Slashdot Mirror
Hackers Seem Close To Publicly Unlocking the Nintendo Switch (arstechnica.com)
Ars Technica reports that "hackers have been finding partial vulnerabilities in early versions of the [Nintendo] Switch firmware throughout 2017." They have discovered a Webkit flaw that allows for basic "user level" access to some portions of the underlying system and a service-level initialization flaw that gives hackers slightly more control over the Switch OS. "But the potential for running arbitary homebrew code on the Switch really started looking promising late last month, with a talk at the 34th Chaos Communication Congress (34C3) in Leipzig Germany," reports Ars. "In that talk, hackers Plutoo, Derrek, and Naehrwert outlined an intricate method for gaining kernel-level access and nearly full control of the Switch hardware." From the report: The full 45-minute talk is worth a watch for the technically inclined, it describes using the basic exploits discussed above as a wedge to dig deep into how the Switch works at the most basic level. At one point, the hackers sniff data coming through the Switch's memory bus to figure out the timing for an important security check. At another, they solder an FPGA onto the Switch's ARM chip and bit-bang their way to decoding the secret key that unlocks all of the Switch's encrypted system binaries. The team of Switch hackers even got an unexpected assist in its hacking efforts from chipmaker Nvidia. The "custom chip" inside the Switch is apparently so similar to an off-the-shelf Nvidia Tegra X1 that a $700 Jetson TX1 development kit let the hackers get significant insight into the Switch's innards. More than that, amid the thousand of pages of Nvidia's public documentation for the X1 is a section on how to "bypass the SMMU" (the System Memory Management Unit), which gave the hackers a viable method to copy and write a modified kernel to the Switch's system RAM. As Plutoo put it in the talk, "Nvidia backdoored themselves."
Why doesn't Nintendo just allow people to use these computers as they see fit? Why must one always struggle for freedom from the Dear Leader?
Because in every single case where a gaming system has been hacked, that hack is used to play games the person didn't pay for.
Yes, there are many other reasons for unlocking the hardware and many other things you can do with a small portable computer like the switch, but the most widely used reason will be pirating games.
Actually, the biggest fear nintendo have is not piracy, but unlicensed games.
You have to pay a big, big fee to nintendo to manufacture games for it, but if the publishers could avoid it somehow...
This is the truth, the parent AC doesn't know his gaming history. The Atari 2600 had no DRM and had huge problems with other companies making games for the platform, something that Atari had never anticipated. Nintendo's president believed at the time that this is what killed them. Not lack of royalties, but a flood of low quality games that Atari had no control over.
Whether this is true or not is debatable - they were a little too firmly dedicated to the 2600 and compromised subsequent platforms in its favor. Also, the controller for the 5200 was terrible. But this is the principle that Nintendo operated under, and it certainly worked out well for them. The NES was the first console with a DRM chip.
Userspace exploits had been achieved a while ago, but last I heard, nothing interesting had been found yet. Userspace exploits allow for homebrew to run, although there are sometimes limitations on this. Ever since the Wii was killed off (in part) due to piracy in its latter days, console hackers have been reluctant to release hacks that allow access to kernel space... which can be leveraged to modify the OS to allow pirated games to run. Sony's crackdown on the PS3 hackers cemented this tendency, and now hackers tend to hold on to kernelspace hacks, oftentimes for a few years if not forever. It was a few years after discovery (after the system was dead, even) before a new Wii U hack was released that granted kernel mode access; games had been smuggled through the back door of userspace for years prior (although online play was impossible this way). The Switch is less than a year old and hackers don't want to kill it dead via easy piracy; I imagine someone in China will eventually make a flash-cart that works, but even that took a few years for the 3DS.
That hackers keep using WebKit exploits is probably the main reason the Switch doesn't have a user-accessible web browser app; the 3DS was also hacked via its YouTube app, which is also why the Switch is probably lacking similar 3rd-party apps -- they want to ensure the app's security first. Nintendo also finally started a bug-bounty program for its consoles, which has supposedly paid out for many exploits already. The Switch has sold enough units that its success is all but assured, but console hackers seem to take a dimmer view on piracy nowadays, so I wouldn't count on an easy-to-use method of piracy on the Switch in the near future.
Citation: I have hacked many a game console
Corruption is convincing someone that the selfless ideal is the same as their selfish ideal.
It's to prevent the 99% of people who won't bother to learn or take the time to hack their system.
99% won't learn, but they don't need to; as a 15 year old kid I made a booming business out of helping others modify their PlayStation consoles to play pirated discs, and then made more money selling them the actual games.
The majority of their user base might remain ignorant, but that's completely irrelevant as long as the users have access to a few guys who know what they're doing.
