Nintendo Switch 'Mariko' units firmware keys dumped

PicsArt_06-02-03.40.55.jpg
With the discovery of the TegraRCM exploit that allowed homebrew enthusiasts to run unsigned code on it, Nintendo responded by releasing new Nintendo Switch units codenamed 'Mariko'. While at first glance this newer model is barely distinguishable from the older one (save for the flashy all-in-red box), it features a better battery life and slightly altered CPU instructions to help with power management and consumption.

However this was at a cost as the boot ROM bug that allowed homebrew enthusiasts and tinkerers to tamper with their switches was fixed for good. This of course upset many owners of the newer Switch iterations, and left people wondering whether or not they could ever enjoy homebrew on their 'Mariko' Switches in the future.

That future might not be too far away as developer @SciresM has successfully managed to dump the keys of the firmware on said units. In his YouTube video he showcases how this process was achieved:


SciresM said:
We have the Mariko firmware keys and fully label Mariko trustzone.


Even if slim, these early developments show that there is a possibility of running homebrew on the Nintendo Switch 'Mariko' units, and getting TrustZone access on the system.

:arrow: Source
 

codezer0

Gaming keeps me sane
Member
Joined
Jul 14, 2009
Messages
3,565
Trophies
2
Location
The Magic School Bus
XP
4,475
Country
United States
Okay so... i wonder how we will use this in the future....
For an end user? Probably not immediately useful. But for the likes of those making atmosphere and similar for homebrew and game loading, this is probably a big deal, since it means there will be a lot more eligible consoles able to run this stuff and be jailbroken.
 

huma_dawii

Well-Known Member
Member
Joined
Apr 3, 2014
Messages
3,879
Trophies
1
Age
33
Location
Planet Earth
XP
4,244
Country
United States
For an end user? Probably not immediately useful. But for the likes of those making atmosphere and similar for homebrew and game loading, this is probably a big deal, since it means there will be a lot more eligible consoles able to run this stuff and be jailbroken.

But they atill need to find an exploit for Mariko units right? Cause the jig stuff wont work I'm assuming.
 

Ryccardo

Penguin accelerator
Member
Joined
Feb 13, 2015
Messages
7,664
Trophies
1
Age
28
Location
Imola
XP
6,867
Country
Italy
But they atill need to find an exploit for Mariko units right? Cause the jig stuff wont work I'm assuming.
RCM works fine on new bootrom consoles (as long as you have a signed payload)

It's unlikely a way to sign them will be found, but
1- you only need to win the lottery once if you do it right
2- there may well be another entrypoint (as the existence of the new """TX""" chips provides supporting evidence for)
 

DbGt

Well-Known Member
Member
Joined
Jul 28, 2004
Messages
490
Trophies
1
Website
Visit site
XP
2,838
Country
Mexico
At 2:45:10, he says he expects the Mariko to have no software vulnerabilities, so probably you will still need a modchip

Plus if there was a software vulnerability, then why tx, who had this keys way before and for much longer is instead releasing a modchip over some soft solution?
 

xbmcuser

Well-Known Member
Member
Joined
Sep 8, 2007
Messages
211
Trophies
1
Location
United Kingdom
XP
1,494
Country
United Kingdom
How about this?
Fix a modchip in run sxos and then add some app to introduce a new sw solution to glitch on boot from sd.

Remove modchip, your patched switch then is permanently able to run cfw, say Atmosphere etc.

Would this work,?

This saves on cost of mod chip and sxos.

This will be run by installers.
 
Joined
Sep 9, 2019
Messages
904
Trophies
1
Location
Switch scene
Website
github.com
XP
2,663
Country
Korea, North
One step closer to it being hacked?
It is hacked with the mod chip.

But they atill need to find an exploit for Mariko units right? Cause the jig stuff wont work I'm assuming.

Since pretty much everyone with a lot knowledge of the Switch OS like SciresM, Hexkyz, and presumably the TX engineers (otherwise why waste a hardware solution on a smaller userbase when they can wait?) agrees the firmware has no useful bugs currently the only way to run CFW will be through the SX chips or clones of them.

What about patched Switches?

The SX Core works on all models (F-G, ipatched, and V2 / lite)

At 2:45:10, he says he expects the Mariko to have no software vulnerabilities, so probably you will still need a modchip

Plus if there was a software vulnerability, then why tx, who had this keys way before and for much longer is instead releasing a modchip over some soft solution?

One possible reason is that TX is a business and it's a lot harder to add DRM to a software solution, although a counter argument is that if they released a SW solution they could keep their chips and sell them to a larger userbase later.

I didn't watched the 3h video, but I have a simple question.
Did SciresM used TXs Modchip to get the keys or was he able to hack it without?

I haven't had a chance to look at the video either but the things he said on twitter strongly suggests that he used a TX chip.

How about this?
Fix a modchip in run sxos and then add some app to introduce a new sw solution to glitch on boot from sd.

Remove modchip, your patched switch then is permanently able to run cfw, say Atmosphere etc.
Would this work,?
This saves on cost of mod chip and sxos.
This will be run by installers.

This won't work because any code you add will be unsigned so the console won't boot, the same reason you can't just add code to a fusee-gelee hackable console to boot without a usb payload. If a software bug is found that requires editing data on the nand that is possible but unlikely to be the case.
 
Last edited by CompSciOrBust,

RedBlueGreen

Well-Known Member
Member
Joined
Aug 10, 2015
Messages
2,026
Trophies
1
XP
2,538
Country
Canada
Nice. At some point once Switch hardware gets real cheap I'll have to pick up a second unit.
It should drop again soon enough. Won't be cheap, but people on eBay won't be able to ask $300+ USD for just the tablet anymore once Nintendo can get more out. Nintendo sells refurbs for $260 USD (with joycons, dock, and everything).

--------------------- MERGED ---------------------------

Nice. Can't wait till we can hack the new ones. Then people won't be charging extra for older Switch models.
 

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
  • No one is chatting at the moment.
    Sicklyboy @ Sicklyboy: *teleports behind you* "Nothing personnel, kiddo" +1