Hackers Manage To Run Linux On a Nintendo Switch (techcrunch.com) 119
Romain Dillet reports via TechCrunch: Hacker group fail0verflow shared a photo of a Nintendo Switch running Debian, a distribution of Linux. The group claims that Nintendo can't fix the vulnerability with future firmware patches. According to fail0verflow, there's a flaw in the boot ROM in Nvidia's Tegra X1 system-on-a-chip. When your console starts, it reads and executes a piece of code stored in a read-only memory (hence the name ROM). This code contains instructions about the booting process. It means that the boot ROM is stored on the chip when Nvidia manufactures it and it can't be altered in any way after that. Even if Nintendo issues a software update, this software update won't affect the boot ROM. And as the console loads the boot ROM immediately after pressing the power button, there's no way to bypass it. The only way to fix it would be to manufacture new Nvidia Tegra X1 chips. So it's possible that Nintendo asks Nvidia to fix the issue so that new consoles don't have this vulnerability.
Re: Uhhh... (Score:3, Interesting)
I suspect this ROM will be deeply embedded as part of the IC and will be impossible to reprogram; it isnâ(TM)t an eprom itâ(TM)s part of the Silicon.
Re: (Score:2)
Seconding this. From the way things read, it appears to be part of the Tegra chip itself, not a separate chip. However, that doesn't mean it isn't flashable. I'm not sure about this specific implementation, but playing with microcontrollers like ARM or AVR chips, they all have embedded persistent storage banks for code and data on the same die as the processor (and well everything else for that matter, being full SoC)
Re: (Score:2)
Some ROMs are OTP (One Time Programmable), so once you have loaded them they can't be changed.
The question is if the hole can be easily plugged.
Re: (Score:2)
Some ROMs are OTP (One Time Programmable), so once you have loaded them they can't be changed.
That used to be common, but is rare today except in super cheap 8 and 4 bit chips. You can usually erase and rewrite programmatically, or using JTAG.
Re: Uhhh... (Score:4, Informative)
Yes, people now use FLASH memory but place it into read-only mode. It is cheaper when one requires relatively large amounts of memory - as would be required by a ROM. There is probably a way to program the memory if you interrupt the boot sequence before the OS is loaded. One would require a hardware connection - such as JTAG. But from the perspective of the OS, it behaves just like a ROM.
Or perhaps there is a jumper to enable read/write access. I believe the Asus Chrome Box units protected their boot ROM this way. Only instead of a jumper you had to remove a screw.
Re: (Score:2)
It really depends if they actually have the hardware necessary to write the flash memory. It requires a higher than normal voltage, so if the chip wants to have self programming capability then it has to have as high voltage generator.
While this hardware is cheap it's not free, and carries risks. It can accidently erase or corrupt the flash memory. To mitigate that you need brown out protection, but even that isn't perfect so you will see a higher failure rate.
Re: (Score:2)
It really depends if they actually have the hardware necessary to write the flash memory. It requires a higher than normal voltage, so if the chip wants to have self programming capability then it has to have as high voltage generator.
While this hardware is cheap it's not free, and carries risks. It can accidently erase or corrupt the flash memory. To mitigate that you need brown out protection, but even that isn't perfect so you will see a higher failure rate.
All the SOC chips out there already require multiple power rails at various different voltages. Managing all the power rails is a real pain - TI and others make ICs with internal LDOs and DCDC switches to simplify the process. So all SOCs will all have access to the 3.3V / 1.8V rails required to write to FLASH. Without this, they would never be able to support a USB transceiver.
The FLASH memory will not require additional hardware for writing - the controller will include all required components. The
Re: (Score:2)
3.3v isn't enough to write cheap flash memory.
Re: (Score:2)
Little ARM and AVR chips almost always have embedded Flash memory, and high-performance chips like x86 CPUs and mobile phone SoCs almost never do. It has to do with silicon technology. It is not practical to put Flash memory into a cutting edge silicon process for a bunch of technical reasons.
So yes, it's ROM. Mask ROM. Not writable.
Re: (Score:1)
You would have had more credibility if you didn't post with your GOD DAMNED IPHONE
Re: Uhhh... (Score:5, Insightful)
When old-timers talk, ROM means ROM. If we meant EEPROM, we would have said EEPROM.
