Slashdot Mirror
Hackers Seem Close To Publicly Unlocking the Nintendo Switch (arstechnica.com)
Ars Technica reports that "hackers have been finding partial vulnerabilities in early versions of the [Nintendo] Switch firmware throughout 2017." They have discovered a Webkit flaw that allows for basic "user level" access to some portions of the underlying system and a service-level initialization flaw that gives hackers slightly more control over the Switch OS. "But the potential for running arbitary homebrew code on the Switch really started looking promising late last month, with a talk at the 34th Chaos Communication Congress (34C3) in Leipzig Germany," reports Ars. "In that talk, hackers Plutoo, Derrek, and Naehrwert outlined an intricate method for gaining kernel-level access and nearly full control of the Switch hardware." From the report: The full 45-minute talk is worth a watch for the technically inclined, it describes using the basic exploits discussed above as a wedge to dig deep into how the Switch works at the most basic level. At one point, the hackers sniff data coming through the Switch's memory bus to figure out the timing for an important security check. At another, they solder an FPGA onto the Switch's ARM chip and bit-bang their way to decoding the secret key that unlocks all of the Switch's encrypted system binaries. The team of Switch hackers even got an unexpected assist in its hacking efforts from chipmaker Nvidia. The "custom chip" inside the Switch is apparently so similar to an off-the-shelf Nvidia Tegra X1 that a $700 Jetson TX1 development kit let the hackers get significant insight into the Switch's innards. More than that, amid the thousand of pages of Nvidia's public documentation for the X1 is a section on how to "bypass the SMMU" (the System Memory Management Unit), which gave the hackers a viable method to copy and write a modified kernel to the Switch's system RAM. As Plutoo put it in the talk, "Nvidia backdoored themselves."
Why doesn't Nintendo just allow people to use these computers as they see fit? Why must one always struggle for freedom from the Dear Leader?
In the video they say otherwise.
It's a variation of the OS used on the 3DS, that while do use some BSD components, is not the BSD kernel.
They already won this battle, as you just can't manufacture a cartridge not approved by nintendo or create parallel game store.
Userspace exploits had been achieved a while ago, but last I heard, nothing interesting had been found yet. Userspace exploits allow for homebrew to run, although there are sometimes limitations on this. Ever since the Wii was killed off (in part) due to piracy in its latter days, console hackers have been reluctant to release hacks that allow access to kernel space... which can be leveraged to modify the OS to allow pirated games to run. Sony's crackdown on the PS3 hackers cemented this tendency, and now hackers tend to hold on to kernelspace hacks, oftentimes for a few years if not forever. It was a few years after discovery (after the system was dead, even) before a new Wii U hack was released that granted kernel mode access; games had been smuggled through the back door of userspace for years prior (although online play was impossible this way). The Switch is less than a year old and hackers don't want to kill it dead via easy piracy; I imagine someone in China will eventually make a flash-cart that works, but even that took a few years for the 3DS.
That hackers keep using WebKit exploits is probably the main reason the Switch doesn't have a user-accessible web browser app; the 3DS was also hacked via its YouTube app, which is also why the Switch is probably lacking similar 3rd-party apps -- they want to ensure the app's security first. Nintendo also finally started a bug-bounty program for its consoles, which has supposedly paid out for many exploits already. The Switch has sold enough units that its success is all but assured, but console hackers seem to take a dimmer view on piracy nowadays, so I wouldn't count on an easy-to-use method of piracy on the Switch in the near future.
Citation: I have hacked many a game console
Corruption is convincing someone that the selfless ideal is the same as their selfish ideal.
You have a secondary problem where you get fake carts. The GBA and DS were both marred by this problem. You go looking for a specific game and you get something that looks the part only to notice that the plastic isn't quite right, the label is poor, and the PCB puts extra strain on the pins hastening the death of the slot and the developer gets not a single cent out of your purchase.
I'd argue that this is worse than piracy. These go after customers who wanted to give developers money and instead wound up funding a pirate cloner. It basically stopped me buying DS games.
That's like saying printer manufacturers should charge more for their printers and stop creating more and more ridiculous locks on the ink.
