Suggestion Hedgeberg Confirmed that switch Flashcard are Fake.

Discussion in 'Switch - Hacking & Homebrew' started by Natehaxx, Jan 14, 2018.

Thread Status:
Not open for further replies.
  1. dark_samus3

    dark_samus3 GBAtemp Addict

    Member
    2,337
    1,759
    May 30, 2015
    United States
    Well, I will be awaiting you "walking around" the Switch's CR system then! See you never!

    — Posts automatically merged - Please don't double post! —

    (Also, to be clear, I think the whole "Impossible" statement was what you'd call hyperbole. Exaggeration to make a point.)
     
    peteruk, Ra1d and ihaveamac like this.
  2. ARVI80

    ARVI80 GBAtemp Regular

    Member
    186
    91
    Feb 25, 2016
    UK
    You got it in one fella, as I will literally never bother. I have absolutely no need. :)
     
  3. DarthDub

    DarthDub Amateur Hacker

    Member
    1,358
    1,096
    Jan 26, 2016
    United States
    Your mom's basement.
    "Confirmed." Riiight.
     
  4. aSpookyNinja

    aSpookyNinja Member

    Newcomer
    24
    14
    Sep 26, 2017
    United States
    To clarify, defeating crypto would require a hack to the switch to bypass the crypto checks, like how Halo 3 was modified to not perform rsa2048 checks on map files. While edgelord is correct, they're just someone trying to hop on a hype train.

    This thread needs locked anyway.
     
  5. dark_samus3

    dark_samus3 GBAtemp Addict

    Member
    2,337
    1,759
    May 30, 2015
    United States
    So, to sum up; You've done no research on the particular mechanisms the Switch uses (hardware that uses CR to reject any non-compliant carts), don't plan on doing any research on the subject, and weren't planning on doing anything? Gosh, sounds like someone doesn't really know what they're talking about...
     
    peteruk, Xenon Hacks and ihaveamac like this.
  6. ARVI80

    ARVI80 GBAtemp Regular

    Member
    186
    91
    Feb 25, 2016
    UK
    That's your assumption buddy. Whatever helps you sleep at night I guess. I will enjoy my switch and you can just enjoy everyone else's work eventually.
     
  7. dark_samus3

    dark_samus3 GBAtemp Addict

    Member
    2,337
    1,759
    May 30, 2015
    United States
    It's not really an assumption. Given the way you're talking it's *obvious* you don't know what you're talking about in this regard.
     
    peteruk likes this.
  8. ARVI80

    ARVI80 GBAtemp Regular

    Member
    186
    91
    Feb 25, 2016
    UK
    OK princess, I'm glad you no better.

    [​IMG]
     
    Last edited by ARVI80, Jan 14, 2018
  9. hedgeberg

    hedgeberg Newbie

    Newcomer
    8
    51
    Aug 12, 2017
    United States
    Meh I've goofed around enough and want to get a little technical before I go to bed. Take this all with a grain of salt because I'm tired af and also likely missing several key pieces of the puzzle since my focus on the switch has been fault injection in order to take over the early bootchain.

    Basically here's the deal: we (meaning reswitched + switchbrew + hexkyz and other individuals) haven't fully reversed the gamecart interface due to the fact that we haven't been that interested. There's no major use case for us to review that, so everything is cursory. That being said, what we do know, simply put:
    • Switch carts contain an mcu, as does a custom asic (application-specific integrated circuit) on the switch, which is responsible for securing the communications bus.
    • During cart init, both MCUs exchange randomized data which, when used in conjunction with stored secrets, creates a communication chain that is completely opaque to us.
    • In addition, switch verifies that the gamecart contains said shared secret using the "challenge-response" we've talked so much about.
    • The asic on the switch side seems to be flashed once during boot, and it is unknown if it is reflashable, but it seems unlikely. In addition, shared secrets seem to be burnt in to the asic, meaning there's never a way to change them to something we control.
    • The switch also verifies that the asic is valid using a separate challenge-response round iirc, meaning every point on that chain is secure.
    Basically, to beat this, you either need the gamecart's secrets or you need a kernel hack. Kernel hack is more likely, and then at that point you already have a kernel hack, you can patch out signature checks.

    Take all of this however you want. I'm just some girl none of you know poking away at this for fun reciting what I loosely remember after cursory examinations, but in terms of peripheral security Nintendo did all the right things to ensure as well as possible that gamecarts can be verified and trusted.

    Tl;Dr it's possible but not without huge budget or a kernel exploit, neither of which the developers who claimed to be working on this have. Hence the tweet.

    Sorry if there are typos or grammar mistakes, I'm on mobile and can't be bothered to reread before I post. I'm off to sleep, try not to burn the place down.
     
  10. aSpookyNinja

    aSpookyNinja Member

    Newcomer
    24
    14
    Sep 26, 2017
    United States
    Thank you for elaborating on it. Too bad people went fanboy over your post and were at each others throats. Too bad the newbies are so quick to do so
     
  11. Technicmaster0

    Technicmaster0 GBAtemp Psycho!

    Member
    3,496
    748
    Oct 22, 2011
    Gambia, The
    I've spoken with NicoAICP about a week ago about the flashcard and I can say the following:
    -I think that he believes in what they said but
    -they have no clue about hardware design
    -they didn't know the switch pinout back then
    -what he has told me about how the card will work won't work
     
  12. rac

    rac Member

    Newcomer
    29
    4
    Dec 27, 2014
    United States
    so flashcarts will be impossible, that's interesting news.
     
  13. DarthDub

    DarthDub Amateur Hacker

    Member
    1,358
    1,096
    Jan 26, 2016
    United States
    Your mom's basement.
    Improbable, not impossible.
     
    rac likes this.
  14. aSpookyNinja

    aSpookyNinja Member

    Newcomer
    24
    14
    Sep 26, 2017
    United States
    People would be paying more for a flashcart than the TX hardware and having someone install it for them. I personally recommend @DeadlyFoez because in the over 10 years I've been hanging around GBATemp, he's shown to be extremely reliable and his handiwork is great. People are greedy, just wanting the easiest solution.
     
    DeadlyFoez likes this.
  15. Riyaz

    Riyaz Black Ace/Red Joker

    Member
    1,305
    760
    Jun 21, 2011
    Netherlands
    everywhere
    I find it funny that anyone thought this was legit in the first place. I dont believe Nico and his flashcard.
     
  16. Soluble

    Soluble GBAtemp Regular

    Member
    126
    66
    Mar 12, 2017
    I find it funny that Devs have to come here to defend their statements before the pitchforks come out. Then we wonder why they aren't as forthcoming as we'd like.
     
  17. aSpookyNinja

    aSpookyNinja Member

    Newcomer
    24
    14
    Sep 26, 2017
    United States
    Or they could just not give a fuck what people think and just do their thing like TX
     
  18. Riyaz

    Riyaz Black Ace/Red Joker

    Member
    1,305
    760
    Jun 21, 2011
    Netherlands
    everywhere
    Atleast tx showed something, this was just a random gbatemp person who showed his 3d printed switch casing on his stream..... Yeah an dev, that seems like something i would believe.
     
  19. Arck

    Arck GBAtemp Advanced Fan

    Member
    823
    409
    Mar 13, 2016
    Yeah, at least TX don't go to forum to justify themself.
     
  20. aSpookyNinja

    aSpookyNinja Member

    Newcomer
    24
    14
    Sep 26, 2017
    United States
    Exactly. I've been in love with TX since the original xbox days. Helped prevent a total brick when I was developing a softmod method and had some read issues with a usb drive.
     
    Arck likes this.
Thread Status:
Not open for further replies.