Nintendo release Switch firmware 6.2 and kill hacking on the system almost entirely

[Master Disaster]

So to preface this (for those not familiar with the Switch hacking scene) when a a hardware exploit with the SoC inside the Switch was found to leave the system vulnerable hackers boasted how the exploit was unpatchable and that Nintendo wouldn't be able to stop hacking without a new hardware variant. Technically they were correct and Nintendo did indeed release updated hardware which included mitigation for the exploit however this did nothing to stop hacking on the ~20 million units already in the wild.

 

That changed early on Wednesday morning when Nintendo dtopped firmware 6.2. One of the biggest names in the scene (ScriesM) posted on the ReSwitched Teams discord server about the changes. His first post (which has since been removed) stated that Nintendo have revoked all the known encryption keys and totally rewrote the way keys are handled by the system however he was obviously unaware of the changes because he went on to say how he looked forward to cracking the new system.

 

A few hours later he reappeared with the following message

Quote

It's not a certainty (someone had asked if cracking the new system was impossible), something clever could be thought up at any time, but I would prepare yourselves for potentially quite a wait, re: 6.2.0 key generation.

 

N did a really good job.

30 minutes later he posted the following message

Quote

This is extremely clever of them, I am impressed!

 

Unless someone pwns the tsec auth module, they've managed to bootstrap themselves a secure boot out of this shit.

Now I won't pretend to understand this fully but the basic gist of it goes something like this...

 

Encryption keys are now handled by this tsec auth module, all previous keys are revoked and new keys are stored in the tsec auth module, without the new encryption key it's impossible to breach the tsec auth module, it would be possible to get the new keys via userland exploits however if they're leaked to the public Nintendo can pretty much instantly revoke them and reissue new keys via an ota update meaning the old  keys could be revoked in hours. As ScriesM said, the only way to go back to how things were is breach the tsec auth module.

 

What's especially brilliant about this system is it mitigates users from running 6.2 in EMUNAND as installing 6.2 revokes all current keys and forces new keys into the bootstrap. If a user installs 6.2 at all, even on emulated nand any previous firmware version cannot boot as it's known encryption keys are suddenly incorrect.

 

It's also worth noting that Nintendo have changed how their CDNs are handling banned consoles. Previously banned systems couldn't access Nintendo download servers at all, now banned systems are able to download updates again and sneakily there's reports of banned systems being updated to 6.2 without the user being promoted.

 

So what does this mean? Current owners of hacked Switches have 2 options, stay on 6.1 or lower and retain the hack. Everything released pre 6.2 will still work fine however everything released post 6.2 isn't going to work at all plus they'll lose access to online and the eShop or update to 6.2, lose your hack but retain access to eShop, online and new games.

 

https://gbatemp.net/threads/6-2-0-key-generation-could-possibly-be-uncrackable.523985/

 

Well played Nintendo. Personally i use my Switch as a mobile emulation platform anyway, I only own BoTW, Odyssey and Golf Story and there's nothing else on the system as of now that I care about. I'm going to stick on 6.1 and retain my Retroarch, if anything compelling comes out in the future I'll update.

[GoldenLag]

Hackers: We found a un-patchable exploit

Nintendo: *hardware mitegation

Hackers: cant stop us from hacking devices in the wild

Nintendo: Hold my beer.

[Master Disaster]

19 minutes ago, huilun02 said:

They'll just hack their already hacked Switches to identify as 6.2 to bypass the restriction lol

Connections between the console and the server are secured using an encryption key so if the console isn't running 6.2 it will try to authenticate using a revoked key, the connection will be refused and the console will be banned.

 

Games will also be issued new certificates so any systems not running 6.2 will easily be identified.

 

[Master Disaster]

20 minutes ago, GoldenLag said:

Hackers: We found a un-patchable exploit

Nintendo: *hardware mitegation

Hackers: cant stop us from hacking devices in the wild

Nintendo: Hold my beer.

Pretty much this. The mood from the scene right now is very downbeat.

[Taf the Ghost]

7 minutes ago, Master Disaster said:

Pretty much this. The mood from the scene right now is very downbeat.

From the chatter you posted, I'm going to speculate that Nintendo actually had a lot more hardware security built into the console that they just didn't use. The solution probably included a lot of late nights working with Nvidia's SoC team to sort out where they could plant the new security module.