Now get off the freakin' lawn!
Re: (Score:2)
When old-timers talk, ROM means ROM. If we meant EEPROM, we would have said EEPROM.
Exactly.
Re: (Score:2)
I'm not even old, but been into electronics long enough, that when I read that I thought exactly the same thing(He would have said EE/EPROM had he meant it) If this was not already +5 insightful, I would have added one.
Re: (Score:1)
Sony tried this several years ago with the PS3...and subsequently removed it after the community started to exploit it:
https://en.wikipedia.org/wiki/... [wikipedia.org]
Re: (Score:3)
Unmodifiable early boot rom is very common. The Wii also had it. The Wii also had a bug in it that they fixed in a later hardware version. See http://wiibrew.org/wiki/BootMi... [wiibrew.org]
The reason for it not being EEPROM is simple. They don't want anyone to modify it, as it's the start of the secure boot process. Allowing modifications on it would defeat the goal of this ROM.
Re: (Score:2)
Did the person writing this not know that ROMs can be reprogrammed such as an EEPROM?
Did the person writing this not know that not all ROMs are EEPROMs? And that even if they are, if they are not exposed as such to the operating system then the operating system will not be able to reprogram them?
Re: (Score:3)
But just because something is a ROM does not by itself mean it canâ(TM)t be changed.
If it's actually a ROM, that's exactly what it means. And even if it's a flash ROM that there's no way to write without attaching external hardware, then from the standpoint of a user who doesn't want Nintendo to patch away the vulnerability, it might as well be a mask ROM.
Re: (Score:2)
Guess my perspective is different (Score:5, Insightful)
Anything I can re-purpose by loading Linux on it is a plus in my world
Just my 2 cents
Re:Guess my perspective is different (Score:5, Interesting)
And is this a vulnerability to the Nintendo software and games? To me it looks like it's just a re-purposing of the hardware.
Re:Guess my perspective is different (Score:4, Informative)
It could also be used to implement a custom bootloader stage that loads the next stage of Nintendo's OS, but ignore a bad signature so that it could have been modified to allow running pirated games. This is every bit as serious as the "sighax" one on 3DS -- a similar unpatchable vuln in the bootrom burned into the CPU -- except that sighax was discovered late in the product cycle.
You can run Linux on it, because of vulnerability (Score:2, Interesting)
This is not something to celebrate.
In the old days, when people said "Hackers got Linux running on a toaster", it meant that some clever people spent some time figuring out how to write hardware-specific Linux components for the toaster; it meant that Linux was improving, and growing.
Today, when people say it, they mean that some shady group of people used some shady techniques to exploit a bug in the toaster, and if you want to do the same on your toaster, then you'll probably have to download from some sh
Re: (Score:2)
Yes, because when I put Linux on a PS4 I certainly didn't spend several months figuring out how to write hardware-specific Linux components for the PS4.
Oh, wait, I did. I also happened to reverse engineer the Radeon GPU microcode instruction set. So now every AMD Radeon user can benefit from being able to understand what their GPU firmware is doing, which they couldn't in the past. [youtube.com]
But hey, I guess GitHub [slashdot.org] is some shady website that serves shady black box binaries, and implementing kexec as a hot-patchable mo
Re: (Score:2)
Jesus, how did I manage to fuck up the links so badly. Link [youtube.com], link [github.com], link [github.com]. And some bonus [github.com] stuff [github.com].
How dare people control the computers they own! (Score:4, Insightful)
What you point out is a part of a larger and more significant problem that gets into another /. thread—"What is missing in tech today? [slashdot.org]". What's missing is an appreciation that computer owners ought to be able to use their computers in the way they wish, fully owning and controlling their own computers. What's present is a focus on relatively minor issues like what gadgets people might find slightly more convenient to use (but apparently not to own).
