Nintendo Switch 'Mariko' units firmware keys dumped

PicsArt_06-02-03.40.55.jpg
With the discovery of the TegraRCM exploit that allowed homebrew enthusiasts to run unsigned code on it, Nintendo responded by releasing new Nintendo Switch units codenamed 'Mariko'. While at first glance this newer model is barely distinguishable from the older one (save for the flashy all-in-red box), it features a better battery life and slightly altered CPU instructions to help with power management and consumption.

However this was at a cost as the boot ROM bug that allowed homebrew enthusiasts and tinkerers to tamper with their switches was fixed for good. This of course upset many owners of the newer Switch iterations, and left people wondering whether or not they could ever enjoy homebrew on their 'Mariko' Switches in the future.

That future might not be too far away as developer @SciresM has successfully managed to dump the keys of the firmware on said units. In his YouTube video he showcases how this process was achieved:


SciresM said:
We have the Mariko firmware keys and fully label Mariko trustzone.


Even if slim, these early developments show that there is a possibility of running homebrew on the Nintendo Switch 'Mariko' units, and getting TrustZone access on the system.

:arrow: Source
 

xtrem3x

Well-Known Member
Member
Joined
Apr 16, 2008
Messages
207
Trophies
1
XP
2,403
Country
Beside SciresM has already proved he is able to hack new Switches, all we need to do is wait SCIRESM and co. to develop the free version.

He used the TX chip, he didn't hack it.

We all want a free solution, nobody wants to pay for something if they can have it free, but it looks as though if you want to hack a patched unit you'll need to pay for it. At least for the foreseeable future anyway but nobody knows what's around the corner :unsure:
 

SciresM

Developer
Developer
Joined
Mar 21, 2014
Messages
973
Trophies
3
Age
33
XP
8,300
Country
United States
He used the TX chip, he didn't hack it.

We all want a free solution, nobody wants to pay for something if they can have it free, but it looks as though if you want to hack a patched unit you'll need to pay for it. At least for the foreseeable future anyway but nobody knows what's around the corner :unsure:

We actually did break the modchip's DRM, which goes to a bunch of super paranoid lengths to prevent you from running your own code. They check multiple RSA signatures and clear all the keys -- including the ones we dumped -- to try to prevent other code from dumping them/getting access to them.

I'm impressed, being completely serious, with how much effort they put into their DRM. They check everything three times to prevent glitching their payload, lol.

You're correct though that keys were dumped by hacking gateway's modchip to get past its DRM and run our own code instead of gateway's boot.dat payload, though.

Once our own code was running instead of gateways I used some old, old tricks to a) decrypt and dump gateway's encrypted payload and their internal keys, and b) get the Nintendo keys out of the security engine and onto our PCs.
 
Last edited by SciresM,

anhminh

Pirate since 2010
Member
Joined
Sep 30, 2010
Messages
1,596
Trophies
1
Age
31
XP
3,369
Country
Vietnam
So he can already take thing out. Now we just need to find a better way to put thing in than a mod chip.
 

Viri

Well-Known Member
Member
Joined
Sep 13, 2009
Messages
4,255
Trophies
2
XP
6,888
Country
United States
Nice. At some point once Switch hardware gets real cheap I'll have to pick up a second unit.
I've been tempted to do that also. But, I personally just don't think it's worth it to buy another Switch just for a bit of a better battery life. The Switch's battery is fucking horse shit though. But, I'd prefer to wait for a completely upgraded Switch to blow money on.

This is just my opinion though. :P
 

Adran_Marit

Walküre's Hacker
Member
Joined
Oct 3, 2015
Messages
3,781
Trophies
1
Location
42*South
XP
4,569
Country
Australia
I didn't watched the 3h video, but I have a simple question.
Did SciresM used TXs Modchip to get the keys or was he able to hack it without?

Yep

could this be applied to lite

I assume so as there are two versions of the modchip

--------------------- MERGED ---------------------------

Nice!
@mattytrog we need your guidance how to make an opensource modchip :3

Was thinking about the same thing

Doing that though would probably paint a big target on the back of your head for Nintendo to fire at
 

Sundree

Well-Known Member
Newcomer
Joined
Jul 9, 2018
Messages
65
Trophies
0
XP
372
Country
United States
I'm probably going to do the same thing with my Switch that I did with my 3DS, and wait like 7 years before home-brewing it, so by than; running CFW would most likely be more stream-lined.
 

Xzi

Time to fly, 621
Member
Joined
Dec 26, 2013
Messages
17,816
Trophies
3
Location
The Lands Between
Website
gbatemp.net
XP
8,775
Country
United States
I've been tempted to do that also. But, I personally just don't think it's worth it to buy another Switch just for a bit of a better battery life. The Switch's battery is fucking horse shit though. But, I'd prefer to wait for a completely upgraded Switch to blow money on.

This is just my opinion though. :P
Yeah I'd upgrade to a Switch Pro pretty much as soon as it was released. For a second unit OTOH I'm thinking like $75 or less tablet only, so it'll definitely be a while but I have no issue with waiting.
 
