back to article I got 99 secure devices but a Nintendo Switch ain't one: If you're using Nvidia's Tegra boot ROM I feel bad for you, son

Security researcher Kate Temkin has released proof-of-concept code dubbed Fusée Gelée that exploits a bug in Nvidia's Tegra chipsets to run custom code on locked-down devices. Temkin, who participates in the Nintendo Switch hacking project ReSwitched, has developed a cold-boot hack for the games console that takes advantage of …

  1. oldtaku
    Happy

    Pwned? This is great!

    Nintendo might by pwned here, but if this lets us boot custom firmware and Nintendo can't block it that's a big win for users. Or the few who even know what that means. It's why I still have my bigass launch PS3 instead of one of those cute tiny later versions.

  2. Anonymous Coward
    Anonymous Coward

    Re: Pwned? This is great!

    Nintendo Switch users about to get free games.

    TFTFY.

  3. ds6

    Re: Pwned? This is great!

    > Nintendo Switch users about to get free games.

    The Switch has some known and probably unknown anti-piracy measures for its games that will need to be defeated before that, not to mention the custom firmware she is working on needs to be able to successfully launch and maintain [pirated] games... Responsible hackers and users won't bother implementing or using such features, and though it will probably be done eventually, for the time I hope that is the case here.

  4. Oh Homer Silver badge
    Mushroom

    Re: "free games"

    No, it's about principles, not freeloading.

    The principle in question being the right to full and unrestricted access to your own legally purchased property, now and forever, without it ever being arbitrarily "expired" by the manufacturer.

    The fact that manufacturers even have the ability to deny you access to your own legally purchased property, using the pretext of ethereal "intellectual property" precedence, is a violation of real property rights and an affront to the entire concept of property ownership. It essentially transforms all transfer of legal title under the law, otherwise known as the sale of goods, into a sort of quasi-rental Ponzi scheme, in which you pay full price for supposed "ownership", but without ever really getting to own that which you paid for.

    If these "IP" fanatics want to lease their toys to us, then the transaction should be clearly identified as a lease, not a sale, and the price should be drastically reduced to more accurately reflect the transient nature of the customer's access.

    As it stands, we get to buy the house but have no access to the kitchen, which remains owned by Burger King and from which we must buy our meals on a daily basis. Until they decide to stop, shut up shop but retain ownership of an empty kitchen, for reasons of market speculation, at which point we have no choice but to abandon the house we supposedly "own" and buy another.

    Sorry, but that's just a racket and should be a criminal offence. Sadly, however, that seems to be the main purpose of "IP" in the modern age, as a weapon to undermine real property rights, forcing consumers to abandon perfectly serviceable real property and re-purchase it over and over again, for no legitimate reason.

    If having full and unrestricted access to their legally purchased property means that some people abuse that right to cause harm, then so be it, that's not my responsibility, but I'll be damned if I'm going to be treated like a criminal just because other people break the law.

    Frankly, I have about the same respect for these "IP" fanatics' property rights as they have for mine, which is clearly none.

  5. ds6

    Re: "free games"

    While I agree with you that users should be allowed more freedom with the hardware they own, you can't have "real" property rights for something you don't own and control.

    For your house analogy, you willingly bought a part of the house that was not owned by Burger King; while on a base level that is applicable to the kinds of situations you are in when purchasing a locked-down piece of hardware with a software store, it is not representative of the legal side of things when applied to the software it runs, and I feel it is a dishonest and distracting comparison.

    "Real property rights" imply you have access to and ownership over the property. A digital game that can be copied infinitely, therefor, cannot be subject to the same terms from a rational point of view. In worst case scenario if IP rights didn't exist and a company has an exploitable license or none at all, judges could potentially rule in favor of the end-user if they were to buy a copy of a game and resell their own copies. Doea that seem right? Not reselling your legally purchased game disc, but infinitely distributable digital copies?

    Intellectual property rights exist because of that possibility, to protect the company distributing its easily duplicatable software. And even if IP didn't exist, it is usually described clearly in the legal terms that you agree to before sale of games or other software that you are not buying any rights or property ownership of the game, its content, or its copyright: you are buying a license granting you access to use and play the game, which is still owned in full by the company. That is what is meaned when you click "Buy" and what the company means when they say they are "selling" to you.

