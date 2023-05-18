from the make-it-run-Halo dept.
Nintendo Switch hackers are being banned from online services
Not long after its March launch last year, it was revealed that a GPU exploit in the Nintendo Switch could be used to run unofficial software, like pirated games and homebrew ROMs. Since then, the Switch's hacking community has grown, and the discovery of a new 'unpatchable' exploit last month has only made the console more attractive to pirates and homebrew fans.
Nintendo isn't taking the assault on its walled garden lightly, however, and is taking steps to crack down and dissuade users from taking advantage of the security holes.
The Japanese company has begun banning hacked consoles from its online services, sending error notifications when users attempt to log in. According to the message, "The use of online services on this console is currently restricted by Nintendo," and users will need to "Contact Customer Support via the Nintendo Support Website".
Nintendo Switch Kernel exploit 34c3 presentation: "Nvidia Backdoored themselves"
Yesterday, hackers Plutoo, Derrek, and Naehrwert were at the 34C3 hacking conference in Germany to give a presentation on their kernel hacks on the Nintendo Switch (video below). Hacker Yellows8 wasn't there but was also credited for some of the work that led to this presentation.
[...] They detail in particular the sm:hax exploit (which consists in skipping an initialization step for a service, which results in the service manager thinking the service has pid 0,
making it rootgiving it additional privileges*), as well as the hardware glitching process that was used to get the Kernel decryption keys. Naehrwert also presents how he bypassed ARM's Trustzone on the Switch, a stunt he insists "is not useful for homebrew, but fun".
One of the highlights of the presentation is how the hackers leveraged the fact that the Nintendo Switch uses an "off the shelf" Nivdia Tegra X1. A GPU that is well documented, and for which debugging hardware can also be officially be acquired at reasonable prices. The X1 documentation in particular gave the hackers detailed information on how to bypass some security of the SMMU (system Memory Management Unit). "Just search for 'bypass the SMMU' in the documentation", Plutoo says. He concludes: "Nvidia Backdoored themselves".
The one caveat to this new homebrew experience is that it is only currently validated for Nintendo Switch 3.0.0 firmware. So, if you want to take part in the festivities, you will need to stay on that firmware and resist the urge to update to a newer build.
The Nintendo Switch has been named America's fastest-selling home games console.
A total of 4.8 million units were sold in the US during the 10 months following the Switch's launch there on 3 March last year.
The Switch breaks tradition with the firm's previous home consoles in allowing owners to use it as a portable console for game-playing on the move.
One analyst said Nintendo had completely turned its business around.
The previous record for the fastest-selling console in the US was Nintendo's Wii, launched in 2006, which went on to be one of the top-selling consoles in history worldwide.
However, the company's next offering - the Wii U - fared much more poorly.
As a consequence, Nintendo had been under considerable pressure to deliver a popular device this time around.
Nintendo hopes that "every single person" will own a Nintendo Switch, and that it can prolong the life cycle of the console to beyond 5-6 years.
[Hacker] group Fail0verflow has claimed to have found a Nintendo Switch hack.
The group has posted the picture of Switch booting a Debian GNU/Linux installation. The picture also shows a serial adapter connected to one Joy-Con docks. Notably, Fail0verflow is the same group that hacked Nintendo Wii and PlayStation 3.
What makes this Nintendo Switch hack special is that it can't be patched in the currently released consoles. This is because the exploit was found in the boot ROM process of Nvidia Tegra X1 chips that can't be patched with software or firmware updates.
That's not all. This hack to run Linux doesn't even need a mod chip to run.
A newly published "exploit chain" for Nvidia Tegra X1-based systems seems to describe an apparently unpatchable method for running arbitrary code on all currently available Nintendo Switch consoles. Hardware hacker Katherine Temkin and the hacking team at ReSwitched released an extensive outline of what they're calling the Fusée Gelée coldboot vulnerability earlier today, alongside a proof-of-concept payload that can be used on the Switch.
"Fusée Gelée isn't a perfect, 'holy grail' exploit—though in some cases it can be pretty damned close," Temkin writes in an accompanying FAQ.
The exploit, as outlined, makes use of a vulnerability inherent in the Tegra X1's USB recovery mode, circumventing the lock-out operations that would usually protect the chip's crucial bootROM. By sending a bad "length" argument to an improperly coded USB control procedure at the right point, the user can force the system to "request up to 65,535 bytes per control request." That data easily overflows a crucial direct memory access (DMA) buffer in the bootROM, in turn allowing data to be copied into the protected application stack and giving the attacker the ability to run arbitrary code.
