0 00:00:00,000 --> 00:00:30,000 Dear viewer, these subtitles were generated by a machine via the service Trint and therefore are (very) buggy. If you are capable, please help us to create good quality subtitles: https://c3subtitles.de/talk/836 Thanks! 1 00:00:15,110 --> 00:00:17,329 For as long as Nintendo has been making 2 00:00:17,330 --> 00:00:19,189 video games, they've been building in 3 00:00:19,190 --> 00:00:21,739 copy protection and region locking, 4 00:00:21,740 --> 00:00:23,209 and as long as there's been copy 5 00:00:23,210 --> 00:00:25,039 protection, there have been people 6 00:00:25,040 --> 00:00:26,209 breaking it. 7 00:00:26,210 --> 00:00:28,279 Today, Pluto, Derek 8 00:00:28,280 --> 00:00:30,619 and Nevitt return to enlighten 9 00:00:30,620 --> 00:00:32,839 us on the state of the Nintendo switch. 10 00:00:32,840 --> 00:00:34,220 Give them a round of applause. 11 00:00:45,190 --> 00:00:46,419 Hi, guys. 12 00:00:46,420 --> 00:00:47,420 Oh. 13 00:00:50,440 --> 00:00:51,669 Is it working? 14 00:00:51,670 --> 00:00:52,809 Oh, yeah. 15 00:00:52,810 --> 00:00:53,810 OK. 16 00:00:54,460 --> 00:00:56,919 Hey, I'm up to though this is 17 00:00:56,920 --> 00:00:59,679 dark and and 18 00:00:59,680 --> 00:01:01,420 yeah, first off, 19 00:01:02,530 --> 00:01:04,689 we try to be ethical 20 00:01:04,690 --> 00:01:06,759 hackers, so we don't 21 00:01:06,760 --> 00:01:08,919 really condone piracy and we really 22 00:01:08,920 --> 00:01:10,569 just want to do creative things with 23 00:01:10,570 --> 00:01:11,599 hardware that we own. 24 00:01:11,600 --> 00:01:12,999 So, um. 25 00:01:13,000 --> 00:01:14,140 Yeah. And 26 00:01:15,850 --> 00:01:17,979 so the Nintendo switch was released about 27 00:01:17,980 --> 00:01:20,079 nine months, months ago and we 28 00:01:20,080 --> 00:01:21,969 didn't play around with it since. 29 00:01:21,970 --> 00:01:23,010 It, uh, 30 00:01:24,100 --> 00:01:26,169 it's it's been real successful, like it's 31 00:01:26,170 --> 00:01:27,069 on a lot of units. 32 00:01:27,070 --> 00:01:29,439 And so 33 00:01:29,440 --> 00:01:31,539 we want to hack it. Right. So 34 00:01:31,540 --> 00:01:33,549 the usual entry points that you do is you 35 00:01:33,550 --> 00:01:36,069 go by the Web browser and 36 00:01:36,070 --> 00:01:37,659 the switch has a Web browser, but it 37 00:01:37,660 --> 00:01:38,989 doesn't have a generic Web browser. 38 00:01:38,990 --> 00:01:41,439 So we found a way 39 00:01:41,440 --> 00:01:43,599 to launch the browser, but it's not 40 00:01:43,600 --> 00:01:44,919 actually intended to be launched this 41 00:01:44,920 --> 00:01:47,469 way. So there's this Tetris 42 00:01:47,470 --> 00:01:50,409 game that you can buy 43 00:01:50,410 --> 00:01:51,410 and. 44 00:02:12,690 --> 00:02:13,889 It will take some time. 45 00:02:13,890 --> 00:02:15,989 So you go into the main menu, 46 00:02:15,990 --> 00:02:18,209 you press that right to your bottom on 47 00:02:18,210 --> 00:02:20,279 your right, joka and 48 00:02:20,280 --> 00:02:22,379 it launches the game manual and 49 00:02:22,380 --> 00:02:24,809 then you go to the menu and you go 50 00:02:24,810 --> 00:02:26,159 all the way down to the bottom. 51 00:02:27,480 --> 00:02:29,759 And then they included a link 52 00:02:29,760 --> 00:02:30,760 to their website. 