    If you really want to live in a world where once you distribute your cool creation digitally you are not legally protected and people can do whatever they want with it even against your wills or licensing, keep me far away from it. I would be the first person to license my software under BSD 3-clause, but I would also ge the first to defend the declared and desired rights of others, because not everyone wants to give their hard work away for free or wants others to claim it.

    Aside, I feel you are a bit fanatical in your presentation, to have the gall to call people that believe in IP laws fanatics!

  6. Anonymous Coward
    Anonymous Coward

    Re: Pwned? This is great!

    Nintendo made the error of using a 3yr old budget tablet chipset for the base of their new console.

    This might unlock switch games to run on cheapo tegra based tablets...

  7. Anonymous Coward
    Anonymous Coward

    Re: Pwned? This is great!

    Tegra powered cheapo tablets are about to get switch games...

  8. Dan 55 Silver badge

    Re: Pwned? This is great!

    The game cartridges use some kind of challenge-response protocol so it may not be as easy as "free games for everyone! Lulz!"

    Nintendo also rolled out an update that completely redid the protection on the console so this might be their answer to that.

  9. Dave 126 Silver badge

    Re: Pwned? This is great!

    > Sorry, but that's just a racket and should be a criminal offence.

    I dunno, my friend knowingly bought a Ninetendo Switch for the sole purpose of playing a handful of 1st party Nintendo games, starting with Zelda and then probably Mario and Mario Kart. He's very happy with his informed choice.

    Undermining a console's defences to run emulators and such, well, that's what his his PS2 and and PSP are for.

  10. Mike_G

    Re: Pwned? This is great!

    You do realise that BBB (Big Blue Box) have dumped several ROMs as they have all the Master Keys upto 4 I beleive it is.

  11. Anonymous Coward
    Anonymous Coward

    Re: Pwned? This is great!

    "The Switch has some known and probably unknown anti-piracy measures for its games that will need to be defeated before that, not to mention the custom firmware she is working on needs to be able to successfully launch and maintain [pirated] games..."

    Sure. So about another 2 weeks.

    "Responsible hackers and users won't bother implementing or using such features,"

    Of course they wont. Lol.

  12. Anonymous Coward
    Anonymous Coward

    Re: "free games"

    "No, it's about principles, not freeloading."

    It is about free games for the vast majority of people. I might actually buy a Switch if the games are free. After all there is little other reason to by the crappiest of the latest generation of consoles.

  13. Michael Habel Silver badge

    Re: Launch PS3s

    Unless you have the "A" or "B" Model Phats... (e.g. The Ones which came with the PS2's Emotion Engine [Hardware Chip]). I would have recomended the middle of the road Slim Models from ~ca. 2009. As these consumed a lot less power. And while we're on the topic of hacking. Are also capable of playing some PS2 Games via an undisclosed Software Emulator which S0NY provided. (Probably for use with the PS2 Classics HD Remaster Series), They can also play pretty much any, and all PSP Games as well.

    As for Team Xecuter... Well there's a Team I haven't heard from since the days of the old XBOX. I'm kinda surprised to hear that they are still 'round.

  14. Michael Habel Silver badge

    Re: Pwned? This is great!

    Nintendo Switch users about to get free games.

    Does it even have any Games, besides Breath of the Wild anyway?

  15. Dave 126 Silver badge

    Re: Pwned? This is great!

    Breath of the Wild is the reason my mate bought a Switch. Mario and Mario Kart are just a vague bonus to be considered down the line.

    Otherwise his PS4 dies the job nicely.

  16. Michael Habel Silver badge

    Re: Pwned? This is great!

    Undermining a console's defences to run emulators and such, well, that's what his his PS2 and and PSP are for.

    Your Friend sould probably get a PS Vita FW >3.60 instead now. it blows the roof of the PSP. Though you will still need One of those wretched bespoke Memory Cards to get yourself setup. Thankfully now we have MicroSD2PSV Adapters now. To deal with all of that.

  17. Michael Habel Silver badge

    Re: Pwned? This is great!

    And, even the PS4 has been hacked to run Games now. if that was something you'd be interested in.

  18. MJB7

    Re: "principles, not freeloading"

    Can you please not talk about "real property rights". Pretty please?

    The problem is that "real property" is a legal term (it means land and buildings, as opposed to personalty or "personal property" - like clothes or consoles). "actual property rights" or "genuine property rights" would be fine.

