Front-page

Nintendo Switch 'Mariko' units firmware keys dumped

PicsArt_06-02-03.40.55.jpg
With the discovery of the TegraRCM exploit that allowed homebrew enthusiasts to run unsigned code on it, Nintendo responded by releasing new Nintendo Switch units codenamed 'Mariko'. While at first glance this newer model is barely distinguishable from the older one (save for the flashy all-in-red box), it features a better battery life and slightly altered CPU instructions to help with power management and consumption.

However this was at a cost as the boot ROM bug that allowed homebrew enthusiasts and tinkerers to tamper with their switches was fixed for good. This of course upset many owners of the newer Switch iterations, and left people wondering whether or not they could ever enjoy homebrew on their 'Mariko' Switches in the future.

That future might not be too far away as developer @SciresM has successfully managed to dump the keys of the firmware on said units. In his YouTube video he showcases how this process was achieved:


SciresM said:
We have the Mariko firmware keys and fully label Mariko trustzone.
Click to expand...


Even if slim, these early developments show that there is a possibility of running homebrew on the Nintendo Switch 'Mariko' units, and getting TrustZone access on the system.

:arrow: Source
 
  • Like
Reactions: Azael_inf, ifali, raxadian and 55 others
Click to expand...
xtrem3x

xtrem3x

Well-Known Member
Member
Level 11
Joined
Apr 16, 2008
Messages
207
Trophies
1
XP
2,403
Country
leon315 said:
Beside SciresM has already proved he is able to hack new Switches, all we need to do is wait SCIRESM and co. to develop the free version.
Click to expand...

He used the TX chip, he didn't hack it.

We all want a free solution, nobody wants to pay for something if they can have it free, but it looks as though if you want to hack a patched unit you'll need to pay for it. At least for the foreseeable future anyway but nobody knows what's around the corner :unsure:
 
SciresM

SciresM

Developer
Developer
Level 19
Joined
Mar 21, 2014
Messages
973
Trophies
3
Age
33
XP
8,300
Country
United States
xtrem3x said:
He used the TX chip, he didn't hack it.

We all want a free solution, nobody wants to pay for something if they can have it free, but it looks as though if you want to hack a patched unit you'll need to pay for it. At least for the foreseeable future anyway but nobody knows what's around the corner :unsure:
Click to expand...

We actually did break the modchip's DRM, which goes to a bunch of super paranoid lengths to prevent you from running your own code. They check multiple RSA signatures and clear all the keys -- including the ones we dumped -- to try to prevent other code from dumping them/getting access to them.

I'm impressed, being completely serious, with how much effort they put into their DRM. They check everything three times to prevent glitching their payload, lol.

You're correct though that keys were dumped by hacking gateway's modchip to get past its DRM and run our own code instead of gateway's boot.dat payload, though.

Once our own code was running instead of gateways I used some old, old tricks to a) decrypt and dump gateway's encrypted payload and their internal keys, and b) get the Nintendo keys out of the security engine and onto our PCs.
 
Last edited by SciresM,
  • Like
Reactions: peteruk, berkcan00, XD2020 and 10 others
anhminh

anhminh

Pirate since 2010
Member
Level 13
Joined
Sep 30, 2010
Messages
1,596
Trophies
1
Age
31
XP
3,369
Country
Vietnam
So he can already take thing out. Now we just need to find a better way to put thing in than a mod chip.
 
V

Viri

Well-Known Member
Member
Level 17
Joined
Sep 13, 2009
Messages
4,254
Trophies
2
XP
6,887
Country
United States
Xzi said:
Nice. At some point once Switch hardware gets real cheap I'll have to pick up a second unit.
Click to expand...
I've been tempted to do that also. But, I personally just don't think it's worth it to buy another Switch just for a bit of a better battery life. The Switch's battery is fucking horse shit though. But, I'd prefer to wait for a completely upgraded Switch to blow money on.

