Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Nintendo Operating Systems Piracy Security Software Games

Hackers Seem Close To Publicly Unlocking the Nintendo Switch (arstechnica.com) 91

Ars Technica reports that "hackers have been finding partial vulnerabilities in early versions of the [Nintendo] Switch firmware throughout 2017." They have discovered a Webkit flaw that allows for basic "user level" access to some portions of the underlying system and a service-level initialization flaw that gives hackers slightly more control over the Switch OS. "But the potential for running arbitary homebrew code on the Switch really started looking promising late last month, with a talk at the 34th Chaos Communication Congress (34C3) in Leipzig Germany," reports Ars. "In that talk, hackers Plutoo, Derrek, and Naehrwert outlined an intricate method for gaining kernel-level access and nearly full control of the Switch hardware." From the report: The full 45-minute talk is worth a watch for the technically inclined, it describes using the basic exploits discussed above as a wedge to dig deep into how the Switch works at the most basic level. At one point, the hackers sniff data coming through the Switch's memory bus to figure out the timing for an important security check. At another, they solder an FPGA onto the Switch's ARM chip and bit-bang their way to decoding the secret key that unlocks all of the Switch's encrypted system binaries. The team of Switch hackers even got an unexpected assist in its hacking efforts from chipmaker Nvidia. The "custom chip" inside the Switch is apparently so similar to an off-the-shelf Nvidia Tegra X1 that a $700 Jetson TX1 development kit let the hackers get significant insight into the Switch's innards. More than that, amid the thousand of pages of Nvidia's public documentation for the X1 is a section on how to "bypass the SMMU" (the System Memory Management Unit), which gave the hackers a viable method to copy and write a modified kernel to the Switch's system RAM. As Plutoo put it in the talk, "Nvidia backdoored themselves."
This discussion has been archived. No new comments can be posted.

Hackers Seem Close To Publicly Unlocking the Nintendo Switch

Comments Filter:
  • by Anonymous Coward

    Why doesn't Nintendo just allow people to use these computers as they see fit? Why must one always struggle for freedom from the Dear Leader?

    • by Anonymous Coward on Wednesday January 17, 2018 @02:20AM (#55944217)

      Why doesn't Nintendo just allow people to use these computers as they see fit? Why must one always struggle for freedom from the Dear Leader?

      Because in every single case where a gaming system has been hacked, that hack is used to play games the person didn't pay for.

      Yes, there are many other reasons for unlocking the hardware and many other things you can do with a small portable computer like the switch, but the most widely used reason will be pirating games.

      • by Z80a ( 971949 ) on Wednesday January 17, 2018 @02:38AM (#55944251)

        Actually, the biggest fear nintendo have is not piracy, but unlicensed games.
        You have to pay a big, big fee to nintendo to manufacture games for it, but if the publishers could avoid it somehow...

        • by pots ( 5047349 ) on Wednesday January 17, 2018 @03:30AM (#55944379)
          This is the truth, the parent AC doesn't know his gaming history. The Atari 2600 had no DRM and had huge problems with other companies making games for the platform, something that Atari had never anticipated. Nintendo's president believed at the time that this is what killed them. Not lack of royalties, but a flood of low quality games that Atari had no control over.

          Whether this is true or not is debatable - they were a little too firmly dedicated to the 2600 and compromised subsequent platforms in its favor. Also, the controller for the 5200 was terrible. But this is the principle that Nintendo operated under, and it certainly worked out well for them. The NES was the first console with a DRM chip.
          • by gl4ss ( 559668 ) on Wednesday January 17, 2018 @03:53AM (#55944437) Homepage Journal

            "Not lack of royalties, but a flood of low quality games that Atari had no control over."

            nintendo has no problem with crapware on the switch marketplace as long as they get royalties...

            • nintendo has no problem with crapware on the switch marketplace as long as they get royalties...

              You stopped reading after the first paragraph, didn't you? Besides, the decision was way back then. Nintendo kept what they were doing which seems to work fine with them. Their purpose might have changed nowadays, but that still consistent with what they are doing.

