Hacking Apparently the X1 bootrom was leaked

[garyopa]

I don't think there is a single car here where I live with Tegra in them so at least here we are safe... Here we have like 2 or 3 old ferraris 360 modena. Tesla will arrive on the island in 2050 maybe

On my island, Tesla will most likely never appear, as we still go thru two sets of planned power blackouts lasting 5 to 6 hours each a day, if i didn't have rack of boat marine batteries hooked up giant ups, i would not even be able to use a computer and monitor.

 

[TheCyberQuake]

well it wasn´t nintendo or switch who have fail, was nvidia at this point, is a bug of their chip not a bug of nintendo.

she is very nice and she never thinks only in herself, that is why she gave time to nvidia to check the problem, the point is that some one fuck it off leaking the bug

They didn't leak the bug, they leaked the bootrom. You'd still need to RE what was leaked and figure out exactly what the bug was.

 

[garyopa]

That's what I'm saying. They probably thought their security was hacking proof, that's why they agreed with the X1 itself for the Switch instead of a custom made chip.
They had the possibility to strengthen security but didn't because of X1 chip being outright unused if not for a niche market.

There was not enough time, nintendo wanted to get the switch out fast to market instead of delaying it more, so they used off-the-shelf parts, but next time around it will be little harder as mariko design T214 is more custom design, with many changes to the overall security with bootrom and ipatches, but still the core is still the same, so there will be flaws found it might take a year after they appear in wild, but it will occur, and this time there will be big money behind hacking mariko from sales of commercial mods, and more interest from other groups due to amount of people using open-source mods and free installs, so they will want to keep the whole scene momentum going strong.

 

[TerraPhantm]

Exactly. This is kind of a big deal. Security concerns aren't just for the Switch.

I disagree. Don't forget that there are Tegra dev kits (Jetson TX1) that are easily obtainable (literally I can buy one for <$500 on Amazon) and can run your own unsigned code. People with malicious intent who want to mess with Teslas and what not could have (and likely did) buy that dev kit and ran their own code to dump the boot code.

Secondly, don't forget almost every car with an ECU has been hacked. Early ones didn't even have any security to speak of, and newer ones generally have weak RSA implementations (often deliberately so). That didn't bring on the automotive apocalypse, and a theoretical vulnerability in the Tesla's entertainment system won't do so either.

 

[weatMod]

Yep me too, i going to have all those telsa cars now starting up their engine, driving away at night from their owner's homes into my big vacant lot. -- so much easier these days no more 'gone in 60 seconds' style, no more police chases, i just sit someplace, somewhere in world, and like drone operator watch in laughter in my big screen as the cars steal themselves. - thanks leaker, you making it so much easier for me!

unfortunately they will most likely end up crashing into a tree and exploding into a ball of flames before they reach the lot

 

[JellyPerson]

Inb4 switch emulator for Tesla model x

 

[aerios169]

twitch.tv/ktemkin kate is on twich, if you want to see how she is writting atmosphere.

 

[god88]

There was not enough time, nintendo wanted to get the switch out fast to market instead of delaying it more, so they used off-the-shelf parts, but next time around it will be little harder as mariko design T214 is more custom design, with many changes to the overall security with bootrom and ipatches, but still the core is still the same, so there will be flaws found it might take a year after they appear in wild, but it will occur, and this time there will be big money behind hacking mariko from sales of commercial mods, and more interest from other groups due to amount of people using open-source mods and free installs, so they will want to keep the whole scene momentum going strong.

I agree on this, but to me it looks like they've purposedly disregarded security. I don't think Nintendo would have wanted their console hacked this fast this open.

I disagree. Don't forget that there are Tegra dev kits (Jetson TX1) that are easily obtainable (literally I can buy one for <$500 on Amazon) and can run your own unsigned code. People with malicious intent who want to mess with Teslas and what not could have (and likely did) buy that dev kit and ran their own code to dump the boot code.

Secondly, don't forget almost every car with an ECU has been hacked. Early ones didn't even have any security to speak of, and newer ones generally have weak RSA implementations (often deliberately so). That didn't bring on the automotive apocalypse, and a theoretical vulnerability in the Tesla's entertainment system won't do so either.

Moreso, as I said in the quote above, I find it hard to believe that Nintendo felt right knowing everyone could get access to the boot code this easily.
To reply. I know cars are being hacked all the time, but this is still a security concern in my opinion. This isn't me saying it, the whole fact this code is private and closed source means something. Now I'm no security expert and I don't know to what extent this apply, but I don't think leaving the door to hacking open is good for NVIDIA, for whatever reason.

