├── .travis.yml ├── Dockerfile ├── LICENSE ├── README.MD ├── commands.sh └── runExploit.sh /.travis.yml: -------------------------------------------------------------------------------- 1 | sudo: required 2 | language: C 3 | services: 4 | - docker 5 | before_install: 6 | - docker info 7 | - docker build -t dark1asp1s/linux-switch . 8 | before_script: 9 | - docker run -it -v $PWD:/opt dark1asp1s/linux-switch /bin/bash -c "cd /opt; ./commands.sh" 10 | script: 11 | - docker images | grep -q dark1asp1s/linux-switch 12 | after_script: 13 | - ls $PWD/shofel2/usb_loader | grep -q switch.scr.img 14 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ubuntu:17.10 2 | 3 | LABEL maintainer="darkiaspis " 4 | 5 | RUN apt-get update && \ 6 | apt-get -y upgrade && \ 7 | apt-get -y install git build-essential gcc-arm-linux-gnueabi gcc-aarch64-linux-gnu python python-dev swig m4 libssl-dev bison flex curl zlib1g-dev bc linux-firmware wget && \ 8 | wget https://chromium.googlesource.com/chromiumos/third_party/linux-firmware/+/f151f016b4fe656399f199e28cabf8d658bcb52b/brcm/brcmfmac4356-pcie.txt?format=TEXT && \ 9 | mv ./brcmfmac4356-pcie.txt?format=TEXT /lib/firmware/brcm/brcmfmac4356-pcie.txt 10 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | This is free and unencumbered software released into the public domain. 2 | 3 | Anyone is free to copy, modify, publish, use, compile, sell, or 4 | distribute this software, either in source code form or as a compiled 5 | binary, for any purpose, commercial or non-commercial, and by any 6 | means. 7 | 8 | In jurisdictions that recognize copyright laws, the author or authors 9 | of this software dedicate any and all copyright interest in the 10 | software to the public domain. We make this dedication for the benefit 11 | of the public at large and to the detriment of our heirs and 12 | successors. We intend this dedication to be an overt act of 13 | relinquishment in perpetuity of all present and future rights to this 14 | software under copyright law. 15 | 16 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 17 | EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 18 | MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. 19 | IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR 20 | OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, 21 | ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR 22 | OTHER DEALINGS IN THE SOFTWARE. 23 | 24 | For more information, please refer to 25 | -------------------------------------------------------------------------------- /README.MD: -------------------------------------------------------------------------------- 1 | [![](https://images.microbadger.com/badges/image/dark1asp1s/linux-switch-docker.svg)](https://microbadger.com/images/dark1asp1s/linux-switch-docker "Get your own image badge on microbadger.com")[![Build Status](https://travis-ci.org/darkiaspis/linux-switch-docker.svg?branch=master)](https://travis-ci.org/darkiaspis/linux-switch-docker) 2 | # Linux-Switch Docker 3 | This repository contains the automatic build of a Docker image with a minimal configuration for getting started with the compilation of different tools, most provided by [fail0verflow] team (awesome). Thanks to them (and other hacking teams involved into Tegra/Nintendo hacking scene) for the done great job. 4 | The aim is to provide a toolchain for cross compile the code meant to be executed onto the switch; the end-user still has the chore of compile onto the host machine the usb-loader. 5 | The procedure is tightly derived from the [fail0verflow shofEL2] repo, so please refer to it in case of troubles. 6 | 7 | -------- 8 | ## Prerequisites 9 | Make sure that you have installed on your operating system platform (I do consider only Linux-based and Mac OSs. I do not exclude to try the procedure under MS Windows, but could be tricky somepoint): 10 | - the latest [Docker] 11 | - a working native gcc toolchain 12 | - the libusb v1.0 13 | - python 14 | 15 | ## Getting the Docker image 16 | By your own, you can clone the whole repo and locally build a Docker image 17 | ```sh 18 | $ git clone https://github.com/darkiaspis/linux-switch-docker.git 19 | $ cd linux-switch-docker 20 | $ docker build -t . 