hit tracker

RUMOR or FAKE? - Nintendo Switch Flashcard Announced

Discussion in 'Underground Nintendo Scene' started by GaryOPA, Jan 15, 2018.

By GaryOPA on Jan 15, 2018 at 2:07 PM
  1. 25,669
    2,245
    113
    GaryOPA

    GaryOPA Master Phoenix Admin Staff Member Top-Dog Brass

    Joined:
    Mar 18, 2006
    Media:
    1,476
    Occupation:
    Design Eng.
    Location:
    Tropical Island
    Home Page:
    http://www.O-P-A.biz
    Just a clever 3D Printed Fake? - (OR) - Is the NXFC really coming soon in Summer 2018!
    [​IMG]

    There has been lots of Nintendo Switch Scene News recently, first with the 34c3 Conference, then with Team-Xecuter video, then later on Team Fail0verflow Coldboot Exploit Demo, and now recently @NicoAICP whom developed the 'XCI Reader' app has announced on his Twitch channel that an actual Nintendo Switch Flashcard is currently in development with a planned release in Summer 2018, but all was shown was clearly an 3D Printed Case, with discussion that PCBoard is still in development design stage and it will be sold both as DIY Kit and also fully-assembled, but you can only flash one actual Switch game at a time onto the device.
    Of course, this news has opened a whole drama and debate over piracy, etc. and also from developers discussing that its impossible to do a flashcard on the Switch due to various currently unknown challenge-response crypto that the Switch cartridge itself does more than just the needed signed certs which are not currently available from the various Switch game cartridges dumps that BigBlueBox and other scene warez groups have released on the 'net so far.

    NXFC-1.jpg NXFC-2.jpg

    NXFC-3.jpg

    NEWS SOURCE #1: Switch flashcard announcement in 20 mins (via) GBATemp
    NEWS SOURCE #2: Hedgeberg Confirmed that switch Flashcard are Fake (via) GBATemp
     
    Last edited: May 23, 2018

Comments

Discussion in 'Underground Nintendo Scene' started by GaryOPA, Jan 15, 2018.

    1. 58
      5
      8
      ThugStyle

      ThugStyle Loyal Member

      Joined:
      Sep 27, 2005
      Once you know Nico is only 14 years old I think you can figure out how real this is.
       
      GaryOPA likes this.
    2. 363
      28
      28
      DW360

      DW360 Loyal Member

      Joined:
      Oct 31, 2010
      I would also call fake on this, all that seems legit is that someone has been let loose with the college 3D printer and thought it would be cool to make a couple cart cases.

      Now i know if they make it sound like Gateway in its early days, one game at a time then n00bs might buy into this, but I think if there were to be a flashcard it would have at least an SD slot to store roms, unless this person (failed to mention) comes with a read/writer
       
    3. 18
      1
      3
      xs4all

      xs4all Loyal Member

      Joined:
      Nov 1, 2005
      Location:
      Land from the Wizard of Oz
      All is good, but the main question remains, will it taste good?
       
    4. 48
      4
      8
      Soluble

      Soluble Loyal Member

      Joined:
      Feb 18, 2017
      Quote from Hedgeberg:
      Take this all with a grain of salt because I'm tired af and also likely missing several key pieces of the puzzle since my focus on the switch has been fault injection in order to take over the early bootchain.

      Basically here's the deal: we (meaning reswitched + switchbrew + hexkyz and other individuals) haven't fully reversed the gamecart interface due to the fact that we haven't been that interested. There's no major use case for us to review that, so everything is cursory. That being said, what we do know, simply put:
      • Switch carts contain an mcu, as does a custom asic (application-specific integrated circuit) on the switch, which is responsible for securing the communications bus.
      • During cart init, both MCUs exchange randomized data which, when used in conjunction with stored secrets, creates a communication chain that is completely opaque to us.
      • In addition, switch verifies that the gamecart contains said shared secret using the "challenge-response" we've talked so much about.
      • The asic on the switch side seems to be flashed once during boot, and it is unknown if it is reflashable, but it seems unlikely. In addition, shared secrets seem to be burnt in to the asic, meaning there's never a way to change them to something we control.
      • The switch also verifies that the asic is valid using a separate challenge-response round iirc, meaning every point on that chain is secure.
      Basically, to beat this, you either need the gamecart's secrets or you need a kernel hack. Kernel hack is more likely, and then at that point you already have a kernel hack, you can patch out signature checks.

      Take all of this however you want. I'm just some girl none of you know poking away at this for fun reciting what I loosely remember after cursory examinations, but in terms of peripheral security Nintendo did all the right things to ensure as well as possible that gamecarts can be verified and trusted.

      Tl;Dr it's possible but not without huge budget or a kernel exploit, neither of which the developers who claimed to be working on this have. Hence the tweet.

      End of quote.

      So for a couple of guys(kids?), claiming to have done all this... It does seem unlikely. Oh, and they showed no evidence... Chasing twitch viewers perhaps?
       
    5. 25,669
      2,245
      113
      GaryOPA

      GaryOPA Master Phoenix Admin Staff Member Top-Dog Brass

      Joined:
      Mar 18, 2006
      Media:
      1,476
      Occupation:
      Design Eng.
      Location:
      Tropical Island
      Home Page:
      http://www.O-P-A.biz
      @Soluble - Yeah I mentioned that part above as 'News Source #2' but not the full quote.

      But he is bit wrong also, there is infact TWO types of Switch game cartridges, the cheap design used by 1-2 Switch and third-party companies like for Retail DOOM port, is infact just a normal nand flash soldered to pcboard with simple cert. check, nothing else.

      But the more costly ones like for Zelda and the upcoming 64gb and 128gb Switch game cartridge boards are infact a MXIC masked rom with security co-processor and attached to it in the same silicon die the large nor flash, or incase of 128gb direct rom only.

      All models have been decapped a while ago privately, but how TX is doing their hardmod, it will make the use of Switch flashcard not needed, besides even a non-modded Switch these days is basically using the MicroSD slot, alot of retail games sold like Doom are just loader, the rest gets downloaded from 'net for actual gameplay.
       
    6. 48
      4
      8
      Soluble

      Soluble Loyal Member

      Joined:
      Feb 18, 2017
      I guess we will have to wait and see what come of everything! f0f, reswitched, switchbru, TX, am I missing any one? It's already probably the most exciting 12 months for modding in a consoles history(with the exception of DVD FW flashing on the 360 which was damn quick given the previous work on the XBorig)
       

Share This Page