Login

Switch Kernel exploit discussed at 34c3 hacking presentation

At this year's 34c3 hacking presentation, there was a panel that focused on the Switch. Turns out the key to opening up the Switch to homebrew and other backdoor programs comes from Nintendo's use of an off-the-shelf NVIDIA Tegra chip. With the backdoor the chip already provides, all that's needed to run homebrew is version 3.0 firmware and a physical copy of Pokken Tournament DX. You can see the full panel discussing the discoveries above.

Categories: Media, Consoles
Tags: switch

Comments

Nintendo needs to start pushing automatic updates and ignore user settings to defer/stop updates.

I so look forward to Nintendo Switch Online that has me pay 20 bucks just to have trolls throw infinite blue shells in Mario Kart 8 DX. </ sarcasm >

csp
Fri Dec 29 17 02:25pm
Rating: 2

"and ignore user settings to defer/stop updates."

this is anticonsumerism at its best and ehm...ILLEGAL.

once again, just give enough incentive for people to NOT hack their consoles. ie account based purchases, achievements and NOT shutting down older stores where people paid money to buy digital stuff. it's like stating "you are only buying digital games for X amount time, there is no point in wanting to buy them legally anyway.

good luck nintendo.

How is it illegal? Microsoft does it with windows and apple with their iphones. If nintendo believes that the switch have vulnerabilities and thinks that automatic updates should fix them, they would just do it. Customer feedback, though helpful, it's not a mandatory thing.

you got this all wrong, you CAN turn off automatic updates in all these devices, NOT being able to do so is illegal as hell.

The moment you click accept on that EULA any chances of it being "illegal" disappeared.

sorry but no. if that EULA contradicts basic trade rules, they are invalidated immediately.

this is why pachter said that is is "legal" to hack capcom's games in order to access the on disk DLC.

And that's why major operating systems such as iOS and Windows implement it without regulators batting an eye.
While the morality of said functions is open for debate, there is nowhere where the action of automatic updates is "illegal"

it is illegal because ALL OS have the option to turn these off. otherwise they would be looking at a class action suit.

Windows lets you delay the installation of updates, but not deactivate them.
I've seen many people angry about this but still, no lawsuits or legislators complaining about this even with MS' shoddy track record.
When the option is there is to keep consumers happy, not because legislation prohibits it.

"no lawsuits or legislators complaining about this"

if this is the case with windows 10, I suggest you wait a bit longer. Such issues will be rectified either with lawsuit or with enough pestering ESPECIALLY from people who own a physical copy of the OS because no company can force additional content on something you bought and yes that is illegal.

mariostarn
Sat Dec 30 17 11:01am
(Updated 1 time)

It's been out for two and a half years.
Once again you're making completely bogus statements with no evidence to back them up. I'm still waiting some sort of proof to back up the claim that "automatic updates are illegal" yet you haven't brought any.

Upgrade=/=Update
Microsoft pushed Windows 10 itself to its users without even giving them an option to accept the EULA agreement, replacing the product they had already purchased with another without consent.
My argument was based on the fact that Windows Update forces updates to consumers, and there's no complains about the legality of this, and it's also detailed on the licensing agreement.

Replacing an entire product with another is not the same as updating an already existing software.

still illegal no matter how you call it. you buy ONE product and the company is altering the product FORCIBLY and they call it updates like Pai saying that he is not against net neutrality but wants to make the net more competitive.

really, trade and ownership laws, please have a read.

Then bring evidence that said practices are illegal.
Mandatory updates are becoming more and more commonplace, and despite concerns from users there is nothing challenging the legality of it.
Many online games are unplayable unless you're running the latest update, and there haven't been any lawsuits about said practices despite it being commonplace for years. Now the same thing with mobile phones and operating systems.

csp
Sat Dec 30 17 12:13pm
(Updated 1 time)

because i am not a lawyer and can not point you to the exact piece of legislation, enjoy

https://www.cambridge.org/core/books/owned/BAF65AFBD48F48AA7E3319A279D7724D

It's not about whether you know legislation by heart or not.
It's about citing actual verifiable sources and not pulling facts out of thin air.

Let him say what he wants. I already tried reasoning with him and failed LoL

virtualfey
Mon Jan 01 18 04:34pm
(Updated 2 times)

Windows 10 DOES let you turn off automatic updates. They’ve hidden it away from where the main settings are but it’s still there....because it HAS TO be there by law.

Here’s how to turn them off.
http://bfy.tw/FpJT

Here’s one reference on how automatic updates (without user permission) is illegal in Canada
http://crtc.gc.ca/eng/internet/install.htm

A previously installed app offers an update, and the individual installs the update. (However, if the app installs the update in the background, without prompting or informing the user, then CASL would apply.

Now I would challenge you to show me software that automatically installs updates and does not have the ability to turn that off.

To be fair, you can very easily turn off Windows 10 updates, and I do as much just so I can better manage when to install updates (which I do on the first of every month). You only need to turn off the Windows Update service.

