Nintendo Switch 'Mariko' units firmware keys dumped

PicsArt_06-02-03.40.55.jpg
With the discovery of the TegraRCM exploit that allowed homebrew enthusiasts to run unsigned code on it, Nintendo responded by releasing new Nintendo Switch units codenamed 'Mariko'. While at first glance this newer model is barely distinguishable from the older one (save for the flashy all-in-red box), it features a better battery life and slightly altered CPU instructions to help with power management and consumption.

However this was at a cost as the boot ROM bug that allowed homebrew enthusiasts and tinkerers to tamper with their switches was fixed for good. This of course upset many owners of the newer Switch iterations, and left people wondering whether or not they could ever enjoy homebrew on their 'Mariko' Switches in the future.

That future might not be too far away as developer @SciresM has successfully managed to dump the keys of the firmware on said units. In his YouTube video he showcases how this process was achieved:


SciresM said:
We have the Mariko firmware keys and fully label Mariko trustzone.


Even if slim, these early developments show that there is a possibility of running homebrew on the Nintendo Switch 'Mariko' units, and getting TrustZone access on the system.

:arrow: Source
 

xtrem3x

Well-Known Member
Member
Joined
Apr 16, 2008
Messages
200
Trophies
1
XP
2,354
Country
Beside SciresM has already proved he is able to hack new Switches, all we need to do is wait SCIRESM and co. to develop the free version.

He used the TX chip, he didn't hack it.

We all want a free solution, nobody wants to pay for something if they can have it free, but it looks as though if you want to hack a patched unit you'll need to pay for it. At least for the foreseeable future anyway but nobody knows what's around the corner :unsure:
 

SciresM

Developer
Developer
Joined
Mar 21, 2014
Messages
973
Trophies
3
Age
33
XP
8,292
Country
United States
He used the TX chip, he didn't hack it.

We all want a free solution, nobody wants to pay for something if they can have it free, but it looks as though if you want to hack a patched unit you'll need to pay for it. At least for the foreseeable future anyway but nobody knows what's around the corner :unsure:

We actually did break the modchip's DRM, which goes to a bunch of super paranoid lengths to prevent you from running your own code. They check multiple RSA signatures and clear all the keys -- including the ones we dumped -- to try to prevent other code from dumping them/getting access to them.

I'm impressed, being completely serious, with how much effort they put into their DRM. They check everything three times to prevent glitching their payload, lol.

You're correct though that keys were dumped by hacking gateway's modchip to get past its DRM and run our own code instead of gateway's boot.dat payload, though.

Once our own code was running instead of gateways I used some old, old tricks to a) decrypt and dump gateway's encrypted payload and their internal keys, and b) get the Nintendo keys out of the security engine and onto our PCs.
 
Last edited by SciresM,

anhminh

Pirate since 2010
Member
Joined
Sep 30, 2010
Messages
1,594
Trophies
1
Age
31
XP
3,365
Country
Vietnam
So he can already take thing out. Now we just need to find a better way to put thing in than a mod chip.
 

Viri

Well-Known Member
Member
Joined
Sep 13, 2009
Messages
4,221
Trophies
2
XP
6,805
Country
United States
Nice. At some point once Switch hardware gets real cheap I'll have to pick up a second unit.
I've been tempted to do that also. But, I personally just don't think it's worth it to buy another Switch just for a bit of a better battery life. The Switch's battery is fucking horse shit though. But, I'd prefer to wait for a completely upgraded Switch to blow money on.

This is just my opinion though. :P
 

Adran_Marit

Walküre's Hacker
Member
Joined
Oct 3, 2015
Messages
3,781
Trophies
1
Location
42*South
XP
4,548
Country
Australia
I didn't watched the 3h video, but I have a simple question.
Did SciresM used TXs Modchip to get the keys or was he able to hack it without?

Yep

could this be applied to lite

I assume so as there are two versions of the modchip

--------------------- MERGED ---------------------------

Nice!
@mattytrog we need your guidance how to make an opensource modchip :3

Was thinking about the same thing

Doing that though would probably paint a big target on the back of your head for Nintendo to fire at
 

Sundree

Well-Known Member
Newcomer
Joined
Jul 9, 2018
Messages
65
Trophies
0
XP
372
Country
United States
I'm probably going to do the same thing with my Switch that I did with my 3DS, and wait like 7 years before home-brewing it, so by than; running CFW would most likely be more stream-lined.
 

Xzi

Time to fly, 621
Member
Joined
Dec 26, 2013
Messages
17,736
Trophies
3
Location
The Lands Between
Website
gbatemp.net
XP
8,527
Country
United States
I've been tempted to do that also. But, I personally just don't think it's worth it to buy another Switch just for a bit of a better battery life. The Switch's battery is fucking horse shit though. But, I'd prefer to wait for a completely upgraded Switch to blow money on.

This is just my opinion though. :P
Yeah I'd upgrade to a Switch Pro pretty much as soon as it was released. For a second unit OTOH I'm thinking like $75 or less tablet only, so it'll definitely be a while but I have no issue with waiting.
 
  • Like
Reactions: RedBlueGreen

RedBlueGreen

Well-Known Member
Member
Joined
Aug 10, 2015
Messages
2,026
Trophies
1
XP
2,538
Country
Canada
I've been tempted to do that also. But, I personally just don't think it's worth it to buy another Switch just for a bit of a better battery life. The Switch's battery is fucking horse shit though. But, I'd prefer to wait for a completely upgraded Switch to blow money on.

This is just my opinion though. :P
Yeah, it's ridiculous how bad it is. I feel like some games you get maybe 2 hours of battery life.
 

nl255

Well-Known Member
Member
Joined
Apr 9, 2004
Messages
2,999
Trophies
2
XP
2,785
Country
We actually did break the modchip's DRM, which goes to a bunch of super paranoid lengths to prevent you from running your own code. They check multiple RSA signatures and clear all the keys -- including the ones we dumped -- to try to prevent other code from dumping them/getting access to them.

I'm impressed, being completely serious, with how much effort they put into their DRM. They check everything three times to prevent glitching their payload, lol.

You're correct though that keys were dumped by hacking gateway's modchip to get past its DRM and run our own code instead of gateway's boot.dat payload, though.

Once our own code was running instead of gateways I used some old, old tricks to a) decrypt and dump gateway's encrypted payload and their internal keys, and b) get the Nintendo keys out of the security engine and onto our PCs.

So are they lying when they claim it will work with other payloads including atmosphere or is their boot.dat going to act as a chainloader?
 

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
  • No one is chatting at the moment.
    SylverReZ @ SylverReZ: Sup