Nintendo Switch (NVIDIA Tegra X1) - BootROM Vulnerability
HTML-код
- Опубликовано: 29 июл 2024
- A video about the discovery of the BootROM bug, based on the talk given by Andy "Glitching The Switch". We talk about how the Switch boots, how the hardware coould be attacked, how a vulnerability in the switch was found and what exactly it does.
Glitching The Switch Talk: media.ccc.de/v/c4.openchaos.2...
Andy: / g33katwork
=[ 💻 Related Products ]=
→ Nintendo Switch:* amzn.to/2SESPO0
→ NVidia Jetson TX1:* amzn.to/2C6uw4m
=[ 🔴 Stuff I use ]=
→ Microphone:* geni.us/ntg3b
→ Graphics tablet:* geni.us/wacom-intuos
→ Camera#1 for streaming:* geni.us/sony-camera
→ Lens for streaming:* geni.us/sony-lense
→ Connect Camera#1 to PC:* geni.us/cam-link
→ Keyboard:* geni.us/mech-keyboard
→ Old Microphone:* geni.us/mic-at2020usb
US Store Front:* www.amazon.com/shop/liveoverflow
=[ ❤️ Support ]=
→ per Video: / liveoverflow
→ per Month: / @liveoverflow
=[ 🐕 Social ]=
→ Twitter: / liveoverflow
→ Website: liveoverflow.com/
→ Subreddit: / liveoverflow
→ Facebook: / liveoverflow
=[ 📄 P.S. ]=
All links with "*" are affiliate links.
LiveOverflow / Security Flag GmbH is part of the Amazon Affiliate Partner Programm.
#CVE #ReverseEngineering
Love what you're doing my dude, keep it up!
Amen to you, sir
Hello
Bruh what are you doing here 😂
Hi jesus
Amen
I was waiting for a video on this! I love learning about the internals of game systems :p
That last memory manipulation boogaloo was so genius!
Nice to know that I have limited edition Switch! Might check out that talk too. Really interesting information.
233k subscribes !! Congratulations it's been great to watch this channel grow. You're awesome and keep them coming :)
It amazes me how buffer overflows are an issue that has been around for ages but still pops up everywhere in all kinds of code
Buffer overflow issues still pop up occasionally but there are many mitigation’s such as using stack cookies to verify the integrity of the stack and also address space layout randomisation (aslr)
@@benjulesprice Yup you are absolutely correct but even with canaries or randomization you can still get corruption of the data leading to unexpected behaviour. Ultimately these problems are born from the low level design. Ideally it would be best to have a more distinct segmentation with very strict memory protection but most common architectures support self modifying code. Some improvements have been made over the years but until segmentation becomes good enough and developers are more cognizant of this risk, this problem will always exist (even if mitigated).
Love this
I don't like to watch long videos, as they have same content as yours but with more in depth (which can be often missed, so it doesn't matter much)
Always love learning about low level bootchain bugs :D
Excited to watch the glitching video
I don't understand anything of your videos but there still fun too watch
so all they forgot is if(length>24288) length = 24288, if they added that it would have been fine
I bet someone's forehead is sore from facepalming
or, just have all user/io device controlled data put AFTER any internal shit (like stack), its already a common practice in today's x64s'.
Sometimes it's so simple, but shit happens. They should have known better, since there is a interest in hacking their device.
I'm glad nobody wants to hack the devices I program at work.
This is how it is. You put tons of checks to prevent overflows etc. and after you forget about 1 and that 1 is all you ever need.
@@billigerfusel What kind of devices?
This is the best news channel.
Great video explaining the gist of it, thank you.
Something that would've been neat to add (maybe as another video?) is the stuff that happened recently with 6.2.0. Namely, how Nintendo used the TSEC to bootstrap a kind of secure boot even from compromised boot, and how that's currently bypassed. Although, it may also be good to wait a while longer because we don't know if there's gonna be a huge cat&mouse thing...