Sure, it's not something the average user would know about and it's not part of the Windows Settings 'app', but it's also definitely not a hack since it's an option Windows itself presents to you

Not really. With windows 10, you can't do it by conventional means. Even if you "turn them off", windows will still update for "security reasons". And where does it say that it's illegal? I would really like to know.

At the end of the day, it is still their product. Buying it will bind you by their policy terms and every change they make to the product's policy, and that includes the automatic updates, you will agree to it by just using the product. If you dont agree with that, you either return the product or stop using it.

"buying it will bind you by their policy terms and every change they make to the product's policy"

No. THIS is why jailbreaking is legal, you are allowed to do what you will with the thing you as you CLAIM OWNERSHIP of the item. You will be refused access to their services sure, but no one can stop you from hacking anything.

This doesnt explain why you think that its illegal the automatic update downloads. Sure, people have their ways to cheat that, but that also has their legal implications. When you buy a new phone, it gives you a pamphlet of everything you can and can't do with the device either for warranty and safety reasons, but also says what they can do with your device.

csp
Sat Dec 30 17 11:23am
(Updated 1 time)

read a bit about trade laws and you will see why it is illegal. M$ have been sued about windows 10 mind you.

I only ever hear about Nintendo systems being hacked, I assume ps4 and Xbox have been hacked by now?

starstabbedmoon
Fri Dec 29 17 01:56pm
Rating: 1 (Updated 1 time)

For whatever reason the hacking community has always been larger for Nintendo consoles. I think it has less to do with console security and more to do with content interest (Smash mods, Zelda mods, fan translations, music rips, etc.) as well as a general higher interest in handhelds (the Vita and PSP also got a fair bit of attention).

That said there has been hacking progress made for PS4 and Xbox One as well.

I know hacks to get rid of region locks was a big thing on Nintendo consoles for a long time since up until recently Nintendo was one of the few big names who still region locked their consoles. Now that region locks aren't a thing anymore with the Switch I suppose the biggest things people would want to use hacks for is stuff like homebrew.

MS FORTUNE said:
I suppose the biggest things people would want to use hacks for is stuff like homebrew.

With any luck homebrewers will be able to get the OTHER Doom running on the Switch soon.

csp
Fri Dec 29 17 02:26pm
Rating: 1

that's because you literally got nothing to lose when you hack a nintendo console and LOTS to gain (ie the mario kart GP games being playable on the wii)

when you hack a nintendo console and LOTS to gain
Yeah... gaining a lot of free Nintendo games! HELL YES

FREESHOP WHEN

csp
Sat Dec 30 17 11:32am
Rating: 1 (Updated 1 time)

FREESHOP WHEN

oh when nintendo decide to end its support like they are doing with the wii shop...so i presume...in a few years

seriously there is no added value NOT to hack a nintendo console and these sort of anachronism strategies will cost them a lot of money in the long gun.

and if you decide to hack your wii, you will not believe the things that console is capable of.

starstabbedmoon
Fri Dec 29 17 03:20pm
(Updated 1 time)

It's also worth mentioning that, if piracy was a primary aim of the hacking community, you'd see alot more on PlayStation and Xbox, which have been more popular and have larger libraries over the past decade (more opportunity to pirate). Instead it was the Wii U and 3DS to get the most attention before the Switch was released, suggesting the hackers are going where there's the most potential to improve functionality and content creation, not to pirate.

sui-kun
Fri Dec 29 17 02:39pm
Rating: 2

I generally assume that it's because people want to play Nintendo games, but don't want to buy a Nintendo console. A Playstation, on the other hand, is a quality console that can be taken seriously. No one minds buying a Playstation.

The other reason is that Playstation and Xbox rely heavily on internet connectivity, constantly connected to the Cloud, Xbox-live, subscription, etc. Nintendo not so much, so there is less feeling of being discovered or accidentally bricking the system.

The hacking in the article and what I was referring to is all for hardware, and thus requires the hardware at a minimum. Emulation is a separate thing and the communities for that are generally separate from the hacking community.

Lol Unbelievable. PS1 and PS2 both had shitty graphics and had loading times from hell compared to N64 and GC. When I first heard Playstation when it came out around 95, it was the lamest sounding name ever. You have a station you play at, a Play-station. LOL Sorry, it still cracks me up to this day. Quality and serious does not equate PS and never will.

shadowbuster
Sat Dec 30 17 09:11am
(Updated 1 time)

Fanboy alert here ^.

These "lamest sounding name ever" systems buried Nintendo and Sega sales wise. And if theres a name that was the lamest of them all (and still didn't affected its sales) was the Wii...

What can I say....PS pandered to the insecurities of little boys wanting to be cool big boys. Evidently here's another ^.

Man, you say the funniest things when you lose an argument 😂 better luck next time

We shall see. Sony has too much time and too little substance. No luck required.

I only ever hear about Nintendo systems being hacked, I assume ps4 and Xbox have been hacked by now?

