1. Vena

    Vena
    Community Resettler Member OP

    As many know, nVidia had an "oopise" with 10-years worth of SoCs which suffered from an unpatchable, critical bootloader flaw that allowed arbitrary code to be run in recovery mode (RCM) at boot, forfeiting any security on the system. This flaw affected the entire Tegra line and its predecessors going back 10 years. (As many have failed to properly delineate, RCM is not the actual flaw. It is just a standard recovery mode for fixing broken Switches.)

    This flaw was found in the Switch by fail0veflow and reported last year. This flaw led to a boom in homebrew progress and development, but of course this allowed for malware piracy groups to create and market piracy mod-chips to load payloads at boot in RCM and hjack the system. And roughly 18million switches are vulnerable to that flaw. (This has resulted in large ban waves for pirates, some bricked switches from stupid people bridging the wrong pins and frying their motherboards, to DRMed piracy dongles with stolen community code and brickcode in them... because why not? To all sorts of other nonsense and bullshit, such as hacking. And of course, a lot of emulator work and good old-fashioned homebrew.)

    To the surprise of no one, Nintendo (and nVidia) have rolled out an updated hardware that is fixed from this arbitrary write-flaw through a system known as iPatches. These are fuses with specific bits of code that fix flaws in the boot processes and other hardware level operations. These cannot be applied after leaving the factory (as the fuse allowing them to be written or edited is blown).

    [​IMG]

    What does this mean?

    Well it means that the bootflaw is no longer a viable path and so now it becomes a question of software exploits in the kernel/system and updating once again starts to close exploits. (So if you bought that dongle, its useless if you run out of old Switches.) Now you have to face Nintendo's rather secure kernel but because these units were actually made some time ago they still (some) come with 4.0.1 which still has a software flaw, known at Deja Vu in the community (again, thanks to nVidia… because why stop at a hardware flaw when your entire GPU driver stack can be compromised). This flaw was largely patched as of 5.0.0 and is being held for the eventual Mariko Switch (which isn't out yet, and this change isn't said revision). It is unlikely that this flaw will be released until Mariko or until a firmware patch completely closes it as it is our only path currently known into reaching TrustZone and bypassing Nintendo's rather tight security.

    This iPatch fix likely occurred many months ago but we're only now seeing it at retail. Because it ships with 4.0.1 and not 5.x, you can date the time of manufacture to very early this year, so Nintendo was on top of the flaw after its submission by f0f.

    Long Story Short: If you want a homebrew-able Switch, buy one now and do not update to 5.x.

    If you send in for repair, you'll get a replaced SoC.
     
  2. Cess007

    Cess007
    Member

    Anyway to know from the box if i'm buying an old model or a new one?
     
  3. Vena

    Vena
    Community Resettler Member OP

    No one has started drawing up a table of serial numbers, so... no, not at the moment.
     
  4. When did these come out?
     
  5. It’s pretty gross that it got so far. Hopefully this stops the rampant piracy that could’ve resulted.
    What a screw up from Nvidia hoping for Switch to be the start of a 20 year partnership
     
  6. rzmunch

    rzmunch
    Member

    10 years ago? Did they realise the mistake only some years ago?? Why not release the switch with the harware fixed?
     
  7. Also - at the moment pretty much every used switch regardless of firmware is exploitable - so if you're looking for one, look for a used one ASAP.
     
  8. The flaw itself wasn’t fully explored until it came into a consumer product that had the most user benefit from it. Which is probably how it slipped out of sight from nVidia until recently.
     
  9. Bowl0l

    Bowl0l
    Member

    The blame cannot fall 100% to Nvidia. Nintendo bought a vanilla Tegra with a 10 year old flaw. Blame the willing buyer.
     
  10. rob305

    rob305
    Member

    Because the exploit wasnt discovered until after the switch came out, it just says the vulnerability affects all tegra chips 10 years back
     
  11. rzmunch

    rzmunch
    Member

    That's logical. Thanks!
     
  12. 36 Chambers

    36 Chambers
    Banned Member

    Fuck. I'm gonna have to buy one sooner. Not interested if there's no homebrew
     
  13. A flaw both companies were essentially unaware of until release. It wasn’t known for 10 years, it just affects products as old as 10 years.
     
  14. Vena

    Vena
    Community Resettler Member OP

    It is 100% nVidia. Even a custom chip would have likely carried this flaw if based on Tegra.
     
  15. Darkpyro2

    Darkpyro2
    Member

    Wow. Glad I bought my Switch early. All nice and hacked, and running backups of my SNES and GBA collection.

    Edit:

    EVERY piece of hardware and software on the market has some sort of vulnerability SOMEWHERE, and if people are dedicated enough, they'll find it. There is no such thing as an unbreachable system, and this flaw went unexploited for 10 years. NVIDIA didn't do anything wrong, any more than Intel did with the Spectre bug.
     
  16. night814

    night814
    Member

    Glad this was finally confirmed, very happy it didn't take long for Nintendo to course correct.
     
  17. I mean I would argue that the wrongness of that example is immense.
     
  18. pld

    pld
    Member

  19. Border

    Border
    Member

    If you have an older model Switch, can this security flaw be fixed or are they pretty much all still exploitable?
     
