How the Nintendo Switch prevents downgrading
With the recent announce that Nintendo Switch 3.01 patches a critical vulnerability of the Switch OS, people on the scene are asking around if a downgrade of the console is possible. It’s not, and here’s why.
Why do people so badly want to downgrade their consoles?
Typically (although that’s not always true), the more up-to-date your console is, the more secure it is. As hackers find vulnerabilities on the device, a manufacturer such as Nintendo will fix the vulnerabilities to make it hard for tinkerers to hijack the device.
Historically, on previous generations of gaming consoles, a way that had been found to bypass this, was to downgrade the console to a former revision of the firmware that still had all the vulnerabilities and hacking tools. In the old PSP days, it was very common for people to downgrade their consoles to firmware 1.50 in order to enjoy the many benefits of that very vulnerable firmware.
Arguably, downgrading through software means often implied that a kernel/root exploit was involved, which in theory means that if you were on a firmware that could be downgraded, you could potentially be able to run homebrew on that same firmware. But downgrading to a popular homebrew firmware was a much quicker way to get access to all the homebrew tools, than wait for hackers and developers to port all of the tools to higher firmwares.
Without access to software exploits, downgrade has still been possible through hardware means. These hacks would for example restoring an old backup of the console’s firmware, or patching it to allow for a downgrade. In most cases, due to how the firmwares are tied to a console uniquely, these techniques would require a backup made from the exact same console that is being downgraded.
How the Nintendo Switch and other modern consoles block downgrades
How does a console manufacturer prevent its users from re-writing a clean backup of an older version of the firmware to their console? The answer, according to the Switchbrew wiki, is eFuses.
eFuses, similar to their macro electrical counterparts, are tiny elements inside the CPU that can be “burnt” to permanently change the state of the CPU.
Specifically, when you successfully install a new Firmware on the Nintendo Switch, it will burn some eFuses on the CPU to “mark” a point of no return.
For example: Firmware version 3.0.0 expects 3 fuses to be burnt, but firmware version 3.0.1 expects 4 fuses to be burnt. When you install firmware 3.0.1 on the Switch, the console will make sure it burns enough fuses to reach a total of 4. If you try later on to downgrade to 3.0.0, the console will expect to have 3 burnt fuses or less. Realizing there are already 4 of them, the console will enter system panic and refuse to do anything. From the Switchbrew wiki:
System version Expected number of burnt fuses (retail) Expected number of burnt fuses (non-retail) 1.0.0 1 0 2.0.0-2.3.0 2 0 3.0.0 3 1 3.0.1 4 1 If too many fuses are burnt the bootloader will panic immediately.
If too few are burnt, the bootloader will enable fuse programming and write the expected value to fuse indexes 0x3A and 0x3C. Afterwards, fuse programming is disabled and a magic value (0x21 == TEGRA210) is written to PMC_SCRATCH200 register (0x7000EC40). Finally, the watchdog timer is initialized and programmed to force a reset.
On a subsequent boot, after the anti-downgrade fuses are checked again, the PMC_RST_STATUS register (0x7000E5B4) is checked and if set to 0x01 (watchdog reset) the PMC_SCRATCH200 register (0x7000EC40) will be checked for the magic value (0x21 == TEGRA210). PMC_RST_STATUS will only be set back to 0 (power on reset) if the fuse count matches the new expected value, otherwise the system will panic.
Abandon all hope of a Switch Downgrade?
All of this happens at a very low level on the CPU. Even without looking at the Nvidia Tegra’s specification, it’s probably obvious that these fuses, whether they are mechanical or software constructs, can only been set to “1” and never back to “0” (unset), mimicking real life old school fuses.
Interestingly, the eFuse concept was invented by IBM with the original intent to prevent defects (much like real life fuses) by modifying the behavior of chips at runtime. However companies such as Sony*, Microsoft (According to Wikipedia, The PS3 and the Xbox 360 have similar eFuses), and lately Nintendo have used eFuses to prevent downgrades, with the mechanism described above.
* Update/correction from Wololo: hacker Mathieulh stated that Sony is not using the PS3 eFuses to prevent downgrades, but instead to program some unique-per-console keys at manufacturing time. He says:
Sony did not (and still does not) uses eFuses to prevent downgrading (they are dedicated to store per console settings at factory). Downgrading is prevented using hashes in syscon’s NVS, revocation lists (on ps4/ps vita) and stripping PUP header keys from existing modules. The per cpu key used for metldr and bootloader encryption is programmed using the fuses.
However it is confirmed that the XBox 360 used eFuses to some extent to prevent downgrades.
Nintendo using eFuses to prevent downgrades does not necessarily mean that downgrades are completely impossible. There might be ways to bypass the fuse verification, at a hardware or software level. But like other securities on a gaming console, this is here to at least significantly delay tinkering attempts on the Nintendo Switch.
so should I buy a switch now? and leave it at low firmware?