 

https://en.wikipedia.org/wiki/Bootstrapping#Computing For anyone that doesn't quite get the reference.

 

Basically, Nintendo was able to push a firmware that could update and replace the entire Encryption system, even with the encryption keys had been broken at the hardware level. Which suggests to me that they were able to leverage something inside the Nvidia SoC to move encrypted files with new encryption keys the could self-execute during the Firmware Update process.

 

Thinking about the approach you would need to take when your current encryption is broken, Nintendo just hacked all of their own consoles. It actually looks a lot like one of those "encrypt your hard drive" malware attacks. There must be a protected enclave within the SoC that they could activate to do this, even when the hardware keys were compromised. 

[Master Disaster]

3 minutes ago, Taf the Ghost said:

From the chatter you posted, I'm going to speculate that Nintendo actually had a lot more hardware security built into the console that they just didn't use. The solution probably included a lot of late nights working with Nvidia's SoC team to sort out where they could plant the new security module.

 

https://en.wikipedia.org/wiki/Bootstrapping#Computing For anyone that doesn't quite get the reference.

 

Basically, Nintendo was able to push a firmware that could update and replace the entire Encryption system, even with the encryption keys had been broken at the hardware level. Which suggests to me that they were able to leverage something inside the Nvidia SoC to move encrypted files with new encryption keys the could self-execute during the Firmware Update process.

 

Thinking about the approach you would need to take when your current encryption is broken, Nintendo just hacked all of their own consoles. It actually looks a lot like one of those "encrypt your hard drive" malware attacks. There must be a protected enclave within the SoC that they could activate to do this, even when the hardware keys were compromised. 

I'm often speculated that Nintendo released the Switch in a deliberately hackable state. When you think about it from their point of view it makes perfect sense.

 

Apparently they knew they were eventually going to release a much more powerful switch from day one (the rumour is both systems were in development simultaneously) so why not release the slower system in to wild first, leave it open to hackers and only release ports of old games onto it.

 

That way they can see what the hackers come up with and lock it all down long before the more powerful system launches.

 

That's probably a dumb idea but I just don't buy Nintendo being that incompetent as to release the Switch in the state it was and not know about it.

[Taf the Ghost]

2 minutes ago, Master Disaster said:

I'm often speculated that Nintendo released the Switch in a deliberately hackable state. When you think about it from their point of view it makes perfect sense.

 

Apparently they knew they were eventually going to release a much more powerful switch from day one (the rumour is both systems were in development simultaneously) so why not release the slower system in to wild first, leave it open to hackers and only release ports of old games onto it.

 

That way they can see what the hackers come up with and lock it all down long before the more powerful system launches.

 

That's probably a dumb idea but I just don't buy Nintendo being that incompetent as to release the Switch in the state it was and not know about it.

I don't think Nintendo expected the hardware keys to be compromised, but Nvidia's SoCs have never really been pushed to the limits before with a hacking community. Thus, Nintendo expected there would be issues to address, but I would find it unlikely that they would run into this much of an issue.

 

Nintendo was able to deliver an encrypted payload that can be forcibly self-executed which replaces the entire firmware with brand new hardware keys and a massively reworked firmware. Which means Nintendo could have activated part of the unknown Management Engine that is built into the Tegra.  That would let them be able to do the "dirty work" necessary in the decrypt/load phases necessary for that much of a system update.

[suits]

This is going to make the next Pokemon game really annoying if we can't home brew

[brownninja97]

This is lovely and all but seriously Nintendo how about adding some much needed features for the other 99.9% percent of users on your platform. They need to get their priorities in check. 

[suicidalfranco]

and now we wait for cfw 6.2

[AlTech]

The vibes I got from this are super dick move from Nintendo 

[GoldenLag]

1 minute ago, AluminiumTech said:

The vibes I got from this are super dick move from Nintendo 

drill peck edition?

[Commodus]

25 minutes ago, AluminiumTech said:

The vibes I got from this are super dick move from Nintendo 

Not really.  Its goal is to close vulnerabilities that could be used for security breaches and cheating; it's not going to risk ruining the experience for its broader gaming community by tolerating a known exploit just so that a handful of modders can have some fun.  It's the same reason Apple, Google and others regularly patch exploits used to jailbreak or root devices... they're not spoilsports, it's that those are security vulnerabilities.

[Shreyas1]

Why does Nintendo even care? As long as people are buying their consoles, it should be fine by them right?

