Write up by hexkyz and SciresM on exploiting the Switch microprocessor

Flame

Me > You
OP
Global Moderator
Joined
Jul 15, 2008
Messages
6,087
Trophies
2
XP
11,457
switch-atmosphere.png



In the link below you can see a write by hexkyz and SciresM on the Nvidia Falcon microprocessor deteails on how it was exploitable. it also gives all sort of insight of how the switch works and what not. off course to the aveage joe it will be all alien on how to use this information but to people with enough knownledge this information could be very helpful but will they help us is another matter.


:arrow: source
 
Last edited by Flame,

Razor1993

Well-Known Member
Member
Joined
Mar 20, 2010
Messages
148
Trophies
0
XP
557
Country
Germany
A team of hackers probably has irreparable access to the security chip of the Nintendo Switch. The root keys can also be extracted.

Switch.png


Several hackers and developers seem to have finally cracked the hardware security of the Nintendo Switch and thus also the security of the Nvidia SoC called Tegra X1, which serves as the basis of the console. Already in 2018, it was possible to bypass the protection of the boot ROM used via a quite trivial bug. However, even the clever patch for this problem from Nvidia and Nintendo seems to be completely overcome now.

The problem with the first hack three years ago was that the boot ROM chip cannot be patched easily. The corresponding vulnerable commands are hardcoded, so a patch against the attacks seemed rather unlikely in devices that were already sold at the time. And already before, it was possible to execute own code on the Switch and even read the console's keys.

However, as Switch hacker Plutooo now writes, a "clever guy" had pointed out a separate security chip to the manufacturers, which is present on the X1 and had not been used until then. With the update 6.2.0 for the Switch firmware, Nintendo actually used it and completely rebuilt the startup process with the help of this chip called TSEC.

"Nintendo has apparently done the impossible: A) got its secure boot back and B) introduced new key material." So the old hack was worthless with the new firmware. Unsurprisingly, the Switch hackers then turned their attention to the TSEC chip and continued to find numerous bugs, which now just probably cannot be changed for all devices sold with the chip so far. And probably not even for new devices without a major hardware revision.

Source: Hexkyz & SciresM via hexkyz.blogspot.com
 
General chit-chat
Help Users
  • No one is chatting at the moment.
    Veho @ Veho: https://i.imgur.com/8Bj96q1.mp4