1. Fisherman765

    Fisherman765 Member
    Newcomer

    Joined:
    Feb 21, 2018
    Messages:
    18
    Country:
    Mexico
    The one that arguably hits them the hardest couldn't have been timed more perfectly.
     
  2. TerraPhantm

    TerraPhantm GBAtemp Fan
    Member

    Joined:
    Jul 27, 2007
    Messages:
    498
    Country:
    United States
    I think the caveat is that it allows other hackers to dive in without having to figure out how to dump and disassemble the Mariko bootrom on their own. Probably nothing will come of it, but who knows for sure.
     
    Ryccardo likes this.
  3. smf

    smf GBAtemp Psycho!
    Member

    Joined:
    Feb 23, 2009
    Messages:
    4,735
    Country:
    United Kingdom
    Source code is a double edged sword, you are going to miss out on any compiler code generator bugs if you focus on source code. If you look at both the source and binaries then a misleading comment could change how you perceive the binary.

    The way it's talked about here is that source code makes it 100 times easier, when it's probably more like 10% easier. We don't even know how close it is to the released binary.

    There are plenty of tools for analyzing binaries that can get a lot of the benefits of having source code.
     
    Last edited by smf, Dec 27, 2020
    ShroomKing likes this.
  4. bbsan2k

    bbsan2k Advanced Member
    Newcomer

    Joined:
    Jul 6, 2019
    Messages:
    57
    Country:
    Germany
    Actually there are also many static code analysis tools. Without having a look at the code I‘m pretty sure though they did have something up and running to cover those issues.

    Also I‘m pretty sure after the fusee gelee debacle they had someone check for stuff like out of bounds or read after free.
     
  5. Sora Takihawa

    Sora Takihawa GBAtemp Psycho!
    Member

    Joined:
    Oct 11, 2015
    Messages:
    3,432
    Country:
    Germany
    yes i know it...i already accidentally got 2 warnings and i wont share any nsp here...

    — Posts automatically merged - Please don't double post! —

    i have one question which dont belong here...
     
  6. smf

    smf GBAtemp Psycho!
    Member

    Joined:
    Feb 23, 2009
    Messages:
    4,735
    Country:
    United Kingdom
    Right, anything obvious in the source code should really have been picked up in their audit.

    It's very unlikely there will be anything in the source that will lead to an exploit that can't be found just as easily without the source code (and that is if there are any exploits possible at all).

    The wii strcmp, ps3 non random number & switch use after free are mistakes that I doubt we will ever see repeated.
     
    Last edited by smf, Dec 27, 2020
  7. bbsan2k

    bbsan2k Advanced Member
    Newcomer

    Joined:
    Jul 6, 2019
    Messages:
    57
    Country:
    Germany
    Also I guess the whole compiler toolchain, types etc is playing a huge part in whether or not there may be an additional bug.

    Also keep in mind, that NVidia is normally supporting their customers very well and they caught up with recent development concepts in the last couple of years.
     
  8. smf

    smf GBAtemp Psycho!
    Member

    Joined:
    Feb 23, 2009
    Messages:
    4,735
    Country:
    United Kingdom
    Yeah, compiler bugs or unusual types (like char being unsigned by default) could allow someone writing the code to think it's secure but it's not. But then you will suffer the same problem when looking at the source.
     
    bbsan2k likes this.
  9. FAST6191

    FAST6191 Techromancer
    Reporter

    Joined:
    Nov 21, 2005
    Messages:
    32,668
    Country:
    United Kingdom
    While I would not be surprised at all to find them doing proper code tests nowadays it was not exactly still the dark ages of computing that those all happened in, and weaknesses in consoles was known beforehand
    https://www.kapravelos.com/teaching/csc574-f16/readings/xbox-security.pdf
    That being the original xbox rather than those later devices.

    Also the Nintendo that for the 3ds pokemon would broadcast in plaintext prior to confirmation/lock in the pokemon the opposing player picked.

    As I linked the security presentation I am also obliged to link https://nostarch.com/xboxfree for the curious. The downloable copy of Bunnie's (as in guy responsible for some of the biggest breakthroughs for the xbox) hacking the xbox got released for free and is well worth a read for aspiring and seasoned hardware hackers alike.
     