"Not lack of royalties, but a flood of low quality games that Atari had no control over."
nintendo has no problem with crapware on the switch marketplace as long as they get royalties...
world was created 5 seconds before this post as it is.
Basically, what happened was EA and Activision happened, formed by a bunch of disgruntled Atari programmers. Basically Atari management refused to let the programmers put their names on the games and get some credit, so they left and formed EA and Activision. Since they were ex-Atari, they had all the inside knowledge on how it worked, so they started making their own games for it.
And make a ton of games they did - they kept cranking it out, because everyone wanted in on video games, so it was the best of times - crank out stuff. But then people came to the realization that most of what they had was... crap - churned out to make a quick buck because everyone was buying up games by the dozen - retailers were ordering hundreds of copies per store, etc. It was a boom time.
Then people realized most of it was crap and shovelware and stopped buying games. Retailers were stuck with thousands of cartridges and returned them in droves. Even worse, retailers were not buying games. Now this did not happen overnight, it basically took a couple of years where the video game industry declined. It became so bad, "video games" were a banned word at many retailers.
And this is where Nintendo comes in. They didn't call their system a video game system, they called it a toy, not to be sold in the now-banned video game section of the store, but where all the toys were. Problem number one - toy sections are girls, or boys. You can guess where Nintendo went, and potentially where we have such a gender imbalance in gaming today. (Check the ads - Atari ads always showed a relatively balanced family - mom, dad, son, daughter, playing their game system. Nintendo, though, showed only boys. No girls, no adults (it was a toy)).
Anyhow, the other reason for it is obvious - few people care about homebrew games on switch, everyone wants pirated games. So cracking the Switch really is for everyone to not pay for games ever again. (And ironically, this time around, it wouldn't be Nintendo strangling 3rd party developers). Face it, that's the real truth behind all the hacking.
And this is where Nintendo comes in. They didn't call their system a video game system, they called it a toy, not to be sold in the now-banned video game section of the store, but where all the toys were.
That's some cute revisionism, but it's not exactly accurate. After the crash, Nintendo first attempted to position themselves as a full-fledged computer system. This failed, for various reasons. Following that, they then marketed their console as an "entertainment system" which was, as you say, listed as a "toy". However, all of your feminist editorialising is mostly bullshit; the idea that "toys have to be marketed either to boys or girls" is complete nonsense, which you could easily discover by walking into the nearest Walmart. There are entire sections of toys dedicated to things like puzzles, board games, science kits, and various other educational games, none of which are marketed to any particular gender.
I'll concede that Nintendo may have targeted boys specifically. I have no recollection of such a campaign, but I was very young at the time so I may simply not have noticed it. But the idea that they HAD to do so due to some quirk in how toys are marketed is complete nonsense. Moreover, those of us who went to purchase a Nintendo system knew exactly what we were getting: a video game conaole. I didn't beg my parents to buy me a "boys toy"; I wanted a fucking video game system, and that's how I got my first NES.
That's like saying printer manufacturers should charge more for their printers and stop creating more and more ridiculous locks on the ink.
The ink/games is what brings in the money. Selling a printer/console is one sale. Selling ink/games for it is basically a way to keep the revenue flowing long, long after you are already locked in.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
I can either spend 50 bucks and play a game for a few hours or enjoy countless hours of digging through a console's inner workings FOR FREE?
That choice seems kinda easy.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
2018 is starting a trend in cpu holes, now the nvidia tegra has a build in backdoor (unintentinaly?) ready to exploit.
a cpu is no longer just a cpu, nothing is no longer a simple thing, and it's starting to cause problems.
On a long enough timeline, the survival rate for everyone drops to zero.
I'm sure you've heard of Kodi, previously XBMC (Xbox Media Center).
Yeah, which people mostly use to pirate movies and TV.
SJW: Someone who has run out of real oppression, and has to fake it.
Just to expand on this we literally had games for the 2600 based on the Chuckwagon from a dog food commercial. (Admittedly there's some pretty bad shit for the NES like Predator.)
Did you know 80 to 90% of the moderators on slashdot wouldn't recognize a troll even if one dragged them under a bridge.
Uhm, that *is* piracy in it's purest commercial form (with a bit of physical damage to the customer's hardware thrown in) . Going right back to the birth of the term in regards to Hollywood as a pirate distributor of East-coast media.
--- Most topics have many sides worth arguing, allow me to take one opposite you.
As someone who was active in the homebrew Wii scene. Let me tell you this. The nr 1 use of homebrew on the Wii was piracy. The nr 2 use was emulators, which is usually a different form of piracy.
Even if this wasn't the intention of the people who opened it up. It's the reality. Other homebrew applications where much less used. The video player saw some use, but performance wise wasn't great. Fully custom applications/games, very few actual users.