WIP UEFI EDK2 Implementation for Nintendo Switch

CVE-2018-6242: ShofEL2 and Fusée Gelée

April 26, 2018 ~ hucktech ~ 1 Comment

Re: https://firmwaresecurity.com/2018/04/24/shofel2-a-tegra-x1-and-nintendo-switch-exploit/

Note the CVE creation date, in case anyone doubted our disclosure timeline. And don't even *think* about trying to give the bug itself a cutesy name. We have enough of those already 😉

— fail0verflow (@fail0verflow) April 25, 2018

The Tegra X1 flaw that both ShofEL2 and Fusée Gelée exploit now has a name: CVE-2018-6242. https://t.co/4VAd7TUxhd https://t.co/KWUKQPjrxQ

— fail0verflow (@fail0verflow) April 25, 2018

https://www.nvidia.com/en-us/product-security/

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6242

ShofEL2 responsible disclosure window ends April 25th

April 23, 2018 ~ hucktech ~ 1 Comment

Re: https://firmwaresecurity.com/2018/02/19/nintendos-new-kde-linux-tablet/ and https://firmwaresecurity.com/2018/01/16/dumping-the-playstation4-kernel/

Introducing our new, revolutionary technology for Nintendo Switch modification. Welcome to SwitchX PRO. Coming soon. pic.twitter.com/d3xGawrW1u

— fail0verflow (@fail0verflow) April 23, 2018

And for those who don't want to wait or want a more cost-effective solution, we're also introducing a lite version of SwitchX. Available at your local hardware store TODAY. pic.twitter.com/BlPMmqLGlw

— fail0verflow (@fail0verflow) April 23, 2018

Jokes aside, we have a 90-day responsible disclosure window for ShofEL2 ending on April 25th. Since another person published the bug so close to our declared deadline, we're going to wait things out. Stay tuned.

— fail0verflow (@fail0verflow) April 23, 2018

Nintendo’s new KDE Linux tablet :-)

February 19, 2018 ~ hucktech ~ 1 Comment

Re: https://firmwaresecurity.com/2018/01/16/dumping-the-playstation4-kernel/

https://twitter.com/fail0verflow/status/964954316892119040

🐧🐧🐧🐧 #switch pic.twitter.com/4iTjTk9D59

— fail0verflow (@fail0verflow) February 6, 2018

https://liliputing.com/2018/02/fail0verflow-turns-a-nintendo-switch-into-a-full-fledged-linux-pc.html

https://www.theverge.com/circuitbreaker/2018/2/19/17029916/nintendo-switch-hack-linux-fail0verflow

https://www.forbes.com/sites/jasonevangelho/2018/02/09/hackers-are-running-linux-on-the-switch-and-claim-nintendo-cant-patch-it/#73bc32eb512c

https://www.nintendo.com/switch/

I have never once considered purchasing a Nintendo Switch …until now. 🙂

Nintendo 3DS Secure Bootchain attack

April 5, 2017 ~ hucktech ~ Leave a comment

I'm not really in Secure Hardware, but using an ECB shuffling attack in the Nintendo 3DS exploit chain is _so_ cool https://t.co/SRJiFQIp4Q

— Nicolas Grégoire (@Agarri_FR) April 3, 2017

Keyshuffling Attack for Persistent Early Code Execution in the Nintendo 3DS Secure Bootchain
We demonstrate an attack on the secure bootchain of the Nintendo 3DS in order to gain early code execution. The attack utilizes the block shuffling vulnerability of the ECB cipher mode to rearrange keys in the Nintendo 3DS’s encrypted keystore. Because the shuffled keys will deterministically decrypt the encrypted firmware binary to incorrect plaintext data and execute it, and because the device’s memory contents are kept between hard reboots, it is possible to reliably reach a branching instruction to a payload in memory. This payload, due to its execution by a privileged processor and its early execution, is able to extract the hash of hardware secrets necessary to decrypt the device’s encrypted keystore and set up a persistent exploit of the system.[…]

https://github.com/Plailect/keyshuffling

Tag: Nintendo

NintendoSwitchPkg: WIP UEFI EDK2 Implementation for Nintendo Switch

CVE-2018-6242: ShofEL2 and Fusée Gelée

ShofEL2 responsible disclosure window ends April 25th

Nintendo’s new KDE Linux tablet :-)

Nintendo 3DS Secure Bootchain attack