  20. Hardware based, all they can do is keep banning the people bold enough to go online with a hacked switch. And catch any of the ones dumb enough to update their firmware.
     
  21. Border

    Border
    Member

    So firmware updates don't fix the flaw, they just make you more likely to get caught?
     
  22. Idolvo

    Idolvo
    Member

    Nope. They need to fix it in the bootrom so your current device is exploitable.

    Good to see Nintendo/Nvidea fixed this in newer Switches.
     
  23. linkboy

    linkboy
    Member

    Those will always be exploitable.
     
  24. Vena

    Vena
    Community Resettler Member OP

    Unless you send it in for repair.
     
  25. jkm23

    jkm23
    Member

    Its all about piracy bc home brew isn't a thing.

    (I'm not @'ing you specifically, just the first post of its ilk that I wanted to single out)
     
  26. I'm particularly interested in the fact that this quiet revision to the current hardware is not the rumored Mariko model. This discovery alone already makes it more convincing that Mariko could be a worthwhile upgrade.
     
  27. UltraMagnus

    UltraMagnus
    Member

    That is interesting. So Mariko is probably still coming later.
     
  28. Mr Swine

    Mr Swine
    Member

    Maybe Nintendo will announce it this fall perhaps?
     
  29. RobotVM

    RobotVM
    Member

    My guess is they will wait to announce any upgrade until PY 2019. They won't want to kill the sales momentum going into the holidays. If they would announce an upgrade they would have to drop the current hardware price.
     
  30. Jahranimo

    Jahranimo
    Community Resettler Member

    Furukawa's influence is already making waves at Nintendo.

    This should be better with preventing less online shenanigans as we go on for now.
     
  31. Leafiona

    Leafiona
    Member

    I wish the modding scene the best of luck in getting through this hurdle. As somebody unfamiliar with how any of this works, how likely is it that that within a couple of years the Switch will be just as free as 3DS and Wii U are today?
     
  32. Atheerios

    Atheerios
    Member

    It already is... The Switch has been fully hacked.
     
  33. So can I just use my flawed day one Switch for now, keep updating the OS, and then one day have it be my hacked Switch after a Switch 2/Pro/XL comes out?

    Or do you need both the hardware flaw and a 4.x OS to have a device worth hacking?
     
  34. Vena

    Vena
    Community Resettler Member OP

    Not anymore, I think he means for anything you buy.
     
  35. sora bora

    sora bora
    Member

  36. Leafiona

    Leafiona
    Member

    Seriously? Full homebrew, modding games, and piracy? Is online safe to use on these hacked Switches?
     
  37. Vena

    Vena
    Community Resettler Member OP

    No. Massive ban waves have swept it up.
     
  38. Atheerios

    Atheerios
    Member

    Yes. Homebrew. Game patches. Piracy is as easy as it was on 3DS (people can download games they don't own directly from Nintendo servers). Cheating.

    However, Nintendo is banning people who play pirate games or use modded games. Using CFW only is safe for now.
     
  39. Barrel Cannon

    Barrel Cannon
    Member

    Shame, I do envision the switch as being the perfect homebrew handheld due to it's ability to play so many cutting edge titles in addition to the homebrew aspects and emulation aspects of so many prior gens. But then again the inevitable rampant piracy would be a pain in the ass for Nintendo so I understand their change.
     
  40. Leafiona

    Leafiona
    Member

    Ah, that's a shame. :( For online cheaters I have no sympathy but people ought to be able to modify their toys however they like.
     
  41. Joey Ravn

    Joey Ravn
    Member

    Day-1 Switch owner here.

    Feeling pretty chill with my unit.
     
  42. Vena

    Vena
    Community Resettler Member OP

    Downloading from the CDN results in a blacklist eventually, so no. It's not like the 3DS.
     
  43. Hardvlade

    Hardvlade
    Member

    Seriously? Full homebrew, modding games, and piracy?
    1. Yes

    Is online safe to use on these hacked Switches?
    2. No
     
  44. sir_crocodile

    sir_crocodile
    Member

    What does this have to do with him?
     
  45. Kokonoe

    Kokonoe
    Member

    It's still early, but yes. People have even been able to get Dolphin emulator to work on it with low FPS but playable. Near 30 FPS for a lot of games.
     
  46. Atheerios

    Atheerios
    Member

    I'm not referring to using your own cert so no risks :)
    It may change on the future but for now it's like the 3DS. In the future anything can change.

    (apart from the normal ban for using games you don't own of course)
     
  47. Vena

    Vena
    Community Resettler Member OP

    CDN downloading requires a cert, it doesn't matter who's it is. It gets blacklisted and eventually you run out of real certs to pass dauth.

    Poking the CDN is stupid on this system.
     
  48. -shadow-

    -shadow-
    Member

    Well there's your revision guys!
     
  49. Leafiona

    Leafiona
    Member

    I see. Thank you all for the clarifications.
     
  50. Atheerios

    Atheerios
    Member

    For now all requests to the atum server are accepted. This is extremely poor design as both system modules/applets and eShop content share the Atum server.

    Will it change on the future? Maybe. For now it's no diferrent than 3DS in the end.