1. SciresM

    SciresM Developer
    Developer

    Joined:
    Mar 21, 2014
    Messages:
    912
    Country:
    United States
    Their boot.dat can chainload payloads...but they clear every key you would need out of the security engine first.

    It's similar to sept's threat model, except where sept asked you to show the sept logo and then lets you use the keys you need to boot by making sure they're inside the SE, their modchip asks you to use their bootloader/menu and then wipes the keys you need from the engine so that you can't use them.

    — Posts automatically merged - Please don't double post! —

    Looked at this in a little more detail.

    [​IMG]

    They:
    -Clear the security engine keyslots
    -Perform a context save operation for the SE and for TZRAM
    -Set keyslot 5 to a random key/ctr
    -Encrypt all of their code to try to prevent a chainloaded payload from reading it.

    I actually don't even know if you could chainload atmosphere. Saving the security engine context/saving TZRAM context is something I think you can only do once without warmbooting. You'd have to e.g. warmboot to be able to do it again, at which point you'd lose code execution since you didn't have your own data in tzram before the boot.dat code saved it.

    Pretty sure this is actually them explicitly trying to prevent running atmosphere or other cfw on mariko, lmao.
     
    peteruk, Henx, ChaosEternal and 7 others like this.
  2. Adran_Marit

    Adran_Marit Walküre's Hacker
    Member

    Joined:
    Oct 3, 2015
    Messages:
    3,036
    Country:
    Australia
    Surely they have a payloads option in their boot menu, I swear I've seen it in a previous version, whether it boots or not is a different thing, I assume
     
  3. SciresM

    SciresM Developer
    Developer

    Joined:
    Mar 21, 2014
    Messages:
    912
    Country:
    United States
    They support jumping to your code, as I said.

    They lock stuff out explicitly to try to prevent other cfws from booting when doing so, lol.
     
    xstationbr and Adran_Marit like this.
  4. Adran_Marit

    Adran_Marit Walküre's Hacker
    Member

    Joined:
    Oct 3, 2015
    Messages:
    3,036
    Country:
    Australia
    I'm not overly fussed as I've got an FG switch.

    At any rate, I'm curious to see how this all plays out

    Keep doing the good work
     
    Last edited by Adran_Marit, Jun 4, 2020
  5. xcore1989

    xcore1989 Member
    Newcomer

    Joined:
    Jan 31, 2016
    Messages:
    38
    Country:
    United States
    Sweet, hope Atmosphere can run on mariko/lite someday.
     
    Stealphie likes this.
  6. xtrem3x

    xtrem3x GBAtemp Regular
    Member

    Joined:
    Apr 16, 2008
    Messages:
    147
    Country:
    Fair play, cheers for the explanation!! :)
     
  7. Shalashaska98

    Shalashaska98 GBAtemp Advanced Fan
    Member

    Joined:
    Jan 17, 2018
    Messages:
    894
    Country:
    United States
    I assume this will only be used after a new console comes out, so far SX is the only way to hack the non tegra consoles
     
  8. KidIce

    KidIce Smart Ass
    Member

    Joined:
    Dec 22, 2005
    Messages:
    962
    Country:
    United States
    All Switches have a Tegra X1 SOC... What do you mean by this?
     
  9. Adran_Marit

    Adran_Marit Walküre's Hacker
    Member

    Joined:
    Oct 3, 2015
    Messages:
    3,036
    Country:
    Australia
    Technically Mariko is Tegra X1+, whereas the original Erista is just a plain old Tegra X1
     
  10. KidIce

    KidIce Smart Ass
    Member

    Joined:
    Dec 22, 2005
    Messages:
    962
    Country:
    United States
    OK... But they are still Tegra units. My query is about the "non tegra consoles" comment.

    I admit I'm a little out of date on the subject, but the post I responded to made it sound like Mariko/Lite Switches were running a non-TX1 SOC. AFAIK that doesn't exist, that's what I'm getting at here. "+" or no, ALL switches are still powered by a TX1 SOC (of some revision), right?
     
  11. Adran_Marit

    Adran_Marit Walküre's Hacker
    Member

    Joined:
    Oct 3, 2015
    Messages:
    3,036
    Country:
    Australia
    Yeah they are all still Erista (x1, RCM consoles) or Mariko units (x1+ redbox, lites)

    There might be yet another revision down the line though especially with the recent developments (TX chip, mariko keys dumped etc)
     
  12. FamicomHeero

    FamicomHeero GBAtemp Regular
    Member

    Joined:
    Jun 4, 2020
    Messages:
    100
    Country:
    United States
    This type of stuff is fascinating. The amount of work and knowledge is incredible.
     
    Lightyose likes this.
  13. DualBladedKirito

    DualBladedKirito The Black Swordsman
    Member

    Joined:
    Sep 9, 2015
    Messages:
    222
    Country:
    United States
    Will it allow you to dual boot linux ie lakka like fg vulnerable systems WITHOUT booting into horizon os? Or is this impossible for sxcore? I currently have an ipatched switch and really only want to use retroarch, leaving as little of a homebrew efootprint on my switch as possible bc it's my only one
     
  14. ciaomao

    ciaomao GBAtemp Regular
    Member

    Joined:
    Feb 20, 2014
    Messages:
    261
    Country:
    Albania
    good luck. at the time you have to pay 75$, used units will be degraded and have half battery capacity left. :unsure:
     
  15. Pickle_Rick

    Pickle_Rick I'm a pickle Morty!
    Member

    Joined:
    Aug 28, 2017
    Messages:
    614
    Country:
    United States
    Actually the same instructions but it's built on a smaller node so it's more dense. The smaller the transistors, the less power you need to flip their gate and they give off less heat.
     
  16. UltraSUPRA

    UltraSUPRA Masks don't work.
    Member

    Joined:
    May 4, 2018
    Messages:
    1,483
    Country:
    United States
    Nintendo will fight to make it illegal to hack systems here in America, just like it is in Japan.

    I wonder what this site will become after that.
     
  17. Hayato213

    Hayato213 GBAtemp Guru
    Member

    Joined:
    Dec 26, 2015
    Messages:
    8,994
    Country:
    United States
    @linuxares sadly @mattytrog haven't been seen here for the last 1 1/2 months, hopefully he is alright.
     
  18. Viri

    Viri GBAtemp Psycho!
    Member

    Joined:
    Sep 13, 2009
    Messages:
    3,098
    Country:
    United States
    I didn't hear anything about that. Did something change? The US is pretty pro hacking your own stuff. Just a few years ago they confirmed it's legal to hack your own smart TV.
     
  19. UltraSUPRA

    UltraSUPRA Masks don't work.
    Member

    Joined:
    May 4, 2018
    Messages:
    1,483
    Country:
    United States
    Just a theory.
     
  20. Bullseye

    Bullseye GBAtemp Advanced Fan
    Member

    Joined:
    Feb 22, 2016
    Messages:
    553
    Country:
    Lol, catastrophic much?
     
Draft saved Draft deleted
Loading...

Hide similar threads Similar threads with keywords - Nintendo, firmware, Switch