That’s always the answer if you want hacks.
The best way to secure any kind of future hack is to stay as low as possible. You never know though, there could be a ‘Golden’ firmware someways down the line. It would suck to have a Nintedo switch laying aroubd not being able to play firmware specific games. If you got the cash to spare then go for it!
Except when new released game requires new firmware to run.
Can you spoof firmware number? Will there stability issue when spoofing firmware?
Or will you wait until specific firmware hacked? Can you wait?
Or will you just give up and upgrade your firmware?
*classic dilemma* 😀
not surprising since xbox360 also use effuses, then wonder why 3ds don’t have it. does wii-u have it?
AFAIK, the 3DS uses ARM CPU, which might not have eFuse system in play from the get-go.
WiiU? I believe it’s because they just didn’t invest on it. Fact is the WiiU is not really on par with the Xbox360 and PS3 spec-wise, so it’s probably the reason why.
Thats very interesting, but Im a little confused about the physical aspects of the e-fuse, maybe it’s the analogy that is confusing me. How do you have an indefinite amount of fuses to burn on a limited amount of space? Do these fuses take up physical space on the CPU? Do they have to create new fuses with every OFW? Is there a limited amount of updates allowed on the console, but they make that number much higher than anticipated?
Yes, I’m confused by that too, not sure how many of those are available on the Nvidia Tegra, probably enough that Nintendo felt they could use it for enough firmwares. Article below seems to show they do indeed take physical space on the CPU:
http://www.eetimes.com/author.asp?section_id=36&doc_id=1328184
There is a finite amount of the fuses on the CPU die, but it’s fairly substantial. In MS’s case, initially they didn’t know how many updates they would be doing over the course of the console’s lifetime, so they only blow a fuse during major security flaw fixes. Eventually, they realize the remaining fuses far outweighs the number of updates planned on the dev roadmap, so they blow one with every update because, heck why not. In the Xbox 360’s case, the Xenon CPU had 768 fusesets – way more than console updates existed.
The Switch has 1024 fuses, of which 256 are reserved for firmware flags.
So system stability updates are just burning efuses?
For JTAG hacked Xbox 360 consoles, the efuse counter system is nothing new. The “expected value” counter has to be patched for each software change:
http://free60.org/wiki/Fusesets
Oh yes, the good old PSP days, when hackers found vulnerabilities in firmware 1.00 even before the official launch of the PSP and Sony panicked so hard that they released a firmware version that was even more unstable, the golden 1.50.
Except the PSP did not feature eFuses.
Firmware 1.50 did not have more vulnerabilities than FW 1.00.
The security flaw with 1.00 was that it shipped without any security in place. You could literally run files directly.
that was an interesting read, thank you theguardian
It all falls back to software. If the firmware itself could be modified to ignore “e-fuses”, then they re redundant anyways.
But at that point you need to already have control of the system in order to bypass any signature checks or encryption of the firmware so that it’ll load your modified code without the fuse checks. You can’t just patch the firmware and re-flash it otherwise the console would have been cracked day one. If you’re at the point where you can load any modified firmware, you already have a hack more powerful than any firmware patch (e.g. sighax on the 3DS).
or just replace the fuses or solder a wire ….
THINK PEOPLE
Replacing a bit in the CPU would require soldering skills completely beyond “Ultra God” level. lmao
Wait i can do it. as I am a rick and morty fan!
Is it possible to completely burn out an eFuse by having too much updates?
Yeah I’m sorry but downgrading will never happen if it’s using efuses, the Xbox 360 has been cracked wide open with the JTAG and RGH mods and even still there is no way to downgrade aside from physically removing the CPU and replacing it with one from an Xbox running a lower firmware (probably a red ring doner console) and of course if you know anything about this stuff, that’s no easy task and requires an professional reball station and a lot of skill,
So forget downgrading on the switch in my and everyone in the Xbox 360 scenes opinion.
This information is so specific that makes me happy. This is something I always welcome on this site.
I’m thinking it will be very very hard to replace efuses, they are likely very small. And Microsoft did this with the xbox 360 and I think it worked out very well for them, as a result, to my knowledge, not a single downgrade method was ever found. In the end it didn’t matter anyway because every firmware was vulnerable to the exact same vulnerabilities, and that was because I think those were hardware based exploits. Who knows maybe the nintendo switch might go down that same road.
This true but we all know that eFuses are just a representation of “true” or “false”. And we also know that hackers hack the system by logical operators.
Still though…. We know it’s not easy. But just saying…
Switch currently shipping with 3.0.1 bought neon yesterday at game stop it had 3.0.1 out of box
DarkenLX you are the real hero here. That was really on my mind. I’ll make sure to think about that in the future.