In 2018, a hardware exploit allowed people to jailbreak the Nintendo Switch and play any game that they wanted to without having to purchase it. However, the satisfaction of being able to do anything that you wanted to didn’t last for long, as people started using the exploit to ruin online games and even getting consoles of other players restricted over concerns of piracy.
Despite the consoles being released, Nintendo managed to resolve this hardware issue by using a TSEC encryption installed within the NVIDIA Tegra X1, which is the primary SoC of the Nintendo Switch. With the Nintendo Switch Firmware Update 6.2.0, the independent SRAM, secure boot, bus mastering function and direct access to the console’s memory allowed the company to successfully disable the exploit. However, hackers have, once again, found a way to bypass it.
plutoo, who found the root keys for the Nintendo Switch back in 2018, has now released a method of getting the root keys for the console once again, avoiding the enhanced security features that Nintendo had released to prevent players from exploiting the console again. “While their attack(s) gives full oracle access to the crypto hardware, I managed to get my hands on the underlying * root keys *,” they stated.
Small write-up about AES key extraction in TSEC // Nintendo Switch
You can read it here:https://t.co/nmqBSzQa9b
— plutoo (@qlutoo) November 23, 2021
According to plutoo, the Nintendo Switch stabilises at a voltage of 1.1V to prevent the SoC from being deprived of voltage. This, however, significantly exceeds the necessary voltage of 0.6 to 0.7V for CMOS. Nintendo Switch consoles have a voltage scaling feature “where the main CPU can adjust its own voltage, depending on its ‘performance mode’.” When decreased to a voltage of 0.6V, the entire SoC froze but at 0.72V, the entire SoC was completely stable.
Upon performing a “differential fault attack” that plutoo had heard of from Yifan Lu, who extracted the PlayStation Vita keys back in February 2019, they came across a few thousand glitched AES samples and after running the scripts, found all the root keys for the Nintendo Switch. With the consoles now being jailbroken again, players will certainly be making use of it before Nintendo reinforces it another time.
What do you think about this? Do tell us your opinions in the comments below!
Similar Reads: Microsoft Sending Curated E-Mails For Xbox Series X Bundles