[Gullerback]

12 hours ago, suits said:

This is going to make the next Pokemon game really annoying if we can't home brew

that new Pokemon lets go?  Cause thats already working.

[suits]

39 minutes ago, Gullerback said:

that new Pokemon lets go?  Cause thats already working.

No the next main series one. They are saying you won't be able to transfer from 3DS so you're gonna have to breed a perfect ditto again then breed all of your other Pokemon again.

[williamcll]

At this point it might be faster waiting for emulation.

[Trik'Stari]

On 11/22/2018 at 8:19 AM, brownninja97 said:

This is lovely and all but seriously Nintendo how about adding some much needed features for the other 99.9% percent of users on your platform. They need to get their priorities in check. 

Everyone in the corporate world "knows" that going after hackers and pirates stealing sales is more profitable than just making good games and services that people want to buy.

 

 

If anyone can't tell, this is sarcasm.

[Sauron]

On 11/22/2018 at 9:30 AM, GoldenLag said:

Hackers: cant stop us from hacking devices in the wild

Nintendo:

Spoiler

 

FTFY

[suits]

1 hour ago, Trik'Stari said:

Everyone in the corporate world "knows" that going after hackers and pirates stealing sales is more profitable than just making good games and services that people want to buy.

 

 

If anyone can't tell, this is sarcasm.

Especially for Nintendo, people definitely aren't buying their great games....

[Misanthrope]

I wonder if Nintendo ever stop to think about all of the factors that make them the darling target for pirates? Because some of them are actually within their control like teasing users about old titles with their franchises but rarely giving them proper re-releases.

 

Like just tell me you wouldn't pay full retail price for both the console and each game if they went "Yeah we're releasing all SNES games on a virtual console. Yes, all of them if you are a company that released third party for us contact us and we'll give you your royalties, if you're a company that doesn't likes this STFU we'll fucking sue" (And yes suing is extreme but so is suing minor pirates and trying to DMCA claim all digital content related to you so don't tell me they don't waste time on unrealistic lawsuits)

 

Like I would buy that shit instantly. Do the same for NES, N64, Gamecube even. Just let people fucking play the shit they want to play on your system that would do wonders to curve piracy and would make you even richer.

[asus killer]

Nintendo is one of the oldest tech companies in the gaming business, it's alway the worst when it comes to fighting piracy generation after generation. This generation it's the console all hackers are focused on. This is just a set back, not unlike the one people fought on the PS3, because its still vulnerable.

 

Nintendo also benefits a lot on console sale numbers, generation after generation, on pirates purchases.

 

i have no switch or ps3 or ever played piracy on either.

[Misanthrope]

1 minute ago, asus killer said:

Nintendo also benefits a lot on console sale numbers, generation after generation, on pirates purchases.

I didn't wanted to make this exact point because there is some truth to it but it is not the complete story I feel.

 

The way I'd describe it is that Nintendo attracts a certain sub-segment of gamers that are very much into nostalgia-fueled retro gaming. Like it is possible that there are retro gamers that are all about old games and nostalgia and largely ignore Nintendo (Lazy Game Reviews comes to mind) but given how massively popular Nintendo was on the late 80s and through more than half of the 90s there's going to be tremendous overlap.

 

Now among that segment of retro gamers (In which we established the vast majority will really like the darlings of the time period they grew up on, Nintendo) there's also going to be a significant chunk that are very tech savvy (This is true for all gaming since not all gamers are tech savvy but there's fairly large overlap)

 

Now to complete the formula we need 2 more things:

1) Nintendo's aggressive protection of their IP (Both because they still use the same IPs from the late 80s and because that's just who they are) and

2) Nintendo's terrible track record at doing their old titles justice when it comes to re-releases

 

 

To me that's just the perfect storm to attract piracy. Sony has a long history but it isn't as long and there's also overlap (No secret Nintendo fans jumped ship to PS1 but NES and SNES were as popular during more formative years for many folk) and Microsoft well they released their first console by the time most folk were past their formative years because yes, there's scientific studies that link your core preferences to what you were doing at around 12 to 14 years old

 

The fact that Nintendo is also not very good at securing their devices means there's also more tangible rewards for emulation and piracy projects so this also adds to the state of things overall.

[asus killer]

6 minutes ago, Misanthrope said:

I didn't wanted to make this exact point because there is some truth to it but it is not the complete story I feel.