Hey, I'm still waiting for an r4igold.cc flasher/unbricker ;) *joke*
Ps: even this circumvention was figured by multiple people in just a few days... I'm starting to see a trend...poor Nintendo xD
@@Valery0p5 Hey, if that's the cart I'm thinking of, brick means you need hardware to fix it. :P
Anyway, what Nintendo accomplished would have seemed quite secure if it weren't for the SMMU, and it's ability to *remap MMIO pages* from the perspective of DMA (and thus the TSEC), breaking the TSEC's ability to actually inspect system state.
@@kitlith yeah, sadly I knew it 😅 Dark Samus explained why some time ago... Didn't found anyone with the right hardware 😑
About the switch, do you think they can lock up the boot chain again trough a system update? Or the TSEC is totally owned?
@@Valery0p5 So, I think they could do a few more things to try and detect the """emulated""" mmio pages and refuse to run, but ultimately it would end up as a cat & mouse. Unless more stuff gets pulled out of the woodwork.
@@kitlith I hope that devs will be able to find a good compromise, like EmuNand maybe... Thanks for the reply! 😁
Nice find, thanks for sharing.
love your videos LiveOverflow!
am i the only one here who understand almost nothing of programming and stuff but watch anyway because i found it interesting?
No, no you are not. I find a lot of the nerds in the comments here enviable as well.
Combine this with a couple of quick searches on parts of you didn't understand and before you notice you'll understand a lot.
That's actually how I learned all I know about hardware (and now that I think about it, even english).
you are not alone, but many thing was quite understandable. Especially the concept of glitching was very interesting.
you can undertand , we believe in you
LiveOverflow, FailOverflow. Coincidence?
StackOverflow?
IlluminatiOverflow
Stratos The fl0w
It all relates back to stack overflows, after all.
BufferOverflow
Wow! I hope you will do more videos of this kind of topic. Maybe PS4 exploit from Spector? He has a nice writeup and an explanation video would be cool!
Make a video of Type confusion for Binary playlist pls!!!
Can i install the switch OS on the shield tv , has the same SoC right ? 1 gb less ram but still. controller can be mapped.
A really great summary of the tegra boot hack.
Excellent video!
awesome, more videos like this
Can you do a video about them patching the hardware bug from software ( not really patching but hardening it by securing the boot proccess )?
Yeah, Nintendo's 6.2 patch is interesting one as most of the switch hackers' first thought about patch was Nintendo managed to patch rcm bug. Too bad Nvidia failed Nintendo again.
Bilgisayar delisi Nintendo's mitigation was using the TSEC to halt execution, and then using the TSEC to check out the system state (and panicing if something fishy is happening.) The fix? Using the SMMU to point the TSEC's memory mapped IO at a page in DRAM, and emulating the behavior of a normal system during the *supposedly* halted state
Val Thanks a lot!
Atılhan Emre Dursunoğlu it's a Hardware bug how did they fix it with a software update
@@raizo856 I might have said it too simple. If you updated to 6.2, you couldn't run or install any cfw on your switch. However it was possible to downgrade to another firmware. Also most prominent switch tinkerers like SciresM said this update may take a few months to crack. Alas it is cracked in two days.
As for how, Val above has a great answer. Nintendo included TSEC, the security chip of TX hardware, to boot process. As TSEC is completely black box, including from rcm mode, it stopped cfw's.
Is anyone else having a problem with the link to the talk?
I barely understand how they done it, so I can only imagine how hard it was to figure that out. Well done!
there is a security cpu inside the switch which controls the boot process of it, basically you can manipulate part of the memory of the security cpu to take control of the stack, and so controlling the stack you can control the entire cpu basically and so that's how they get the hack to work
@@piecaruso97 I understand a little cuz I was able to mod my Wii U with installing cbhc which for the Wii U is cold boot it takes advantage of a paid legitimate DS title from the ESHOP
@@NatetheNintendofan i know, it’s brain training and it’s amazing they can do that from what’s basically an emulated title
Good work keep going ;)
Nice video thanks for sharing ✌️
i just saw the entire talk and wanted to ask if this is specific to the switch implementation or is a bug in the usb rcm protocol
it's a terga specific bug apparently
Where can I find the talk ? The link in description is dead now
so you can overwrite the stack and there are no protection against it? at first I thought that even if there potentially was a way to overwrite the stack, as soon as you try it it will error out (maybe with a segmentation fault)
Awesome vid... 👍👍
awesome!
unable to view the video from the link, help pls.