53 00:02:52,210 --> 00:02:54,609 Take some time spraying the heat, 54 00:02:54,610 --> 00:02:55,610 so. 55 00:03:07,920 --> 00:03:10,099 Oh, boy, I hope I didn't break it. 56 00:03:25,050 --> 00:03:26,050 I'm sorry I broke it. 57 00:03:30,840 --> 00:03:31,999 OK, so one more time. 58 00:03:35,620 --> 00:03:37,809 This was actually the export 59 00:03:37,810 --> 00:03:40,149 that we use, it's really old one, 60 00:03:40,150 --> 00:03:41,889 like it was six months old at the time 61 00:03:41,890 --> 00:03:44,109 that the switch was released and 62 00:03:44,110 --> 00:03:45,639 we didn't even have to find our own. 63 00:03:45,640 --> 00:03:47,589 We could just take a public one. 64 00:03:47,590 --> 00:03:49,959 And, uh, yeah, 65 00:03:49,960 --> 00:03:50,960 you start. 66 00:04:05,380 --> 00:04:07,059 It's pretty painful doing this over and 67 00:04:07,060 --> 00:04:08,739 over, but I've gotten used to it like 68 00:04:08,740 --> 00:04:10,659 I've done this a thousand times. 69 00:05:03,170 --> 00:05:04,170 It's the wi fi. 70 00:05:09,170 --> 00:05:10,940 Yeah, I don't have I'm sorry. 71 00:05:26,400 --> 00:05:28,139 This was not the way we intended it to 72 00:05:28,140 --> 00:05:30,299 be, but maybe 73 00:05:30,300 --> 00:05:31,409 we can try it later. 74 00:05:31,410 --> 00:05:32,410 I'm so sorry. 75 00:05:45,190 --> 00:05:47,269 If you can go into the menu 76 00:05:47,270 --> 00:05:48,270 later. 77 00:06:17,060 --> 00:06:19,149 OK, OK, so we're 78 00:06:19,150 --> 00:06:20,319 talking about security. 79 00:06:20,320 --> 00:06:21,519 We'll get to them working for later. 80 00:06:21,520 --> 00:06:24,159 So, um, uh, OK, 81 00:06:24,160 --> 00:06:25,160 so, 82 00:06:26,380 --> 00:06:28,699 uh, the switch is actually quite 83 00:06:28,700 --> 00:06:30,279 powerful unit. It's a hybrid, 84 00:06:32,050 --> 00:06:34,239 handheld and stationary console. 85 00:06:34,240 --> 00:06:36,399 So it has a quad core 86 00:06:36,400 --> 00:06:37,719 that's connected the one gigahertz. 87 00:06:37,720 --> 00:06:40,149 It's an F seven arm 88 00:06:40,150 --> 00:06:42,429 and it has an individual GPU Maxwell 89 00:06:42,430 --> 00:06:43,419 architecture. 90 00:06:43,420 --> 00:06:45,909 It's clocked on either 300 for 84 91 00:06:45,910 --> 00:06:48,549 or double that if 92 00:06:48,550 --> 00:06:50,739 depending on if you're docked to a 93 00:06:50,740 --> 00:06:51,729 power supply or not. 94 00:06:51,730 --> 00:06:53,529 So if you're running a battery, they want 95 00:06:53,530 --> 00:06:55,539 to reduce the power consumption. 96 00:06:56,830 --> 00:06:58,509 It has plenty of memory, like four 97 00:06:58,510 --> 00:06:59,510 gigabytes of DRAM. 98 00:07:01,090 --> 00:07:03,219 And then there's the selling point 99 00:07:03,220 --> 00:07:05,289 pretty much to jerricans and 100 00:07:05,290 --> 00:07:06,669 those are detachable. 101 00:07:06,670 --> 00:07:08,349 So you can either play yourself or you 102 00:07:08,350 --> 00:07:10,029 can share one of your accounts with a 103 00:07:10,030 --> 00:07:11,739 friend and you can play two players. 104 00:07:12,820 --> 00:07:14,499 They have all the nice sensors, 105 00:07:14,500 --> 00:07:17,589 accelerometer, gyro, NCAR, 106 00:07:17,590 --> 00:07:19,209 and they have this feature called H.I.G. 107 00:07:19,210 --> 00:07:21,300 Rumbo. But it's just a vibrator 108 00:07:23,380 --> 00:07:25,089 and these ones don't have any security at 109 00:07:25,090 --> 00:07:27,489 all. So you can just unscrew them. 110 00:07:27,490 --> 00:07:29,529 Look at that part. No Google, Dipak, no. 111 00:07:29,530 --> 00:07:31,659 Get all the data sheets and dump the 112 00:07:31,660 --> 00:07:33,100 flash. It's all plaintext. 113 00:07:35,380 --> 00:07:36,969 But when you open the main unit, this is 114 00:07:36,970 --> 00:07:39,109 what you see, you have the two 115 00:07:39,110 --> 00:07:41,709 drums, it's in the orange section, 116 00:07:41,710 --> 00:07:43,239 and then you have the main CPU, which is 117 00:07:43,240 --> 00:07:45,579 in red, and then the rest is just 118 00:07:45,580 --> 00:07:48,009 the power management wi fi, 119 00:07:48,010 --> 00:07:49,359 boring stuff. 