How the Nintendo Switch prevents downgrades by irreparably blowing its own fuses

The reason this "easy workaround" works at all is that there is a BootROM exploit that trivially allows running arbitrary code in the BootROM. This allows us to run our own bootloader instead of Nintendo's, bypassing their fuse burning logic. Had Nvidia not fucked up their USB implementation (along with other part of their platform), this would have been harder to bypass.

[0]: https://www.reddit.com/r/SwitchHacks/comments/7rq0cu/jamais_...

And for those who stayed on the 4.1.0 fuseset (or certain versions below that) there are warmboot exploits available. So those who are able to "normally" boot those firmwares do not need to use AutoRCM (or an RCM-"jig") to access RCM anymore.

Local exploits are popular anyway, trick people into downloading the latest game which just wipes out the operating system https://www.nintendolife.com/news/2018/07/fake_nintendo_swit...

Then they can already brick your device by replacing the firmware.

This is the reason for threat models. Don't waste your time worrying about theoretical but redundant attacks.

If this was widespread, Nintendo would just release a firmware without fuse checks.

A massive recall and a world of hurt for Nintendo and Nvidia

Why is the upside only to Nintendo? If Nintendo can maintain a proper "hack free" device more third parties will be willing to release their games on the Switch - as a consumer my upside is that I get the games.

They sell the machine as a single purpose box that plays games sold by them in their store.

If someone buys it expecting something different that's really on them.

Is this any different from Apple with the iPhone?

The iPhone bothers me much more because it's a general-purpose computer.

On a side note: a product is always a 2 party deal, and needs to be win/win.

For example increasing the price is always anti-consumer, but it might be part of the deal.

So I don't like to look at products from the perspective of 1 party, since it is always a negotiation between 2 parties where both end up with a win.

Justify to whom? I am a consumer and this is irrelevant to me. And Nintendo has always been aggressively fighting emulation/homebrew, so it is nothing new.

I don't think it's quite as cut and dry as that. In some sense, the restrictions _enhance_ THE thing I bought it for - playing a wide range of games. A platform where piracy is trivial is less attractive to some publishers, which may mean they don't release games there, or release later than on other platforms. If the largely theoretical benefits of a more open platform (I'm simply not interested in using the hardware for other purposes, whether I can or not) cause even modest damage to the range of games available, that's not a good trade off for me.

Sony[1] with the PSP claimed that:

> There's a number of titles from American publishers that will be there, but are we getting full-line support? No. I'm not going to bullshit you on that.

> A lot of the stuff that will be announced at E3 we're very excited about, because they are huge titles. And we also believe that there's a way that you will be able to, not stop, but slow down the piracy in the first 30 to 60 days from a tech perspective. [...] That's been the biggest problem, no question about it. It's become a very difficult proposition to be profitable, given the piracy right now.

Of course they're incentivised to portray piracy as damaging to the platform even if it isn't changing publisher decision making to any significant extent, but it's an argument that makes sense, and I find it difficult to believe that it wasn't dampening publisher enthusiasm to at least some extent.

In some ways, I'd like to see a phased path to openness, where say ten years down the line or when official support is dropped, some of the barriers are taken away (most platforms get there anyway due to third party efforts, and as Sony allude to above, _slowing_ piracy can be sufficient), even if only to aid game preservation and avoid games being forever tied to a particular physical hardware platform.

[1] Specifically, Sony Computer Entertainment America's then senior vice president of publisher relations, Rob Dyer - https://www.gamasutra.com/view/feature/133097/the_sony_situa...

The switch is 3 years old and - as the other comments have noted - this technique is much older. Yet, on a website for self-styled hackers, so many are learning about it for the first time. Did people really care that much?

If the device depends on write-once ROM that was written in the factory, is that also anti-consumer?

This is not anti-consumer as consumers don’t care, nor running homebrew or pirated games are supported or advertised features. This is something that target precisely people who doesn’t want to be consumer: those that want to get and play games for free. Now, there is also the very very minor homebrew community, which should buy a devkit instead if running code is their main goal.

