Hacking 6.2.0 Key Generation could (POSSIBLY) be UNCRACKABLE.

ZachSZ · Nov 21, 2018

Will this hault progress on the Yuzu emulator?

Essasetic · Nov 21, 2018

IHOP said:
Not false, my unit is banned and i get an update prompt.

Ah.

--------------------- MERGED ---------------------------

ZachSZ said:
Will this hault progress on the Yuzu emulator?

lol no.

--------------------- MERGED ---------------------------

Probably best I start setting up 90DNS then.

palantine · Nov 21, 2018

I wrote a short explanation in another thread so I'll repost it here:

The new key generation explained:

The switch has an Nvidia coprocessor ( a second processor) inside of it called the TSEC or Falcon that handles cryptographic operations like AES and verifying signatures. This processor is ordinarily supplied a firmware when the switch boots and then hands over the TSEC key to the boot loader so it can decrypt and load the rest of the firmware.

What was changed in 6.2 is that the TSEC firmware now derives one of the decryption keys internally rather than letting the boot loader do it. This means that despite having full control over the boot process, the derivation of this key now happens secretly where we cannot see it.

I'm looking at the TSEC firmware now to research this process but it may be simply out of our reach unless we can exploit or trick the TSEC into doing what we want or leaking the info. Here is a screenshot I took of reverse engineering the 6.2 TSEC firmware.

View attachment 149848

Essasetic · Nov 21, 2018

palantine said:
I wrote a short explanation in another thread so I'll repost it here:

The new key generation explained:

The switch has an Nvidia coprocessor ( a second processor) inside of it called the TSEC or Falcon that handles cryptographic operations like AES and verifying signatures. This processor is ordinarily supplied a firmware when the switch boots and then hands over the TSEC key to the boot loader so it can decrypt and load the rest of the firmware.

What was changed in 6.2 is that the TSEC firmware now derives one of the decryption keys internally rather than letting the boot loader do it. This means that despite having full control over the boot process, the derivation of this key now happens secretly where we cannot see it.

I'm looking at the TSEC firmware now to research this process but it may be simply out of our reach unless we can exploit or trick the TSEC into doing what we want or leaking the info. Here is a screenshot I took of reverse engineering the 6.2 TSEC firmware.

View attachment 149848

Well it's some form of progress

Zumoly · Nov 21, 2018

palantine said:
I wrote a short explanation in another thread so I'll repost it here:

The new key generation explained:

The switch has an Nvidia coprocessor ( a second processor) inside of it called the TSEC or Falcon that handles cryptographic operations like AES and verifying signatures. This processor is ordinarily supplied a firmware when the switch boots and then hands over the TSEC key to the boot loader so it can decrypt and load the rest of the firmware.

What was changed in 6.2 is that the TSEC firmware now derives one of the decryption keys internally rather than letting the boot loader do it. This means that despite having full control over the boot process, the derivation of this key now happens secretly where we cannot see it.

I'm looking at the TSEC firmware now to research this process but it may be simply out of our reach unless we can exploit or trick the TSEC into doing what we want or leaking the info. Here is a screenshot I took of reverse engineering the 6.2 TSEC firmware.

View attachment 149848

Oh! Looks like they finally convinced Nvidia to lend a hand.
I believe cracking 6.2 will bring true CFW.

m4xw · Nov 21, 2018

linuxares said:
"What's created by man, can be cracked by man. It's just a matter of time." - Unknown

Broken, not cracked.
Also goes without the matter of time. Whatever it may take.

Dominator211 · Nov 22, 2018

hmm well, I guess they finally stomped homebrew... oh well. guess I cant get ultimate now... shame. might ba a while

NeoSlyde · Nov 22, 2018

Dominator211 said:
hmm well, I guess they finally stomped homebrew... oh well. guess I cant get ultimate now... shame. might ba a while

I’m pretty sure we will have Smash. Day one or one week before

Dominator211 · Nov 22, 2018

NeoSlyde said:
I’m pretty sure we will have Smash. Day one or one week before

but like there are titles im looking foward to in 2019 and we wont be able to get them unless someone cracks the code. which we will but how long would that take?

tom95 · Nov 22, 2018

palantine said:
I wrote a short explanation in another thread so I'll repost it here:

The new key generation explained:

The switch has an Nvidia coprocessor ( a second processor) inside of it called the TSEC or Falcon that handles cryptographic operations like AES and verifying signatures. This processor is ordinarily supplied a firmware when the switch boots and then hands over the TSEC key to the boot loader so it can decrypt and load the rest of the firmware.