120 00:07:49,360 --> 00:07:50,479 So. 121 00:07:50,480 --> 00:07:52,479 Oh, yeah. And the Flash, they actually 122 00:07:52,480 --> 00:07:54,969 made a separate board for the Flash 123 00:07:54,970 --> 00:07:57,009 so we can easily just unplug it and dump 124 00:07:57,010 --> 00:07:58,449 it and stuff. 125 00:07:58,450 --> 00:08:00,579 And yeah, the code name for 126 00:08:00,580 --> 00:08:02,739 the switch is that I'm not 127 00:08:02,740 --> 00:08:04,510 sure what they were thinking, but yeah, 128 00:08:06,940 --> 00:08:09,369 when we look at the main CPU, 129 00:08:09,370 --> 00:08:11,769 it's branded Odean X 130 00:08:11,770 --> 00:08:12,819 or two. 131 00:08:12,820 --> 00:08:15,009 It's like because Nintendo is the OEM, 132 00:08:15,010 --> 00:08:16,959 this chip is actually just got from 133 00:08:16,960 --> 00:08:19,059 Nvidia and Anex is the code name 134 00:08:19,060 --> 00:08:20,139 of the Nintendo switch. 135 00:08:21,670 --> 00:08:23,769 But it turns out that the part number 136 00:08:23,770 --> 00:08:26,169 is just a lie. It's just a regular Tegra 137 00:08:26,170 --> 00:08:28,269 X1 Nvidia chip 138 00:08:28,270 --> 00:08:30,279 like people decapitates and it looks just 139 00:08:30,280 --> 00:08:31,179 the same. 140 00:08:31,180 --> 00:08:33,009 And yeah, we have the reference manual 141 00:08:33,010 --> 00:08:34,538 online. It's freely available, pretty 142 00:08:34,539 --> 00:08:37,178 much it's 3000 pages. 143 00:08:37,179 --> 00:08:39,249 So it goes into detail pretty much 144 00:08:39,250 --> 00:08:40,840 everything except the security part. 145 00:08:42,549 --> 00:08:44,439 But they also have provide their own 146 00:08:44,440 --> 00:08:46,479 Linux drivers. 147 00:08:46,480 --> 00:08:49,389 But yeah, we can get the security, 148 00:08:49,390 --> 00:08:51,819 at least some of the security 149 00:08:51,820 --> 00:08:53,140 registers and everything like that. 150 00:08:54,340 --> 00:08:56,919 Um, the main overview of the SCC 151 00:08:56,920 --> 00:08:59,049 is that you have an on seven Blackbutt. 152 00:08:59,050 --> 00:09:01,119 It does power management and it 153 00:09:01,120 --> 00:09:02,319 has a boot drum. 154 00:09:02,320 --> 00:09:03,730 They also have some internal s ram 155 00:09:04,960 --> 00:09:07,599 and then you have the main CPU and it has 156 00:09:07,600 --> 00:09:09,579 six four K of RAM. 157 00:09:09,580 --> 00:09:10,479 That's for TRUSSONI. 158 00:09:10,480 --> 00:09:13,419 So it's secure on secure bus, 159 00:09:13,420 --> 00:09:15,459 secure access only. 160 00:09:15,460 --> 00:09:17,949 And then you have the GPU on the same day 161 00:09:17,950 --> 00:09:19,119 and then you have the security engine 162 00:09:19,120 --> 00:09:21,189 that are say yes, 163 00:09:21,190 --> 00:09:23,799 acceleration, it can DNA and stuff. 164 00:09:23,800 --> 00:09:27,279 And then they have on diffusers, 165 00:09:27,280 --> 00:09:29,509 a lot of them actually like 166 00:09:29,510 --> 00:09:31,689 a thousand and 167 00:09:31,690 --> 00:09:33,129 then they have the memory controller, 168 00:09:33,130 --> 00:09:35,799 they have a Tesuque, which is 169 00:09:35,800 --> 00:09:36,819 security CPU. 170 00:09:36,820 --> 00:09:38,409 It's a really weird architecture. 171 00:09:38,410 --> 00:09:40,119 They they were really 172 00:09:41,920 --> 00:09:43,989 creative. And so and then 173 00:09:43,990 --> 00:09:46,089 they had the DSP, which is 174 00:09:46,090 --> 00:09:47,109 kind of boring. 