Since people want this (the phrase "jailbreaking" is a testament to this; we wouldn't need this term if people enjoyed having their devices "jailed") the corporate proprietor-friendly media (and repeater sites) remind us when covering a story like this in multiple ways: from eschewing any reminder of the freedom to run, inspect, share, and modify published computer software like calling the installed OS "Linux [gnu.org]" even when Debian calls their system GNU/Linux and the proper name is on the screenshot [twimg.com] (just above the "fail0verflow" textual graphic), to using propagandistic language. There's also suggestion that the code is to be seen as "potential[ly] weak" instead of a means of allowing owners to control their own computers, and blaming fail0verflow should they choose to publish the means by which they installed Debian GNU/Linux on the Nintendo Switch for enabling "homebrew apps and (of course) software piracy [gnu.org]". Ridiculous unchallenged and undefended anti-user views throughout which is par for the course in corporate media.
Drivers, or putting the cart before the GNU (Score:2)
from eschewing any reminder of the freedom to run, inspect, share, and modify published computer software like calling the installed OS "Linux" even when Debian calls their system GNU/Linux and the proper name is on the screenshot
I too write the term "GNU/Linux" in part because it's a convenient way to say I don't mean Android. But this particular point isn't quite the strongest in your argument because practically, until enough drivers are ported to let the user interact meaningfully with the GNU operating environment, it's still "Linux".
Re: (Score:2)
Not only that, 0% of the effort has to do with the GNU part. The article title is accurate in using the term Linux. You get the kernel to run, then you grab a binary userspace from your favorite distro. Linux is what matters. The rest follows automatically because it is barely hardware specific if at all.
You only port GNU/Linux once to any given architecture. After that, all devices using the same architecture only require porting Linux to them.
Re: (Score:2)
Not a vulnerability (Score:4, Insightful)
You have to physically put something on the device to make it work in this way. Being in control of a device you physically control isn't a vulnerability, it's a feature. Being in control of a device because something something network internet packet is a vulnerability.
Congratulations! (Score:1)
You used "Hacker" in the correct context!
If you have to explain (Score:1)
That Debian is a Linux distro and what a ROM is, perhaps this isn't an article meant for slashdot.
Re: (Score:2)
What is this? An article for ANTS?!
Re: (Score:2)
What is this? An article for ANTS?!
MakeArcherReferenceAboutThis.jpg
Re: (Score:2)
ThisWasAZoolanderReference.jpeg
They managed? (Score:2)
The most common connotation in my half century of speaking English is that they somehow _barely_ did it. At the last minute, with duct tape and baling wire. And who knows, they might not be able to do it again.
Whereas if they "got Linux running on it", then just say it plainly: they got Linux running.
I mean WTF, this is like saying someone's "sorta pregnant." No, they're either pregnant or they're not. There is no half pregnant. There is no "managed to run it.". It's running. Case closed. End of Discussion
Could mean kernel runs but drivers don't (Score:2)
There is no half pregnant.
Depending on context, more precise terms could be any of the following:
There is no "managed to run it.". It's running.
"Barely running Linux" is likely to mean running without driver support for the hardware features that an end user
Re: (Score:2)
There is no half pregnant.
Depending on context, more precise terms could be any of the following:
No, no, no. "Pregnant" is an absolute term, like "dead" or "unique" or "zero". There's no "half pregnant", or "almost unique" or "half zero".
(Yes, people use the term "half dead", and it indicates imprecise thought. People also say shit like "really unique", and that's also ignorance at play.)
Download roms? (Score:2)
Re: (Score:2)
Technically, you can already download the ROMs, if you know where to look (some games technically come on NAND chips though). The Wii, Wii U and 3ds all had homebrew apps that let you download from a list of other homebrew apps. AFAIK noone bothered making an app that would download pirated stuff, since wherever it links to would be shut down right away.
Sure, it runs it much slower than the PS4 or Xbox (Score:1)
But it's got Mario!
Re: (Score:2)
It's a portable gaming system pretending it is also a tv console to pretend nintendo didn't dropped the tv console market.
But on the other hand, it does have the smallest gap to the consoles a nintendo portable ever did.
Re: (Score:2)
This is true. It's basically Nintendo's backdoor way to exit the console market while saving face.
