Hacking Nintendo Switch bootrom dumped.

[V-Temp]

im gonna go out on a limb here and say nintendo is fucked *waits for switch 2.0*

Look three posts up. No.

That means if a vulnerability is found we the public should expect to basically not even know if exists to hopefully keep it around longer. Nintendo and nvidia are making secrets a necessary evil with this system especially compared to their last several systems.

Yes, I suspect this is why its being kept secret for now. The moment this reaches even the slightest of "words on the wind" is the moment Nintendo/nVidia will look to smash it. They smashed 3.0.0 very quickly when word got to them, if this compromise reaches them, it will be patched quickly.

High-end (entry to the system) and low-end (bootrom) security here seems to be able to roll with the punches, so to speak, so we're going to need to be quiet and most releases will have to be handled carefully.

 

[TheCyberQuake]

im gonna go out on a limb here and say nintendo is fucked *waits for switch 2.0*

No... this is just the bootrom being dumped. Meaning it can be explored for vulns, but doesn't guarantee that they are there. Impressive feat nonetheless, but not like when sighax was announced

 

[Beerus]

Look three posts up. No.



Yes, I suspect this is why its being kept secret for now. The moment this reaches even the slightest of "words on the wind" is the moment Nintendo/nVidia will look to smash it.

High-end (entry to the system) and low-end (bootrom) security here seems to be able to roll with the punches, so to speak, so we're going to need to be quiet and most releases will have to be handled carefully.

damn didnt read, the title made me wet( ͡° ͜ʖ ͡°)

 

[SciresM]

Oh. Interesting, nVidia actually has some failsafe states in there then (and Nintendo by extension)! Yes, the 3DS was basically a permanent win once the boot was compromised ala sighax. Sounds like they learned a lot (and in this case stumbled into someone who knew better) for future-proofing their hardware against rolling compromises.

But as we're looking for bugs now, we're also going to be dependent on finding ways to get around the handshakes with TrustZone, yes? I believe (you'll have to pardon my aged memory on the matter) for the 3DS early on we had to basically find a hole in the security where we could get ahead of the keys, pull them, reverse engineer them, and solve the encryption aglo. My expectations for the Switch are naturally higher given the general step up since the 3DS/WiiU.

http://switchbrew.org/index.php?title=SMC -- control-f for "overall concept". Also see http://switchbrew.org/index.php?title=Cryptosystem, both good descriptions of the cryptographic threat model you're attacking on the switch.

I am almost more interested in the order of operation of this from the nVidia engineering side of things than I am in even caring about applications for the Switch. Not every day you get a glimpse into that web.

I agree -- it's extremely interesting.

 

[V-Temp]

http://switchbrew.org/index.php?title=SMC -- control-f for "overall concept". Also see http://switchbrew.org/index.php?title=Cryptosystem, both good descriptions of the cryptographic threat model you're attacking on the switch.

At a glance (though I read these pages only a few days ago, I will sit down to read them in more detail tonight when not on mobile), it does seem that we have a lot of work to deal with the TrustZone! Gonna need some boxing gloves.

I doubt we're going to get Nintendo accidentally giving us one of the keys again *cough3dscough* so that we can get an easy jump on the reverse engineering.

I agree -- it's extremely interesting.

Will look forward to when this is published, though I understand it may be... a while.

 

[SciresM]

Will look forward to when this is published, though I understand it may be... a while.

Yeah, it'll probably be a while.

That said, it definitively will not be forever.

 

[V-Temp]

No... this is just the bootrom being dumped. Meaning it can be explored for vulns, but doesn't guarantee that they are there. Impressive feat nonetheless, but not like when sighax was announced

Funnily enough, in the months we've been with this scene and how fast its been "moving", we're 'catching up' to the PS4's 1.76 and that mess of a firmware and its fiery kernel. I sort of find the whole "wow already" posts really funny in light of how fast these things have usually gone, I guess no one notices.

Yeah, it'll probably be a while.

That said, it definitively will not be forever.

Oh for me its fine, take your time and do the most with it before its either reported or Nintendo learns of it and smashes it. I can wait, and I have fun enough as it is on the more 'hands on' side of playing with wires on my spare Switch and playing around with the released libnx.