175 00:09:47,110 --> 00:09:49,299 And then they have a bunch of busses that 176 00:09:49,300 --> 00:09:50,650 you can talk to, external devices. 177 00:09:52,740 --> 00:09:53,740 So 178 00:09:54,900 --> 00:09:56,879 the highlights for refuses to use it for 179 00:09:56,880 --> 00:09:59,189 a lot of stuff, configuration stuff, but 180 00:09:59,190 --> 00:10:00,959 they are 30 bits dedicated to downgrade 181 00:10:00,960 --> 00:10:02,909 protection. So every time they have a 182 00:10:02,910 --> 00:10:04,589 vulnerable firmware, they can just burn a 183 00:10:04,590 --> 00:10:07,049 Fuze. And every bootloader 184 00:10:07,050 --> 00:10:08,639 needs to Fuze to make sure that 185 00:10:09,780 --> 00:10:11,609 the number of bits it expects is actually 186 00:10:11,610 --> 00:10:13,839 set. So if you try 187 00:10:13,840 --> 00:10:16,049 to downgrade, just rewrite the flash 188 00:10:16,050 --> 00:10:18,209 memory, it will not 189 00:10:18,210 --> 00:10:20,039 boot because there's a Fuze inside of the 190 00:10:20,040 --> 00:10:22,199 CPU that 191 00:10:22,200 --> 00:10:24,029 says we're not allowed to do this 192 00:10:24,030 --> 00:10:25,049 anymore. 193 00:10:25,050 --> 00:10:27,509 So and then they have the SPCA, 194 00:10:27,510 --> 00:10:29,829 which is a just normal 195 00:10:29,830 --> 00:10:32,699 yes, 108 ASCII, 196 00:10:32,700 --> 00:10:34,169 and it's the source of all the 197 00:10:34,170 --> 00:10:35,399 confidentiality in system. 198 00:10:35,400 --> 00:10:36,809 So this is what you want to have if you 199 00:10:36,810 --> 00:10:38,400 want to decrypt all the software. 200 00:10:40,440 --> 00:10:42,449 And it's also in the fuzes and you can 201 00:10:42,450 --> 00:10:44,279 disable this one later on in booth, so 202 00:10:44,280 --> 00:10:46,069 you can only access it during early boom 203 00:10:46,070 --> 00:10:47,070 time. 204 00:10:47,820 --> 00:10:49,919 And then they saw the hash of the 205 00:10:49,920 --> 00:10:52,049 RSA public key, which is 206 00:10:52,050 --> 00:10:54,329 how they verify the firmware binaries, 207 00:10:54,330 --> 00:10:55,589 but they don't store is actually they 208 00:10:55,590 --> 00:10:56,879 just sort of hash because they want to 209 00:10:56,880 --> 00:10:58,950 save space, but it's equally good. 210 00:11:00,000 --> 00:11:01,889 And then they have this cool feature that 211 00:11:01,890 --> 00:11:03,719 they can patch the boot from so they can 212 00:11:03,720 --> 00:11:05,849 store patch instructions 213 00:11:05,850 --> 00:11:08,189 for how to modify the Buttram code. 214 00:11:08,190 --> 00:11:09,749 So if they have exploitable bugs in the 215 00:11:09,750 --> 00:11:11,969 goodrum and they do, they 216 00:11:11,970 --> 00:11:14,039 can actually fix them, which is they 217 00:11:14,040 --> 00:11:14,939 can fix the factory time. 218 00:11:14,940 --> 00:11:17,099 So they actually filled up all of this 219 00:11:17,100 --> 00:11:18,390 space just fixing bugs. 220 00:11:21,090 --> 00:11:22,859 And it turns out that since this is just 221 00:11:22,860 --> 00:11:25,259 an off the shelf shipped from Nintendo, 222 00:11:25,260 --> 00:11:27,449 from Nvidia, sorry, they actually just 223 00:11:27,450 --> 00:11:28,739 provide this board. 224 00:11:28,740 --> 00:11:30,299 You can buy from them. 225 00:11:30,300 --> 00:11:32,519 It's seven bucks or half that 226 00:11:32,520 --> 00:11:33,520 if you're a student. 