Hacking Suggestion Hedgeberg Confirmed that switch Flashcard are Fake.

  • Thread starter Deleted User
  • Start date
  • Views 11,012
  • Replies 41
Status
Not open for further replies.

dark_samus3

Well-Known Member
Member
Joined
May 30, 2015
Messages
2,372
Trophies
0
XP
2,042
Country
United States
This is why I say bypass and not hack. No need to hack anything when you can just walk around it. No need to beleive me I just happened to walk around the PS3 online defence with the same logic once upon a time and that shit uses a CRAM and linear curvature for it's cryptography. Strangely everyone said that was impossible also lol
Well, I will be awaiting you "walking around" the Switch's CR system then! See you never!

--------------------- MERGED ---------------------------

(Also, to be clear, I think the whole "Impossible" statement was what you'd call hyperbole. Exaggeration to make a point.)
 

aSpookyNinja

Active Member
Newcomer
Joined
Sep 26, 2017
Messages
27
Trophies
0
Age
33
XP
61
Country
United States
To clarify, defeating crypto would require a hack to the switch to bypass the crypto checks, like how Halo 3 was modified to not perform rsa2048 checks on map files. While edgelord is correct, they're just someone trying to hop on a hype train.

This thread needs locked anyway.
 

dark_samus3

Well-Known Member
Member
Joined
May 30, 2015
Messages
2,372
Trophies
0
XP
2,042
Country
United States
You got it in one fella, as I will literally never bother. I have absolutely no need. :)
So, to sum up; You've done no research on the particular mechanisms the Switch uses (hardware that uses CR to reject any non-compliant carts), don't plan on doing any research on the subject, and weren't planning on doing anything? Gosh, sounds like someone doesn't really know what they're talking about...
 

ARVI80

Well-Known Member
Member
Joined
Feb 25, 2016
Messages
197
Trophies
0
Age
43
Location
UK
XP
314
Country
So, to sum up; You've done no research on the particular mechanisms the Switch uses (hardware that uses CR to reject any non-compliant carts), don't plan on doing any research on the subject, and weren't planning on doing anything? Gosh, sounds like someone doesn't really know what they're talking about...

That's your assumption buddy. Whatever helps you sleep at night I guess. I will enjoy my switch and you can just enjoy everyone else's work eventually.
 

dark_samus3

Well-Known Member
Member
Joined
May 30, 2015
Messages
2,372
Trophies
0
XP
2,042
Country
United States
That's your assumption buddy. Whatever helps you sleep at night I guess. I will enjoy my switch and you can just enjoy everyone else's work eventually.
It's not really an assumption. Given the way you're talking it's *obvious* you don't know what you're talking about in this regard.
 
  • Like
Reactions: peteruk

ARVI80

Well-Known Member
Member
Joined
Feb 25, 2016
Messages
197
Trophies
0
Age
43
Location
UK
XP
314
Country
It's not really an assumption. Given the way you're talking it's *obvious* you don't know what you're talking about in this regard.

OK princess, I'm glad you no better.

Xxztw7
 
Last edited by ARVI80,

hedgeberg

Member
Newcomer
Joined
Aug 12, 2017
Messages
8
Trophies
0
Age
55
XP
100
Country
United States
Meh I've goofed around enough and want to get a little technical before I go to bed. Take this all with a grain of salt because I'm tired af and also likely missing several key pieces of the puzzle since my focus on the switch has been fault injection in order to take over the early bootchain.

Basically here's the deal: we (meaning reswitched + switchbrew + hexkyz and other individuals) haven't fully reversed the gamecart interface due to the fact that we haven't been that interested. There's no major use case for us to review that, so everything is cursory. That being said, what we do know, simply put:
  • Switch carts contain an mcu, as does a custom asic (application-specific integrated circuit) on the switch, which is responsible for securing the communications bus.
  • During cart init, both MCUs exchange randomized data which, when used in conjunction with stored secrets, creates a communication chain that is completely opaque to us.
  • In addition, switch verifies that the gamecart contains said shared secret using the "challenge-response" we've talked so much about.
  • The asic on the switch side seems to be flashed once during boot, and it is unknown if it is reflashable, but it seems unlikely. In addition, shared secrets seem to be burnt in to the asic, meaning there's never a way to change them to something we control.
  • The switch also verifies that the asic is valid using a separate challenge-response round iirc, meaning every point on that chain is secure.
Basically, to beat this, you either need the gamecart's secrets or you need a kernel hack. Kernel hack is more likely, and then at that point you already have a kernel hack, you can patch out signature checks.

Take all of this however you want. I'm just some girl none of you know poking away at this for fun reciting what I loosely remember after cursory examinations, but in terms of peripheral security Nintendo did all the right things to ensure as well as possible that gamecarts can be verified and trusted.

Tl;Dr it's possible but not without huge budget or a kernel exploit, neither of which the developers who claimed to be working on this have. Hence the tweet.