This is just my opinion though. :P
 
  • Like
Reactions: swutch, RedBlueGreen and Xzi
Adran_Marit

Adran_Marit

Walküre's Hacker
Member
Level 14
Joined
Oct 3, 2015
Messages
3,781
Trophies
1
Location
42*South
XP
4,569
Country
Australia
invwar said:
I didn't watched the 3h video, but I have a simple question.
Did SciresM used TXs Modchip to get the keys or was he able to hack it without?
Click to expand...

Yep

ken1990 said:
could this be applied to lite
Click to expand...

I assume so as there are two versions of the modchip

--------------------- MERGED ---------------------------

linuxares said:
Nice!
@mattytrog we need your guidance how to make an opensource modchip :3
Click to expand...

matias3ds said:
Was thinking about the same thing
Click to expand...

Doing that though would probably paint a big target on the back of your head for Nintendo to fire at
 
Sundree

Sundree

Well-Known Member
Newcomer
Level 3
Joined
Jul 9, 2018
Messages
65
Trophies
0
XP
372
Country
United States
I'm probably going to do the same thing with my Switch that I did with my 3DS, and wait like 7 years before home-brewing it, so by than; running CFW would most likely be more stream-lined.
 
Xzi

Xzi

Time to fly, 621
Member
Level 19
Joined
Dec 26, 2013
Messages
17,816
Trophies
3
Location
The Lands Between
Website
gbatemp.net
XP
8,775
Country
United States
Viri said:
I've been tempted to do that also. But, I personally just don't think it's worth it to buy another Switch just for a bit of a better battery life. The Switch's battery is fucking horse shit though. But, I'd prefer to wait for a completely upgraded Switch to blow money on.

This is just my opinion though. :P
Click to expand...
Yeah I'd upgrade to a Switch Pro pretty much as soon as it was released. For a second unit OTOH I'm thinking like $75 or less tablet only, so it'll definitely be a while but I have no issue with waiting.
 
  • Like
Reactions: RedBlueGreen
R

RedBlueGreen

Well-Known Member
Member
Level 11
Joined
Aug 10, 2015
Messages
2,026
Trophies
1
XP
2,538
Country
Canada
Viri said:
I've been tempted to do that also. But, I personally just don't think it's worth it to buy another Switch just for a bit of a better battery life. The Switch's battery is fucking horse shit though. But, I'd prefer to wait for a completely upgraded Switch to blow money on.

This is just my opinion though. :P
Click to expand...
Yeah, it's ridiculous how bad it is. I feel like some games you get maybe 2 hours of battery life.
 
N

nl255

Well-Known Member
Member
Level 12
Joined
Apr 9, 2004
Messages
3,004
Trophies
2
XP
2,817
Country
SciresM said:
We actually did break the modchip's DRM, which goes to a bunch of super paranoid lengths to prevent you from running your own code. They check multiple RSA signatures and clear all the keys -- including the ones we dumped -- to try to prevent other code from dumping them/getting access to them.

I'm impressed, being completely serious, with how much effort they put into their DRM. They check everything three times to prevent glitching their payload, lol.

You're correct though that keys were dumped by hacking gateway's modchip to get past its DRM and run our own code instead of gateway's boot.dat payload, though.

Once our own code was running instead of gateways I used some old, old tricks to a) decrypt and dump gateway's encrypted payload and their internal keys, and b) get the Nintendo keys out of the security engine and onto our PCs.
Click to expand...

So are they lying when they claim it will work with other payloads including atmosphere or is their boot.dat going to act as a chainloader?
 

Site & Scene News

Go to forum More news

Popular threads in this forum

ArticBase, a tool to broadcast your 3DS games to an emulator, has been released

Emulation  Nintendo ROMs taken down from vimms lair

Automated N64 decompiler, RT64

Geometry Dash update 2.206 may release on June 1st

Samsung Imposes Questionable Rules on Independent Repair Shops

Luma 13.11 Just released

Disney Platform Fighter Leaked Teaser Trailer Clips - Reveal Imminent

Misc  Broadcom makes VMware Workstation Pro and Fusion Pro free for personal use.