They missed a golden opportunity to name this exploit "Stack Smash Bros"
there was a level editor hack for smash brawl called "smash stack" for the wii.
which was brilliant as well, all the savegame hacks that were copied from the wii menu got busted by special checks in the wii menu, but this level editor exploit ran straight from the sd-card in-game, making it un-patchable (wii games run without os straight from disk)
i do have a modchip installed in my swuitch that automatically psuhes the payload when booting, its prittey awsome, and only 4 wires
it is classic stack overflow attack..
beautiful!
Amazing
I'm kinda surprised the recovery-mode doesn't use DEP and more proper bounds-checking, even though it is a recovery-mode
Yeah this vuln was pretty trivial and in the most obvious place too
Hey LiveOverflow! In your video "Introduction to Linux" you recommend Ubuntu or Arch Linux. I'm wondering which GNU/Linux distribution(s) you'd suggest using these days (now that three years have passed)?
Oh and I really enjoy watching your videos :) Do keep up the good work.
Defiantly not arch
I would recommend Linux mint which is Ubuntu based but is much more stable and user friendly
you found this just now? wow...great vid btw
That is amazing and not that complicated, once you understand it.
Is the Tegra chip used in the Tesla car?
No, Tesla makes everything except the batteries, s Tegra chip is made by nigiri a btw
@@alexsepelenco9902
nvidianews.nvidia.com/news/tesla-motors-model-s-to-feature-nvidia-tegra-processors
www.quora.com/What-processor-does-a-Tesla-use
Top video
Machst du bei Enoflag mit?
There's always that 1 guy that has to ask a question right in the middle of a talk.
the switch's nand is on a neat little module that can be removed and replaced. but there is crypto preventing you from altering it and still booting
The absolute mad lads
I wonder if it will be possible to hack revision 2 of the switch?
You know it! We'll find a way! Maybe not as legendary as a boot rom exploit though :( So you may have to be on a certain firmware or else you're screwed and can't.
Is this talk about Fusée Gelée?
I love that intro music mmm
What users click the button with the files web exploit that's why I think they they shut down the internet browsers now cuz with that you could use WebEx ports so what exploits might be out of our chances the mod the switch MindWare I'm looking to buy on patch one in a couple months
but does it run crysis?
gabriel amador garcia Nah but it runs Doom and Half-life
@@valshaped I knew about doom, but how can you port half life if its closed source?
@@gabboman92 xash3d is a opensource implementation of goldsource engine
gabriel amador garcia thats not funny here
@@fuckmyass9371 you're right, crysis is an x86 game not ARM
Actually there IS an internal drive you can replace, the eMMC storage is socketed. Of course the encryption is still an issue.
bro is that what i call buffer overflow attack ..??
The key combination for Android recovery mode depends on what device you have, but possible combinations are:
Volume down + Power
Volume up + Power
Volume down + volume up + Power
In some cases you have to go to recovery mode through the bootloader/download mode
You can also try holding down the physical home button (if your device has one)
Some devices need to be connected to a PC through USB cable
In my case it's Volume up + Power
this was very informative. as somebody who has done some fucky shit w all my old android phones i can confirm this is 100% accurate
So when will there be Android available for it?
Hast du grade Hannover "some random German city" genannt? Tsk tsk tsk.
Hann... was?
@@karlkastor Some random German city
hannover? was is das?
Ach, Hannover. Hrm, von den CCClern da bekommt man sonst selten was mit.
Hannover.... Hannover... da war doch mal was.... achja, die CeBIT :D
Can you please make a video explaining the PsVita exploit after Sony stops manufacturing them?
