D
Deleted User
Guest
I wrote this thread intending to post it in the Switch hacking section but it belongs in the EoF
The purpose of this thread is to have some fun making a logical guess. We have no way of knowing for certain what Nintendo does. The private key will probably never get leaked.
To my understanding, the private key is used to sign code. The only two ways to make a Switch run code are to sign it or exploit a security glitch. The private key is not stored on the Switch.
The only ways to obtain a private key are to bruteforce it, exploit a glitch to calculate it or get it from Nintendo.
The private key is 2048 bits long and will take millions of years to bruteforce using today's hardware. In a few decades we might be able to use quantum computers to bruteforce it within our lifetimes. By then the Switch will be obsolete.
Back in 2011 Sony got fucking pissed and probably fired a few engineers. A group of hackers discovered a glitch in the PS3's random number generation which allows the private key to be calculated. When properly implemented private keys are impossible to calculate. There is no known method to calculate the Switch's private keys, we will probably never find one.
The third option is the main purpose of this thread. Can we somehow get it from Nintendo? Unlikely. Nintendo probably goes all out on security to minimise the possibility of the private key getting leaked. Lets discuss this anyway, just for fun. I'm making some big guesses in the text below.
In Nintendo's office in Kyoto there is a computer which contains the private key and is used to sign Switch code. If Nintendo loses the private key they are fucked, backup copies are stored in several different physical locations in Japan.
The computer in Kyoto used to sign code is offline, stored behind armed guards and all logins must be approved by another staff member and are logged. Not just any staff member can login or approve a login. These staff members must pass a psychological assessment and be Japanese citizens on top of the passing police checks and signing a non-disclosure agreement like all the other staff members. Staff members don't need to see the private key, only put the code through a signing program.
To actually see the private key an engineer needs to make a request, providing a good reason why he needs to see the key to do his job. If his request is approved, only then can he see the private key. He also needs to meet the criteria described above.
The key is stored in other physical locations in Japan. Copies of the key are locked in safes protected by armed guards. The safes are only opened when the security company managing them authorities for them to be opened.
If, despite these measures the private key does get leaked Nintendo will send their private investigators in for the hunt then call their lawyers in for the kill. Those who played a role in leaking the private key will get sued and go to jail. Japanese jails include forced labour.
So can someone on GBAtemp get a job for Nintendo and leak the keys? If he is an accomplished cybersecurity professional, speaks fluent Japanese, manages to fool the psychologists who assess him, is or is willing to become a Japanese citizen and is willing to crucify himself for the sake of people who will call him a dumb fuck when he gets caught, then yes.
The purpose of this thread is to have some fun making a logical guess. We have no way of knowing for certain what Nintendo does. The private key will probably never get leaked.
To my understanding, the private key is used to sign code. The only two ways to make a Switch run code are to sign it or exploit a security glitch. The private key is not stored on the Switch.
The only ways to obtain a private key are to bruteforce it, exploit a glitch to calculate it or get it from Nintendo.
The private key is 2048 bits long and will take millions of years to bruteforce using today's hardware. In a few decades we might be able to use quantum computers to bruteforce it within our lifetimes. By then the Switch will be obsolete.
Back in 2011 Sony got fucking pissed and probably fired a few engineers. A group of hackers discovered a glitch in the PS3's random number generation which allows the private key to be calculated. When properly implemented private keys are impossible to calculate. There is no known method to calculate the Switch's private keys, we will probably never find one.
The third option is the main purpose of this thread. Can we somehow get it from Nintendo? Unlikely. Nintendo probably goes all out on security to minimise the possibility of the private key getting leaked. Lets discuss this anyway, just for fun. I'm making some big guesses in the text below.
In Nintendo's office in Kyoto there is a computer which contains the private key and is used to sign Switch code. If Nintendo loses the private key they are fucked, backup copies are stored in several different physical locations in Japan.
The computer in Kyoto used to sign code is offline, stored behind armed guards and all logins must be approved by another staff member and are logged. Not just any staff member can login or approve a login. These staff members must pass a psychological assessment and be Japanese citizens on top of the passing police checks and signing a non-disclosure agreement like all the other staff members. Staff members don't need to see the private key, only put the code through a signing program.
To actually see the private key an engineer needs to make a request, providing a good reason why he needs to see the key to do his job. If his request is approved, only then can he see the private key. He also needs to meet the criteria described above.
The key is stored in other physical locations in Japan. Copies of the key are locked in safes protected by armed guards. The safes are only opened when the security company managing them authorities for them to be opened.
If, despite these measures the private key does get leaked Nintendo will send their private investigators in for the hunt then call their lawyers in for the kill. Those who played a role in leaking the private key will get sued and go to jail. Japanese jails include forced labour.
So can someone on GBAtemp get a job for Nintendo and leak the keys? If he is an accomplished cybersecurity professional, speaks fluent Japanese, manages to fool the psychologists who assess him, is or is willing to become a Japanese citizen and is willing to crucify himself for the sake of people who will call him a dumb fuck when he gets caught, then yes.







