Meh I've goofed around enough and want to get a little technical before I go to bed. Take this all with a grain of salt because I'm tired af and also likely missing several key pieces of the puzzle since my focus on the switch has been fault injection in order to take over the early bootchain.
Basically here's the deal: we (meaning reswitched + switchbrew + hexkyz and other individuals) haven't fully reversed the gamecart interface due to the fact that we haven't been that interested. There's no major use case for us to review that, so everything is cursory. That being said, what we do know, simply put:
- Switch carts contain an mcu, as does a custom asic (application-specific integrated circuit) on the switch, which is responsible for securing the communications bus.
- During cart init, both MCUs exchange randomized data which, when used in conjunction with stored secrets, creates a communication chain that is completely opaque to us.
- In addition, switch verifies that the gamecart contains said shared secret using the "challenge-response" we've talked so much about.
- The asic on the switch side seems to be flashed once during boot, and it is unknown if it is reflashable, but it seems unlikely. In addition, shared secrets seem to be burnt in to the asic, meaning there's never a way to change them to something we control.
- The switch also verifies that the asic is valid using a separate challenge-response round iirc, meaning every point on that chain is secure.
Basically, to beat this, you either need the gamecart's secrets or you need a kernel hack. Kernel hack is more likely, and then at that point you already have a kernel hack, you can patch out signature checks.
Take all of this however you want. I'm just some girl none of you know poking away at this for fun reciting what I loosely remember after cursory examinations, but in terms of peripheral security Nintendo did all the right things to ensure as well as possible that gamecarts can be verified and trusted.
Tl;Dr it's possible but not without huge budget or a kernel exploit, neither of which the developers who claimed to be working on this have. Hence the tweet.
Sorry if there are typos or grammar mistakes, I'm on mobile and can't be bothered to reread before I post. I'm off to sleep, try not to burn the place down.