  10. Jayro

    Jayro MediCat USB and Malwarebytes Bootable Developer
    Developer

    Joined:
    Jul 23, 2012
    Messages:
    9,069
    Country:
    United States
    Imagine having to attend a hacker convention to hear about how your hardware you designed was getting hacked, to try and block those hacks, but you can't because you left in a backdoor. And then you're still stupid enough to leave a backdoor again on the next system that followed. Nintendo, you a dumb bitch.
     
    Hologram and weatMod like this.
  11. ZachyCatGames

    ZachyCatGames GBAtemp Psycho!
    Member

    Joined:
    Jun 19, 2018
    Messages:
    3,090
    Country:
    United States
    They’re not stupid for including a recovery mode. RCM does check for a signature and will reject any payloads that don’t have a valid signature.
    The hax is Nvidia being a galaxy brain and not having a size check in a place they should have in their bootrom USB2 stack.
     
    Seriel and ChronoTrig like this.
  12. smf

    smf GBAtemp Psycho!
    Member

    Joined:
    Feb 23, 2009
    Messages:
    4,735
    Country:
    United Kingdom
    The wii & ps3 practically were the dark ages, the gamecube & ps2 relied purely on obscure optical disc schemes.

    Nvidia dropped the ball with tegra security for sure though.
     
    Jayro likes this.
  13. FAST6191

    FAST6191 Techromancer
    Reporter

    Joined:
    Nov 21, 2005
    Messages:
    32,668
    Country:
    United Kingdom
    That was my point.

    If it was like the early internet where people were going on without firewalls, full services enabled... and seeing what we saw then that would be one thing. If however I look at what was being done to protect then contemporary, and even generations before, PC operating systems, PC games (even PS1 games in some cases -- that Spyro stuff speaks to some considerable sophistication back in 1999 https://www.gamasutra.com/view/feature/131439/keeping_the_pirates_at_bay.php ), and things like bank cash machines if we must assume that embedded systems are a different world to the PC (despite all the same programmers coming from all the same places with all the same qualifications) it is not like the need for robust checks were not known, vetting of security pathways and anything else you or I might employ in such a scenario to mean we are only likely to fall to something truly esoteric or from the hardware side channel attack front.
    Even if they had done the moron military development route of fight the battle you fought before rather than the one coming at you now then most of those should not have happened.
     
    Ryccardo likes this.
  14. smf

    smf GBAtemp Psycho!
    Member

    Joined:
    Feb 23, 2009
    Messages:
    4,735
    Country:
    United Kingdom
  15. TheZander

    TheZander King of the Level 7's
    Member

    Joined:
    Feb 1, 2008
    Messages:
    1,996
    Country:
    United States
    I thought mariko was hacked already . That's the one that patched the fusseee melee exploit? Then there is the lite switch and that makes 3 switch versions as of now right?
     
  16. smf

    smf GBAtemp Psycho!
    Member

    Joined:
    Feb 23, 2009
    Messages:
    4,735
    Country:
    United Kingdom
    Using a glitch attack, which means you need to buy hardware from the people who were arrested and are currently being prosecuted for selling the hardware.
     
  17. Adran_Marit

    Adran_Marit Walküre's Hacker
    Member

    Joined:
    Oct 3, 2015
    Messages:
    2,982
    Country:
    Australia
    RCM switch, ipatched and then Mariko are the new units both full size and lite
     
  18. KingFrak

    KingFrak Newbie
    Newcomer

    Joined:
    Dec 6, 2020
    Messages:
    4
    Country:
    Pakistan
    guys in simple English, will this leak make it possible to have CFW on a switch Lite without a modchip?
     
    pollop2345 likes this.
  19. weatMod

    weatMod GBAtemp Psycho!
    Member

    Joined:
    Aug 24, 2013
    Messages:
    3,070
    Country:
    United States
    doubtful ,but nobody knows
    just wait til the inevitable new years super ultra mega gigaleak
     
    proflayton123 likes this.
  20. smf

    smf GBAtemp Psycho!
    Member

    Joined:
    Feb 23, 2009
    Messages:
    4,735
    Country:
    United Kingdom
    I've not downloaded it, but the mariko bootrom source is probably not going to help much.

    If it contained the private signing keys then things become interesting.
     
    MaD_mAnIaC likes this.
Draft saved Draft deleted
Loading...

Hide similar threads Similar threads with keywords - reportedly, Christmas, Nintendo