Hacking Nintendo Switch bootrom dumped.
- Thread starter epicmartin7
- Start date
- Views 54,429
- Replies 191
- Likes 29
In terms of hard data you can actually find that in most cases piracy only helps sales.For those on 3.0.0 and below only
If only there was empirical and irrefutable evidence that proves on how piracy ends up hurting game or console sales.
- Joined
- Apr 29, 2011
- Messages
- 31,284
- Trophies
- 2
- Age
- 38
- Location
- Dr. Wahwee's castle
- XP
- 18,969
- Country
I'm being facetious, a lot of people think piracy is some kind of horrific detriment to game sales. I was following a very famous facts/myths on piracy thread a few years back. Yes, that one. I'm sick of people saying piracy kills game companies, consoles, etc, and not once has that ever happened in recorded gaming history.
Until someone can actually prove otherwise, yeah. piracy doesn't kill sales or consoles at all.
Piracy and homebrew in general are a dying breed, its too much of a hassle in this day and age against just using standard practices and comes with too many loaded asterisks***** everywhere. PC platforms have slowly shifted away piracy, Denuvo is dying off, PS4 has been blown open since 1.76, Wii sold near a billion units of software, etc.
With the rise of online gaming, games with online components, and so on, homebrew/piracy basically means you lose all access to major elements of games, and you have to keep up with all the encryption/decryption wars and firmware compatibilities.
As far as the bootrom is concerned, they are the same thing. The Jetson TX2 and NSwitch use the Tegra210 chipset with only minor clock/cache changes between them and otherwise operate identically.
The unique signage, the crypto entropy, factory-set keys, and the TrustZone encryptions are another matter.
Last edited by V-Temp,
- Joined
- Apr 29, 2011
- Messages
- 31,284
- Trophies
- 2
- Age
- 38
- Location
- Dr. Wahwee's castle
- XP
- 18,969
- Country
The drawbacks to having no access to online components of online-based games? My point was that the boogeyman of piracy is slowly becoming something that all avenues of gaming have moved past. GoG is DRM free, some pubs release DRM free releases even without needing storefronts, Denuvo slowly being phased out, etc.
Yes you can bypass DRM, that's why its slowly dying off. But its also dying off because it wasn't doing anything.
I was agreeing with you.
- Joined
- Apr 29, 2011
- Messages
- 31,284
- Trophies
- 2
- Age
- 38
- Location
- Dr. Wahwee's castle
- XP
- 18,969
- Country
All in all, the point is that for the layman, the homebrew/piracy scenes of the DS/PSP are long gone. Online gaming (can't play online if your homebrew console is permanently banned), ever increasing crypto security and hacker/dev encryption wars, possibilities to brick, and so on, people have other shit to deal with. And because of all of this, all of the different DRM practices themselves have slowly died off because those who will pirate will find ways around the DRM anyway and their number was dwindling, so it became a PR point to be "DRM free" in a world where piracy has largely abated any way.
The reason that this is significant, while you're correct, is actually that the bootrom locks itself out/is protected (like 3ds, kinda), and what was dumped was the protected part that you can't just trivially dump off a jetson.
Thank you very much sir. You have been very active lately on the forums providing much needed clarity, and I for one very much appreciate it.
For my purposes, I don't care about losing access to the eShop or online play. The main thing I'm interested in, in terms of homebrew/hax0ring, is playing backups. Save data management, and save file editing would be cool as well. I'd love to use it as a portable emulator if it had a d-pad. Maybe I can give the joy-con a proper d-pad with a Dremel and the right donor controller. Point is, for people that mostly only care about piracy, I'm not sure how much of a deterrent to homebrew the loss of online functionality would be.
If I may ask, what's your story V-Temp? Are you a member of one of the dev teams or are you just well versed in the subject of security and exploits?
Ah nice. This is the nVidia-signed segment thats usually protected?
So fairly wholesome access, and potential for some fairly major compromises if found, yes?
Last edited by V-Temp,
It's the part that gets locked out when control is handed over to the first stage bootloader described by the BCT -- normally, attempts to read from this region result in reading back 0xEAFFFFFE (ARM infinite loop instruction).
The bootrom consists of 0x1000 of "unprotected" code ("NV Boot"), and 0x17000 of "protected" code ("NV Prod Boot") -- the full 0x18000 was dumped.
And, yeah.
Very nice. Great work then!
Curious, do you think we'd find sufficient access to effectively achieve a sighax-equivalent until a hardware revision is issued? This is a nVidia part, so I am unsure what degree of polish one would expect here vs. the usual Nintendo handlings.
Just a ninja, like I said long ago.
Thanks!
Can't comment on what degree of polish one would expect here -- (though, frankly, I don't think NV is much better than Ninty in general), but I can say that *unlike* in the 3DS era, the tegra bootrom has functionality for loading signed patches, and so even bootrom bugs aren't permanent wins -- a unit vulnerable to a hypothetical bootrom bug could become not vulnerable if it did a system update.
Last edited by SciresM,
That means if a vulnerability is found we the public should expect to basically not even know if exists to hopefully keep it around longer. Nintendo and nvidia are making secrets a necessary evil with this system especially compared to their last several systems.
Oh. Interesting, nVidia actually has some failsafe states in there then (and Nintendo by extension)! Yes, the 3DS was basically a permanent win once the boot was compromised ala sighax. Sounds like they learned a lot (and in this case stumbled into someone who knew better) for future-proofing their hardware against rolling compromises.
But as we're looking for bugs now, we're also going to be dependent on finding ways to get around the handshakes with TrustZone, yes? I believe (you'll have to pardon my aged memory on the matter) for the 3DS early on we had to basically find a hole in the security where we could get ahead of the keys, pull them, reverse engineer them, and solve the encryption aglo. My expectations for the Switch are naturally higher given the general step up since the 3DS/WiiU.
I am almost more interested in the order of operation of this from the nVidia engineering side of things than I am in even caring about applications for the Switch. Not every day you get a glimpse into that web.
Similar threads
-
The Real Jdbye
*is birb* -
K3Nv2
-
-
@
K3Nv2:
One of my friends wants to do a pc wall build I'm like but you constantly complain about roaches lol
-
-
-
-
-
-
-
-
-
-
-
-
-
@
Veho:
And in unrelated news, my balls are swole. Uremum sucked on them so hard I have testicular hematoma.+1 -
-
-
-
-
-
-
-
-
-
@
The Real Jdbye:
https://www.tcgplayer.com/product/87345/pokemon-delta-species-metagross-star?page=1&Language=English