  • Like
Reactions: RedBlueGreen

RedBlueGreen

Well-Known Member
Member
Joined
Aug 10, 2015
Messages
2,026
Trophies
1
XP
2,538
Country
Canada
I've been tempted to do that also. But, I personally just don't think it's worth it to buy another Switch just for a bit of a better battery life. The Switch's battery is fucking horse shit though. But, I'd prefer to wait for a completely upgraded Switch to blow money on.

This is just my opinion though. :P
Yeah, it's ridiculous how bad it is. I feel like some games you get maybe 2 hours of battery life.
 

nl255

Well-Known Member
Member
Joined
Apr 9, 2004
Messages
3,004
Trophies
2
XP
2,817
Country
We actually did break the modchip's DRM, which goes to a bunch of super paranoid lengths to prevent you from running your own code. They check multiple RSA signatures and clear all the keys -- including the ones we dumped -- to try to prevent other code from dumping them/getting access to them.

I'm impressed, being completely serious, with how much effort they put into their DRM. They check everything three times to prevent glitching their payload, lol.

You're correct though that keys were dumped by hacking gateway's modchip to get past its DRM and run our own code instead of gateway's boot.dat payload, though.

Once our own code was running instead of gateways I used some old, old tricks to a) decrypt and dump gateway's encrypted payload and their internal keys, and b) get the Nintendo keys out of the security engine and onto our PCs.

So are they lying when they claim it will work with other payloads including atmosphere or is their boot.dat going to act as a chainloader?
 

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
  • Xdqwerty @ Xdqwerty:
    @BigOnYa, and since the default emulator is below average i downloaded some "replacements" like snes9x for snes games for example
    +1
  • Xdqwerty @ Xdqwerty:
    And I also have my ps3
    +1
  • BigOnYa @ BigOnYa:
    Yea ps3 is a beast still to today compared to most "sticks"
  • K3Nv2 @ K3Nv2:
    If you just want pi for emulation no point when Anbernic releases new shit every two seconds
    +1
  • BigOnYa @ BigOnYa:
    What's really cool about Pi's tho is you can have multiple SD cards with different OS on each SD card and change from say a gaming machine to a full fledged pc if wanted
  • K3Nv2 @ K3Nv2:
    Plus all bios are set up and usually includes at least 128gbs or 64
  • K3Nv2 @ K3Nv2:
    Yeah but if your main goal is just to play n64 and GameCube you can save about $50 and have the portability option
    +1
  • BigOnYa @ BigOnYa:
    True, but on 2 monitors at 4k. Its just want you want really, to each they own.
  • K3Nv2 @ K3Nv2:
    For a kids aspect Anbernic would be the better option they'd probably melt over the price on a good 4k display
    +1
  • BigOnYa @ BigOnYa:
    For that texasroo guy, I'd recommend the Spell and speak as his first system.
    +1
  • K3Nv2 @ K3Nv2:
    So they buy a pi5 kit for about $150 and say a 28" 4k display probably looking around $400 total
  • K3Nv2 @ K3Nv2:
    They'll be getting in the territory of portable Pcs anyway
    +1
  • BigOnYa @ BigOnYa:
    Again you get what you pay for, its like buying a S series for $300 but its only 1440p native, if you want true 4k, gotta get the X model for $500. But yea you right, when moms buying it anyways, you gotta stay cheap.
  • K3Nv2 @ K3Nv2:
    They could use HD out on their TV no real need for a monitor these days tbh the purists will disagree
  • K3Nv2 @ K3Nv2:
    I'm kind of phasing out on the need for wanting all these consoles cool to have but they just become dust build ups
  • BigOnYa @ BigOnYa:
    I here ya there, I have too many myself, and have hard time letting them go, since most of mine I've modded at some point. Anymore I just play Switch on the go, seriesx at home.
  • Xdqwerty @ Xdqwerty:
    ack my throat
  • K3Nv2 @ K3Nv2:
    I need to invest in some storage totes tbh
  • BigOnYa @ BigOnYa:
    Tots?
  • K3Nv2 @ K3Nv2:
    Tootles
  • BigOnYa @ BigOnYa:
    Tootles? Wtf
  • K3Nv2 @ K3Nv2:
    Oh tootles
  • BigOnYa @ BigOnYa:
    Oh totes , lol, like Tupperware storage, I gotcha
  • BigOnYa @ BigOnYa:
    I'm designing my own entertainment cabinet for my man hole, to store all my systems, then I'm also designing a power supply/HDMI switcher so I can switch to whichever system I want, and power it also. Already picked up the cabinet board, but tinkering with my drawings before start
  • BigOnYa @ BigOnYa:
    But yea, I have frogger arcade cabinet that I gutted and put a Pi4 then Pi5 into, but it never gets played much anymore, should sell it
    BigOnYa @ BigOnYa: But yea, I have frogger arcade cabinet that I gutted and put a Pi4 then Pi5 into, but it never...