 

[guily6669]

With or without the Nvidia known exploit Teslas will kill you so, you are dead anyway .

The autodrive has been disabled for now as it led to death on 2 models already and the AI was even over the limit on the road, though only like 10mph, but still it was more than the limit.

 

[garyopa]

With or without the Nvidia known exploit Teslas will kill you so, you are dead anyway .

The autodrive has been disabled for now as it led to death on 2 models already and the AI was even over the limit on the road, though only like 10mph, but still it was more than the limit.

That's what they get for calling up geohot on his birthday and telling him the original deal was off the table, and f-u on your self-driving AI design, we going with someone else, he most likely 'rigged' it to fail! -- maybe they only kill people on certain special 'birthdays', reminds me of 'hack' that open up the liteon 360 drives, it was birthday of the designer's first born son, there is always 'holes' like that in firmwares, sometimes designers put it in there as inside joke, we did once in company i was working for, if you tried to access non-existing drive connected using the letters of the designer, on the next bootup instead of wonderful swan, it was poke-dot ugly ducking version.

Anyhow, didn't see mentioned in this thread yet, but for those looking to comb thru the leaked 96kb of bootrom goodness, search 'q3k' on twitter, and find the matching .IDC file if you lucky enough to own IDA PRO or warez'ed copy, no asking where to get that, as its more of problem then bootrom, or just browse you know where, usual sources.

Enjoy, and please remember that sharing in the scene is caring about the scene!

 

[Flying Scotsman]

With the bathroom dumped the idea that puts cars (wtf?) At risk is that someone will reverse the explore out of it?

Seriously what is this about teslas and stuff? There's no way that this stupid nintendo hacky exploit thing has any impact on automobiles

The thinking is that Teslas use the same SoC as the Switch, and with the bootrom now dumped for practically everyone to view and look over - the risk of hardware (i.e unpatchable through software alone) exploits is now therefore higher as you don't need a Switch and/or the know-how to dump the Bootrom anymore. It's been given to you on a platter.

It makes sense in theory, but probably not in practice since any exploit (like most car software exploits) would require direct access to the vehicle itself - not something anyone with a brain would knowingly allow.

 

[nWo]

What the hey...

 

[Patxinco]

From what i've read in this thread, i think there's too much paranoids thinking Tesla's will be instantly hacked and even remotely driven.
To even get to the Tesla's Tegra you must be inside the car, so it's not gonna be that easy, and even with that, someone must code an environment to get working his hacks, same as Switch with Atmosphere, if i'm not mistaken.
Now, Tesla can (IF EVER HAPPENS) just call all Tesla's with the Tegra x1 to swap to another one.
But again, that'll mean someone actually had taken his time RE Tesla's enviroment.

Back to the topic, the bootrom leak is nearly useless as it is to the end user, so is NOT FREE GAMEZ INSTANTLY MASTER RACE, if anyone came here looking for that, it's too soon boys!!!

 

[Jayro]

I'm just glad the bootrom isn't console-specific. Then it'd be really useless.

 

[BvanBart]

This is bad. This forces Nintendo and Nvidia in a tight spot... who knows what they will be doing now?

 

[smf]

I agree on this, but to me it looks like they've purposedly disregarded security. I don't think Nintendo would have wanted their console hacked this fast this open.

Nintendo don't want their console hacked ever, they didn't purposefully disregard anything.

Nintendo outsource hardware development and they believed what they were told.

 

[Jayro]

This is bad. This forces Nintendo and Nvidia in a tight spot... who knows what they will be doing now?

All it's gonna do is force as hardware revision, which is already well under way.

 

[Nincompoopdo]

sooo how do we use it tho?

Download the bootrom, put it in your SDcard and your Switch will be hacked!

 

[leerpsp]

Download the bootrom, put it in your SDcard and your Switch will be hacked!

if your on a fw higher then 3.0 (i think its higher then that) you have to open up your system and do a small less then a min hardmod bridging some test points is what i was told by some one on Kate's stream. But kate told every one it takes less then a min to do.

 

[BvanBart]

All it's gonna do is force as hardware revision, which is already well under way.

True. Can not deny that...
Hope the new revision is "just" a revision and not the "new" Switch or something similar.
Early adopters would feel screwed by that.