          • by tlhIngan ( 30335 ) <slashdot@worf.ERDOSnet minus math_god> on Wednesday January 17, 2018 @03:59AM (#55944447)

            This is the truth, the parent AC doesn't know his gaming history. The Atari 2600 had no DRM and had huge problems with other companies making games for the platform, something that Atari had never anticipated. Nintendo's president believed at the time that this is what killed them. Not lack of royalties, but a flood of low quality games that Atari had no control over.

            Whether this is true or not is debatable - they were a little too firmly dedicated to the 2600 and compromised subsequent platforms in its favor

            Basically, what happened was EA and Activision happened, formed by a bunch of disgruntled Atari programmers. Basically Atari management refused to let the programmers put their names on the games and get some credit, so they left and formed EA and Activision. Since they were ex-Atari, they had all the inside knowledge on how it worked, so they started making their own games for it.

            And make a ton of games they did - they kept cranking it out, because everyone wanted in on video games, so it was the best of times - crank out stuff. But then people came to the realization that most of what they had was... crap - churned out to make a quick buck because everyone was buying up games by the dozen - retailers were ordering hundreds of copies per store, etc. It was a boom time.

            Then people realized most of it was crap and shovelware and stopped buying games. Retailers were stuck with thousands of cartridges and returned them in droves. Even worse, retailers were not buying games. Now this did not happen overnight, it basically took a couple of years where the video game industry declined. It became so bad, "video games" were a banned word at many retailers.

            And this is where Nintendo comes in. They didn't call their system a video game system, they called it a toy, not to be sold in the now-banned video game section of the store, but where all the toys were. Problem number one - toy sections are girls, or boys. You can guess where Nintendo went, and potentially where we have such a gender imbalance in gaming today. (Check the ads - Atari ads always showed a relatively balanced family - mom, dad, son, daughter, playing their game system. Nintendo, though, showed only boys. No girls, no adults (it was a toy)).

            Anyhow, the other reason for it is obvious - few people care about homebrew games on switch, everyone wants pirated games. So cracking the Switch really is for everyone to not pay for games ever again. (And ironically, this time around, it wouldn't be Nintendo strangling 3rd party developers). Face it, that's the real truth behind all the hacking.

            • And this is where Nintendo comes in. They didn't call their system a video game system, they called it a toy, not to be sold in the now-banned video game section of the store, but where all the toys were.

              That's some cute revisionism, but it's not exactly accurate. After the crash, Nintendo first attempted to position themselves as a full-fledged computer system. This failed, for various reasons. Following that, they then marketed their console as an "entertainment system" which was, as you say, listed as a "toy". However, all of your feminist editorialising is mostly bullshit; the idea that "toys have to be marketed either to boys or girls" is complete nonsense, which you could easily discover by walking

              • I'll concede that Nintendo may have targeted boys specifically. I have no recollection of such a campaign, but I was very young at the time so I may simply not have noticed it. But the idea that they HAD to do so due to some quirk in how toys are marketed is complete nonsense. Moreover, those of us who went to purchase a Nintendo system knew exactly what we were getting: a video game conaole. I didn't beg my parents to buy me a "boys toy"; I wanted a fucking video game system, and that's how I got my first NES.

                Well I can check the back of my NES control deck box which shows Mom, Dad and Son. Actually to be blunt as someone that was a gamer starting with the 2600 video games were for "boys". (If you ever went to the arcade in the early 80's this was pretty obvious.) On the other hand back then it seemed like every company was more than happy if their hit appealed to everybody, like Pac-Man, Tetris, and Super Mario Bros.

                • Well I can check the back of my NES control deck box which shows Mom, Dad and Son.

                  Wow.

                  Well since they had the mom and not the daughter, I guess they had no problems with woman but hatted younger girls. Ageism at its worst!

                  Was every culture on the box? Just curious how far this discrimination goes...

            • by mentil ( 1748130 )

              Another interesting thing about the Crash I only learned about recently was that at the time, video games were sold from wholesalers to retailers under an unusual scheme which encouraged retailers to hoard large amounts of games. I don't recall the particulars but IIRC it led to large numbers of unsold games being put into the bargain bin.