*which one?*
They have re writen the bootrom may make a update?
No they have not... the bootrom is readonly, how hard is it for you people to understand?
did you miss the part where the BootROM is locked down after boot? and they had to do some glitching shit to even read it??
or the "ROM" in the name ?
What is this good for?
I found this no one else everyone said to not worry because it never work or have major issues but this is a great improvemtn and i played 13% of the game no peoblems other then audio n lag sttuter her thier
wow
amazing
Can you explain, how pirated movie sites can stay anonymous like fmovies , gostream etc without getting banned by hosts? Even if they have their own file server, how can they evade being tracked by cybersecurity experts?
most of the time there just in a country that doesnt really have copyright law
so even if they find them they cant really do much about it ..
oh and if you mean torrents- they work because its all p2p and everyone is the host lol
11:33 Volume down? Volume up?
Hey. Love you.
So i think we could even run android on this swich (off of linux)
It's been done. There are even tutorials on it now.
Didn't Nintendo fix this in newer Switches (some months ago)?
Yes but you can still buy old switchs
@@jboy27 and 6.2 rebuilt the bootrom process
It's mentioned in the video, yes.
The real advantage to hacked switch isn't piracy, its being able to have backups of your games and their saves
Nice
And I have problems booting a image i compiled on my BeagleBone Black :D
please do the ps4 and xbox 360 mod chip hackes
With the hardware change, you could just change the whole chip. Or the whole console.
3:34
Actually, anyone with a Game Maker Studio license can already develop games for the Switch and sell them on the store. I believe both Unity & Unreal 4 will have something similar soon.
Unlike Wii/U Nintendo is starting to realize the importance of indie developers and see huge market potential in them.
Provided you want to sell them and Nintendo gives your game an "okay".
@@MaakaSakuranbo and you can fork out the money for a switch devkit..
and you sign a 20page NDA ..
and oyu have like $300/mo for switch export (yes i know there CDN is unsecured but still)
What if you don’t want Nintendo taking a cut?
🙏 good old stack smash
didn't nintendo actually patch it over software like a few days ago?
Didn't like your mom drop you on your head when you were a baby, so like you'd never understand what UNPATCHABLE and READONLY bootrom means??
subbed
Hi! Can i download your binary hacking lessons for studying offline?
I have totally other problem and couldn't find anything useful on the internet, which I understood, so I am asking you.
I want to create a virtual art-net/dmx node that will manipulate the incoming stream(art-net is a udp-based data protocol). But the thing is: an Art-net Controller, a program that sends this stream, first needs to connect to a node with a ArtPoll(-Request) and the node responds with a ArtPollReply in which it tells all needed data.
But I am a relatively newbie and don't know how to program such a thing. Maybe you have heard of art-net before (it is used for transmitting dmx-data for light shows,...) and can help me out.
I first thought of something like a proxy since its a web-based protocol but then I noticed the ArtPoll.
That hardware so hawt! Oh my gawd I'd kill for sum those tools I swear it!
Thats funny the name of the site and the actual way to execute the glitch are one in the same.
very accesable presentation for noobs :D thanks
Guys why can't we use flashcards just like Gateway or R4
Please keep up
Looks like I'm not the only Kat on the scene
Piracy is the fault of publishers:
1. availability.
2. being forced to pay physical-copy price when game is just a download(fuck gamestop).
3. lack of demo - why should people go in blind(considering the state of game "journalism" today)?
4. being forced to pay again to play a game someone already owns for decades on a newer platform, that he could already do for free on emulators, is just an insult to real fans.
So if Nintendo treats its customers like shit; too bad, piracy it is.
Hm, what for shall I collect money? Switch or 3D printer?
I'd get a switch, unless you actually use a 3d printer often. I printed maybe 8 things so far? Now it's dusty.
@@voxelfusion9894 Well, I might use it more often. The key word is "might".
@@HA7DN that's kinda where I was at, but maybe you're super into diy mechanics or building gadgets. Then it's a must.
is this the one that just got patched?
