Nintendo Switch 'Mariko' units firmware keys dumped

PicsArt_06-02-03.40.55.jpg
With the discovery of the TegraRCM exploit that allowed homebrew enthusiasts to run unsigned code on it, Nintendo responded by releasing new Nintendo Switch units codenamed 'Mariko'. While at first glance this newer model is barely distinguishable from the older one (save for the flashy all-in-red box), it features a better battery life and slightly altered CPU instructions to help with power management and consumption.

However this was at a cost as the boot ROM bug that allowed homebrew enthusiasts and tinkerers to tamper with their switches was fixed for good. This of course upset many owners of the newer Switch iterations, and left people wondering whether or not they could ever enjoy homebrew on their 'Mariko' Switches in the future.

That future might not be too far away as developer @SciresM has successfully managed to dump the keys of the firmware on said units. In his YouTube video he showcases how this process was achieved:


SciresM said:
We have the Mariko firmware keys and fully label Mariko trustzone.


Even if slim, these early developments show that there is a possibility of running homebrew on the Nintendo Switch 'Mariko' units, and getting TrustZone access on the system.

:arrow: Source
 

SciresM

Developer
Developer
Joined
Mar 21, 2014
Messages
972
Trophies
2
Age
33
XP
8,241
Country
United States
So are they lying when they claim it will work with other payloads including atmosphere or is their boot.dat going to act as a chainloader?

Their boot.dat can chainload payloads...but they clear every key you would need out of the security engine first.

It's similar to sept's threat model, except where sept asked you to show the sept logo and then lets you use the keys you need to boot by making sure they're inside the SE, their modchip asks you to use their bootloader/menu and then wipes the keys you need from the engine so that you can't use them.

--------------------- MERGED ---------------------------

Their boot.dat can chainload payloads...but they clear every key you would need out of the security engine first.

It's similar to sept's threat model, except where sept asked you to show the sept logo and then lets you use the keys you need to boot by making sure they're inside the SE, their modchip asks you to use their bootloader/menu and then wipes the keys you need from the engine so that you can't use them.

Looked at this in a little more detail.

WRenPr5.png

They:
-Clear the security engine keyslots
-Perform a context save operation for the SE and for TZRAM
-Set keyslot 5 to a random key/ctr
-Encrypt all of their code to try to prevent a chainloaded payload from reading it.

I actually don't even know if you could chainload atmosphere. Saving the security engine context/saving TZRAM context is something I think you can only do once without warmbooting. You'd have to e.g. warmboot to be able to do it again, at which point you'd lose code execution since you didn't have your own data in tzram before the boot.dat code saved it.

Pretty sure this is actually them explicitly trying to prevent running atmosphere or other cfw on mariko, lmao.
 

Adran_Marit

Walküre's Hacker
Member
Joined
Oct 3, 2015
Messages
3,781
Trophies
1
Location
42*South
XP
4,533
Country
Australia
Surely they have a payloads option in their boot menu, I swear I've seen it in a previous version, whether it boots or not is a different thing, I assume
 

xtrem3x

Well-Known Member
Member
Joined
Apr 16, 2008
Messages
191
Trophies
1
XP
2,323
Country
We actually did break the modchip's DRM, which goes to a bunch of super paranoid lengths to prevent you from running your own code. They check multiple RSA signatures and clear all the keys -- including the ones we dumped -- to try to prevent other code from dumping them/getting access to them.

I'm impressed, being completely serious, with how much effort they put into their DRM. They check everything three times to prevent glitching their payload, lol.

You're correct though that keys were dumped by hacking gateway's modchip to get past its DRM and run our own code instead of gateway's boot.dat payload, though.

Once our own code was running instead of gateways I used some old, old tricks to a) decrypt and dump gateway's encrypted payload and their internal keys, and b) get the Nintendo keys out of the security engine and onto our PCs.

Fair play, cheers for the explanation!! :)
 

HideoKojima

Well-Known Member
Member
Joined
Jan 17, 2018
Messages
1,105
Trophies
0
Age
26
XP
2,204
Country
United States
I assume this will only be used after a new console comes out, so far SX is the only way to hack the non tegra consoles
 

KidIce

Smart Ass
Member
Joined
Dec 22, 2005
Messages
969
Trophies
1
XP
2,454
Country
United States
Technically Mariko is Tegra X1+, whereas the original Erista is just a plain old Tegra X1
OK... But they are still Tegra units. My query is about the "non tegra consoles" comment.

