Some fuel for the Switch scene: Writeups on TSEC (Tegra Security Processor) exploits
Hackers Hexkyz, SciresM, and Plutoo have recently published detailed writeups on their recent work on the TSEC/Falcon security of the Nintendo Switch, and how they managed to 1) break its security in an unfixable way for Nintendo and 2) extract the underlying root keys.
The two articles are in-depth explanations on how the specific hacks were achieved, although I won’t lie to you, the blog post by Hexkyz and SciresM in particular is pretty long and detailed. It’s interesting but not for the faint of heart. I won’t pretend I understood even 10% of what’s being detailed there, so I’ll let those interested read the entire article instead:
https://hexkyz.blogspot.com/2021/11/je-ne-sais-quoi-falcons-over-horizon.html
Hexkyz and SciresM thank the following folks/groups for their contribution to the exploits:
By comparison, Plutoo’s article on how he extracted all keys from NVidia’s TSEC almost looks like it was easy, but don’t get mistaken. Reusing ideas and tools developed by Yifanlu back in the vita days, Plutoo used DFA (Differential Fault Analysis) to glitch the system and extract information, that’s not your entry level konami cheat code.
How is this useful to the scene?
Long story short, this isn’t directly useful to you, the end user: the hackers managed to break security of the console pretty deeply, but you’d still need a way to run code one way or another as an entry point in order to leverage these exploits. Nowadays, running unsigned code on the Switch can be achieved through the fusee gelée hack or modchips (see our detailed article here), but if you have one of the recent models where a modchip is required, there’s still hope software hacks could eventually see the light of day for those of us patient enough.
I love how they credit Nintendo and Nvidia for this exploit
This comment made my day xD
They said they could generate per console keys, does this mean potentially un banning consoles?
No you need to find and change your consoles I’d tag
Not likely if I was to guess. Not for the reasons Bailey stated, but because Nintendo likely already has a whitelist of valid console keys. If they don’t though, and operate solely on blacklists, then it would work I suppose.
I think The Big N will still have a way to make that key read only. I have a feeling.
Why would Sony want to fix this for Nintendo?
Hah! Nice.
hey that’s my name, don’t wear it down
Please explain this to a layman like me. Can this newly discovered exploit be used to develop a software hack for the Mariko Switches?
No, dont expect anything for mariko
Is TSEC/Falcon different on Mariko?
I dont think so, but the main point is that you need to be able to run code in the first place to achieve what they’ve done. It’s not a way to access “running unsigned code on the switch”, it’s a way to do more stuff once that first step has already been done. That first step, at the moment, still require an early switch model, or a modchip.
any hope of exploit for switch on 8.1.0
As long as you believe there is hope