Modding systems is more important than ever before. Especially now... As backwards compatibility is being thrown to the wayside and digital storefronts (3DS, Wii, and Wii U) go permanently offline.
Well, maybe in the case of Nintendo but backwards compatibility on Sony & Microsoft machines is as good as it has ever been, especially with Microsoft.
Nintendo's security model for the Wii and Switch are actually extremely advanced. The Wii had the Starlet, a dedicated security ARM coprocessor that would moderate all Wii hardware accesses in 2006. For comparison, Intel ME released in 2008, AMD PSP released in 2013, and the Apple T1 chip released in 2016. Unfortunately, their implementation of RSA had a critical bug that completely nullified the security aspects of the Starlet for all intents and purposes. Even when the Trucha Bug was patched, AHBPROT was discovered which made it possible to restore the bug and it was ultimately futile. As for the Nintendo Switch, well, current versions of Horizon OS (that is the internal name of the Nintendo Switch firmware) are the first of Nintendo's to have 100% flawless security on the software side. Unlike other console firmwares which are usually based off of FreeBSD, Nintendo's Horizon OS was fully developed in-house with a microkernel design. Even the hardware drivers run sandboxed as regular userspace programs, massively reducing the attack surface and making it possible to write a kernel that can perfectly maintain core OS security under every scenario, since the range of possibilities have been kept small enough at the core to make testing every single possible input to the security engine in depth (including testing all possible invalid inputs) a reasonable endeavor. This microkernel has been completely reverse-engineered, every single function and instruction has been combed through and deeply analyzed by the community, and there are zero vulnerabilities on it. This isn't zero known vulnerabilities, there are no software vulnerabilities, period. The sandbox simply cannot be broken once established using current available software and hardware methods and technologies. So finding bugs in games and even hardware drivers is useless, because there's no privilege escalation without a bug in privileged code, and no privilege escalation, no full system takeover. Unfortunately (or rather fortunately for us), NVIDIA made three oopsies while designing the Tegra X1 that would go on the Switch and the NVIDIA bootROM Nintendo had to rely on. The first is fusée-gelée. The second is exposing the button pin that gets the bootROM in RCM state on the right Joycon rail so people wouldn't have to open up the console and do microsoldering to enter RCM mode. And the third oopsie and final nail in the coffin for Nintendo's security model is the CPU itself being vulnerable to voltage glitching, a physical manipulation of the Switch's power circuit where a very controlled electrical spike can make the CPU skip lines of code much like how an old car CD player would skip when you hit a bump in the road. These were all abused by hackers to skip right past the initial bootloader signature check and load a custom boot manager, breaking the security model extremely early in the Switch's startup sequence, long before any Horizon OS firmware code is ready to execute, and even longer before it could set up its perfect, impenetrable barriers. But the story doesn't end here. And I hate that this next part doesn't get told more often. As it turns out, Horizon OS 5.0.0 would include a hardware exploit from Nintendo themselves, a curveball designed to counter fusée-gelée and prevent its use for piracy. They changed their key derivation processes, and then significantly modified the TSEC firmware code to halt the CPU if a modified version of Horizon OS was detected. It is impossible to run modern versions of Horizon OS without the TSEC or on the old TSEC firmware, because it needs the derived hardware keys the new TSEC firmware provides to decrypt all sorts of data. And hackers wouldn't be able to write a custom TSEC program, since the signature check for its firmware was actually never broken. This wouldn't stop modders from running other operating systems on the Switch with a fully disabled TSEC, but it was an effective patch against the unpatchable that would've stopped people from booting stock firmware > 5.0.0 under fusée completely... If the private Nintendo signature required to sign a Switch TSEC firmware with hadn't leaked to SciresM through an unknown channel. Truly a 'my uncle works at Nintendo' moment. If not for that, the Switch security model would still be fairly rigid on all fronts, and Horizon OS homebrew (not to mention piracy) on the system would still be extremely limited and practically nonexistent. As part of the microkernel research efforts, SciresM has written a reimplementation of the whole thing. This is a testament to both the Nintendo hacker community's stubbornness, and the microkernel itself being small enough for a single person to be able to wrap their head around it in its entirety. This custom kernel, now named mesosphére, is the default kernel used by the Atmosphére custom firmware. Atmosphére by itself doesn't provide any means to override the DRM enforced when running official Switch software. That job is left to the aptly named sigpatches, a set of separate, additional binary patches that the user has to install and which Atmosphére has no involvement with. Modern Nintendo security is less about their own technical failures, and more about the extremely determined nature of their attackers, the obsessive, unstoppable fanbase they have.
Security is one of those amazing things. You can spend millions securing a system and forget the most simple of access points. Like adding bars to windows but having the gap large enough to get through.
Yea... imagine being defeated by Tweezers and a Paperclip lmao. (Yea, it was all by bridging stuff on the Wii and Switch, like bridging something with the Tweezers in Wii to let the hacker have access to the hidden RAM, and on switch bridging the JoyCon rail pins for RCM)
This remind me of our house in Idaho. Our cat keep getting into the basement from the outside and we couldn't figure out how. We look everywhere around the house, looking for holes dug around the foundation as well as checking all the air vents and everything was sound. It wasn't until one day that I watched the cat walk into a bunch of bushes at the bottom of a hill and disappeared. A few minutes later, my mother holler at me and said that the cat was in the basement again. It turns out that in those bushes was where the other end of the drain pipe for the basement was hiding. Our cat was crawling up through a hidden drain pipe that was over 200 feet from the house to get into the basement. Securing the pipe was easy. All we had to do was put a piece of chicken wire over the opening. But god it took us months to figure that out.
You forgot a really important aspect of the story. Docs contained in the gigaleak reviled that Nintendo knew about the exploit before the switch was released to the market and was working on a patch with Nvidia.
this is actually really interesting that they chose to release it still with this issue though, but they would lose out on a lot of systems being sold.
@@CraftyTheFox having consoles that are exploitable doesn’t really cost Nintendo anything and fixing the already made consoles with razor thin if any margins, likely a money loss. Not to mention, few consoles are getting hacked to begin with, so if there is a concern, few people will ever take advantage of it.
@AmorMagico666 psst, get a steam deck, they got gzdoom and dsda, and you don't have to fiddle with RCM jigs for your homebrew ^_^ (not serious, here, I just love doom and the open hardware/software of the steam deck)
I would also argue the ipatched systems from around mid 2018 before the release of the redbox, lites and oled, which burnt an efuse at factory to stop the rcm exploit
The total cost for adding a modchip has dramatically dropped recently (at least in China) thanks to the recent discovery that PIO on RP2040 (a general purpose chip that's extremely cheap) can reliably glitch the CPU, and open-source firmware has been released.
The hwfly chips have come down dramatically in cost due to this fact. I still prefer the RP2040 method, though. Soldering to the tiny FET pads isn't difficult with the right supplies. It's an interesting time for the Switch homebrew community.
@@paul.1337 Paperclips and tweezers are pretty much the same thing, a simple wire could do the trick. It's just funny how we take a giant company and pit it up against small household items.