            • by pots ( 5047349 )

              So cracking the Switch really is for everyone to not pay for games ever again.

              Well piracy is certainly part of it, but it's not a question of homebrew games or pirated games - you can do other things with a portable computer that connects to your TV. There's a lot of precedent for getting non-game utility from consoles. I'm sure you've heard of Kodi, previously XBMC (Xbox Media Center).

              You're right though, I didn't meant to suggest that Nintendo is unconcerned with piracy. Only that Nintendo started putting DRM in their consoles in order to stop unlicensed developers, and that thi

              • by elrous0 ( 869638 )

                I'm sure you've heard of Kodi, previously XBMC (Xbox Media Center).

                Yeah, which people mostly use to pirate movies and TV.

            • Back in the 8 bits days, EA's titles for the Apple 2 were top of line quality.

              That didn't last long and we have what we have today.

            • by ruir ( 2709173 )
              I get amazed how the level a seemingly banal question can always be dragged down to a conversation about sexism.
              Newsflash, the boys did not keep the computers and game consoles hidden of sight or locked when they were using it, and a partner for playing would ALWAYS be welcomed.
              You know what interest was shown by my sister and her friends?
              Want to guess?
              None....Nada. It was their OWN choice.
              It should also be noted at the time such equipments would be a moderate investment for *many* families, and nobody
          • Oh please. The original NES library was rife with low quality games that were shoveled out by the dozen. Mostly games made after movie titles, but far from exclusively.

            And you don't want me to start on the games for the N64, many of which were gimmicky wannabe-3d games with poor graphics, poor steering and worse content. Superman64, anyone?

            • by pots ( 5047349 )

              shoveled out by the dozen

              They were shoveled out at a rate of five per year. That was the much-protested maximum that Nintendo would allow licensees to release.

              Nintendo did not screen every game and reject them if they weren't great, a developer would ask about publishing on their platform and it was the developer that Nintendo would evaluate. Then if the dev had some experience and showed some potential, they would become a licensee. After that they would make their games and unless they violated one of Nintendo's rules they wou

              • Comment removed based on user account deletion
              • Just to expand on this we literally had games for the 2600 based on the Chuckwagon from a dog food commercial. (Admittedly there's some pretty bad shit for the NES like Predator.)
              • by nomadic ( 141991 )

                "They were shoveled out at a rate of five per year. That was the much-protested maximum that Nintendo would allow licensees to release."

                There was more than one licensee, so they really were shoveled out by the dozens.

          • by Anonymous Coward

            The IBM-PC had a thriving market for DOS games and microsoft didn't charge one penny for games to be licensed or have a licensing program YET it didn't kill the PC gaming market. In fact it did the opposite. The massive library and easily copyable pc games helped the IBM-PC beat apple, commodore and all the other computer/consoles at the time. So I call unlicensed games killing the platform bullshit.

          • by mark-t ( 151149 )

            Not lack of royalties, but a flood of low quality games that Atari had no control over.

            Okay.... this is just my own opinion here, but one of the most spectacular examples of a game that played a significant role in the downfall of the console industry at the time was ET, the Extra Terrestrial, and that game was published by Atari, not a third party. Personally, I thought that Activision games were generally better than those published by Atari. Back in the day, I had about twice as many Activision cartr

          • Not lack of royalties, but a flood of low quality games that Atari had no control over.

            Actually, some of the best games for the 2600 were made by third parties like Activision and Coleco (Pitfall, Demon Attack, etc.) and some of the worst were made by Atari (E.T., Pacman, etc.)

            • Demon Attack was by Imagic [wikipedia.org]. Coleco was noteworthy for publishing the first home version of Donkey Kong on their own platform, along with a 2600 version.

              ---PCJ

        • by mentil ( 1748130 )

          Can't happen in the USA at least, due to the DMCA. If the publisher makes their own cartridge which bypasses the executable signing to run unsigned code, that violates the anti-circumvention clause. Unlike Joe Hacker, the publisher has $Billions in the bank, and the full wrath of Nintendo's legal department will come down on them, turning them into an empty husk; expect their IP to be given to Nintendo as well.

