How the Nintendo Switch prevents downgrading

30 Responses

  1. zgn says:

    so should I buy a switch now? and leave it at low firmware?

    • Quade321 says:

      That’s always the answer if you want hacks.

    • cheapergamer says:

      The best way to secure any kind of future hack is to stay as low as possible. You never know though, there could be a ‘Golden’ firmware someways down the line. It would suck to have a Nintedo switch laying aroubd not being able to play firmware specific games. If you got the cash to spare then go for it!

      • Hong says:

        Except when new released game requires new firmware to run.

        Can you spoof firmware number? Will there stability issue when spoofing firmware?
        Or will you wait until specific firmware hacked? Can you wait?
        Or will you just give up and upgrade your firmware?

        *classic dilemma* 😀

  2. froid_san says:

    not surprising since xbox360 also use effuses, then wonder why 3ds don’t have it. does wii-u have it?

    • MDashK says:

      AFAIK, the 3DS uses ARM CPU, which might not have eFuse system in play from the get-go.
      WiiU? I believe it’s because they just didn’t invest on it. Fact is the WiiU is not really on par with the Xbox360 and PS3 spec-wise, so it’s probably the reason why.

  3. Nobody Important says:

    Thats very interesting, but Im a little confused about the physical aspects of the e-fuse, maybe it’s the analogy that is confusing me. How do you have an indefinite amount of fuses to burn on a limited amount of space? Do these fuses take up physical space on the CPU? Do they have to create new fuses with every OFW? Is there a limited amount of updates allowed on the console, but they make that number much higher than anticipated?

    • wololo says:

      Yes, I’m confused by that too, not sure how many of those are available on the Nvidia Tegra, probably enough that Nintendo felt they could use it for enough firmwares. Article below seems to show they do indeed take physical space on the CPU:
      http://www.eetimes.com/author.asp?section_id=36&doc_id=1328184

      eFuse

    • Wish says:

      There is a finite amount of the fuses on the CPU die, but it’s fairly substantial. In MS’s case, initially they didn’t know how many updates they would be doing over the course of the console’s lifetime, so they only blow a fuse during major security flaw fixes. Eventually, they realize the remaining fuses far outweighs the number of updates planned on the dev roadmap, so they blow one with every update because, heck why not. In the Xbox 360’s case, the Xenon CPU had 768 fusesets – way more than console updates existed.

    • asdf says:

      The Switch has 1024 fuses, of which 256 are reserved for firmware flags.

  4. Alpmaster says:

    So system stability updates are just burning efuses?

  5. Wish says:

    For JTAG hacked Xbox 360 consoles, the efuse counter system is nothing new. The “expected value” counter has to be patched for each software change:
    http://free60.org/wiki/Fusesets

  6. Phoenix says:

    Oh yes, the good old PSP days, when hackers found vulnerabilities in firmware 1.00 even before the official launch of the PSP and Sony panicked so hard that they released a firmware version that was even more unstable, the golden 1.50.

  7. dameros says:

    that was an interesting read, thank you theguardian

  8. Tickles says:

    It all falls back to software. If the firmware itself could be modified to ignore “e-fuses”, then they re redundant anyways.

    • pez2k says:

      But at that point you need to already have control of the system in order to bypass any signature checks or encryption of the firmware so that it’ll load your modified code without the fuse checks. You can’t just patch the firmware and re-flash it otherwise the console would have been cracked day one. If you’re at the point where you can load any modified firmware, you already have a hack more powerful than any firmware patch (e.g. sighax on the 3DS).

  9. darke says:

    or just replace the fuses or solder a wire ….
    THINK PEOPLE

  10. randomguy says:

    Is it possible to completely burn out an eFuse by having too much updates?

  11. TheTechDoc says:

    Yeah I’m sorry but downgrading will never happen if it’s using efuses, the Xbox 360 has been cracked wide open with the JTAG and RGH mods and even still there is no way to downgrade aside from physically removing the CPU and replacing it with one from an Xbox running a lower firmware (probably a red ring doner console) and of course if you know anything about this stuff, that’s no easy task and requires an professional reball station and a lot of skill,

    So forget downgrading on the switch in my and everyone in the Xbox 360 scenes opinion.

  12. Demian says:

    This information is so specific that makes me happy. This is something I always welcome on this site.

  13. Alex says:

    I’m thinking it will be very very hard to replace efuses, they are likely very small. And Microsoft did this with the xbox 360 and I think it worked out very well for them, as a result, to my knowledge, not a single downgrade method was ever found. In the end it didn’t matter anyway because every firmware was vulnerable to the exact same vulnerabilities, and that was because I think those were hardware based exploits. Who knows maybe the nintendo switch might go down that same road.

  14. Rylai says:

    This true but we all know that eFuses are just a representation of “true” or “false”. And we also know that hackers hack the system by logical operators.

    Still though…. We know it’s not easy. But just saying…

  15. DarkenLX says:

    Switch currently shipping with 3.0.1 bought neon yesterday at game stop it had 3.0.1 out of box

  16. rookie coder says:

    DarkenLX you are the real hero here. That was really on my mind. I’ll make sure to think about that in the future.

  1. June 22, 2018

    […] version of their custom firmware has been reported to burn the fuses on the console in some cases, which is an irreversible change. Although Team Xecuter state they have now fixed the issue, this confirms once again that running […]