@@applehazeva2739 dude, the devs may straight up make an interpreter to play them, because probably it will be a close architecture to the current switch
Congrats you got lucky kid, I've bought 4 pairs of original joycons, played puzzle games, left them sitting, switched off to prevent wear, and always washed my hands. No kids in the house. Ridiculous hardware from Nintendo these days. Meanwhile my N64 and original N64 controllers are working almost like new even after 20+ years of abuse.
You can try cleaning the analog sticks on the joycons with some electrical contact cleaner, as that should help to remove the dirt that's likely causing the drift. There's been quite a bit of reported success with doing this, and I've had good luck with this on other systems with dirty, glitchy controllers.
pity the real way to solve joycon drift only started existing this year because nobody made hal effect sticks small enough in that form factor til now and nintendo were never actually responsible for the design of the sticks as theyre an off the shelf part made by the same company who makes sticks for every console
i fixed my joycons myself for like 2€ each and it took me 10 mins yeah no im not paying 80 bucks for a pair that will last like one year before dying aigan
Absolutely love these kinds of videos from you. Love seeing how companies locked down their systems and how the fanbase blew the doors wide open again.
Kinda funny to think about how the amount of stock Nintendo Switch units and Wii U units that are softmod-ready are roughly the same (~15 million Switches vs. all 13.56 million Wii Us)
If I got a nickel every time a Nintendo console was cracked using a paperclip I would have 2 nickels. Which isn't a lot, but it's funny that it happened twice
as someone who isn’t tech savy at all & doesn’t understand a lot of terms in each video it fascinates me how smart people are with devices & able to work around any parameters in their way. I just know if I was educated more in it I would appreciate that much more
I'll deal with the Switch the same way I did for Wii U- and it will depend on whether Nintendo provides forward compatibility support for their next Switch console. I have like a mini Steam collection of paid for games on Switch- if they jerk us around like they did for Wii U (expecting us to rebuy launch games again during the transition period at full price instead of offering an actual discount), I'll go ahead and defeat the security during my next winter break and download everything else I haven't purchased yet.
this kind of uncertainty is why i never personally bought many 3rd party games for my switch. I was happy to see the steam deck come out later and provide me with a way to have a unified library of games.
@@natryamar I buy Nintendo games for my Switch and pretty much everything else on Steam/GoG for my PC. Hell, I didn't even mind buying BotW twice. Once for the Wii u and again for the Switch. I even did it again for Mario Kart 8. I know what I'm going to get from Nintendo, and I buy their systems for Zelda/Metroid mainly.
The nVidia Tegra family bootroms were part of the chip designs. Each would read some on chip fuse bits (PROM) to decide if and what digital signature to require on the first off-chip code loaded into on chip boot RAM . The details were never properly documented, thus making it difficult to do recovery repairs on Tegra based phones and tablets from LG, Acer etc. I remember struggling for days to work around damaged flash sectors in a friends Acer tablet (even though the formula for converting its hardware serial number into the secret boot key had been published years earlier).
@@SuperM789 so you *only* pirate games from the people who have low sales and actually deserve the money instead of from companies that can sustain themselves from a thousandth of their current sales with no changes? Awful.
It’s funny how absolutely brutal Nintendo are on the homebrew and preservation community, in frankly unwarranted way, how easy they make exploiting each of their systems.
Most of the brutality has been on people who seek to provide definite means to pirate their current hardware. Can't say I blame em. At least wait until the console generation is over.
A study showed that pirates are the One that spend the most on games, if companies would allow us to buy the games we want, we wouldn't hack their devices.
@@Gamefreak924 no? Give us the games we want to play and we ask, otherwhise we would crack open you. Pirates are the ones that spend the most in games
I do secretly still hope that one day there will be a software based exploit for the Switch Lite even though that seems like a far away dream. That device just begs to be an amazing retro emulator.
tbh its begging to be anything other than a glorified online store. I mean, its cool and all, but the greed is insane, things have gotten marginally better recently, but for the most part, their online service is basically a total scam.
There will be one day, no form of security is 100% fool proof. I remember hearing about how the 3DS was unhackable and it would never be jail broken. But here we are today, where you can do it in under 2 hours. Someone will find a way :P
@@zethcader6478"under 2 hours"? in my lifetime I've added homebrew to 11 different times and the longest it's ever took for me was 20 minutes? What's taking you so long Not trying to be rude but 2 hours is embarrassing
The Nintendo Switch security measures are fascinating. I wish you had spoken more about the anti-hombrew measures within the OS and online. My first hacked Switch got banned from accessing any Nintendo servers online, and therefore I was banned from making purchases on the eShop. Seems counterintuitive to me, but clearly effective as a deterrent.
This is why if I use atmosphere I've got exosphere configured so every nintendo sever is blocked. Although my unpatched switch spends most of the time in standard mode anyway.
Problem: Modded console means potential piracy or piracy adajacent shenanigans meaning potential lack of legitimate online purchases and/or conduct. Solution: Screw potential let's make it outright impossible for it to legitimately purchase/participate in any of our online products ever again. That'll show 'em! Outcome: You may lose what you already purchased if you were silly enough to get an account you actually used banned which either seems fair or stupid depending on your point of view but I think actively stopping a person you claim you want to be making purchases, a claim you backup with ludicrous levels of security and DRM facilities what one might even call those themselves of outright questionable legitimacy to my mind at least, from making said purchases indefinitely again basing this action itself on the strength of said initial claims is just fundamentally stupid or what one might say a fundamentally stupid person thinks smart, tough, but fair looks like.
Im always more interested not only HOW the exploit works but WHY & how did they FIND the exploit? If possible could you try including the path taken to finding various console exploits? Im just curious of the mentality of the hackers who search for these treasures.
To protect your privacy, you should willingly route all of your internet traffic through a random company's proxy servers. That way, you can have peace of mind that your ISP isnt spying on you, instead, we are.
I'll be interested to see how the hacking scene develops for the later hardware revisions. It's unfortunate that there seems to be little effort going towards hacking those simply because the launch model exists.
There are physical modchips that use voltage glitching to hack all of the subsequent models, but Nintendo has DMCA'd and sued most popular mentions of it.
It's simply not just because of the launch model exists, the guy who made atmosphere says he reversed the kernel and other stuff many times he did not find any vulnerability in it so it is a waste of time to look into it.
@@handle.setUsername I don't doubt the guy tried, but I find it kinda hard to believe that the Switch is truly unhackable without the hardware vulnerability. I mean, that's what the assertion here is, right?
@@qactustick the kernel is made to be so simple that the attack vector would be incredibly small, allowing Nintendo to fully test for any sort of exploit which they've done. Modders have a full understanding of the kernel to its most intricate aspects and they have no way of getting in.