I admit I'm a little out of date on the subject, but the post I responded to made it sound like Mariko/Lite Switches were running a non-TX1 SOC. AFAIK that doesn't exist, that's what I'm getting at here. "+" or no, ALL switches are still powered by a TX1 SOC (of some revision), right?
 

Adran_Marit

Walküre's Hacker
Member
Joined
Oct 3, 2015
Messages
3,781
Trophies
1
Location
42*South
XP
4,533
Country
Australia
OK... But they are still Tegra units. My query is about the "non tegra consoles" comment.

I admit I'm a little out of date on the subject, but the post I responded to made it sound like Mariko/Lite Switches were running a non-TX1 SOC. AFAIK that doesn't exist, that's what I'm getting at here. "+" or no, ALL switches are still powered by a TX1 SOC (of some revision), right?

Yeah they are all still Erista (x1, RCM consoles) or Mariko units (x1+ redbox, lites)

There might be yet another revision down the line though especially with the recent developments (TX chip, mariko keys dumped etc)
 

DualBladedKirito

The Black Swordsman
Member
Joined
Sep 9, 2015
Messages
222
Trophies
0
Age
32
Location
United States
XP
940
Country
United States
Their boot.dat can chainload payloads...but they clear every key you would need out of the security engine first.

It's similar to sept's threat model, except where sept asked you to show the sept logo and then lets you use the keys you need to boot by making sure they're inside the SE, their modchip asks you to use their bootloader/menu and then wipes the keys you need from the engine so that you can't use them.

--------------------- MERGED ---------------------------



Looked at this in a little more detail.

WRenPr5.png

They:
-Clear the security engine keyslots
-Perform a context save operation for the SE and for TZRAM
-Set keyslot 5 to a random key/ctr
-Encrypt all of their code to try to prevent a chainloaded payload from reading it.

I actually don't even know if you could chainload atmosphere. Saving the security engine context/saving TZRAM context is something I think you can only do once without warmbooting. You'd have to e.g. warmboot to be able to do it again, at which point you'd lose code execution since you didn't have your own data in tzram before the boot.dat code saved it.

Pretty sure this is actually them explicitly trying to prevent running atmosphere or other cfw on mariko, lmao.
Will it allow you to dual boot linux ie lakka like fg vulnerable systems WITHOUT booting into horizon os? Or is this impossible for sxcore? I currently have an ipatched switch and really only want to use retroarch, leaving as little of a homebrew efootprint on my switch as possible bc it's my only one
 

ciaomao

Well-Known Dude
Member
Joined
Feb 20, 2014
Messages
555
Trophies
1
XP
1,856
Country
Albania
Yeah I'd upgrade to a Switch Pro pretty much as soon as it was released. For a second unit OTOH I'm thinking like $75 or less tablet only, so it'll definitely be a while but I have no issue with waiting.
good luck. at the time you have to pay 75$, used units will be degraded and have half battery capacity left. :unsure:
 

Pickle_Rick

I'm a pickle Morty!
Member
Joined
Aug 28, 2017
Messages
694
Trophies
0
Age
27
Location
Garage
XP
1,469
Country
United States
slightly altered CPU instructions to help with power management and consumption
Actually the same instructions but it's built on a smaller node so it's more dense. The smaller the transistors, the less power you need to flip their gate and they give off less heat.
 

UltraSUPRA

[title removed by staff]
Member
Joined
May 4, 2018
Messages
1,483
Trophies
0
Age
19
Location
Reality
XP
1,310
Country
United States
Nintendo will fight to make it illegal to hack systems here in America, just like it is in Japan.

I wonder what this site will become after that.
 

Viri

Well-Known Member
Member
Joined
Sep 13, 2009
Messages
4,190
Trophies
2
XP
6,731
Country
United States
Nintendo will fight to make it illegal to hack systems here in America, just like it is in Japan.

I wonder what this site will become after that.
I didn't hear anything about that. Did something change? The US is pretty pro hacking your own stuff. Just a few years ago they confirmed it's legal to hack your own smart TV.
 

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
  • No one is chatting at the moment.
    K3Nv2 @ K3Nv2: Sorry for accidentally bending over