I don't own a Xbox One so I don't follow any news about it, but I believe the PS4 just recently got hacked, though you need an older firmware for it from like a year ago.

Relax people, nothing was released for the latest firmware.
Additionally, people on the vulnerable firmware 3.0.0, can't go online.

This won't be a repeat of the 3ds, Switch security is actually really good.

This.

The exploit discussed was patched in 3.0.1 in July.

Since most consumers are unaware of all this, all but a very tiny minority will have remained on version 3.0.0.

It was actually good for Nintendo that this exploit was found and published so soon in the consoles life.

stealth
Fri Dec 29 17 02:52pm
Rating: 1

They are pieces of garbage is what they are.

virtualfey
Fri Dec 29 17 03:02pm
(Updated 1 time)

You have no idea clearly.

No need to get abusive if you’re intimidated by smarter people being able to take hardware apart and investigate the internals and find what make sure them tick.

I see how this is interesting but I don't see how it's ethical.

How is it unethical?

Go ahead. I'm listening.

virtualfey
Fri Dec 29 17 03:06pm
(Updated 1 time)

I asked you.

Personally I don’t think ethics comes into play here at all. They took apart some hardware, found what makes it tick, found an exploit to get more control of said hardware.

Ethics doesn’t come into play.

Well, I was talking more about how this information was freely shared.

I had a big comment written but my browser crashed....

Summary: Switch is secure. Don’t expect piracy.

I'm not really worried, I was just musing. I can't say I'm passionate one way or the other on this subject.

The in-depth stuff about the hardware was interesting to me.

I work with things like secure boot and cryptography so it was interesting.

Although Homebrew is a really interesting development, the fact that there are a total of 5 people who care about it for something other than piracy/cheating is the reason why I really hope it isn't fully realized until the end of a system's lifespan.

Every time this happens everyone comes to hackers defense and state that it's just for homebrew and not piracy and yet, as someone who has hacked their Wii U and 3DS and I can assure you that the community that want to create homebrew is only about 1/19th the size that just want to pirate. Piracy is the sole reason this is done, there is no other way to cut it, and the reason it's not as prevalent on Playstations consoles or Xbox consoles is because most of the games released on those consoles are third party and end up with PC ports which are five times easier to pirate.

Piracy isn’t the reason, it’s a byproduct. One that the majority of exploit users will use sure but it’s not “the sole reason”.

I agree. I also believe that (most of) the hackers who find these exploits are not ones who want to have piracy. It's just that other people come around and use these hackers' findings to create software that allows people to pirate. And then when that has been released, a flux of users only interested in piracy but don't really know how to hack come around and use the step-by-step guides to get free games...

Its the user's decision to use homebrews for piracy. Its like the pistol's dilema. Sure, guns can "kill people", but only if the person uses them for that purpose. The hackers make these tools to show that the system has vulnerabilities, but its the people who uses those tools to get pirated games.

Terrible analogy, as the gun was invented for one main purpose; to be used in battle to kill people.

Still, it's the user's decision to use it that way... You can hurt or scare someone with a gun without killing, or just use it for display in some collection. You know it exists, you know its "real" purpose, yet, you won't (hopefully) use a gun for killing.

...why make the tools though? If you know people are gonna abuse them, why make them? It's not like there's a thriving massive homebrew scene. The people who hack the systems are just hacking them to help get piracy on them. :l

There's no defense to this.

You know what ethical hacking is? Its basically creating these hacking tools and using them against a hired company to see how technologically vulnerable it is. If these hackers were really intending to hurt Nintendo's systems and publicly telling it to the world, they would be in jail ages ago, because that is criminal hacking. Obviously, they are not hired by Nintendo, but publicly exposing the Switch's weaknesses makes Nintendo rethink how are they gonna pump their security for the switch and its future systems, and that is a good thing.

Then why release the info to the public? Why make detailed guides on how to use the exploits?

Only they truly know. Most of these conferences are mostly to show off their hacking skills and gain some reputation, and also to make us see how screwed up we are if we dont take measures on our cyber life.

They do it for the challenge of taking apart a system. It’s a hobby to them.

ngamer01
Wed Jan 03 18 10:30pm
Rating: 1 (Updated 2 times)

There's an update on this, but no hard facts yet.

I've heard Nvidia left a backdoor to their chips that hackers have found. But not only that, but thanks to the processor hacks that have been discovered that AFFECT ALL KNOWN PROCESSORS (Intel, AMD, etc.), the Switch is now blown wide open that NINTENDO CANNOT PATCH. Hardware flaws have doomed the Switch now.

Oh sure everybody will buy Switch now, but only to pirate games. That's what gave Wii 100 million units sold, but at the cost of any and all official support ceasing after four years. Switch is now on the road of just being a fad now... Expect all official support to dry up by 2020 thanks to "homebrewers".

So yay. I get to pay Nintendo 20 bucks just now only to be stuck playing with online friends since playing with randoms will be now impossible due to the coming cheating that will plague all online games on Switch.

Want to join this discussion?

You should like, totally log in or sign up!