General chit-chat
Help Users
  • Xdqwerty @ Xdqwerty:
    I only drank alcohol once and it was by accident
  • Xdqwerty @ Xdqwerty:
    I didnt know it was beer, it was on a juice bottle
  • SylverReZ @ SylverReZ:
    Yeah, I'm addicted to smoking, sadly. It's very addictive but I wish I didn't start.
  • K3Nv2 @ K3Nv2:
    May just order a 5700g for a nas/emulation set up tbh
  • Xdqwerty @ Xdqwerty:
    @SylverReZ, atleast you were asleep on 4/20
     +1
  • SylverReZ @ SylverReZ:
    LOL
     +1
  • Xdqwerty @ Xdqwerty:
    @SylverReZ, you played that Mario flash game called Mario 63?
  • SylverReZ @ SylverReZ:
    @Xdqwerty, No, but I've seen it on Vinesauce's stream.
  • Xdqwerty @ Xdqwerty:
    @SylverReZ, that game is one of the reasons i met newgrounds bc the full versión of it is in that site
  • Xdqwerty @ Xdqwerty:
    Also somebody is remaking it
  • SylverReZ @ SylverReZ:
    @Xdqwerty, Reason how I found Newgrounds: https://www.newgrounds.com/portal/view/249365
  • Xdqwerty @ Xdqwerty:
    @SylverReZ, the other game where I found newgrounds is new york shark
     +1
  • SylverReZ @ SylverReZ:
    Spoke to Tom Fulp the other day, if he can find his old Newgrounds site content like the mini Flash animations from the 2000's that played on the portal.
  • SylverReZ @ SylverReZ:
    So far no response, but he did say that he'll find them. Wayback Machine doesn't have em.
  • Xdqwerty @ Xdqwerty:
    @SylverReZ, atleast the 1999 versión of pico's school is avaliable (the difference between it, the 2006 versión and the 2016 versión is that the speed of the game depends of the speed of your computer and that it had the og soundtrack)
  • SylverReZ @ SylverReZ:
    @Xdqwerty, Another being Pico VS Bear, the original 1999 version before Jim Henson filed a DMCA takedown.
     +1
  • Xdqwerty @ Xdqwerty:
    The 2006 versión was made when the flash portal was made
  • SylverReZ @ SylverReZ:
    Many people thought it was lost, but was discovered that he hid it on the same page.
  • SylverReZ @ SylverReZ:
    https://tcrf.net/Pico_VS_Bear
  • Xdqwerty @ Xdqwerty:
    @SylverReZ, although the "secrets" system where the game was has been removed. Also pico vs uberkids had a netplay versión that was shutdown, although the swf file has been found
  • SylverReZ @ SylverReZ:
    @Xdqwerty, Nope. There are two download buttons on the same page, where you can download the original under a file called "bear.exe". "bear2.exe", however, is the updated game in a Flash projector. P.s. this was on the archived Pico page from 2000.
  • SylverReZ @ SylverReZ:
    @Xdqwerty, That's been there for a long time, too. People who search for lost media don't look hard enough lmao.
     +1
  • Xdqwerty @ Xdqwerty:
    @SylverReZ, also the pico 2 demos used to be only for the newgrounds patrons but they are on internet archive too (https://archive.org/download/picos_school_2)
     +1
  • Xdqwerty @ Xdqwerty:
    Iirc the demos were removed from newgrounds in 2022
  • Xdqwerty @ Xdqwerty:
    @SylverReZ, or well only the demo with mindchamber's style was on newgrounds
     +1
    Xdqwerty @ Xdqwerty: @SylverReZ, or well only the demo with mindchamber's style was on newgrounds +1