How the Nintendo Switch prevents downgrading

30 Responses

  1. zgn

    so should I buy a switch now? and leave it at low firmware?

    • Quade321

      That’s always the answer if you want hacks.

    • The best way to secure any kind of future hack is to stay as low as possible. You never know though, there could be a ‘Golden’ firmware someways down the line. It would suck to have a Nintedo switch laying aroubd not being able to play firmware specific games. If you got the cash to spare then go for it!

      • Hong

        Except when new released game requires new firmware to run.

        Can you spoof firmware number? Will there stability issue when spoofing firmware?
        Or will you wait until specific firmware hacked? Can you wait?
        Or will you just give up and upgrade your firmware?

        *classic dilemma* 😀

  2. froid_san

    not surprising since xbox360 also use effuses, then wonder why 3ds don’t have it. does wii-u have it?

    • MDashK

      AFAIK, the 3DS uses ARM CPU, which might not have eFuse system in play from the get-go.
      WiiU? I believe it’s because they just didn’t invest on it. Fact is the WiiU is not really on par with the Xbox360 and PS3 spec-wise, so it’s probably the reason why.

  3. Nobody Important

    Thats very interesting, but Im a little confused about the physical aspects of the e-fuse, maybe it’s the analogy that is confusing me. How do you have an indefinite amount of fuses to burn on a limited amount of space? Do these fuses take up physical space on the CPU? Do they have to create new fuses with every OFW? Is there a limited amount of updates allowed on the console, but they make that number much higher than anticipated?

    • wololo

      Yes, I’m confused by that too, not sure how many of those are available on the Nvidia Tegra, probably enough that Nintendo felt they could use it for enough firmwares. Article below seems to show they do indeed take physical space on the CPU:


    • Wish

      There is a finite amount of the fuses on the CPU die, but it’s fairly substantial. In MS’s case, initially they didn’t know how many updates they would be doing over the course of the console’s lifetime, so they only blow a fuse during major security flaw fixes. Eventually, they realize the remaining fuses far outweighs the number of updates planned on the dev roadmap, so they blow one with every update because, heck why not. In the Xbox 360’s case, the Xenon CPU had 768 fusesets – way more than console updates existed.

    • asdf

      The Switch has 1024 fuses, of which 256 are reserved for firmware flags.

  4. Alpmaster

    So system stability updates are just burning efuses?

  5. Wish

    For JTAG hacked Xbox 360 consoles, the efuse counter system is nothing new. The “expected value” counter has to be patched for each software change:

  6. Phoenix

    Oh yes, the good old PSP days, when hackers found vulnerabilities in firmware 1.00 even before the official launch of the PSP and Sony panicked so hard that they released a firmware version that was even more unstable, the golden 1.50.

  7. dameros

    that was an interesting read, thank you theguardian

  8. Tickles

    It all falls back to software. If the firmware itself could be modified to ignore “e-fuses”, then they re redundant anyways.

    • pez2k

      But at that point you need to already have control of the system in order to bypass any signature checks or encryption of the firmware so that it’ll load your modified code without the fuse checks. You can’t just patch the firmware and re-flash it otherwise the console would have been cracked day one. If you’re at the point where you can load any modified firmware, you already have a hack more powerful than any firmware patch (e.g. sighax on the 3DS).

  9. darke

    or just replace the fuses or solder a wire ….

  10. randomguy

    Is it possible to completely burn out an eFuse by having too much updates?

  11. TheTechDoc

    Yeah I’m sorry but downgrading will never happen if it’s using efuses, the Xbox 360 has been cracked wide open with the JTAG and RGH mods and even still there is no way to downgrade aside from physically removing the CPU and replacing it with one from an Xbox running a lower firmware (probably a red ring doner console) and of course if you know anything about this stuff, that’s no easy task and requires an professional reball station and a lot of skill,

    So forget downgrading on the switch in my and everyone in the Xbox 360 scenes opinion.

  12. Demian

    This information is so specific that makes me happy. This is something I always welcome on this site.

  13. Alex

    I’m thinking it will be very very hard to replace efuses, they are likely very small. And Microsoft did this with the xbox 360 and I think it worked out very well for them, as a result, to my knowledge, not a single downgrade method was ever found. In the end it didn’t matter anyway because every firmware was vulnerable to the exact same vulnerabilities, and that was because I think those were hardware based exploits. Who knows maybe the nintendo switch might go down that same road.

  14. Rylai

    This true but we all know that eFuses are just a representation of “true” or “false”. And we also know that hackers hack the system by logical operators.

    Still though…. We know it’s not easy. But just saying…

  15. DarkenLX

    Switch currently shipping with 3.0.1 bought neon yesterday at game stop it had 3.0.1 out of box

  16. rookie coder

    DarkenLX you are the real hero here. That was really on my mind. I’ll make sure to think about that in the future.