Can never be patched... Keep dreaming
@@YourTVUnplugged from what i understand nintendo just tried to ""detect"" when you use it lol
Hackerland is my dreamland
Lmao the nvdia shield may as well be a switch, I wonder if one could get some sort of emulator running on it or be able to run switch software on it since they both use the tegra
LLE would be harder to emulate due to hardware emulation.
If I remember correctly, it was actually patched in last update, Wich means an "impossible patch" was issued... Nice
i think? there "patch" was to try detect when you did it and then reset the system
Classic buffer overflow. Should have written in Rust!
I too wish we could write copper & gold in Rust.
I don't get why they couldn't just read the code directly off of the ROM with a chip reader..? (and had to resort to a glitching attack)
If it is truly the root of trust, it can't very well verify a "safe" environment when it starts up (by say, performing a challenge response with another chip over some data lines)
the boot ROM is physically inside the CPU. It's on the same bit of silicon in fact. It also has a "kill switch" that when triggered disconnects it. Rebooting will re-connect it. The problem is that it is the FIRST thing the CPU loads code from and this code, once it figures out what to run next, as a final action before moving on, hits the kill switch.
There is no physical access. The ONLY way to get at it is with code running on the CPU and the ONLY way to get code running on the CPU is to use the boot rom to load it in. hence the need for glitching.
@@ValdemarCamilo Ah, that wasn't quite clear from the diagram. Yes, that's definitely a problem, then :p
Like many things, yeah the data is physically there in the device, but it's basically impossible to actually read it.
@@JamEngulfer Ya, if it's inside the SoC you'd need microprobes or similar if the glitch techniques failed, and considering the complexity of the internals this is rather unlikely to work. You'd need to decap and lap some chips (at a high cost each time!) to even know _where_ to probe, let alone actually doing it successfully!
(just a case of confusion over how it was described)
Technically, if this is true mask ROM instead of PROM, you could try grabbing images with an electron microscope and maybe decode the ROM cells with software. I think I saw a video of a talk where someone did just that, but with a very large feature size chip and an optical microscope.
There is also a technique of using a FIB machine to dig a trench though the backside of the die (since FCBGA mount this is the top of the chip as it sits on the board). Both of these are of course in the realm of brute force and throwing money at the problem, but cool nevertheless.
Could you please do another video about the fix? New says that Nintendo fixed the issue with a system upgrade. And I dont quite understand how a bug at this level could ever be fixed by system update.
they tried to "detect" when you boot with RCM mode and then just reset if detected..
basically
I duno about piracy being the big fear. While a real fear, I hear that cheating is an even bigger concern. Especially in online multiplayer where the players are the content. And cheaters make for bad experiences.
I can assure you Nintendi could give 2 shits about cheaters, their concern is money, money money money MONEY.
+FuturePants What is wrong with you anyway? Of course they wanna make money. It's callee freedo... err, I mean capitalism
Henrik Andersson they dont care bout the experience.
@randomguy8196 more accurately, they care a lot about cheating. However, they design most of their games as "offline first" aka meant to be played offline with online functionality added later as an afterthought. They approached Splatoon 2 like PvP Pokemon battles, where consoles are brought together for short range wireless play, which is why save data is stored locally. Since their game engine is hard coded to save locally, they can no longer fix it to add remote storage. Which is why Splatoon 2 is not allowed to backup on cloud: people would do save scumming.
@@Burger_pants they are actually not that bad, they go as far as to say "please don't waste money on our DLC" when advertising their DLC.
Their main problem is they are traditionalist, which is both a good and a bad thing. They are "honourable" to the end and you can expect to get a product that is exactly what they advertise, but they are also stubbornly trapped in old schools of thought and refuse to keep up with trends.
Shofel2/F-G?
Smashing the stack lmao. Anyone remember the Smash Stack exploit on the Wii?
Smashing the stack is common bug
@@LiEnby but now because games have updates the updates well do it
@@NatetheNintendofan doesn't matter, if you can find an old 1.0 disc version and load it without internet it would still work
Glitch the Switch!