    (As an aside, I think you overstate your case. If the transaction was changed to "leasing", I predict that the price the market would bear would be almost completely unchanged.)

  19. Andy 73

    Re: "free games"

    When you buy stuff, you don't magically have universal 'property rights' to do with it what you will - and certainly don't have moral rights. People claiming that this is a 'win' against the cruel corporations really need to gain a little perspective. Your only right in that respect is to chose not to buy something if it does not suit your needs.

    On the other hand, it sounds like a smart little hack. The Switch is a lovely bit of hardware and being able to run arbitrary code on it is neat. It's just a shame that the zealots will go from there to distributing games for free because apparently they believe that too is their 'right'.

  20. Anonymous Coward
    Anonymous Coward

    Re: Pwned? This is great!

    "And, even the PS4 has been hacked to run Games now"

    Didn't it always run games? As a "games console" it would seem to be of bit of a fail if it didn't.

  21. Anonymous Coward
    Anonymous Coward

    Re: Pwned? This is great!

    There is nothing worth playing that isn't first party. Even then Nintendo get a free pass. Everyone raved about Zelda despite it looking like and playing like crap, and basically a poor mans Horizon Zero Dawn.

  22. Steve the Cynic Silver badge

    Re: "free games"

    It is about free games for the vast majority of people. I might actually buy a Switch if the games are free. After all there is little other reason to by the crappiest of the latest generation of consoles.

    Yeah, I overheard a staffer in a shop lying to a customer, saying the Switch replaced the Wii U...

    No, it didn't. There isn't a Switch equivalent of Wii Fit U (or any other version of Wii Fit for that matter) and it won't run the Wii / Wii U versions, so it can't replace my Wii U. (I only really have it for Wii Fit, thanks, otherwise I'd have bought something else or nothing at all. The late Mrs Cynic thought it was a good idea, and I didn't disagree, so that's what we bought.)

  23. BinkyTheMagicPaperclip Silver badge

    Re: Pwned? This is great!

    It's possible that some games are better on other platforms, but that's a long way from 'nothing worth playing'. If the 'better platform' is a PC, that has associated maintenance and lack of portability, two advantages the Switch wins on.

  24. Dan 55 Silver badge

    Re: Pwned? This is great!

    You do realise that BBB (Big Blue Box) have dumped several ROMs as they have all the Master Keys upto 4 I beleive it is.

    You still can't play them.

    And version 5 of the system software has come out so newer games will force an update to version 5 and you're back to square one.

  25. Colabroad

    Re: Switch replaced WiiU

    The Switch did replace the Wii U as Nintendo's "Flagship" console, to the point where new Wii Us are getting hard to find.

    It's like the new iPhones replacing the old ones, even though they don't have a headphone jack. Or the XBone replacing the Xbox 360, even though it wasn't originally backwards compatible. Or the N64 replacing the SNES even though it couldn't use the Powerglove.

  26. Steve the Cynic Silver badge

    Re: Switch replaced WiiU

    The Switch did replace the Wii U as Nintendo's "Flagship" console, to the point where new Wii Us are getting hard to find.

    For sure, but it isn't a *functionality* replacement. Fussy argument about what we mean by "replace", I guess. Either way, I can't replace my Wii U with a Switch because the thing I use it for isn't available on Switch.

  27. Gene Cash Silver badge

    Re: "principles, not freeloading"

    > If the transaction was changed to "leasing"

    Then it would be a f*ckload more honest and forthright, which you can respect.

  28. Oh Homer Silver badge
    Headmaster

    Re: "free games"

    But that's exactly my point. I'm not denying that part of the transaction includes something that is merely licensed rather than sold, I'm explicitly stating that the injection of this leased component into the main article that is being sold is undermining it. It's real property with an "IP" trojan horse designed to essentially destroy it, forcing you to buy another at the manufacturer's whim (planned obsolescence).

    The libertarian mentality that this is a "voluntary contract" disingenuously belies the fact that all such products have the same egregious terms, thanks to our universal "IP" regime, and thus the only "voluntary" option you have is, in essence, slavery or death, since you must either resign yourself to being bound by oppressive terms from all quarters, or not play at all. This is why I really don't believe it's an overstatement to characterise this "IP" interference in real property as a racket.