A small inaccuracy - Mariko/Red Box Switches were not the first time the RCM exploit was patched. It was patched soon after release by including an updated bootrom from the factory that simply disabled USB access in RCM. (so called iPatched switches) But it was Mariko that fixed it properly, by fixing the vulnerability that allowed unsigned code to be ran in the first place. Still, both variants of patched units have yet to have their RCM mode exploited so it seems both are equally secure.
i can remember buying a first gen switch about a year ago. i asked the poor guy in the shop to bring out all the switch they had in stock and i was stood there, checking all the serial numbers of each switch till a found one that was unpatched, and to this day i still have that switch and wont be selling it any time soon. its my portable retro gaming console, runs retroarch and thats about it
Any chance you could do a mini-update to this video and talk about Nintendos “software fix” to their hardware issue with their use of e-fuses? I initially thought this is what you were going to chat about. These exploits are always a game of cat and mouse. Don’t want you to risk your channel as I know how Nintendo can be. Would just love your impression on their attempt to software patch the hardware issue. Lots of groups gave Nintendo massive props for even being able to do it! 😊
It may only be a small part of the sold systems, but the fact that 15 million consoles are exploitable and with hackers being able to understand the hardware, lead to some brilliant emulators such as Yuzu or Ryujinx which makes hacking the real Nintendo Switch hardware more or less obsolete, with devices around such as the Steam Deck. I still own a Switch OLED, but the fact it propably never gets software exploited doesn't matter that much to me as long as I can use said devices to upscale and get more out of my games library... anyway, great video!
@Obscure Gun If i remember correctly about 3ds software exploits some of them only revealed the exploits they had after nintendo patched them already.
Joined this cannel because of the history of videogames security have been breaken, and here we are again. Without doubt this is the best content of the channel.
I hope he covers the Modchip glitch hack for the switch in detail in the future, I know you mentioned it in passing but it might be interesting to showcase how it works in detail like how you did with describing the original Bootrom exploit.
The only reason I haven't traded in my near-first-release Nintendo Switch is for this very reason, even though it's starting to show its age by having the right joycon fail to dock sometimes. If I ever get one of those OLED Switches, the old reliable is getting the modded treatment through and through.
Great Video MVG! Video game preservation is becoming so important as physical copies of games are going by the wayside. Digital backup is an absolute must.
I loved modding my switch, but my switch is so old that it's started having serious issues, so I can't really play it much anymore. I wish it was easier to mod current year switches, like the OLED, without having to open the thing up and install a mod chip, because I'd love to have my OLED modable
I recently got a Switch OLED and put my launch model switch into retirement. I'm thinking about using it to experiment with homebrew stuff and will be revisiting some of your older videos, MVG.
Finally!! I really love all your videos on security. The old school strange anti piracy all the way up to the most "secure" heavy handed DRM methods. Thanks for finally covering the switch. Now let's pray Nintendo doesn't try to crap on it.
i bought my switch knowing this was coming. kept it on 3.0.0 and offline. now i’ve got a first gen switch running current HOS on emuMMC with 3.0.0 still on the sysMMC with no efuses blown. feels like owning a unicorn.
The wii U was unsuccessful because most people thought it was an expensive accessory and not a whole new console. I just want to play the games I buy on my pc so that I can get a stable 60 fps and no stuttering.
If I knew without a shadow of a doubt I wouldn't get banned I'd do this to my switch in a heartbeat. Certain things like backing up Pokemon Scarlet/Violet save data in the event of a corrupted save are huge benefits.
Yeah, I wish mine wasnt patched... Sadly i got one of those "potentially patched" ones (tried it, it's patched in my case) and unpatched ones are ridiculously expensive now 🙃
@@Akab I'm sorry to hear that...the unpatched ones are getting more rare seeing the Switch is getting close to being 6 years old one but if you look hard enough and are quick you can still find some in the wild get good prices.
I've bought mine as a refurbished one, and it's been patched as well according to a website checker. Not that I have any intention to do anything outside of it's range anyway.
Yo, the rare MVG Video that isn't at that magical monetization 10-minute mark, and the highlight only goes to the five minute marker? We take those, I miss when MVG put out content in a vein like this. Good video too after watching, was worth the watch.
While a lot of people are happy keeping their launch Switch consoles and working homebrew on them, I feel like in the future people are going to find a soft mod method for all Switch revisions. Don't know how or if it's even actually going to happen (I'm not knowledgeable enough to say "yes" for certain), but people are stubborn enough to find a backdoor.
it's a nintendo console, there WILL be a softmod. i bet when nintendo abandons the switch and starts working on their new console that a team is gonna work to find some sort of vulnerability (probably with the incredibly out of date switch web browser)
The most useful and impressive part of custom firmware on the switch, which I use on my channel sometimes, is the ability to overcloc Yes Nintendo or Nvidia only allowed us to do that naturally, a lot of the appeal would be gone for me. I love the ability to take games that run poorly and push the system enough to get them to run smooth
This is one of my favorite channels. It makes me so happy to hear you talk about hacking these consoles. I grew up buying Gamesharks and Action Replays for my Gameboys, N64, and Gamecube (all of which I still have because Game Stop wouldnt buy them from me, thank god). I think the original Xbox was my first console hack, doing the Mech Assault Soft Mod so that I could mod Halo 2. I was addicted. Since then I've added PSPs, PSVita, X360, PS3, (never modded my XB1 though), GameCube, DS, 3DS, all of my phones, and finally my Switch. Watching these gives me the weirdest nostalgia.
Oh and btw, here in Colorado, none of the GameStops I went to cared about me checking the serial numbers of the Switch before I bought it. I literally told them I was looking for a specific range so I could mod it. They were like okay whatever lol.
They recently announced that they'll fix drifting joycons for the forseeable future if i heard correctly. but yeah, i mean, why can't nintendo of all companies fix this ..
The process for jailbreaking Nintendo consoles reminds me of the Lockpicking Lawyer breaking into his hotel room using nothing but a "Do Not Disturb" card.
Would have been nice if you went more into detail on how the modchips work as that is kind of newer less known information. But cool that you mention it.
I think the biggest problem with the switch has been emulation. We never seen a console getting emulated so quickly and so well. 2 year after release games were already playable, with some even working well, and in 3 most games already working as intended.
I bought an RCM clip online that is way more reliable than a paper clip for $5 and it has worked flawlessly for 3 years. Even when I accidentally updated my switch to 16.0.0, I just redid the process and it still works. The only caveat is your switch has to be an older model also my console got permanently banned from online lol but it's still worth it as I wasn't playing online games anyway.
I happened to get one of those RCM vulnerable units, and it’s served me very well with all the homebrew ports and emulation I could ever want in a tablet. Of course, I do have switch games on cartridges because I had this unit before the exploit was disclosed, but thanks to a decently sized MicroSD card I have gone more digital thanks to the eShop and retro community
if i had a nickel for every time a nintendo consoles security was bypassed by a small piece of metal , i would have two nickels, which isnt alot but its weird its happened twice
Nintendo doesn’t focus on game preservation is why there’s lots of motivation for hackers to mod their consoles since Nintendo is limiting their ability to play old games legally! My friend was to mod the Switch lite because he wants to add more games like from the GameCube that never got rereleased!
@@Akab they’re like the Disney of video game companies, they’re trying to hard to protect their IPs and not let people have access to their classic content!
@@Akab have... you never seen nintendos archive? this statement is idiotic if you have. nintendo archives and preserves literally EVERYTHING every single protoype every single asset every single piece of hardware and random ass doodad they prototype
@@jh302 and how do we play them again? how is keeping them in a centralized place a good way to preserve that data? What's your point? This makes it even worse as they literally keep their games in their basement and do nothing with them. Please just stop bootlicking your favorite companies for no particular reason, they won't thank you anyways.
@@Akab you assume they are centralized but they have multiple backups of software on tape real they are by the very definition preserved and maintained. preservation does not mean you get to touch them or use them it means they are preserved
The 3DS held out for years before it was hacked, for actual 3DS games. What's funny about the switch is how fast a fully blown emulator came out. No new console in sight and yet we've been able to play Switch games on PC for over a year with very few problems AND they look much better! There's no point in even having a switch anymore. Plus the game run insanely fast. I have to lock them in at 60FPS because too many of them play over 200FPS which is way too fast.
My only gripe is how fragile the internals are, even for seasons vets in soldering. It doesn't take much for it to break over time. Hence why Nintendo keeps pushing revisions of the console.
Funnily enough, I knew a decent amount about the Nvidia Shield K1 tablet, the general model line for the Switch, before the NX was even announced, as it was an option I was considering for a cheap portable gaming alternative as well as a useful tablet I would need for my schooling (since I no longer had a functional laptop I could use what with my craptop's keyboard giving out). The Switch made that idea obsolete, though, and I wound up just borrowing an old laptop to use for a while. It was awful.
If memory serves me right, fusee gelee still isn't considered cold boot, since it needs the maintenance mode of the switch. Cold boot would be something that is more persistent. 3.0.0 should have the option, but it has not been explored in years iirc.
Having a modded Switch is pretty neat, I really like being able to play game mods and unofficial software. As for piracy, just things that aren't being sold anymore or are being sold as an overpriced or inferior version. I don't pirate recent games personally, but I don't condemn doing so (besides indies) because I get it. Many of my fondest memories are of playing games on my Wii through CFG, and an R4 cart on my DSi. My family wasn't struggling financially (I was a bit spoiled if anything) but video games are expensive. So yeah, modding is cool for many reasons.
The news about NX being powered by the Nvidia Tegra X1 was revealed by an insider (I don't remember her name tho...), not by Eurogamer. I remember how disappointed I was. Great video tho.
Interesting fact: Most people exploit with jigs and paperclips, but apparently it's doable with tinfoil (aluminium foil) which ironically is the name of a piece of homebrew software which allows for the installation of NSP and XCI files.
Modding systems is more important than ever before.
Especially now...
As backwards compatibility is being thrown to the wayside and digital storefronts (3DS, Wii, and Wii U) go permanently offline.
Well, maybe in the case of Nintendo but backwards compatibility on Sony & Microsoft machines is as good as it has ever been, especially with Microsoft.
Nintendo would be stupid NOT to have backwards compatibility on this next system for the switch family
The solution is simple: handheld PCs like the aya neo or even better the steam deck
That's the worst thing about paying for digital only content. If the provider goes, you money is lost forever
@@ThePreciseClimber Sony is not backwards compatible before PS4 though
Nintendo's security model for the Wii and Switch are actually extremely advanced. The Wii had the Starlet, a dedicated security ARM coprocessor that would moderate all Wii hardware accesses in 2006. For comparison, Intel ME released in 2008, AMD PSP released in 2013, and the Apple T1 chip released in 2016.
Unfortunately, their implementation of RSA had a critical bug that completely nullified the security aspects of the Starlet for all intents and purposes. Even when the Trucha Bug was patched, AHBPROT was discovered which made it possible to restore the bug and it was ultimately futile.
As for the Nintendo Switch, well, current versions of Horizon OS (that is the internal name of the Nintendo Switch firmware) are the first of Nintendo's to have 100% flawless security on the software side. Unlike other console firmwares which are usually based off of FreeBSD, Nintendo's Horizon OS was fully developed in-house with a microkernel design. Even the hardware drivers run sandboxed as regular userspace programs, massively reducing the attack surface and making it possible to write a kernel that can perfectly maintain core OS security under every scenario, since the range of possibilities have been kept small enough at the core to make testing every single possible input to the security engine in depth (including testing all possible invalid inputs) a reasonable endeavor. This microkernel has been completely reverse-engineered, every single function and instruction has been combed through and deeply analyzed by the community, and there are zero vulnerabilities on it. This isn't zero known vulnerabilities, there are no software vulnerabilities, period. The sandbox simply cannot be broken once established using current available software and hardware methods and technologies. So finding bugs in games and even hardware drivers is useless, because there's no privilege escalation without a bug in privileged code, and no privilege escalation, no full system takeover.
Unfortunately (or rather fortunately for us), NVIDIA made three oopsies while designing the Tegra X1 that would go on the Switch and the NVIDIA bootROM Nintendo had to rely on. The first is fusée-gelée. The second is exposing the button pin that gets the bootROM in RCM state on the right Joycon rail so people wouldn't have to open up the console and do microsoldering to enter RCM mode. And the third oopsie and final nail in the coffin for Nintendo's security model is the CPU itself being vulnerable to voltage glitching, a physical manipulation of the Switch's power circuit where a very controlled electrical spike can make the CPU skip lines of code much like how an old car CD player would skip when you hit a bump in the road. These were all abused by hackers to skip right past the initial bootloader signature check and load a custom boot manager, breaking the security model extremely early in the Switch's startup sequence, long before any Horizon OS firmware code is ready to execute, and even longer before it could set up its perfect, impenetrable barriers.
But the story doesn't end here. And I hate that this next part doesn't get told more often. As it turns out, Horizon OS 5.0.0 would include a hardware exploit from Nintendo themselves, a curveball designed to counter fusée-gelée and prevent its use for piracy. They changed their key derivation processes, and then significantly modified the TSEC firmware code to halt the CPU if a modified version of Horizon OS was detected. It is impossible to run modern versions of Horizon OS without the TSEC or on the old TSEC firmware, because it needs the derived hardware keys the new TSEC firmware provides to decrypt all sorts of data. And hackers wouldn't be able to write a custom TSEC program, since the signature check for its firmware was actually never broken. This wouldn't stop modders from running other operating systems on the Switch with a fully disabled TSEC, but it was an effective patch against the unpatchable that would've stopped people from booting stock firmware > 5.0.0 under fusée completely... If the private Nintendo signature required to sign a Switch TSEC firmware with hadn't leaked to SciresM through an unknown channel. Truly a 'my uncle works at Nintendo' moment. If not for that, the Switch security model would still be fairly rigid on all fronts, and Horizon OS homebrew (not to mention piracy) on the system would still be extremely limited and practically nonexistent. As part of the microkernel research efforts, SciresM has written a reimplementation of the whole thing. This is a testament to both the Nintendo hacker community's stubbornness, and the microkernel itself being small enough for a single person to be able to wrap their head around it in its entirety. This custom kernel, now named mesosphére, is the default kernel used by the Atmosphére custom firmware. Atmosphére by itself doesn't provide any means to override the DRM enforced when running official Switch software. That job is left to the aptly named sigpatches, a set of separate, additional binary patches that the user has to install and which Atmosphére has no involvement with.
Modern Nintendo security is less about their own technical failures, and more about the extremely determined nature of their attackers, the obsessive, unstoppable fanbase they have.
That’s an impressive write up
Worth a read. Great comment.
Read through the whole thing, good write up!
Perfect
good post
Security is one of those amazing things. You can spend millions securing a system and forget the most simple of access points.
Like adding bars to windows but having the gap large enough to get through.
You should be a security consultant.
@@jinxterx "Nintendo, hire this man!"
Or barricading a door with a mountain of furniture but forgetting the door opens the other way 😅 (shoutouts to oldschool Scooby-Doo!)
Yea... imagine being defeated by Tweezers and a Paperclip lmao. (Yea, it was all by bridging stuff on the Wii and Switch, like bridging something with the Tweezers in Wii to let the hacker have access to the hidden RAM, and on switch bridging the JoyCon rail pins for RCM)
This remind me of our house in Idaho. Our cat keep getting into the basement from the outside and we couldn't figure out how. We look everywhere around the house, looking for holes dug around the foundation as well as checking all the air vents and everything was sound. It wasn't until one day that I watched the cat walk into a bunch of bushes at the bottom of a hill and disappeared. A few minutes later, my mother holler at me and said that the cat was in the basement again. It turns out that in those bushes was where the other end of the drain pipe for the basement was hiding. Our cat was crawling up through a hidden drain pipe that was over 200 feet from the house to get into the basement. Securing the pipe was easy. All we had to do was put a piece of chicken wire over the opening. But god it took us months to figure that out.
You forgot a really important aspect of the story. Docs contained in the gigaleak reviled that Nintendo knew about the exploit before the switch was released to the market and was working on a patch with Nvidia.
thanks! i knew about it but thats flying a little too close to the sun
this is actually really interesting that they chose to release it still with this issue though, but they would lose out on a lot of systems being sold.
@@CraftyTheFox having consoles that are exploitable doesn’t really cost Nintendo anything and fixing the already made consoles with razor thin if any margins, likely a money loss.
Not to mention, few consoles are getting hacked to begin with, so if there is a concern, few people will ever take advantage of it.
@AmorMagico666 psst, get a steam deck, they got gzdoom and dsda, and you don't have to fiddle with RCM jigs for your homebrew ^_^ (not serious, here, I just love doom and the open hardware/software of the steam deck)
I would also argue the ipatched systems from around mid 2018 before the release of the redbox, lites and oled, which burnt an efuse at factory to stop the rcm exploit
The total cost for adding a modchip has dramatically dropped recently (at least in China) thanks to the recent discovery that PIO on RP2040 (a general purpose chip that's extremely cheap) can reliably glitch the CPU, and open-source firmware has been released.
Yes but installing the damn thing is next to impossible.
Modchips aren't a real exploit for 90% of users.
I hope someone makes one of those flex-solder ribbon cables to make installing them much easier and more reliable.
@@internetguy7319 thank you. This is not as accessible as some people frame it to be
The hwfly chips have come down dramatically in cost due to this fact. I still prefer the RP2040 method, though. Soldering to the tiny FET pads isn't difficult with the right supplies. It's an interesting time for the Switch homebrew community.
MISTAKES WERE MADE.
😂😂😂
HE DIDNT PUT IT
paperclip (trademark)
🤷♂️
Mistakes are always made
Previously: Nintendo vs Tweezers
Now: Nintendo vs Paperclips
Bridge two circuits trick, always works for some reason... oh it's Nintendo.
@@XenonG The wonders of conductors. =P
@@paul.1337 Paperclips and tweezers are pretty much the same thing, a simple wire could do the trick. It's just funny how we take a giant company and pit it up against small household items.
Aaaand the Winner is ...
Next… Nintendo vs… the bobby pin 📌! (≖͞_≖
With Nintendo being backwards with preservation this was a good thing
backwards incompatible
If the Switch 2 isnt Backwards Compatible, I could see Yuzu Ports in the first year
@@applehazeva2739 dude, the devs may straight up make an interpreter to play them, because probably it will be a close architecture to the current switch
With Nintendo being backwards with preservation this is *ALWAYS MORALLY CORRECT*
Gaining root access to Nintendo's hardware via hacking is exactly in part why Nintendo doesn't do b/c. Thanks, hacker scum. 🙃
Pitty they have not been so quick to resolve the pro controller and joy con drift
Congrats you got lucky kid, I've bought 4 pairs of original joycons, played puzzle games, left them sitting, switched off to prevent wear, and always washed my hands. No kids in the house. Ridiculous hardware from Nintendo these days. Meanwhile my N64 and original N64 controllers are working almost like new even after 20+ years of abuse.
You can try cleaning the analog sticks on the joycons with some electrical contact cleaner, as that should help to remove the dirt that's likely causing the drift. There's been quite a bit of reported success with doing this, and I've had good luck with this on other systems with dirty, glitchy controllers.
They did. You buy a new one. Problem resolved. 🤣
pity the real way to solve joycon drift only started existing this year because nobody made hal effect sticks small enough in that form factor til now and nintendo were never actually responsible for the design of the sticks as theyre an off the shelf part made by the same company who makes sticks for every console
i fixed my joycons myself for like 2€ each and it took me 10 mins
yeah no im not paying 80 bucks for a pair that will last like one year before dying aigan
The first 5 seconds of an MVG video hit so nostalgic. Like an oldschool keygen song that's blasting max volume out of your speakers
He actually has the song on his Bandcamp, linked in the description.
3DS has a VERY interesting hacking history. I hope I see it one day in this channel!
You could make a full length documentary on 3DS hacking
I was there
I'd like that too!
Tech Rules has a really nice video about it, highly recommend.
Absolutely love these kinds of videos from you. Love seeing how companies locked down their systems and how the fanbase blew the doors wide open again.
Kinda funny to think about how the amount of stock Nintendo Switch units and Wii U units that are softmod-ready are roughly the same (~15 million Switches vs. all 13.56 million Wii Us)
If I got a nickel every time a Nintendo console was cracked using a paperclip I would have 2 nickels. Which isn't a lot, but it's funny that it happened twice
Whats that second console that was cracked?
@@creeperizak8971 The Wii.
@@logsupermulti3921 but that was done with tweezers, wasn't it?
haha lmao
@@creeperizak8971 yea but it still involves bridging, technically the same, just with a different tool (Tweezers instead of Paperclip)
as someone who isn’t tech savy at all & doesn’t understand a lot of terms in each video it fascinates me how smart people are with devices & able to work around any parameters in their way. I just know if I was educated more in it I would appreciate that much more
"All the way back in April 2016"... Still feels like yesterday tho. 7 years and counting😮
hello old.
8 years now, Old indeed....@@salsaandbrwx1449
the best series returned!! i simply love these security/mistakes were made series!! keep it up mate!
Glad you like them!
I'll deal with the Switch the same way I did for Wii U- and it will depend on whether Nintendo provides forward compatibility support for their next Switch console. I have like a mini Steam collection of paid for games on Switch- if they jerk us around like they did for Wii U (expecting us to rebuy launch games again during the transition period at full price instead of offering an actual discount), I'll go ahead and defeat the security during my next winter break and download everything else I haven't purchased yet.
this kind of uncertainty is why i never personally bought many 3rd party games for my switch. I was happy to see the steam deck come out later and provide me with a way to have a unified library of games.
Just say you're going to pirate.
@@natryamar I buy Nintendo games for my Switch and pretty much everything else on Steam/GoG for my PC. Hell, I didn't even mind buying BotW twice. Once for the Wii u and again for the Switch. I even did it again for Mario Kart 8. I know what I'm going to get from Nintendo, and I buy their systems for Zelda/Metroid mainly.
The nVidia Tegra family bootroms were part of the chip designs. Each would read some on chip fuse bits (PROM) to decide if and what digital signature to require on the first off-chip code loaded into on chip boot RAM .
The details were never properly documented, thus making it difficult to do recovery repairs on Tegra based phones and tablets from LG, Acer etc. I remember struggling for days to work around damaged flash sectors in a friends Acer tablet (even though the formula for converting its hardware serial number into the secret boot key had been published years earlier).
Finally a new security video. Please make more of these and piracy videos too. They are the best!
^man who definitely pirates everything
@@Gamefreak924 ^man who doesnt understand that piracy is morally correct when stealing from nintendo
@@ponivi I agree with this, piracy has allowed me to play/use so much old software/games that I would of never been able to play otherwise.
@@ponivi i only pirate indie games personally
@@SuperM789 so you *only* pirate games from the people who have low sales and actually deserve the money instead of from companies that can sustain themselves from a thousandth of their current sales with no changes? Awful.
It’s funny how absolutely brutal Nintendo are on the homebrew and preservation community, in frankly unwarranted way, how easy they make exploiting each of their systems.
Most of the brutality has been on people who seek to provide definite means to pirate their current hardware. Can't say I blame em. At least wait until the console generation is over.
@@Gamefreak924 if they stopped giving valid reasons for people to do it, that would be a nice start
A study showed that pirates are the One that spend the most on games, if companies would allow us to buy the games we want, we wouldn't hack their devices.
@@Gamefreak924 no? Give us the games we want to play and we ask, otherwhise we would crack open you. Pirates are the ones that spend the most in games
@@alessandromazzini7026 I don't think so. Pirates would always find some reason why Nintendo's way of doing business is not good enough for them.
I do secretly still hope that one day there will be a software based exploit for the Switch Lite even though that seems like a far away dream. That device just begs to be an amazing retro emulator.
tbh its begging to be anything other than a glorified online store. I mean, its cool and all, but the greed is insane, things have gotten marginally better recently, but for the most part, their online service is basically a total scam.
There will be one day, no form of security is 100% fool proof. I remember hearing about how the 3DS was unhackable and it would never be jail broken. But here we are today, where you can do it in under 2 hours. Someone will find a way :P
@@zethcader6478here's hoping. I was under the impression that this was possible before buying my switch lite
@@zethcader6478"under 2 hours"? in my lifetime I've added homebrew to 11 different times and the longest it's ever took for me was 20 minutes? What's taking you so long
Not trying to be rude but 2 hours is embarrassing
The Nintendo Switch security measures are fascinating. I wish you had spoken more about the anti-hombrew measures within the OS and online. My first hacked Switch got banned from accessing any Nintendo servers online, and therefore I was banned from making purchases on the eShop. Seems counterintuitive to me, but clearly effective as a deterrent.
This is why if I use atmosphere I've got exosphere configured so every nintendo sever is blocked. Although my unpatched switch spends most of the time in standard mode anyway.
Could've circumvented with a single .ini file upon booting atmo.
But Playstation bans PS4s for less silly reasons...
@@repeekyraidcero Well yes I know that NOW 😅 I had this happen to me around 2018 hahaha
Problem: Modded console means potential piracy or piracy adajacent shenanigans meaning potential lack of legitimate online purchases and/or conduct.
Solution: Screw potential let's make it outright impossible for it to legitimately purchase/participate in any of our online products ever again. That'll show 'em!
Outcome: You may lose what you already purchased if you were silly enough to get an account you actually used banned which either seems fair or stupid depending on your point of view but I think actively stopping a person you claim you want to be making purchases, a claim you backup with ludicrous levels of security and DRM facilities what one might even call those themselves of outright questionable legitimacy to my mind at least, from making said purchases indefinitely again basing this action itself on the strength of said initial claims is just fundamentally stupid or what one might say a fundamentally stupid person thinks smart, tough, but fair looks like.
So basically they put you in a position where you _COULDN'T_ give them your money anymore, and *HAD* to sideload your roms... genius?
Security and piracy: definitely my favourite MVG subjects!
I love the impossible port
I call it backups or game preservation
Security and priacy
0/10 - not enough unnecessary clickbait
The secret ingredient is crime
Users should never need to hack their own hardware. What you own shouldn't be locked nor controlled by the manufacturer
Steam Deck moment
Im always more interested not only HOW the exploit works but WHY & how did they FIND the exploit? If possible could you try including the path taken to finding various console exploits? Im just curious of the mentality of the hackers who search for these treasures.
I love how the Wii was compromised with a pair of tweezers and the Switch with a paperclip.
To protect your privacy, you should willingly route all of your internet traffic through a random company's proxy servers. That way, you can have peace of mind that your ISP isnt spying on you, instead, we are.
I think just morons buy vpn anyway
Only reason to have a vpn is for pirating so you dont get angry letters
We both saw the Tom Scott video?
@@MateuLeGrillepain and yet, Tom Scott's recent videos have VPN sponsorships. I wonder why he changed his mind 🤔
@@isaac10231 iirc because the VPN ads agreed to start focusing on geoblocked content more than privacy
I'll be interested to see how the hacking scene develops for the later hardware revisions. It's unfortunate that there seems to be little effort going towards hacking those simply because the launch model exists.
There are physical modchips that use voltage glitching to hack all of the subsequent models, but Nintendo has DMCA'd and sued most popular mentions of it.
I really wish the oled was soft moddable. The brightness on my OG switch is so bad, but also I don't want to give up it's modability.
It's simply not just because of the launch model exists, the guy who made atmosphere says he reversed the kernel and other stuff many times he did not find any vulnerability in it so it is a waste of time to look into it.
@@handle.setUsername I don't doubt the guy tried, but I find it kinda hard to believe that the Switch is truly unhackable without the hardware vulnerability. I mean, that's what the assertion here is, right?
@@qactustick the kernel is made to be so simple that the attack vector would be incredibly small, allowing Nintendo to fully test for any sort of exploit which they've done. Modders have a full understanding of the kernel to its most intricate aspects and they have no way of getting in.
MVG you have no idea how excited I am to hear about "How the Nintendo *Switch 2* Security was defeated"
im realy excited if this happends, because it will be the first time i will see the first homebrews appearing
A small inaccuracy - Mariko/Red Box Switches were not the first time the RCM exploit was patched. It was patched soon after release by including an updated bootrom from the factory that simply disabled USB access in RCM. (so called iPatched switches)
But it was Mariko that fixed it properly, by fixing the vulnerability that allowed unsigned code to be ran in the first place. Still, both variants of patched units have yet to have their RCM mode exploited so it seems both are equally secure.
i can remember buying a first gen switch about a year ago. i asked the poor guy in the shop to bring out all the switch they had in stock and i was stood there, checking all the serial numbers of each switch till a found one that was unpatched, and to this day i still have that switch and wont be selling it any time soon. its my portable retro gaming console, runs retroarch and thats about it
What I learned from doing some software security testing previously is that your security is only as strong as your weakest link.
Any chance you could do a mini-update to this video and talk about Nintendos “software fix” to their hardware issue with their use of e-fuses?
I initially thought this is what you were going to chat about.
These exploits are always a game of cat and mouse. Don’t want you to risk your channel as I know how Nintendo can be. Would just love your impression on their attempt to software patch the hardware issue.
Lots of groups gave Nintendo massive props for even being able to do it! 😊
M$ used eFuses first, so yeah...
It may only be a small part of the sold systems, but the fact that 15 million consoles are exploitable and with hackers being able to understand the hardware, lead to some brilliant emulators such as Yuzu or Ryujinx which makes hacking the real Nintendo Switch hardware more or less obsolete, with devices around such as the Steam Deck. I still own a Switch OLED, but the fact it propably never gets software exploited doesn't matter that much to me as long as I can use said devices to upscale and get more out of my games library... anyway, great video!
Such a great security video as always!
Makes me feel like lucky one having unpatches switch.
When you hear that music in the intro .. you know the video is gonna be legendary.
I still highly believe we are going to find a software exploit again in the future. We just haven’t found it yet.
@Obscure Gun If i remember correctly about 3ds software exploits some of them only revealed the exploits they had after nintendo patched them already.
@Obscure Gun I feel like this is the case tbh, i dont blame them though.
Now waiting how Switch V2 and Oled security was defeated
Joined this cannel because of the history of videogames security have been breaken, and here we are again. Without doubt this is the best content of the channel.
Nintendo attempts to silence this video in 3... 2... 1...
I think so too
And why would they?
Wouldn't surprise me even 0.01%
Damn, looks like they failed. Sucks to be them
I hope he covers the Modchip glitch hack for the switch in detail in the future, I know you mentioned it in passing but it might be interesting to showcase how it works in detail like how you did with describing the original Bootrom exploit.
The only reason I haven't traded in my near-first-release Nintendo Switch is for this very reason, even though it's starting to show its age by having the right joycon fail to dock sometimes. If I ever get one of those OLED Switches, the old reliable is getting the modded treatment through and through.
Then the Atmosphere became clear
Great Video MVG! Video game preservation is becoming so important as physical copies of games are going by the wayside. Digital backup is an absolute must.
I loved modding my switch, but my switch is so old that it's started having serious issues, so I can't really play it much anymore. I wish it was easier to mod current year switches, like the OLED, without having to open the thing up and install a mod chip, because I'd love to have my OLED modable
I recently got a Switch OLED and put my launch model switch into retirement. I'm thinking about using it to experiment with homebrew stuff and will be revisiting some of your older videos, MVG.
the paperclip exploit was such a lucky mistake hackers exploited
No such thing as luck in the IT field
@@emanueleborghini3186 Not true at all
I mean it was in the notes for rcm
@@Matanumi yes, but loading unsigned code definitely wasn’t
It wasn't lucky, this was made on purpose
The best part of all this is that Nvidia used Comic Sans for their Tegra technical documentation
Finally!! I really love all your videos on security. The old school strange anti piracy all the way up to the most "secure" heavy handed DRM methods. Thanks for finally covering the switch. Now let's pray Nintendo doesn't try to crap on it.
modchip
i bought my switch knowing this was coming. kept it on 3.0.0 and offline. now i’ve got a first gen switch running current HOS on emuMMC with 3.0.0 still on the sysMMC with no efuses blown. feels like owning a unicorn.
I held a presentation of this topic in my it class and got an A+ for it
🥇
The wii U was unsuccessful because most people thought it was an expensive accessory and not a whole new console. I just want to play the games I buy on my pc so that I can get a stable 60 fps and no stuttering.
If I knew without a shadow of a doubt I wouldn't get banned I'd do this to my switch in a heartbeat. Certain things like backing up Pokemon Scarlet/Violet save data in the event of a corrupted save are huge benefits.
Emunand is a thing my guy. The best of both worlds, clean sysnand and homebrew/roms on sd
As long as you don’t install pirated games, there’s nothing to worry about.
CFW on SYSNAND must be careful, if you INSTALL WAREZ=unit ban (any NSZ NSP XCI XCZ)
EMUNAND with dns mitm and exosphere, no problem
The original unpatched Switches will forever hold a special place in homebrewing history.
Yeah, I wish mine wasnt patched... Sadly i got one of those "potentially patched" ones (tried it, it's patched in my case) and unpatched ones are ridiculously expensive now 🙃
@@Akab I'm sorry to hear that...the unpatched ones are getting more rare seeing the Switch is getting close to being 6 years old one but if you look hard enough and are quick you can still find some in the wild get good prices.
I've bought mine as a refurbished one, and it's been patched as well according to a website checker.
Not that I have any intention to do anything outside of it's range anyway.
@@Lively_1185 Try running cfw - you never know your luck
@@DungarooTV I'ma December 2018 I should have begged my mom even more for a switch😢
Still rocking my launch switch! Don't plan on breaking it until the next Console is on the way.
Yup same here. I mod the WiiU and 3DS once Nintendo stop caring about the system.
The way the Switch was hacked reminds me of the Scene in LotR Two Towers when the Hornberg's wall was blown up.
Tired of paying for premium youtube and still have ads in video. 1:20
SponsorBlock
you're welcome
Yo, the rare MVG Video that isn't at that magical monetization 10-minute mark, and the highlight only goes to the five minute marker? We take those, I miss when MVG put out content in a vein like this. Good video too after watching, was worth the watch.
While a lot of people are happy keeping their launch Switch consoles and working homebrew on them, I feel like in the future people are going to find a soft mod method for all Switch revisions. Don't know how or if it's even actually going to happen (I'm not knowledgeable enough to say "yes" for certain), but people are stubborn enough to find a backdoor.
it's a nintendo console, there WILL be a softmod. i bet when nintendo abandons the switch and starts working on their new console that a team is gonna work to find some sort of vulnerability (probably with the incredibly out of date switch web browser)
well i heard that dude that made atmosphere spend 500 hours looking for a bug and didnt find anything
@@booky6275 😮😢 😔
The most useful and impressive part of custom firmware on the switch, which I use on my channel sometimes, is the ability to overcloc
Yes Nintendo or Nvidia only allowed us to do that naturally, a lot of the appeal would be gone for me. I love the ability to take games that run poorly and push the system enough to get them to run smooth
crazy you can emulate switch this early getting 1400p over 60 on pc
It's been six years since the Switch came out - how is that "early"?
@@RetroJack iirc 2 years after the switch was out, there was good emulators on pc.
@@RetroJack Believe me it's early, also look: PS3 emulations
@@RetroJack rpcs3 still cant fully emulate like yuzu can
@@lilyounggamer True.
This is one of my favorite channels. It makes me so happy to hear you talk about hacking these consoles. I grew up buying Gamesharks and Action Replays for my Gameboys, N64, and Gamecube (all of which I still have because Game Stop wouldnt buy them from me, thank god). I think the original Xbox was my first console hack, doing the Mech Assault Soft Mod so that I could mod Halo 2. I was addicted. Since then I've added PSPs, PSVita, X360, PS3, (never modded my XB1 though), GameCube, DS, 3DS, all of my phones, and finally my Switch. Watching these gives me the weirdest nostalgia.
