Not open for further replies.

jamais vu - a 1.0.0 TrustZone Code Execution Exploit for Nintendo Switch


A joint effort of ReSwitched developer SciresM and motezazer, jamais vu (French for "never seen") allows for code execution at the highest possible privilege level on the Nintendo Switch. [prebreak]1[/prebreak]Quoting from the writeup on Reddit, practical applications include:
  • On 1.0.0, code execution at the highest possible privilege level. TrustZone is only responsible for cryptography, but because jamais vu results in our controlling the entire contents of TZRAM when the system is booting back up, we're in an ideal position to "reboot" into our own, patched version of the OS.
  • We can dump keys from "write-only" keyslots. Nintendo's cryptosystem relies on TrustZone receiving only two keys: a shared master key, and a console-unique device key. Newer firmwares can change the master keywhen a fuse is burnt, but we can dump the 1.0.0 master key and our console's device key and perform all encryption a 1.0.0 to 2.3.0 console knows how to do at runtime on our PCs.
  • We've peeled back another layer of security, and can analyze and understand Nintendo's cryptosystem. That's the real victory :)
You can find the writeup below, as well as the ongoing discussions on GBAtemp.

:arrow: Source
:arrow: Ongoing Discussion
Not open for further replies.

Popular threads in this forum

General chit-chat
Help Users
  • No one is chatting at the moment.
    K3N1 @ K3N1: