Toggle sidebar

When will Switch 2 games be dumpable?

  • Thread starter Thread starter Larsenv
  • Start date Start date
  • Views Views 19,071
  • Replies Replies 67
  • Likes Likes 5

When will Switch 2 games be dumpable?

  • Within 1 month

    Votes: 11 4.4%

  • Within 3 months

    Votes: 12 4.8%

  • Within 6 months

    Votes: 29 11.6%

  • Within 12 months

    Votes: 66 26.5%

  • Within 2 years

    Votes: 66 26.5%

  • Within 5 years

    Votes: 41 16.5%

  • Nintendo made a console which is impossible to mod / dump carts

    Votes: 24 9.6%
  • Total voters
    249
l7777 said:
I don't think this is accurate. If it were, we'd likely already see XCI files from Switch 2 games. It would also mean that Nintendo didn't implement any type of full disk encryption. My understanding is that the card reader handles the full disk encryption on the cart and the Switch handles the decryption of the game (XCI) files.
Click to expand...
You can read up on Lotus2 and how it is structured if you want to learn more. But basically there is a security chip in every cart that when called, will generate a random password, this password is checked by the system. Think of it as a two-step verification process similar to google authenticator. This is different than the basic encryption and decryption of files, which is handled by the system itself and is independent of the cart or data.

What we know with certainty is that Nintendo does not implement any security handshake between the cart and the system S1 and S2 (when playing S1 games). The system thinks that the cart is legit and gives it a green light to play. MigFlash is just a loader not a decryption device. The reason why we do not see any XCI files from S2 games is that most likely, we do not know enough about the file protocol that Nintendo is using for the cart (Lotus3) and or files themselves (which may be organized differently than previous .XCI). Simply there is a lot we don't know.
 
  • Like
Reactions: CosasLocas
Dausone said:
You can read up on Lotus2 and how it is structured if you want to learn more. But basically there is a security chip in every cart that when called, will generate a random password, this password is checked by the system. Think of it as a two-step verification process similar to google authenticator. This is different than the basic encryption and decryption of files, which is handled by the system itself and is independent of the cart or data.

What we know with certainty is that Nintendo does not implement any security handshake between the cart and the system S1 and S2 (when playing S1 games). The system thinks that the cart is legit and gives it a green light to play. MigFlash is just a loader not a decryption device. The reason why we do not see any XCI files from S2 games is that most likely, we do not know enough about the file protocol that Nintendo is using for the cart (Lotus3) and or files themselves (which may be organized differently than previous .XCI). Simply there is a lot we don't know.
Click to expand...
I'll look into it but I will theorize what I expect to find based on your description.

The cartridges use challenge-response authentication.
After successful authentication they return their unique decryption key.
This key is either used by the OS or the reader to unlock the disk encryption and access the file system.

Why do I still expect to find a form of FDE you might ask. Without it the entire security scheme falls on its face. Attackers would simply go around the security chip gate keeper by disassembling the cartridge and access the storage IC(s) directly. The only way to prevent this is encryption at rest. Unfortunately for Nintendo the challenge-response authentication of the original Switch was leaked allowing the creation of the Mig Flash and file dumper. There will be no file dumps of Switch 2 games until either HOS is compromised or the card reader is compromised. The only dumps that can exist right now are the fore mentioned raw dumps where someone accesses the storage directly and gets what I expect to be encrypted data.
 
l7777 said:
I'll look into it but I will theorize what I expect to find based on your description.

The cartridges use challenge-response authentication.
After successful authentication they return their unique decryption key.
This key is either used by the OS or the reader to unlock the disk encryption and access the file system.

Why do I still expect to find a form of FDE you might ask. Without it the entire security scheme falls on its face. Attackers would simply go around the security chip gate keeper by disassembling the cartridge and access the storage IC(s) directly. The only way to prevent this is encryption at rest. Unfortunately for Nintendo the challenge-response authentication of the original Switch was leaked allowing the creation of the Mig Flash and file dumper. There will be no file dumps of Switch 2 games until either HOS is compromised or the card reader is compromised. The only dumps that can exist right now are the fore mentioned raw dumps where someone accesses the storage directly and gets what I expect to be encrypted data.
Click to expand...
This seems like it could be a pretty easy thing to defeat just using a listening and logging device between the cartridge and the cart slot. Should be able to intercept everything between the two without bricking anything.
 
  • Like
Reactions: Dat0_
Jayro said:
This seems like it could be a pretty easy thing to defeat just using a listening and logging device between the cartridge and the cart slot. Should be able to intercept everything between the two without bricking anything.
Click to expand...
That would by like getting the raw encrypted data from the cartridge storage. It likely isn't decrypted in any way until it is on the reader or Switch circuitry. Even then sniffing communications is a very well known security vulnerability with a multitude of potential mitigations.
 
  • Like
Reactions: Dat0_
l7777 said:
I'll look into it but I will theorize what I expect to find based on your description.

The cartridges use challenge-response authentication.
After successful authentication they return their unique decryption key.
This key is either used by the OS or the reader to unlock the disk encryption and access the file system.

Why do I still expect to find a form of FDE you might ask. Without it the entire security scheme falls on its face. Attackers would simply go around the security chip gate keeper by disassembling the cartridge and access the storage IC(s) directly. The only way to prevent this is encryption at rest. Unfortunately for Nintendo the challenge-response authentication of the original Switch was leaked allowing the creation of the Mig Flash and file dumper. There will be no file dumps of Switch 2 games until either HOS is compromised or the card reader is compromised. The only dumps that can exist right now are the fore mentioned raw dumps where someone accesses the storage directly and gets what I expect to be encrypted data.
Click to expand...
You have to look at all of the instances of a game as they are all handled differently and a deeper understanding of signatures. Switch has two different type of signatures, NPDM executable and ticket/content (NCA Headers). To be clear sigpatches do not fake signatures they just tell the system to skip verification.

MigFlash is simple. It works by tricking the system into thinking it is a legit cart. The switch is extremely lenient on cart based game validation but is very strict on e-games and digital files in general being read from SD card.
Post automatically merged:

Jayro said:
This seems like it could be a pretty easy thing to defeat just using a listening and logging device between the cartridge and the cart slot. Should be able to intercept everything between the two without bricking anything.
Click to expand...
It is not even being checked by Switch 1 or 2 (for S1 games so far as we know). So there is nothing to defeat.
 
l7777 said:
That would by like getting the raw encrypted data from the cartridge storage. It likely isn't decrypted in any way until it is on the reader or Switch circuitry. Even then sniffing communications is a very well known security vulnerability with a multitude of potential mitigations.
Click to expand...
Correct. And to further point out and clarify, what was leaked was the fact that the cart has an authentication generator on board. One can easily create an authenticator like this but to clone one is impossible. Sig-patches do not work as a stand-in for the authentication process, they bypass it entirely.
 
a_username_that_is_cool said:
Ryujinx can't run Switch 2 games it's a Switch 1 emulator
Click to expand...
If the project was still maintained and not discontinued, Switch 2 support is technically possible, because the Switch 2 and Switch are like the New 3DS and 3DS when it comes to firmware. I highly doubt that a switch emulator would play a switch 2 game however.
 
MidTV said:
because the Switch 2 and Switch are like the New 3DS and 3DS when it comes to firmware
Click to expand...
Not really. New 3DS was more like an enhanced version of the same hardware. Switch 2 has a different GPU (hence the need for a compatibility layer for Switch 1 games), and likely has plenty of other changes across the OS.
 
  • Like
Reactions: SecureBoot, a_username_that_is_cool and Dat0_
MidTV said:
If the project was still maintained and not discontinued, Switch 2 support is technically possible, because the Switch 2 and Switch are like the New 3DS and 3DS when it comes to firmware. I highly doubt that a switch emulator would play a switch 2 game however.
Click to expand...
That's not true at all.
 
  • Like
Reactions: maxfreak

Site & Scene News

Go to forum More news

Popular threads in this forum

Why was there almost no outrage about game keys?

bought a switch 2 from amazon.de(europe) and its banned,what are my chances nitendo unbans it?(i dint know if its seconds hand or not

Gaming  Pokemon Wind/Wave will be the first Pokemon game since X/Y that won't be datamined

STARFOX DIRECT!

Lack of Proper Game Streaming...

Hardware  Mobapad M12 HD

Gaming  Are you enjoying Yoshi and the Mysterious Book?

The Switch interface beats the Wii U's in one aspect