Oh and btw, here in Colorado, none of the GameStops I went to cared about me checking the serial numbers of the Switch before I bought it. I literally told them I was looking for a specific range so I could mod it. They were like okay whatever lol.
It's insane the amount of effort Nintendo put into the security of the Switch.
If only I could say the same about Joycon drifting...
They recently announced that they'll fix drifting joycons for the forseeable future if i heard correctly. but yeah, i mean, why can't nintendo of all companies fix this ..
@@xmine08 because the solution is hll effect sensors and small enough modules didnt exist til recently?
@@jh302 small hall effect sensors have been around for quite some time already
@@xmine08 yes but no company produced them in the form factor the switch uses
9:04 the mighty paper clip STRIKES AGAIN!
The process for jailbreaking Nintendo consoles reminds me of the Lockpicking Lawyer breaking into his hotel room using nothing but a "Do Not Disturb" card.
It’s so crazy to me that something as simple and small as a paper clip got past the switch security
That’s just a very small part of the puzzle. It’s like checkm8 on iPhones, entering DFU mode. It didn’t break any security by itself
Would have been nice if you went more into detail on how the modchips work as that is kind of newer less known information. But cool that you mention it.
And here I am with two OG Switches with me that were never hacked.
Hack them, I hacked mine and sold it for a profit
@@funtimesylas1 I'm gonna look into it. Just can't find time at the moment after getting a Steam deck.
Still to this day, I can not believe that Team Xecuter leader turned out to be a man named Gary Bowser.
The Switch OLED would be an emulation dream whenever they find an easier way to hack it
I'm surprised there hasn't been an SD card exploit like the Wii, Wii U, DS, etc etc.
I think the biggest problem with the switch has been emulation. We never seen a console getting emulated so quickly and so well. 2 year after release games were already playable, with some even working well, and in 3 most games already working as intended.
It's really crazy, as people are STILL trying to figure out emulating PS4 and XBox 360
@@regis_cIsn’t that because those consoles are close in power to a regular PC?
Nintendo hates piracy but does nothing to better their consoles to fight against it.
I bought an RCM clip online that is way more reliable than a paper clip for $5 and it has worked flawlessly for 3 years. Even when I accidentally updated my switch to 16.0.0, I just redid the process and it still works. The only caveat is your switch has to be an older model also my console got permanently banned from online lol but it's still worth it as I wasn't playing online games anyway.
It's always interesting to watch security related videos. Thanks for this one! 👌
the background music fits really well in all of these types of videos. great video overall well done MVG!
I happened to get one of those RCM vulnerable units, and it’s served me very well with all the homebrew ports and emulation I could ever want in a tablet. Of course, I do have switch games on cartridges because I had this unit before the exploit was disclosed, but thanks to a decently sized MicroSD card I have gone more digital thanks to the eShop and retro community
Gary Bowser was released from prison a few weeks ago. Can't wait for his next release lol
if i had a nickel for every time a nintendo consoles security was bypassed by a small piece of metal , i would have two nickels, which isnt alot but its weird its happened twice
nintendo: ahh yes, our unhackable. wait NOO NOT THE SMALL METAL TOOLS NOOOO
Nintendo doesn’t focus on game preservation is why there’s lots of motivation for hackers to mod their consoles since Nintendo is limiting their ability to play old games legally! My friend was to mod the Switch lite because he wants to add more games like from the GameCube that never got rereleased!
They don't just "not focus" on it, they're actively fighting it...
@@Akab they’re like the Disney of video game companies, they’re trying to hard to protect their IPs and not let people have access to their classic content!
@@Akab have... you never seen nintendos archive? this statement is idiotic if you have. nintendo archives and preserves literally EVERYTHING every single protoype every single asset every single piece of hardware and random ass doodad they prototype
@@jh302 and how do we play them again? how is keeping them in a centralized place a good way to preserve that data? What's your point?
This makes it even worse as they literally keep their games in their basement and do nothing with them.
Please just stop bootlicking your favorite companies for no particular reason, they won't thank you anyways.
@@Akab you assume they are centralized but they have multiple backups of software on tape real they are by the very definition preserved and maintained. preservation does not mean you get to touch them or use them
it means they are preserved
The paperclip in the tumbnail is pretty hilarious :)
The real scare came from hoping you did not ruin your joycon rail with the tinfoil
The 3DS held out for years before it was hacked, for actual 3DS games. What's funny about the switch is how fast a fully blown emulator came out. No new console in sight and yet we've been able to play Switch games on PC for over a year with very few problems AND they look much better! There's no point in even having a switch anymore. Plus the game run insanely fast. I have to lock them in at 60FPS because too many of them play over 200FPS which is way too fast.
Okay, if nintendo name is in a video talking about security and home brew,
This means I will download this video before it gets deleted. 😂😂
My only gripe is how fragile the internals are, even for seasons vets in soldering. It doesn't take much for it to break over time. Hence why Nintendo keeps pushing revisions of the console.
Some white box switches were patched like mine. Mistake you made.
Yeah I'm surprised he didn't mention it. I still remember seeing the serial number checker website where it'd tell you if your switch is hackable
Possibly has been returned to Nintendo at one point for repair
@@bitelaserkhalif My white box patched switch was a brand new one
Looking forward to the inevitable Picofly video in the future
Can't wait to play new Zelda at 4k 120 fps , on emulator day one.
It's literaly possible right now, if you own an 4090.
Funnily enough, I knew a decent amount about the Nvidia Shield K1 tablet, the general model line for the Switch, before the NX was even announced, as it was an option I was considering for a cheap portable gaming alternative as well as a useful tablet I would need for my schooling (since I no longer had a functional laptop I could use what with my craptop's keyboard giving out). The Switch made that idea obsolete, though, and I wound up just borrowing an old laptop to use for a while. It was awful.
YEAH UNPATCHED V1 SWITCHS AND ATMOSPHERE CFW ON TOP!
If memory serves me right, fusee gelee still isn't considered cold boot, since it needs the maintenance mode of the switch.
Cold boot would be something that is more persistent. 3.0.0 should have the option, but it has not been explored in years iirc.
Having a modded Switch is pretty neat, I really like being able to play game mods and unofficial software. As for piracy, just things that aren't being sold anymore or are being sold as an overpriced or inferior version. I don't pirate recent games personally, but I don't condemn doing so (besides indies) because I get it. Many of my fondest memories are of playing games on my Wii through CFG, and an R4 cart on my DSi. My family wasn't struggling financially (I was a bit spoiled if anything) but video games are expensive. So yeah, modding is cool for many reasons.
Tonight I found out my Switch is one of those Lucky 15 million.
Congrats to you 🎉🎉
funny how almost every major security issue on the switch is the fault of nvidia
The news about NX being powered by the Nvidia Tegra X1 was revealed by an insider (I don't remember her name tho...), not by Eurogamer. I remember how disappointed I was. Great video tho.
How I've missed Mistakes Were Made!
I love the into music mate, when I hear it I know shish is about to go down.
Interesting fact: Most people exploit with jigs and paperclips, but apparently it's doable with tinfoil (aluminium foil) which ironically is the name of a piece of homebrew software which allows for the installation of NSP and XCI files.