    None of the typical excuses made by "IP" apologists stand up to any scrutiny. The ease with which something can be done is neither a legal nor moral argument. It's not even a sound economic argument, given that multiple vendors happily coexist selling functionally identical physical products in every other market, including real estate.

    I'm merely pointing out that the current "IP" regime is an assault on consumer rights, that it hypocritically defends its own fake "property" rights (as in "property" which is purely ethereal, largely plagiarised, and consequently to which their title under the law has been mandated to expire after a given term, clearly defining it as a privileged issued purely for pragmatic reasons, unlike inalienable real property rights), whilst simultaneously riding roughshod over everyone else's real property rights.

    Sorry, but I really don't believe that complaining about such a blatant racket qualifies as fanaticism.

  29. Anonymous Coward
    Anonymous Coward

    Re: Pwned? This is great!

    The ps4 always ran ps4 games. Now a hacked ps4 will happily run repackaged ps2 games, and pretty much all the older generation console's with emulators games too, since the homebrew scene has been busy porting them to it.

    Honorable mention to the ps3, which has also been heavily cracked and modified cfw's to cover a lot more models, so you don't need a original phat now to play with them.

    For me console's come of age when I can hook up a external drive, put all the games I own on that, and play them without having to get up to swap discs.

  30. Anonymous Coward
    Anonymous Coward

    Re: "free games"

    > When you buy stuff, you don't magically have universal 'property rights' to do with it what you will ...

    Bullshit. I bought it, I own it. I'll do with it whatever the hell I want. Including taking it apart down do the component atoms if I feel like it (and have the right tools/capabilities).

    And even... repair it when needed if I decide to.

  31. EveryTime Silver badge

    Re: Pwned? This is great!

    The Tegra is hardly a "budget" chip. It was one of the most expensive mobile SoCs available, due to its highly capable GPU.

    It was largely rejected by tablet makers because it cost 3x or 4x a MediaTek SoC. From their perspective, any chip that could decode full motion video (generally a hard-wired functional unit) was good enough. Consumers buy on the quality of the screen, and a bit on the overall feel and physical construction. They bitch later in reviews if the touch screen is crap. They aren't very particular about GPU speed unless they are gaming.

  32. TheVogon Silver badge

    Re: Pwned? This is great!

    "And version 5 of the system software has come out so newer games will force an update to version 5 and you're back to square one."

    Once you own the hardware you can just disable any checks and patch each new software version to do whatever you want.

  33. ds6

    Re: "free games"

    Don't get me wrong, I'd love it if every game console came with the source code to all of it's software and all the games you purchased included the source code, but how would that at all be beneficial to the company at the end of the day? Look at what happened to the fidget cube, the original designers sent blueprints to manufacturers to assemble the product, but they ended up getting distributed and the designers lost out on a huge market capitalization when clones of their product were put up for sale before theirs even was!

    If companies are not to protect their investment, how will that work out? Digital media is much easier to plagarize than physical hardware; where that hardware takes factories and production lines to exist, software only takes a compiler and some know-how. It is much more persistant, as well; while hardware will eventually decay and rot away, bit rot is a very slow process that can be easily mitigated for cheap. This isn't the 80's where you can sell floppies to companies and the chances of that data being copied, modified, or resold was slim to none, at least to the level of quality that the specialized vendor was able to supply.

    If IP is not the answer, what should be done? Should companies be forced to support obsilescent products at risk of fine? Should companies be liable if they stop releasing digital content for their hardware platform before a specific date? Should hardware vendors be forced to open their source code and blueprints to the public? What is the alternative to software intellectual property in a hardware system that does not impact the profits of the company, and does not allow immediate and unrestricted plagarism of that product?

    For the record, I upvoted that post. It was much clearer than your first.

  34. handleoclast Silver badge
    Coat

    An Nvidious flaw

  35. Anonymous Coward
    Anonymous Coward

    Re: An Nvidious flaw

    Unsure whether to chip in with a pun myself.

  36. Anonymous Coward
    Anonymous Coward

    Re: An Nvidious flaw

    In a tragic accident this Thursday, Nvidia, unable to process their monumental failure, committed suicide by jumping into a vat of bubbling solder.

  37. Lee D Silver badge

    Re: An Nvidious flaw

    I feel that, after a certain amount of time on the market, no anti-piracy measure is of any use. It's there to protect first-day, really, isn't it?

    The Wii didn't really suffer from pirateable games, did it? And some devices there was probably no copy protection at all and yet they survived just as well - everything from the NES/Gameboy, I should imagine.