          Now, the cartridge could be sold in packaging with no Switch trademarks on it, or even a mention t

          • by Khyber ( 864651 )

            "Can't happen in the USA at least, due to the DMCA. If the publisher makes their own cartridge which bypasses the executable signing to run unsigned code, that violates the anti-circumvention clause."

            That alone violates the anti-tying clauses in the Magnusson-Moss Warranty Act, because you can bet good money Nintendo would try to not honor the warranty on a system that had unlicensed cartridges used upon it.

        • by mark-t ( 151149 )

          Actually, the biggest fear nintendo have is not piracy, but unlicensed games.

          You have to pay a big, big fee to nintendo to manufacture games for it, but if the publishers could avoid it somehow...

          Without DRM, that could still be accomplished via a proprietary interface between the medium that the content is distributed upon and patents on that interface. It wouldn't stop people from possibly making their own and just not telling anyone about it, but it would stop other people from publishing unlicensed c

        • This seems unlikely. If opening up the Switch is anything like the 3DS then the device owner will have to go out of there way to run/install programs to make the device do what they want. No reason to sell games to the small demographic who'd do that imo.

      • Because in every single case where a gaming system has been hacked, that hack is used to play games the person didn't pay for.

        Sure, but given that every platform is hacked in a matter of months, you would think that sooner or later they might wise up and realize that all the effort they put into trying to "protect" their platform could be put to much better use on making the system more versatile and flexible so that more people would purchase the devices as general use platforms. Then take a lesson from Android and the apple ecosystem, and throw in an app store with many free-to-try games which are either supported by adds or re

        • Sure, but given that every platform is hacked in a matter of months,

          They aren't as such. Usually they hold out for years and years. It depends on your perspective.

          For the most part these hacks are too difficult for the average user and it usually takes a year or so before enough of the hassle has been ironed out that even the technically inclined can claim it's convenient to use. Up until recently everything required a hardware device. The earlier cart based consoles required disc copiers, CD consoles needed a soldered in mod chip, the DS needed special flash carts that cou

        • Why would they want that?

          Yes, allowing homebrew and allowing you to install your own OS would make you buy it. Maybe a few more. But that's not the goal. The console sales are the necessary evil, not the target. Consoles are often sold at minimal revenue, sometimes even at a loss, at least initially. What brings the money is licensing fee on games.

          Ever noticed how console game tend to cost more than PC games? Even for the same game from the same developer? Take a wild guess where that extra money goes. Then

      • And itâ(TM)s built to a proprietary standard.
      • by Junta ( 36770 )

        Furthermore, for those homebrew things, if we are being honest with ourselves there are a plethora of products on the market that let you more easily access. the platform and cost about the same. Sure, the physical controller design is very nice as is the dock, but 7" tablets with approximately that much horsepower, HDMI out, and available bluetooth physical controllers exist.

        The industrial design is certainly nicer and the way the controllers physically reconfigure is nice, but the big thing for Switch is

      • by daid303 ( 843777 )

        As someone who was active in the homebrew Wii scene. Let me tell you this. The nr 1 use of homebrew on the Wii was piracy. The nr 2 use was emulators, which is usually a different form of piracy.
        Even if this wasn't the intention of the people who opened it up. It's the reality. Other homebrew applications where much less used. The video player saw some use, but performance wise wasn't great. Fully custom applications/games, very few actual users.

    • The only thing getting software and hardware out, of a company's doors to the end-user, is the simple fact that the user can value that product's features and spend money on it. In other words, it's the fact that B2C is a monetizing strategy just like B2B.

      Companies restricting features and self-support of these products is part of that monetizing scheme. If monetizing is hampered to such an extent that the product's development/manufacturing is no longer profitable, companies stop making products. This is t

    • If all one wants is 'a computer' there are plenty of other freely configurable options. Hacking the Switch has other motivations. In some cases probably just for the challenge of it.
    • Why doesn't Nintendo just allow people to use these computers as they see fit? Why must one always struggle for freedom from the Dear Leader?

