SoylentNews is people
SoylentNews
Nintendo Switch Kernel exploit 34c3 presentation: "Nvidia Backdoored themselves"
Yesterday, hackers Plutoo, Derrek, and Naehrwert were at the 34C3 hacking conference in Germany to give a presentation on their kernel hacks on the Nintendo Switch (video below). Hacker Yellows8 wasn't there but was also credited for some of the work that led to this presentation.
[...] They detail in particular the sm:hax exploit (which consists in skipping an initialization step for a service, which results in the service manager thinking the service has pid 0,
making it rootgiving it additional privileges*), as well as the hardware glitching process that was used to get the Kernel decryption keys. Naehrwert also presents how he bypassed ARM's Trustzone on the Switch, a stunt he insists "is not useful for homebrew, but fun".One of the highlights of the presentation is how the hackers leveraged the fact that the Nintendo Switch uses an "off the shelf" Nivdia Tegra X1. A GPU that is well documented, and for which debugging hardware can also be officially be acquired at reasonable prices. The X1 documentation in particular gave the hackers detailed information on how to bypass some security of the SMMU (system Memory Management Unit). "Just search for 'bypass the SMMU' in the documentation", Plutoo says. He concludes: "Nvidia Backdoored themselves".
Nintendo Switch Homebrew Launcher Could Allow Custom Software Via NVIDIA Backdoor
The one caveat to this new homebrew experience is that it is only currently validated for Nintendo Switch 3.0.0 firmware. So, if you want to take part in the festivities, you will need to stay on that firmware and resist the urge to update to a newer build.
Related: The Ghost in Nintendo's Switch - Game Unlocks on the Date of Satoru Iwata's Death
Nintendo to More Than Double Production of Switch; Success Rooted in Wii U's Failure
Nintendo Sells at Least 10 Million Switch Consoles in 2017, 64 GB Game Cards Delayed to 2019
34th Chaos Communication Congress (34C3) Presentations Online
(Score: 1, Interesting) by Anonymous Coward on Monday January 01 2018, @10:09PM
Firmware revision 3.0.0 has the aforementioned userland exploits, and that's what's being actively promoted. Original print-run Pokken Tournament DXs had 3.0.0 on the cart.
Many of the prominent homebrew developers are staunchly against piracy. Supposedly 1.0.0 has kernel level exploits which, while less likely to see public release anytime soon, obviously have further ranging capabilities, including the potential to emulate later firmware revisions.
The homebrew developers have been actively encouraging 1.0.0 people to get on 3.0.0 even though there is no reason to do so at this point in time -- the only upgrade path exists in the form of a static medium, and there's nothing yet that can be done with 3.0.0. One wonders as to their motivations.
(Score: 0) by Anonymous Coward on Tuesday January 02 2018, @03:51AM (2 children)
"Running unapproved programs on your own computer coming soon due to exploit!" is dystopian bullshit.
Fuck buying computers which only let one run approved programs.
(Score: 2) by takyon on Tuesday January 02 2018, @05:34AM (1 child)
So which flavor of caged computing are you running? Intel, AMD, or ARM?
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 1, Informative) by Anonymous Coward on Tuesday January 02 2018, @06:01AM
I'm not happy with them, but they don't forbid me from running unauthorized programs so far as I know.