Methodically Defeating Nintendo Switch Security
We explain, step by step, how we strategically circumvented the Nintendo Switch's system security, from basic userland code execution, to undermining and exposing the secrets of the security co-processor. To this end, we've identified and utilized two distinct analysis procedures. The soft...
Saved in:
| Main Authors: | , , , , |
|---|---|
| Format: | Journal Article |
| Language: | English |
| Published: |
18-05-2019
|
| Subjects: | |
| Online Access: | Get full text |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | We explain, step by step, how we strategically circumvented the Nintendo
Switch's system security, from basic userland code execution, to undermining
and exposing the secrets of the security co-processor. To this end, we've
identified and utilized two distinct analysis procedures. The software-based
analysis suffices for reverse-engineering the userland and operating system
services, and is necessary for a general architectural understanding of the
software systems in the Nintendo Switch. While this method is extremely
powerful and provides significant leverage over the control of the system and
its software security, a hardware-based method was devised, which employs
analysis of the trusted bootstrap code in ROM. This strategy was essential for
the goal of defeating the hardware root of trust. Together, these two vectors
provide essential insight required to instance a chain of attacks, in order to
gain ROP code execution from the context of a high-security mode of a secure
co-processor of a running system, thus allowing us to demonstrate a
multi-faceted approach on attacking secure, embedded devices in an unfamiliar
and novel environment. |
|---|---|
| DOI: | 10.48550/arxiv.1905.07643 |