21 | ``` 22 | Otherwise, if you are not a docker enthusiast, just pull it out from the [Docker-Hub]: 23 | ```sh 24 | $ docker pull dark1asp1s/linux-switch-docker 25 | ``` 26 | 27 | ## X-Compiling 28 | Actually, we use the docker image for getting the [fail0verflow] repositories and for cross-compiling by arm-gcc toolchains. The whole commands are included in commands.sh file. So just be sure that the current repository is cloned onto your pc host, then: 29 | ```sh 30 | $ cd linux-switch-docker 31 | $ docker run -it -v $PWD:/opt dark1asp1s/linux-switch /bin/bash -c "cd /opt; ./commands.sh" 32 | ``` 33 | And grab a long coffee... depending on the machine (and on the Docker configuration, too) it takes long time to completion. Anyway, once terminated you should see the all the outputs put into the shofEL2 folder, ready to be launched. 34 | 35 | ## Getting the USB-Loader 36 | We have to compile the imx-usb-loader directly onto our host target, hence for this step we do not need for our docker image, instead just be sure to have previously listed prerequisites. 37 | ```sh 38 | $ cd linux-switch-docker/imx_usb_loader 39 | $ git reset --hard 0a322b01cacf03e3be727e3e4c3d46d69f2e343e 40 | $ make 41 | ``` 42 | 43 | ### Troubleshoots 44 | I experienced onto the MacOS an error of clang compiler which is not able to seek for the libusb.h, altough it is properly included by the corresponding Makefile entry. It is caused by the fact that the pkg-config returns the full path to reach the header file, while the source code include it by referring to the parent folder (namely libusb-1.0/libusb.h). 45 | One fix could be to pull-out the single compilation command and using your absolute system path for the libusb, for instance: 46 | ```sh 47 | $ cc -c imx_usb.c -o imx_usb.o -pipe -ggdb `-I/opt/local/include/` -Wall -Wstrict-prototypes -Wno-trigraphs -DSYSCONFDIR='"/usr/etc"' 48 | ``` 49 | 50 | ## Just complete the launching 51 | Now you can directly execute commands by the [fail0verflow shofEL2] repo. I report them here for your comodity. 52 | ```sh 53 | $ cd shofel2/exploit 54 | $ ./shofel2.py cbfs.bin ../../coreboot/build/coreboot.rom 55 | $ cd ../usb_loader 56 | $ ../../imx_usb_loader/imx_usb -c . 57 | ``` 58 | --------- 59 | ### LICENSE 60 | Actually, I released the code inside this repository unlicensed. Please, read the LICENSE file. 61 | 62 | ### Contributing 63 | Github is for social coding. 64 | If you want to write code, I encourage contributions through pull requests from forks of this repository. 65 | 66 | #### Acknowledgment 67 | Do not miss to thank [fail0verflow] and other involved teams for their publicy-available work. 68 | 69 | [Docker]: 70 | [Docker-Hub]: 71 | [fail0verflow]: 72 | [fail0verflow shofEL2]: 73 | -------------------------------------------------------------------------------- /commands.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | #Let clone fail0verflow repositories 4 | cd /opt/ 5 | #Grab a coffee... downloading quite massive amount of bytes! 6 | git clone https://github.com/fail0verflow/shofel2.git && \ 7 | git clone --recursive https://github.com/fail0verflow/switch-coreboot.git coreboot && \ 8 | git clone https://github.com/fail0verflow/switch-u-boot.git u-boot && \ 9 | git clone https://github.com/fail0verflow/switch-linux.git linux && \ 10 | #Albeit we are not going to compile the usb-loader, we just clone it from the container by exploiting the git command \ 11 | git clone https://github.com/boundarydevices/imx_usb_loader.git 12 | 13 | #Build the shofEL2 14 | cd /opt/shofel2/exploit 15 | make 16 | 17 | #Build the u-boot 18 | cd ../../u-boot 19 | export CROSS_COMPILE=aarch64-linux-gnu- 20 | make nintendo-switch_defconfig 21 | make -j4 22 | 23 | #Then the coreboot turn 24 | cd ../coreboot 25 | make nintendo_switch_defconfig 26 | make iasl 27 | make -j4 28 | 29 | #Grab a shorter coffee... it's the time for the linux kernel 30 | 31 | cd ../linux 32 | export ARCH=arm64 33 | make nintendo-switch_defconfig 34 | make -j4 35 | 36 | #Make the final image 37 | cd ../shofel2/usb_loader 38 | ../../u-boot/tools/mkimage -A arm64 -T script -C none -n "boot.scr" -d switch.scr switch.scr.img 39 | -------------------------------------------------------------------------------- /runExploit.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | pushd shofel2/exploit/ 3 | sudo ./shofel2.py cbfs.bin ../../coreboot/build/coreboot.rom 4 | pushd ../usb_loader/ 5 | sleep 5s 6 | sudo ../../imx_usb_loader/imx_usb -c . 7 | popd 8 | popd 9 | 10 | 11 | --------------------------------------------------------------------------------