    Though I get why they have to TRY to put it on, they know just as well as we do that it's ultimately just a hindrance. So they have to look like they're trying, limit the obvious, make it clear that there are "hacked" and "unhacked" devices and that it's not easy for one to change from one to the other (granny isn't going to do it, is she?). At that point, the people who WANT a hacked device - you're not really going to stop them, are you? They'll happily unsolder every ROM and replace it with a custom one if they want, and then sell them to others who want that kind of device.

    I can't imagine it hits their sales that much - such people would rather spend £200 on the hack than £50 on a game anyway.

    I think, like Steam, Nintendo get the balance right. I can't ever remember being hindered by their copy protection or usage polices (e.g. "you can use your account on one machine at a time", etc.). They put in enough that I'd think "Bah, not worth messing with", even as a tinkerer, but not enough that I'm swearing at the machine to just play my game.

    A lot of other places get it a lot more wrong.

  38. Michael Habel Silver badge

    Re: An Nvidious flaw

    Was it Pb free Solder?

  39. Dan 55 Silver badge

    Re: An Nvidious flaw

    A downlodable game is linked to a Nintendo Account, and the account is linked to 1 (one) Switch.

    Now if Nintendo are serious about wanting to sell more than one Switch per household, they need to fix this - they need to be able to set up family accounts and group accounts allow games to be downloaded by everyone in the family.

    The alternative is buying one cartridge which works with every Switch in the household.

    They also need save game backups in case the Switch dies or gets stolen but that's another problem. Since the Wii they've been terrified of game save backups due to exploits so they won't allow local save game backups, but they're too tight to make it cloudy.

  40. Lee D Silver badge

    Re: An Nvidious flaw

    I don't think that they ARE that serious about having multiple Switches in a single household. I don't think that's their plan at all.

    That's a niche market at best. How many Joy-con things can you join to one Switch anyway?

  41. J. R. Hartley Silver badge

    Genius

    Stuff like this is amazing. Credit to everyone involved.

  42. Tomislav

    Yawn

    So this dangerous exploitable hole I am going to get pwned through requires physical access? I am going back to sleep, tyvm. :)

  43. Sampler

    Re: Yawn

    No so much you get hacked, but now you as a skiddy can hack your console to do cool stuff..

  44. diodesign (Written by Reg staff) Silver badge

    Re: Yawn

    It's a neat way to run your own code on hardware you own.

    Seems pretty cool to me.

    C.

  45. ds6

    Re: Yawn

    While entirely possible to get pwned by someone with hardware access, I am entirely looking forward to playing stick figure ragdoll homebrew, putting a clock and battery HUD over my games, and using my Switch as a TV remote... Ah, wait, I'm thinking of the PSP.

  46. Sloppy Crapmonster

    Re: Yawn

    I'm looking forward to having full-scale demos on my switch, myself. Yes, I can afford to buy retail games. No, I'm not going to buy a game at retail, get 10 minutes into it, and regret making a £60 mistake.

  47. Dave 126 Silver badge

    Re: Yawn

    > So this dangerous exploitable hole I am going to get pwned through requires physical access?

    As it's a portable console that could be taken into school, it's not impossible for a kiddy to mess around with their classmate's Switch.

  48. Anonymous Coward
    Anonymous Coward

    Nintendo vs Sony

    Lets see if Nintendo now takes legal action against her.

    If this was Sony, they would. For example, when geohot cracked the PS3 and let people know how it was done so they could build on it.

    Hopefully Nintendo aren't as stupid.

  49. Sampler

    Re: Nintendo vs Sony

    Same Nintendo that sent let's play youtube videos dmca takedown notices?

  50. Michael Habel Silver badge

    Re: Nintendo vs Sony

    Was that Geohot? I thoght his task was to re-implement the 'Other OS' Function, that got striped out, Because he managed to slowly work out how to address the RSX Chip from the userspace.

    Where as Team 0verFl0w were the ones who discoverd the bug in S0NYs code that bascily made the RNG, well slightly less random. And, in point of fact, were able to fully extract S0NYs supper secret Private Key (FW 3.55), That way. And the rest as they say was History.*

    *Though I understand it most of this actually came via the PSP, and not so much the PS3 itself. in as far as they both shared much of the same underlining Kernel.

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2018