A team of hackers probably has irreparable access to the security chip of the Nintendo Switch. The root keys can also be extracted.
Several hackers and developers seem to have finally cracked the hardware security of the Nintendo Switch and thus also the security of the Nvidia SoC called Tegra X1, which serves as the basis of the console. Already in 2018, it was possible to bypass the protection of the boot ROM used via a quite trivial bug. However, even the clever patch for this problem from Nvidia and Nintendo seems to be completely overcome now.
The problem with the first hack three years ago was that the boot ROM chip cannot be patched easily. The corresponding vulnerable commands are hardcoded, so a patch against the attacks seemed rather unlikely in devices that were already sold at the time. And already before, it was possible to execute own code on the Switch and even read the console's keys.
However, as Switch hacker Plutooo now writes, a "clever guy" had pointed out a separate security chip to the manufacturers, which is present on the X1 and had not been used until then. With the update 6.2.0 for the Switch firmware, Nintendo actually used it and completely rebuilt the startup process with the help of this chip called TSEC.
"Nintendo has apparently done the impossible: A) got its secure boot back and B) introduced new key material." So the old hack was worthless with the new firmware. Unsurprisingly, the Switch hackers then turned their attention to the TSEC chip and continued to find numerous bugs, which now just probably cannot be changed for all devices sold with the chip so far. And probably not even for new devices without a major hardware revision.
Source: Hexkyz & SciresM via
hexkyz.blogspot.com
source
