Hacker News new | past | comments | ask | show | jobs | submit
The hard part of emulating the Switch 2 probably isn't going to be the actual emulation, but breaking the security so that the games and firmware can be extracted and decrypted. Nintendo pretty much nailed their software security with the Switch 1 but were undone by catastrophic hardware bugs, so we'll have to see how well they learned their lesson on the hardware front next time.

Microsoft and Sony have demonstrated that hardware security can be more or less perfected, neither of their systems have been compromised via hardware attacks for several generations now.

The main hardware security bugs[0] were very low hanging fruit associated with taking over the boot chain at ring 0- it's more likely that Nintendo themselves were in a rush to get the product on the market after the perceived failure of the Wii U. Even with a secure software stack, people found a way to defeat the Xbox 360 hardware[1] by physically drilling into a chip that enforced a software lock, and George Hotz became known for his work in finding ECDSA flaws in the PS3. Companies can design these locks to last for a few years of a console's lifespan, but I think people now are determined enough to dive into these difficult problems that they're unlikely to be secured forever.

[0] https://www.gamesindustry.biz/unpatchable-hardware-exploit-l...

[1] https://gbatemp.net/threads/scanned-drilling-template-16d4s-...

There's a reason why you have to go back to the 360 and PS3 for those examples, Sony and Microsoft stepped up their hardware security dramatically after that generation. Neither the PS4, PS5, Xbox One or Xbox Series systems have ever been compromised via hardware attacks, and those earlier ones are over a decade old now.

The Xboxes have held up extremely well on the software front as well, and although the Playstation software isn't so robust (they use FreeBSD and routinely get owned by upstream CVEs) their secure boot has never been broken, which limits how much you can do with a software jailbreak. PS3 jailbreaks had continuity where you could upgrade an exploitable firmware to a non-exploitable one while retaining a backdoor, but the PS4s secure boot put an end to that.

Also a note that the XBox security CPU, Pluton is a requirement for more recent PC hardware architecture designs.

And for Rust fans, its firmware has been rewriten.

{"deleted":true,"id":42067760,"parent":42065217,"time":1730920729,"type":"comment"}
That's not the only reason, Microsoft and Sony did improve their security a lot but their console are also much less juicy targets than in the past as well. The Xbox and the Playstation have way less exclusive games than in the past and the difference with the PC is much smaller nowadays
> it's more likely that Nintendo themselves were in a rush to get the product on the market after the perceived failure of the Wii U

Perceived failure of the Wii U and the total reboot of the Switch project itself: https://mynintendonews.com/2020/12/22/nintendo-leak-shows-sw...

I mean, it is a classic example. If you have access to the hardware and the dedication to do so, you could break almost any security. That's a hilarious example to physically drill into a chip, though
This could be “famous last words”, but as someone who has worked with chip security I’d be very surprised if anyone breaks this generation of hardware at the chip level.

A decade ago the engineers designing these chips knew there were several angles of attack but there just wasn’t enough resources put into closing these holes.

Now every know angle of attack is closed. Even if you delid the chip and reverse engineer every single gate and can probe individual metal wires on the chip, it’ll still be nearly impossible to break the hardware security. Power supply and EM glitching is also protected against (can’t speak for Switch 2 but I’m speaking in general about chips going forward)

Could be bugs and mistakes that allows someone to bypass security, of course. Both in hardware and software. But I don’t think there will be general purpose angles of attack that can be used to bypass security going forward.

> Power supply and EM glitching is also protected against (can’t speak for Switch 2 but I’m speaking in general about chips going forward)

Microsoft talked openly about implementing those safeguards in the Xbox One, and they've held up for a decade or so now.

https://www.youtube.com/watch?v=U7VwtOrwceo

I think it is less that such a thing isn't possible and more that it isn't possible on "guy alone in his basement" resource and expertise constraints. And because of awful laws like DMCA 1201 if you get beyond that, or if your work becomes widely known, you will become Nintendo's new lifetime indentured servant courtesy of Uncle Sam.
Microsoft and Sony have successfully prevented their systems from being jtaged or mod-chipped. Not sure you can prevent dumping the actual game binary on the internet. That has lots of software and hardware attack vectors and only needs to be done once by a professional enthusiast.
The game binaries are encrypted, sure you can image the Blurays and put them online but they won't do anyone much good without access to the keys buried in the firmware, which are also a moving target since they can be rotated via mandatory firmware updates if they get compromised. In the case of the Switch, you also have to contend with the proprietary carts requiring a crypto handshake before they'll let you even read the encrypted game data.
loading story #42065040
MSFT largely did this by building the xbox platform basically on a local hyper-v system that they can control and not have to worry about hardware.
The modern versions of the switch with those catastrophic bugs patched are still hackable though through mod chips. It's too hard for the casual user to install, but it's plenty accessible for a hacker who just wants to dump ROMs and reverse engineer the OS.

Even if the software is absolutely bulletproof, you can hack almost everything by modifying the hardware. Cutting the power of the CPU for a tiny amount of time for example can cause it to glitch in a way that bypasses the security checks. This is accessible enough for at least one person to get in and dump games.

> can be more or less perfected

When it comes to video games. That's not much of a demonstration in the grand scheme of things.