      It's because prior to this, when they (and most other manufacturers) spent lots of extra work and trouble designing the computer to be unusually user-hostile, the consequences were that shoppers threw money at them.

      I think people shouldn't be buying computers that were specifically made to be worse than they could be, where extra effort was put into making the compute

  • by mentil ( 1748130 ) on Wednesday January 17, 2018 @03:36AM (#55944391)

    Userspace exploits had been achieved a while ago, but last I heard, nothing interesting had been found yet. Userspace exploits allow for homebrew to run, although there are sometimes limitations on this. Ever since the Wii was killed off (in part) due to piracy in its latter days, console hackers have been reluctant to release hacks that allow access to kernel space... which can be leveraged to modify the OS to allow pirated games to run. Sony's crackdown on the PS3 hackers cemented this tendency, and now hackers tend to hold on to kernelspace hacks, oftentimes for a few years if not forever. It was a few years after discovery (after the system was dead, even) before a new Wii U hack was released that granted kernel mode access; games had been smuggled through the back door of userspace for years prior (although online play was impossible this way). The Switch is less than a year old and hackers don't want to kill it dead via easy piracy; I imagine someone in China will eventually make a flash-cart that works, but even that took a few years for the 3DS.

    That hackers keep using WebKit exploits is probably the main reason the Switch doesn't have a user-accessible web browser app; the 3DS was also hacked via its YouTube app, which is also why the Switch is probably lacking similar 3rd-party apps -- they want to ensure the app's security first. Nintendo also finally started a bug-bounty program for its consoles, which has supposedly paid out for many exploits already. The Switch has sold enough units that its success is all but assured, but console hackers seem to take a dimmer view on piracy nowadays, so I wouldn't count on an easy-to-use method of piracy on the Switch in the near future.

    Citation: I have hacked many a game console

    • by AmiMoJo ( 196126 )

      In a recent tweet they claimed to have exploited a vulnerability in the system's bootloader code, which can't be patched. Not sure why it can't be patched, maybe it's in ROM rather than flash memory.

      How easy that will be to turn into a viable route for ordinary users to load pirated games I don't know.

      My favourite hack was the Dreamcast. A magazine in the UK had a demo of the Action Replay software on its cover disc, which it turned out allowed you to boot copies as a well as original discs. Word got out an

      • by Megane ( 129182 )

        My favorite hack still has to be the original Xbox. It needed only a few wires for a chip to bypass its internal boot ROM, all conveniently arranged in an unpopulated header on the board. MS tried to remove it on later versions, but people made adapters that let you add wires to connect the missing signals... or just searched around for an older model. And it was easily removed and installed in a different console. I even once found a dead Xbox with a chip, that I was able to install in another unit.

        Unlike

        • by AmiMoJo ( 196126 )

          I had a modded XBOX running XMBC back in the day. Originally used one of the chips you describe, but I think the second one I set up for a friend was some kind of soft-mod.

          It was a great system, and the remote control was really responsive.

          • I did the soft mod as well. Loading from a saved game was enough to get xbmc and the dashboard on your machine. It made a great emulator. i quick google search for the game and it was splinter cell. I'm almost positive I used a different game but regardless, it was incredibly easy.

            • by AmiMoJo ( 196126 )

              From memory I think I took the hard drive out, put it in the hard modded one and loaded the new dashboard, then put it back.

    • That hackers keep using WebKit exploits is probably the main reason the Switch doesn't have a user-accessible web browser app; the 3DS was also hacked via its YouTube app, which is also why the Switch is probably lacking similar 3rd-party apps -- they want to ensure the app's security first.

      If Nintendo could be bothered to ship a WebKit that wasn't 6+ months old it wouldn't be such a security nightmare for them.

  • by sad_ ( 7868 ) on Wednesday January 17, 2018 @06:54AM (#55944857) Homepage

    2018 is starting a trend in cpu holes, now the nvidia tegra has a build in backdoor (unintentinaly?) ready to exploit.
    a cpu is no longer just a cpu, nothing is no longer a simple thing, and it's starting to cause problems.

Avoid strange women and temporary variables.

Working...