The ink/games is what brings in the money. Selling a printer/console is one sale. Selling ink/games for it is basically a way to keep the revenue flowing long, long after you are already locked in.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
I can either spend 50 bucks and play a game for a few hours or enjoy countless hours of digging through a console's inner workings FOR FREE?
That choice seems kinda easy.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Germany has a law against reverse engineering? Last time I checked they actually had a provision for just making exactly that legal in their legal code concerning copyright...
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
2018 is starting a trend in cpu holes, now the nvidia tegra has a build in backdoor (unintentinaly?) ready to exploit.
a cpu is no longer just a cpu, nothing is no longer a simple thing, and it's starting to cause problems.
On a long enough timeline, the survival rate for everyone drops to zero.
From a technical perspective and rational standpoint, that would seem the best course.
From a realistic business perspective, making cost of entry low, and then charging $60 per game works better. People are reluctant to say fork over 500 or 600 dollars in one go, but they will end up spending far more than that over the course of a few months if you hit them a chunk at a time.
XML is like violence. If it doesn't solve the problem, use more.
Uhm, that *is* piracy in it's purest commercial form (with a bit of physical damage to the customer's hardware thrown in) . Going right back to the birth of the term in regards to Hollywood as a pirate distributor of East-coast media.
--- Most topics have many sides worth arguing, allow me to take one opposite you.
More importantly, it keeps the revenue flowing with basically no additional expenditure of effort or money by the console manufacturer. License fees are all pure profit.
--- Most topics have many sides worth arguing, allow me to take one opposite you.
Actually, that's not at all established.
Atari (d.b.a. Tengen) v. Nintendo established that clean-room reverse engineering was totally OK, even though Atari didn't in that particular case.
Sega v. Accolade established that you couldn't use technical details masquerading as a trademark as a backup strategy to promote a case from a copyright infringement suit you might lose into a trademark infringement suit you'll probably win.
And licensee enforcement is not DMCA-protected. Only copy control measures are. These "pay us to release on our platform" schemes aren't copyright-related in any way, shape, or form, no matter how they like to dress it up. It's not there to prevent piracy, it's there to prevent you from making money without giving the platform manufacturer a cut.
As long as you can reverse-engineer a cartridge (or disc, or even a download) that will work on the system, and you don't violate the clean-room (a.k.a. arms-length relationship) principle, you can make whatever you want, legally. That includes jailbreak patches and alternative stores.
Nintendo has historically HATED R their greatest success in their minds was the original Game Boy, because they were able to make money on that for 10+ years. There's a reason they've had to be dragged kicking and screaming to release a new generation console when their competitors did.
What do you mean Nintendo has had to be dragged kicking and screaming? Their home consoles are on a 5-year life cycle, and have been since they started. There are only minor variations to this life cycle. Due to the slow release of the NES at start, it is technically 6 years. The Wii due to its wild success lasted 6 years as well, but the WiiU didn't do well, so only lasted 4 years (averaging out with the Wii, still on a 5-year cycle). Nintendo isn't a reactionary company to their competitors, its quite the contrary actually where the competitors are constantly imitating Nintendo.
Something has to be done; otherwise, we'll be engaged in this stupid, wasteful war for the rest of eternity.
It may be "stupid" and "wasteful", but most hobbies are. Some people are having a lot of fun with this. In any case, I'd much rather Nintendo create a business model based on technological means like DRM than to lean on the government for help by using copyright law. Which is how they did it in the past, and they almost certainly will fall back to once the system is cracked.
W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
We should demand an end to home and car financing. Interest is pure-profit.
W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
On the Wii, Mariocart became unplayable with all the people playing hacked versions and cheating.
This will happen again if the platform is opened.
If you want an open platform, buy a PC or microcontroller board. There are plenty of options.
I should use this sig to advertise my book ISBN-13 : 978-1501515132.
It hasn't been a planned cycle; in each case they came out with a new system because they were pressured by their competitors releasing systems. When they don't have that pressure, see e.g. in the handheld market, they keep their systems going as long as possible, see e.g. game boy.