What was changed in 6.2 is that the TSEC firmware now derives one of the decryption keys internally rather than letting the boot loader do it. This means that despite having full control over the boot process, the derivation of this key now happens secretly where we cannot see it.

I'm looking at the TSEC firmware now to research this process but it may be simply out of our reach unless we can exploit or trick the TSEC into doing what we want or leaking the info. Here is a screenshot I took of reverse engineering the 6.2 TSEC firmware.

View attachment 149848

do the TSEC firmware have to been signed or you can run your own?

Paulsar99 · Nov 22, 2018

Didn't people also said that on firmware 5.0 as well?

NeoSlyde · Nov 22, 2018

Dominator211 said:
but like there are titles im looking foward to in 2019 and we wont be able to get them unless someone cracks the code. which we will but how long would that take?

OR. Dump the cartridges.

Hmmmmmm, not so long I bet.

TerraPhantm · Nov 22, 2018

Kubas_inko said:
Because that's also an option.

No it isn't. Even with all the computing power on Earth, the heat death of the universe will occur before your brute force those keys.

m4xw · Nov 22, 2018

tom95 said:
do the TSEC firmware have to been signed or you can run your own?

You can run your own but you are limited without entering authenticated mode, which needs "unknown secrets" simply said.

palantine said:
I'm looking at the TSEC firmware now to research this process but it may be simply out of our reach unless we can exploit or trick the TSEC into doing what we want or leaking the info

Could maybe do a side channel attack, else... pretty much. Break cauth

Giga_Gaia · Nov 22, 2018

Smash won't include 6.2.0. The game has gone gold a while ago, which means production has been well underway before 6.2.0 released, so it's impossible for it to come with it or require it. Hell, even Pokemon doesn't require 6.0.0 or 6.1.0, it requires 5.1.0.

As for 2019 games, I am 100% certain 6.2.0 will be cracked long before the first game releases. Unfortunately for Nintendo, pirates having hardware access means there is nothing long term they can do.

flatty69 · Nov 22, 2018

90DNS this dont work and will still update the switch to 6.2 it did to me so 90DNS Dont do Shit

tom95 · Nov 22, 2018

palantine said:
I wrote a short explanation in another thread so I'll repost it here:

The new key generation explained:

The switch has an Nvidia coprocessor ( a second processor) inside of it called the TSEC or Falcon that handles cryptographic operations like AES and verifying signatures. This processor is ordinarily supplied a firmware when the switch boots and then hands over the TSEC key to the boot loader so it can decrypt and load the rest of the firmware.

What was changed in 6.2 is that the TSEC firmware now derives one of the decryption keys internally rather than letting the boot loader do it. This means that despite having full control over the boot process, the derivation of this key now happens secretly where we cannot see it.

I'm looking at the TSEC firmware now to research this process but it may be simply out of our reach unless we can exploit or trick the TSEC into doing what we want or leaking the info. Here is a screenshot I took of reverse engineering the 6.2 TSEC firmware.

View attachment 149848

m4xw said:
You can run your own but you are limited without entering authenticated mode, which needs "unknown secrets" simply said.

Could maybe do a side channel attack, else... pretty much. Break cauth

also very dumb question, if we have full boot access and the instruction set of tegra is well understood, can this problem be solved by loading a sw layer between cpu and software that intercept all system calls and alterate some to load CFW component?
that would make having the key unnecessary?

Dominator211 · Nov 22, 2018

NeoSlyde said:
OR. Dump the cartridges.

Hmmmmmm, not so long I bet.

you cant dump carts i believe thats what people were saying

maxx488 · Nov 22, 2018

Dominator211 said:
you cant dump carts i believe thats what people were saying

Wth? Havent you heard of SX dumper??

TamarindoJuice · Nov 22, 2018

maxx488 said:
Wth? Havent you heard of SX dumper??

He's sayng that for some tricks Ninty did you can't dump games while on 6.2

Hacking 6.2.0 Key Generation could (POSSIBLY) be UNCRACKABLE.

Well-Known Member

General Spectator

Well-Known Member

General Spectator

GBATemp Analyst

Ancient Deity

JFK's Jelly Donut

Let us start the game

JFK's Jelly Donut

Member

Well-Known Member

Let us start the game

Well-Known Member

Ancient Deity

Well-Known Member

Well-Known Member

Member

JFK's Jelly Donut

Well-Known Member

Well-Known Member

Similar threads

Popular threads in this forum