 

The way I'd describe it is that Nintendo attracts a certain sub-segment of gamers that are very much into nostalgia-fueled retro gaming. Like it is possible that there are retro gamers that are all about old games and nostalgia and largely ignore Nintendo (Lazy Game Reviews comes to mind) but given how massively popular Nintendo was on the late 80s and through more than half of the 90s there's going to be tremendous overlap.

 

Now among that segment of retro gamers (In which we established the vast majority will really like the darlings of the time period they grew up on, Nintendo) there's also going to be a significant chunk that are very tech savvy (This is true for all gaming since not all gamers are tech savvy but there's fairly large overlap)

 

Now to complete the formula we need 2 more things:

1) Nintendo's aggressive protection of their IP (Both because they still use the same IPs from the late 80s and because that's just who they are) and

2) Nintendo's terrible track record at doing their old titles justice when it comes to re-releases

 

 

To me that's just the perfect storm to attract piracy. Sony has a long history but it isn't as long and there's also overlap (No secret Nintendo fans jumped ship to PS1 but NES and SNES were as popular during more formative years for many folk) and Microsoft well they released their first console by the time most folk were past their formative years because yes, there's scientific studies that link your core preferences to what you were doing at around 12 to 14 years old

 

The fact that Nintendo is also not very good at securing their devices means there's also more tangible rewards for emulation and piracy projects so this also adds to the state of things overall.

personally i think it's a conscious choice from Nintendo not to fight piracy as hard as they can, they can present better hardware sales numbers and that helps stock price and news about how good sales are that also creates a feedback loop getting more people to buy Nintendo consoles. They just choose not to invest in anti piracy.

I also think pirates are like rivers, they follow the path of least resistance, especially in poorer countries like india or brazil where piracy is huge they will buy whatever has piracy.

 

i don't get your argument about old games and nostalgia, as old Nintendo consoles are easy to get, and they ALL (at least i think so) are easy to pirate on. Also you can play N64 games for example on about everything from smartphones to xbox 360 or PC. Emulators for nintendo are also huge 

[Misanthrope]

24 minutes ago, asus killer said:

i don't get your argument about old games and nostalgia, as old Nintendo consoles are easy to get, and they ALL (at least i think so) are easy to pirate on. Also you can play N64 games for example on about everything from smartphones to xbox 360 or PC. Emulators for nintendo are also huge 

[Didn't quote the first part because I concede enough that I agree with you]

 

Well it's a bit insidious: yes there's been really good NES and SNES emulators since the late 90s don't get me wrong. But the best way I've got to illustrate this is with some personal anecdotes that while might be unsubstantiated I think they will resonate with at least a few of you (If you're as old as I am that is, so maybe not)

 

Back in the early 2000s I was done with College and getting my first shitty jobs and I wanted to go from the reliable Nokia 1100 to something a bit better since well I was kind of adulting now with my own money and all that jazz.

 

What caught my eyes was the then up and coming Symbian OS and the mostly Nokia phones that supported it. I ended up getting a really shitty one (Cringe warning if you click the link but no it isn't the taco phone) but that was like waaaay out there tech for the time.

 

But you know what was my tech demo feature? The NES Emulator I had loaded on it. It was wild to think that just 10 years after I was done playing NES at my home console I could just play on the go at any time. A friend of mine literally told me "GET THE FUCK OUT OF HERE, HOW!!? I USED TO PAY MY NEIGHBORS SO THEY'D LET ME PLAY FOR A FEW HOURS ON THEIR NES AND YOU JUST HAVE IT ON YOUR FUCKING PHONE!?"

So no it isn't easy to explain but when it comes to Nostalgia, it's not the fact that there's way better ways to experience the titles but also the fact that you can do it on new devices is a really attractive option. It doesn't makes sense, like at all. I do not fully understand this but I know I've been guilty of this for at least 20 years now. The "but can it run Doom/Crysis" meme is real and Nintendo is the most likely target so a Nintendo Console for an old fart like me gets a "Meh" response. One with a really hot title like Breath of the Wild gets an "Oh, that's kind of cool" from me and one that also can play the same fucking games I've been playing since I was 12 gets an "Ok if I take this other credit card I got offered in the mail perhaps I could max that one out and kinda be ok in a few months before I max it out....yeah fuck it let's pull the trigger on a Switch"