22 | 
23 | #Then the coreboot turn
24 | cd ../coreboot
25 | make nintendo_switch_defconfig
26 | make iasl
27 | make -j4
28 | 
29 | #Grab a shorter coffee... it's the time for the linux kernel
30 | 
31 | cd ../linux
32 | export ARCH=arm64
33 | make nintendo-switch_defconfig
34 | make -j4
35 | 
36 | #Make the final image
37 | cd ../shofel2/usb_loader
38 | ../../u-boot/tools/mkimage -A arm64 -T script -C none -n "boot.scr" -d switch.scr switch.scr.img
39 | 


--------------------------------------------------------------------------------
/runExploit.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | pushd shofel2/exploit/
 3 | sudo ./shofel2.py cbfs.bin ../../coreboot/build/coreboot.rom 
 4 | pushd ../usb_loader/
 5 | sleep 5s
 6 | sudo ../../imx_usb_loader/imx_usb -c . 
 7 | popd
 8 | popd
 9 | 
10 | 
11 | 


--------------------------------------------------------------------------------