Hexkyz breaks down all the dangers of the MIG Switch Flashcart for the Nintendo Switch!!!

In Mike Heskin @hexkyz latest tweet thread he breaks down everything he knows about this Flashcard and how it works. We took this whole thread for you to read all in one spot and it’s a must read especially if you are thinking of getting one.

 “Online, Nintendo has the infrastructure to detect if a given certificate is being used more than once at the same time. They can also detect if a certificate belongs to a physical gamecard from firmware 9.0.0 onwards (added as a response to SX emulation of the Lotus ASIC). As for using a certificate that doesn’t match the game it was issued for, the network requests for authenticating the gamecard’s certificate make sure to include the application ID being played so this is easily visible to Nintendo. There are also a few more details I haven’t seen being discussed yet. For example, the OS tracks how many times you insert and remove a gamecard which is clearly a problem as the flashcart forces you to insert and remove for cycling through games.

With CFW you have some control over telemetry data, but with OFW you have none. Even if you block the domains for error reporting (which are the most verbose), you simply can’t do anything about system reports (“srepo”) which do include gamecard information. This leads to the final point which pertains to what kind of detection and prevention exists *offline* which is also the reason why the creators of the flashcart are being so careful with their wording. For example, only 16 out of 208 bytes from the encrypted region of a gamecard certificate are currently used (for deriving the communication key).

No one really knows if the remaining bytes have any correlation to the InitialData or CardHeader regions. If it turns out there is indeed a correlation, then the current scenario of using the same certificate for different XCI images becomes patchable offline. There are quite a few other ways this can be detected and blocked either at the OS or Lotus levels. Ironically, the one case where the flashcart might not be able to be patched or detected is if you only use it to hold copies of legitimate games (certificate matching the game and all that) and don’t cycle through them.Oh and an extra topic I’ve observed is about how this could affect backwards compatibility in a future console. As I mentioned before there has always been a second security scheme in standby precisely because Nintendo was aware of the first one’s weaknesses. This means *future* gamecards would be safe, but the current ones will always have had their hardware encryption scheme broken. I personally think backwards compatibility will be assured even at the gamecard level (i.e. future hardware able to read Switch gamecards). There are a few recent changes in the Gamecard/Lotus ecosystem that suggest the same hardware was going to be used in a new console and it seems unlikely that would change (especially given the existence of a second security scheme). However, it is completely possible that future hardware would now force you to verify older gamecards online to assert its legitimacy, for example.”

Here’s Taki Udon  MIG-Switch Review: Isn’t all wrong about the copied files according to @hexkyz in the post.

Source: X


About TheBetaTester

Check Also

Hardware Review: Hammerin’ Harry Concrete Collection

This review is over yet another release from Retro-Bit and partners. We’re going to talk about …

Leave a Reply

Your email address will not be published. Required fields are marked *