As far as i know Nintendo is the only console maker still having region locks and being extremely fussy about transferring your purchases when your hardware dies/is replaced.

I'd call THAT anti consumer.

Correct me if i'm wrong, but that's the impression I got from reading here and there and the reason I don't own Nintendo products.

Fuses are in 32 bit words. There are 8 such words available for ODM usage, giving a total of 256 fuse bits. However, of those only one word is used for the anti-downgrade stuff. So that's just 32 firmware levels.

Maybe that's 256 bits divided into eight chunks of 32?

"Fuses" in this context are just non-volatile memory that cannot be reset. Once a bit is set to 1, it stays there. They're often used for configuration and for things like sealing off programming/readout on microcontrollers.

FUSE_RESERVED_ODM7 is 32 bits wide, hence contains "32 fuses". The system has many fuses, but 256 bits (RESERVED_ODM0-RESERVED_ODM7) are for the device manufacturers to use for their own purpose, which is what Nintendo is doing here.

They are the same concept, yes, but implemented in silicon; this short paper shows how it works with diagrams and a microscope photo. https://people.maths.ox.ac.uk/fowler/papers/2010.6.pdf

> I'm unclear on how these hardware fuses actually work. Are they actual fuses that can be burnt on will by excessive power?

No, they're not like the fuses in your house. These can be blown by software to irrevocably change something which can then be verified later, or in other cases to prevent reprogramming of a microcontroller (which can be programmed only if the programming fuse is still intact.

>Does this mean FUSE_RESERVED_ODM7 actually contains multiple fuses?

No, that's the name of one fuse. Once you upgrade the device next time, the upgrade tool would, for example, blow FUSE_RESERVED_ODM8; older software would verify that this fuse (and the higher-numbered ones) are NOT blown, and refuse to boot otherwise.

The article explicit says that on the very first paragraph.

Also in use in Samsung smartphones: https://en.wikipedia.org/wiki/Samsung_Knox#e-fuse

They are produced by lithography and are on the actual die of the system-on-chip that contains the processor. I believe they're IBM's eFUSE technology on Tegra, but antifuses have been used for similar purposes:

https://www.semanticscholar.org/paper/IBM-System-z9-eFUSE-ap...

From the beginning of the article:

> It’s theoretically possible to physically modify the SoC and replace the fuses, but it’s so prohibitively invasive and expensive that it’s not a real option.

Apathy. The vast majority of consumers won't bother. Also, the Switch's security was actually comparatively solid. It was a flaw in the Tegra X1 (thanks Nvidia!) component that led to an exploit being discovered.

Fuses and OTP are a very common thing to throw in to systems. Most microcontrollers offer capabilities like this, and now they're drifting into more general purpose, larger SOCs. Maybe you use it to keep a serial number, or to separate product families, or for something like this.

Tegra's main purpose of the fuses is to handle holding cryptographic keys, boot parameters, and to disable the debug port. But since they have a fuse unit already, they provide a few words for the end-user to use as they please.

I too am curious what "non-retail" means in this context.

Lots of system-on-chip devices have an array of fuses. Usually there's one for "permanently turn off JTAG" after factory testing, and most of the rest will be user-defined. Other uses include embedding serial numbers and cryptographic keys.

One common use case of the fuses is to prevent attack vectors which downgrade software to a vulnerable version. Using the OTP fuses older versions can be prevented from running to some extend.

1. Most likely - Switch isn't the first console which used fuses like this. Xbox 360 had them as well.

In practice users don't even know what version they're on

I don't think this applies to consoles like the Switch. I don't think the average user ever feels the need to revert to an earlier firmware version, and games don't target particular firmware versions. They tend to just work.

As a user, I feel Nintendo has been pretty good about updates: they don't update a lot, and each updates has user facing features with QOL improvements.

It's not in the same situation as iOS updates that were effectively slowing down the devices or Windows Update that don't seem to the user to bring anything.

How many people running CFW are buying games though?