Re: (Score:2)
It seems to me that Switch owners either use it predominantly as a handheld or as a portable, few actually 'switch' it up that much. Some people hate tiny screens, others hate cramped controls, others hate sitting in one spot or gaming at home. An unusually powerful handheld that gets all of Nintendo's AAA games means I only have to buy 1 Nintendo device each generation, instead of two, to get all the stuff I want.
Re:Sure, it runs it much slower than the PS4 or Xb (Score:4, Informative)
To be honest, I've enjoyed the vast, vast majority of my gaming life on systems that would be considered so laughably slow and obsolete now that people wouldn't take them off your hands for free.
It didn't once affect my enjoyment of the games, my enjoyment of replaying the games, or the nostalgia of going back to those same games 30 years later (whether on original hardware or via emulation).
If you think that anyone who plays games care about how many MHz or how many CUDA cores or how much texture RAM a certain device has, you're sadly in the minority. I gamed through the home computer rivalries, the 8-bit and 16-bit rivalries, PC vs console, online vs local LAN, etc. and not once did I ever care about having what was technically best, compared to what played the games I most enjoyed.
Nintendo are pretty much the only modern console company that get this. All their effort goes into the game design and new, fun twists, rather than what texture fill rate they can achieve.
Even in my "PC gamer" years on my twitch-shooters, I still didn't really care about those people who bought the top-line gear, overclocked everything, etc. just to get a few more FPS or a lower ping. It was the game that mattered.
Same as car-nuts. I'm sure your car does 0-60 in some unfathomably trivial fraction of a second faster than mine. But that's not why I bought the car. Don't put your use case onto me, or entire markets of billions of people who "just want to play a game with the kids".
Hackers Manage to Run Linux on. . . (Score:3)
Hackers Manage to Run Linux on X is probably to most common beginning to a /. headline. As long as new devices are manufactured, nerds will make them run Linux. Imagine if all these countless man hours were spent making Linux work on PCs.
Re: (Score:3)
X runs on Linux, not the other way around.
Re: (Score:2)
So, you didn't bother explaining what "LCS" meant in the article a few days ago, but you thought you had to tell us what DEBIAN was? FFS slashdot, WHO THE FUCK IS YOUR AUDIENCE?
Debian/Ubuntu, et al fanbois, it seems are the audience they are looking for.
Re: (Score:2)
But... (Score:2)
Can it run Linux?
DOOM? (Score:3)
But can it play DOOM?
Re: (Score:2)
But can it run Crysis?
Re: (Score:3)
Yes, yes it can [amazon.co.uk].
why not make it flash rom? (Score:2)
why not make it flash rom?
Re: (Score:2)
FTDI chip ? UART bootloader hack ? (Score:2)
Re: (Score:2)
If true, it may be possible to just get a "mod controller" box that just replaces one of the controllers for a one-off exploit.
I suppose it's possible that the nVidia chip involved has an exploit which is somehow possible to activate via a shared bus that happens to include the serial comms of the controllers. It would seem a bit silly, in design terms, but I suppose it's feasible.
To be honest, I never get why console manufacturers go to such lengths anyway. Go the Android route - if your phone is rooted,
Re: (Score:2)
To be honest, I never get why console manufacturers go to such lengths anyway.
Nintendo picks up a licensing fee for every official game sold on the console, so they are highly motivated to keep you purchasing licensed titles.
Re: (Score:2)
Nothing on me (Score:2)
Highly detailed technical analysis .. (Score:2)
It's highly detailed technical analysis like the above that I come here for.
--
sig: I'll bet you're the kind of guy that hangs round Reddit fapping off over pictures of furries and yellow-scaled wingless dragonkin
Dual boot Android (Score:2)
Call me when they have a dual boot ready for Android, or more specifically, using the Switch as a full nVidia Shield TV.
I mean, I'm getting one anyways, but that would certainly double the value in my page. xD
how usable (Score:2)
how usable will this turn out the be?
the nvidia tegra soc has horrible linux kernel support.
it even made Linus flip the finger at nvidia.
financial implications for Nintendo. (Score:2)
> It could have some financial implications for Nintendo.
Yeah they might sell more switches since they've now just become useful.
Re: (Score:2)
Long as the wallet is fat.
Re: (Score:2)
The only bulge in my pants the ladies seem to care about.