Hacker News new | past | comments | ask | show | jobs | submit
kregasaurusrex | on: Switch 2 will be backwards compatible with Switch
The main hardware security bugs[0] were very low hanging fruit associated with taking over the boot chain at ring 0- it's more likely that Nintendo themselves were in a rush to get the product on the market after the perceived failure of the Wii U. Even with a secure software stack, people found a way to defeat the Xbox 360 hardware[1] by physically drilling into a chip that enforced a software lock, and George Hotz became known for his work in finding ECDSA flaws in the PS3. Companies can design these locks to last for a few years of a console's lifespan, but I think people now are determined enough to dive into these difficult problems that they're unlikely to be secured forever.

[0] https://www.gamesindustry.biz/unpatchable-hardware-exploit-l...

[1] https://gbatemp.net/threads/scanned-drilling-template-16d4s-...

jsheard | parent | next
There's a reason why you have to go back to the 360 and PS3 for those examples, Sony and Microsoft stepped up their hardware security dramatically after that generation. Neither the PS4, PS5, Xbox One or Xbox Series systems have ever been compromised via hardware attacks, and those earlier ones are over a decade old now.

The Xboxes have held up extremely well on the software front as well, and although the Playstation software isn't so robust (they use FreeBSD and routinely get owned by upstream CVEs) their secure boot has never been broken, which limits how much you can do with a software jailbreak. PS3 jailbreaks had continuity where you could upgrade an exploitable firmware to a non-exploitable one while retaining a backdoor, but the PS4s secure boot put an end to that.

loading story #42067727
loading story #42067760
loading story #42068847
Lammy | parent | next
> it's more likely that Nintendo themselves were in a rush to get the product on the market after the perceived failure of the Wii U

Perceived failure of the Wii U and the total reboot of the Switch project itself: https://mynintendonews.com/2020/12/22/nintendo-leak-shows-sw...

blharr | parent
I mean, it is a classic example. If you have access to the hardware and the dedication to do so, you could break almost any security. That's a hilarious example to physically drill into a chip, though
audunw | root | parent
This could be “famous last words”, but as someone who has worked with chip security I’d be very surprised if anyone breaks this generation of hardware at the chip level.

A decade ago the engineers designing these chips knew there were several angles of attack but there just wasn’t enough resources put into closing these holes.

Now every know angle of attack is closed. Even if you delid the chip and reverse engineer every single gate and can probe individual metal wires on the chip, it’ll still be nearly impossible to break the hardware security. Power supply and EM glitching is also protected against (can’t speak for Switch 2 but I’m speaking in general about chips going forward)

Could be bugs and mistakes that allows someone to bypass security, of course. Both in hardware and software. But I don’t think there will be general purpose angles of attack that can be used to bypass security going forward.

jsheard | root | parent | next
> Power supply and EM glitching is also protected against (can’t speak for Switch 2 but I’m speaking in general about chips going forward)

Microsoft talked openly about implementing those safeguards in the Xbox One, and they've held up for a decade or so now.

https://www.youtube.com/watch?v=U7VwtOrwceo

ls612 | root | parent
I think it is less that such a thing isn't possible and more that it isn't possible on "guy alone in his basement" resource and expertise constraints. And because of awful laws like DMCA 1201 if you get beyond that, or if your work becomes widely known, you will become Nintendo's new lifetime indentured servant courtesy of Uncle Sam.