34c3: The Big Nintendo Switch Hack by Naehrwert, Pluuto & derrek

Yes, it was that time of the year again. Another Nintendo Devices has been torn apart at this years 34c3 by Naehrwert, Pluuto and derrek. Yes, sure the hacks on the 3DS where more groundbreaking but the 3DS was also a more hacked and was older at the time of the Talks 😉

So what did Naehrwert, Pluuto and Derrek give at this years 34c3?

They started by showcasing the Webkit exploit on presumably Firmware 1.0.0 with Puyo  Puyo Tetris which didn’t work out the way it got planned and was later shown working.

They then continued talking about the general architecture of the Switch and the Security Architecture. They talked about all currently released exploits and well as how easy it was to just exploit them. After going through everything derrek started talking about the Switch kernel which hasn’t been talked much about publicly at all. But to get to the kernel they first had to exploit pk1ldr which they did by glitching and allowed them to get all the keys and binary blobs!!

After going through all this they found a hardware/software flaw inside the Nvidia GPU Drivers which helped them allow pwn the Switch Kernel.

But they didn’t stop there, the Trustzone is still missing. But they decided that it’s not really useful at all since none of those functions are needed for Homebrew on the Switch. They still decided to take apart the Trustzone and explain how it works. They did manage to gain userland code execution from it though 😉

And for the last bombshell they announced that they are making a Homebrew Launcher for Switch Firmware 3.0.0 together with Team ReSwitched. You should still be able to get Switches on Firmware 3.0.0 if you want one and you can check against serials if the consoles should have the correct firmware: https://gbatemp.net/threads/switch-firmware-by-serial-number.481215/

Here’s their final picture of their test homebrew for 34c3:

Last but not least I really advise you to take a look at the Talk since they did a great job explaining all the things they did on the Switch. You can check media.ccc.de/c/34c3 for when its added or check back to this post where we will post the Video once it’s uploaded.

Pushed libnx & switch-examples changes for mainly proper gfx, no GPU-rendering. https://t.co/WL0JFyQuN3 @hexkyz @qlutoo

— yellows8 (@ylws8) December 28, 2017

Picture of initial RetroArch Switch port running Snes9x 2010. Being merged into RetroArch right now, courtesy of misson2000! Using libtransistor SDK. Rough around the edges, no menu support yet, but it's a start! pic.twitter.com/kjHsX25d6j

— libretro (@libretro) December 28, 2017

VIDEO UPLOAD WORKING AGAIN via YOUTUBE.