I think the people who will be disappointed (as this thread and a few others today prove) are those who think you will announce how you can play Xenoblade 2 on their cfw homebrewed Switches with flashkarts tomorrow.

 

[ShadowOne333]

I think the people who will be disappointed (as this thread and a few others today prove) are those who think you will announce how you can play Xenoblade 2 on their homebrewed Switches with flashkarts tomorrow.

But I was pulling an all-nighter waiting for the announcement

 

[V-Temp]

But I was pulling an all-nighter waiting for the announcement

Defeat TrustZone and everyone in Re-Switched will probably buy you every game you'd ever want! You won't even need the flashkart.

 

[MelodieOctavia]

Oooh! I can't wait for the first "hello world". This is a huge step.

I imagine this is going to be the best handheld emulator since the PSP if all goes well.

I'm looking forward to seeing what comes from this in the coming months.

 

[V-Temp]

I imagine this is going to be the best handheld emulator since the PSP if all goes well.

To quote myself:

The switch will be a great(!) emulator for all sorts of older software, it will be a great brick for new stuff/online.

And now that I've learned that the bootrom is actually able to accept signed patches (thanks @SciresM), its even more true. I thought Nintendo had only learned from the top down to protect against compromises, but it turns out they actually learned to protect the bottom of the pyramid as well.

The major difference from the PSP is that your Switch can be permanently blacklisted, so you have an either/or proposition of sorts to deal with. But as an emulator? It will be ace. nVidia's chip, Nintendo's spacemagic hardware durability and ergonomics.

The fourth little pig built his house out of blacklisted switches.

 

[Frysenberg]

Mad props to @SciresM and @V-Temp, very informative and enlightening stuff.

Should be required reading, to be honest.

 

[MelodieOctavia]

To quote myself:


And now that I've learned that the bootrom is actually able to accept signed patches (thanks @SciresM), its even more true. I thought Nintendo had only learned from the top down to protect against compromises, but it turns out they actually learned to protect the bottom of the pyramid as well.

The major difference from the PSP is that your Switch can be permanently blacklisted, so you have an either/or proposition of sorts to deal with. But as an emulator? It will be ace. nVidia's chip, Nintendo's spacemagic hardware durability and ergonomics.

I've always considered the possibility. It's always been an either/or situation since the xbox 360 bannings. Console companies have been blacklisting hacked consoles for years now. Anyone that isn't new to the scene these days just takes that assumption to mind already. Though, it would suck to lose access to your digital-only titles that you purchased. That's something that will need to be considered. Especially if the Switch is still hard to get a hold of if and when the first hack/CFW comes.

 

[punderino]

Why are you guys getting hyped over nothing? It's still encrypted.

 

[V-Temp]

Admittedly. I have to sit down and think about how signed patches and the boot sequence/fuse protection would go in the OoOperations. But from the quick thought, I'd say generally to not hope for some magical rollback/spoofer.

I've always considered the possibility. It's always been an either/or situation since the xbox 360 bannings. Console companies have been blacklisting hacked consoles for years now. Anyone that isn't new to the scene these days just takes that assumption to mind already. Though, it would suck to lose access to your digital-only titles that you purchased. That's something that will need to be considered. Especially if the Switch is still hard to get a hold of if and when the first hack/CFW comes.

Nintendo's always been slow on the uptake, so they really jumped by near an order of magnitude in their protection here and ability to now roll protections forward so long as they don't run out of fuses or start leaking their own keys accidentally. Will be interesting to see if they finally instigate some sort of generator key check on the GTS for Pokemon or if they'll still leave it rampant with fakes, hah! I think the GTS is usually my standard candle for how bad their security is even if its GameFreak.

I don't think availability will be the issue, more the number of systems that can be compromised. We have discussions of 3.0.0/1.0.0 for a reason, after all.

But yes, if your console unique cert is banned, poof go your digital games.

I think we may have somehow stumbled into a world where Nintendo has better security than Sony.

 

[SciresM]

Admittedly. I have to sit down and think about how signed patches and the boot sequence/fuse protection would go in the OoOperations. But from the quick thought, I'd say generally to not hope for some magical rollback/spoofer.



Nintendo's always been slow on the uptake, so they really jumped by near an order of magnitude in their protection here and ability to now roll protections forward so long as they don't run out of fuses or start leaking their own keys accidentally. Will be interesting to see if they finally instigate some sort of generator key check on the GTS for Pokemon or if they'll still leave it rampant with fakes, hah! I think the GTS is usually my standard candle for how bad their security is even if its GameFreak.

