Christmas Nintendo Gigaleak reportedly contains Mariko BootRom source code and Let's Go beta

The one that arguably hits them the hardest couldn't have been timed more perfectly.

 

I think the caveat is that it allows other hackers to dive in without having to figure out how to dump and disassemble the Mariko bootrom on their own. Probably nothing will come of it, but who knows for sure.

 

Source code is a double edged sword, you are going to miss out on any compiler code generator bugs if you focus on source code. If you look at both the source and binaries then a misleading comment could change how you perceive the binary.

The way it's talked about here is that source code makes it 100 times easier, when it's probably more like 10% easier. We don't even know how close it is to the released binary.

There are plenty of tools for analyzing binaries that can get a lot of the benefits of having source code.

 

Actually there are also many static code analysis tools. Without having a look at the code I‘m pretty sure though they did have something up and running to cover those issues.

Also I‘m pretty sure after the fusee gelee debacle they had someone check for stuff like out of bounds or read after free.

 

yes i know it...i already accidentally got 2 warnings and i wont share any nsp here...

— Posts automatically merged - Please don't double post! —

i have one question which dont belong here...

 

Right, anything obvious in the source code should really have been picked up in their audit.

It's very unlikely there will be anything in the source that will lead to an exploit that can't be found just as easily without the source code (and that is if there are any exploits possible at all).

The wii strcmp, ps3 non random number & switch use after free are mistakes that I doubt we will ever see repeated.

 

Also I guess the whole compiler toolchain, types etc is playing a huge part in whether or not there may be an additional bug.

Also keep in mind, that NVidia is normally supporting their customers very well and they caught up with recent development concepts in the last couple of years.

 

Yeah, compiler bugs or unusual types (like char being unsigned by default) could allow someone writing the code to think it's secure but it's not. But then you will suffer the same problem when looking at the source.

 

While I would not be surprised at all to find them doing proper code tests nowadays it was not exactly still the dark ages of computing that those all happened in, and weaknesses in consoles was known beforehand
https://www.kapravelos.com/teaching/csc574-f16/readings/xbox-security.pdf
That being the original xbox rather than those later devices.

Also the Nintendo that for the 3ds pokemon would broadcast in plaintext prior to confirmation/lock in the pokemon the opposing player picked.

As I linked the security presentation I am also obliged to link https://nostarch.com/xboxfree for the curious. The downloable copy of Bunnie's (as in guy responsible for some of the biggest breakthroughs for the xbox) hacking the xbox got released for free and is well worth a read for aspiring and seasoned hardware hackers alike.

 

Imagine having to attend a hacker convention to hear about how your hardware you designed was getting hacked, to try and block those hacks, but you can't because you left in a backdoor. And then you're still stupid enough to leave a backdoor again on the next system that followed. Nintendo, you a dumb bitch.

 

They’re not stupid for including a recovery mode. RCM does check for a signature and will reject any payloads that don’t have a valid signature.
The hax is Nvidia being a galaxy brain and not having a size check in a place they should have in their bootrom USB2 stack.

 

The wii & ps3 practically were the dark ages, the gamecube & ps2 relied purely on obscure optical disc schemes.

Nvidia dropped the ball with tegra security for sure though.

 

That was my point.

If it was like the early internet where people were going on without firewalls, full services enabled... and seeing what we saw then that would be one thing. If however I look at what was being done to protect then contemporary, and even generations before, PC operating systems, PC games (even PS1 games in some cases -- that Spyro stuff speaks to some considerable sophistication back in 1999 https://www.gamasutra.com/view/feature/131439/keeping_the_pirates_at_bay.php ), and things like bank cash machines if we must assume that embedded systems are a different world to the PC (despite all the same programmers coming from all the same places with all the same qualifications) it is not like the need for robust checks were not known, vetting of security pathways and anything else you or I might employ in such a scenario to mean we are only likely to fall to something truly esoteric or from the hardware side channel attack front.
Even if they had done the moron military development route of fight the battle you fought before rather than the one coming at you now then most of those should not have happened.

 

Spyro protection is basically a throw back to the 80's/early 90's. Robocop 3 on the Amiga was similar.

 

I thought mariko was hacked already . That's the one that patched the fusseee melee exploit? Then there is the lite switch and that makes 3 switch versions as of now right?

 

Using a glitch attack, which means you need to buy hardware from the people who were arrested and are currently being prosecuted for selling the hardware.

 

RCM switch, ipatched and then Mariko are the new units both full size and lite

 

guys in simple English, will this leak make it possible to have CFW on a switch Lite without a modchip?

 

doubtful ,but nobody knows
just wait til the inevitable new years super ultra mega gigaleak

 

I've not downloaded it, but the mariko bootrom source is probably not going to help much.

If it contained the private signing keys then things become interesting.