Sorry if there are typos or grammar mistakes, I'm on mobile and can't be bothered to reread before I post. I'm off to sleep, try not to burn the place down.
 

aSpookyNinja

Active Member
Newcomer
Joined
Sep 26, 2017
Messages
27
Trophies
0
Age
33
XP
61
Country
United States
Meh I've goofed around enough and want to get a little technical before I go to bed. Take this all with a grain of salt because I'm tired af and also likely missing several key pieces of the puzzle since my focus on the switch has been fault injection in order to take over the early bootchain.

Basically here's the deal: we (meaning reswitched + switchbrew + hexkyz and other individuals) haven't fully reversed the gamecart interface due to the fact that we haven't been that interested. There's no major use case for us to review that, so everything is cursory. That being said, what we do know, simply put:
  • Switch carts contain an mcu, as does a custom asic (application-specific integrated circuit) on the switch, which is responsible for securing the communications bus.
  • During cart init, both MCUs exchange randomized data which, when used in conjunction with stored secrets, creates a communication chain that is completely opaque to us.
  • In addition, switch verifies that the gamecart contains said shared secret using the "challenge-response" we've talked so much about.
  • The asic on the switch side seems to be flashed once during boot, and it is unknown if it is reflashable, but it seems unlikely. In addition, shared secrets seem to be burnt in to the asic, meaning there's never a way to change them to something we control.
  • The switch also verifies that the asic is valid using a separate challenge-response round iirc, meaning every point on that chain is secure.
Basically, to beat this, you either need the gamecart's secrets or you need a kernel hack. Kernel hack is more likely, and then at that point you already have a kernel hack, you can patch out signature checks.

Take all of this however you want. I'm just some girl none of you know poking away at this for fun reciting what I loosely remember after cursory examinations, but in terms of peripheral security Nintendo did all the right things to ensure as well as possible that gamecarts can be verified and trusted.

Tl;Dr it's possible but not without huge budget or a kernel exploit, neither of which the developers who claimed to be working on this have. Hence the tweet.

Sorry if there are typos or grammar mistakes, I'm on mobile and can't be bothered to reread before I post. I'm off to sleep, try not to burn the place down.
Thank you for elaborating on it. Too bad people went fanboy over your post and were at each others throats. Too bad the newbies are so quick to do so
 

Technicmaster0

Well-Known Member
Member
Joined
Oct 22, 2011
Messages
4,404
Trophies
2
Website
www.flashkarten.tk
XP
3,479
Country
Gambia, The
That’s literally 0 proof of it being fake lmao. Just trying to get the attention off of them so he can have it now. Bring solid proof it’s fake and people will actually take you seriously lmao
I've spoken with NicoAICP about a week ago about the flashcard and I can say the following:
-I think that he believes in what they said but
-they have no clue about hardware design
-they didn't know the switch pinout back then
-what he has told me about how the card will work won't work
 

aSpookyNinja

Active Member
Newcomer
Joined
Sep 26, 2017
Messages
27
Trophies
0
Age
33
XP
61
Country
United States
People would be paying more for a flashcart than the TX hardware and having someone install it for them. I personally recommend @DeadlyFoez because in the over 10 years I've been hanging around GBATemp, he's shown to be extremely reliable and his handiwork is great. People are greedy, just wanting the easiest solution.
 
  • Like
Reactions: DeadlyFoez
D

Deleted User

Guest
OP
I find it funny that anyone thought this was legit in the first place. I dont believe Nico and his flashcard.
 

Soluble

Well-Known Member
Member
Joined
Mar 12, 2017
Messages
609
Trophies
0
Age
39
XP
588
Country
I find it funny that anyone thought this was legit in the first place. I dont believe Nico and his flashcard.
I find it funny that Devs have to come here to defend their statements before the pitchforks come out. Then we wonder why they aren't as forthcoming as we'd like.
 

aSpookyNinja

Active Member
Newcomer
Joined
Sep 26, 2017
Messages
27
Trophies
0
Age
33
XP
61
Country
United States
I find it funny that Devs have to come here to defend their statements before the pitchforks come out. Then we wonder why they aren't as forthcoming as we'd like.
Or they could just not give a fuck what people think and just do their thing like TX
 
D

Deleted User

Guest
OP
Or they could just not give a fuck what people think and just do their thing like TX
Atleast tx showed something, this was just a random gbatemp person who showed his 3d printed switch casing on his stream..... Yeah an dev, that seems like something i would believe.
 

aSpookyNinja

Active Member
Newcomer
Joined
Sep 26, 2017
Messages
27
Trophies
0
Age
33
XP
61
Country
United States
Yeah, at least TX don't go to forum to justify themself.
Exactly. I've been in love with TX since the original xbox days. Helped prevent a total brick when I was developing a softmod method and had some read issues with a usb drive.
 
  • Like
Reactions: Arck
Status
Not open for further replies.

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
  • No one is chatting at the moment.
    SylverReZ @ SylverReZ: @salazarcosplay, Morning