I think we may have somehow stumbled into a world where Nintendo has better security than Sony.

The bootloader's cryptosystem is actually quite well designed -- Nintendo could recover from up to 32 full compromises and still have safe provisioned key material not accessible to older firmwares (they have burnt 2/32 keyblobs due to a stage 1 bootloader NULL dereference and smhax, respectively, so far).

Downgrades really are not going to be possible -- the fuse mechanism ensures this, and you're not going to be able to downgrade your bootrom patch revision either -- the first stage bootloader actually explicitly checks whether your bootrom is updated enough.

For what it's worth, I will be doing everything in my power to ensure PKHeX's ability support editing Switch game saves when the time comes.

 

[DocAmes1980]

...But as an emulator? It will be ace. nVidia's chip, Nintendo's spacemagic hardware durability and ergonomics.

Does the lack of a d-pad not bother you? I just tried playing Blaster Master Zero portable because I wanted to see if using those directional buttons was as bad as I thought they might be. It certainly wasn't great. I wouldn't want to play classic 2D games with it.

 

[TheCyberQuake]

Does the lack of a d-pad not bother you? I just tried playing Blaster Master Zero portable because I wanted to see if using those directional buttons was as bad as I thought they might be. It certainly wasn't great. I wouldn't want to play classic 2D games with it.

There's a new custom shell for the left joycon that gives it a proper dpad instead of buttons

 

[MelodieOctavia]

Admittedly. I have to sit down and think about how signed patches and the boot sequence/fuse protection would go in the OoOperations. But from the quick thought, I'd say generally to not hope for some magical rollback/spoofer.



Nintendo's always been slow on the uptake, so they really jumped by near an order of magnitude in their protection here and ability to now roll protections forward so long as they don't run out of fuses or start leaking their own keys accidentally. Will be interesting to see if they finally instigate some sort of generator key check on the GTS for Pokemon or if they'll still leave it rampant with fakes, hah!

I think we may have somehow stumbled into a world where Nintendo has better security than Sony.

Nintendo consoles dating all the way back to the NES with the lockout chip have always been the red headed stepchild to hackers/modders/exploiters. Always being the target of a good flogging. And I think it may have something to do with Nintendo's philosophy. You play by our rules, do as we say, and maybe, just maybe, you'll turn a profit. People started making NES cartridges that bypassed the lockout chip, because Nintendo wasn't playing nice with their licensing program. At least that's how it started out. Now, I have no idea.

Either way, it's funny that Nintendo has taken this long to tackle security for their consoles in a serious manner. Now...if only they put that much effort into their online services...

 

[V-Temp]

The bootloader's cryptosystem is actually quite well designed -- Nintendo could recover from up to 32 full compromises and still have safe provisioned key material not accessible to older firmwares (they have burnt 2/32 keyblobs due to a stage 1 bootloader NULL dereference and smhax, respectively, so far).

Downgrades really are not going to be possible -- the fuse mechanism ensures this, and you're not going to be able to downgrade your bootrom patch revision either -- the first stage bootloader actually explicitly checks whether your bootrom is updated enough.

I was aware of the two keyblob burns. Given their timestep on those, we'd need 8 years of major compromises to run out.

I have never been under the impression that the downgrade was possible, but I've been (fruitlessly) thinking about methods of bypass as its been a common topic on here (with usually someone coming to deliver the bad news!) but if even the first stage is check-locked, then its basically point-set-match.

For what it's worth, I will be doing everything in my power to ensure PKHeX's ability support editing Switch game saves when the time comes.

Excellent. That's always a fun path for further digging, but it sounds like you'll be needing a sturdy pair of boxing gloves!

Does the lack of a d-pad not bother you? I just tried playing Blaster Master Zero portable because I wanted to see if using those directional buttons was as bad as I thought they might be. It certainly wasn't great. I wouldn't want to play classic 2D games with it.

I hardware mod my equipment. I can make it have delicious M&Ms for buttons if I wanted. Its quite the fun little project, and even if you screw up its just 50-60$ bucks and not a bricked Switch!

I expect Nintendo to launch d-pad joy-cons any way.