227 00:11:35,260 --> 00:11:37,329 So this gives you access 228 00:11:37,330 --> 00:11:39,129 to you can play with all the audio and 229 00:11:39,130 --> 00:11:40,869 discover what's undocumented about it, 230 00:11:41,920 --> 00:11:44,079 and if we look 231 00:11:44,080 --> 00:11:45,080 at the software, so 232 00:11:46,510 --> 00:11:47,979 people just. There was this rumor 233 00:11:47,980 --> 00:11:49,629 concerning VBAC and everyone was asking, 234 00:11:49,630 --> 00:11:51,519 does it run? No, it doesn't run it and 235 00:11:51,520 --> 00:11:53,019 stop asking. 236 00:11:53,020 --> 00:11:55,029 Instead, it runs because the micro kernel 237 00:11:55,030 --> 00:11:57,519 called Horizon that's been in development 238 00:11:57,520 --> 00:12:00,009 at Nintendo for free 239 00:12:00,010 --> 00:12:01,029 for the three days. 240 00:12:01,030 --> 00:12:03,279 So it's it's yeah. 241 00:12:03,280 --> 00:12:06,039 Like eight, nine years old, maybe. 242 00:12:06,040 --> 00:12:08,859 Um, all the drivers are running userspace 243 00:12:08,860 --> 00:12:10,479 and they called services. 244 00:12:10,480 --> 00:12:12,129 So it's a micro micro services 245 00:12:12,130 --> 00:12:13,130 architecture. 246 00:12:14,650 --> 00:12:16,389 And then they have a custom Nvidia 247 00:12:16,390 --> 00:12:18,819 graphics driver that's kind of similar 248 00:12:18,820 --> 00:12:21,099 to the Linux driver, 249 00:12:21,100 --> 00:12:23,169 but they modified it a lot and then 250 00:12:23,170 --> 00:12:25,329 they have the a custom API to talk to 251 00:12:25,330 --> 00:12:27,459 it. So they have a kind of it's 252 00:12:27,460 --> 00:12:29,619 like Volcan like it's a really thin 253 00:12:29,620 --> 00:12:32,019 abstraction on top of the GPU 254 00:12:32,020 --> 00:12:34,299 and it's custom it's undocumented for us. 255 00:12:34,300 --> 00:12:35,300 So. 256 00:12:35,830 --> 00:12:37,809 So if you come from the U.S. 257 00:12:39,280 --> 00:12:41,199 hacking scene, you can we can do a 258 00:12:41,200 --> 00:12:42,339 comparison. 259 00:12:42,340 --> 00:12:44,679 So the main difference is that all U.S. 260 00:12:44,680 --> 00:12:47,139 processes now, Áslaug, so all the drivers 261 00:12:47,140 --> 00:12:48,900 and all the games are using Áslaug. 262 00:12:50,740 --> 00:12:52,869 So it's randomizing the outer 263 00:12:52,870 --> 00:12:54,969 space and that makes it really hard to 264 00:12:54,970 --> 00:12:57,189 exploit save games, because if you just 265 00:12:57,190 --> 00:12:59,319 have a file format bug, you 266 00:12:59,320 --> 00:13:01,239 really can't do much if you don't know 267 00:13:01,240 --> 00:13:02,470 where things are in memory. 268 00:13:03,490 --> 00:13:06,129 And they rewrote 269 00:13:06,130 --> 00:13:07,809 everything pretty much just refactored 270 00:13:07,810 --> 00:13:09,399 and renamed everything. 271 00:13:09,400 --> 00:13:10,400 But if you just. 272 00:13:12,450 --> 00:13:13,979 Which of the abbreviations, all the 273 00:13:13,980 --> 00:13:15,019 concepts are the same, 274 00:13:16,290 --> 00:13:18,119 they don't have a security processor like 275 00:13:18,120 --> 00:13:19,919 the three of us had our nine, it was a 276 00:13:19,920 --> 00:13:21,610 big problem for us because it was a. 277 00:13:26,540 --> 00:13:27,540 Come back. 278 00:13:32,800 --> 00:13:34,959 So were so three deaths 279 00:13:34,960 --> 00:13:36,699 at this R.M. processor, which did a lot 280 00:13:36,700 --> 00:13:38,499 of stuff, it was a big attack surface and 281 00:13:38,500 --> 00:13:40,869 it didn't have any memory protection. 282 00:13:40,870 --> 00:13:42,939 So they remove 283 00:13:42,940 --> 00:13:44,139 this. Now everything is running on the 284 00:13:44,140 --> 00:13:46,449 same CPU with memory protection. 285 00:13:47,980 --> 00:13:49,869 So the security model they have is 286 00:13:51,160 --> 00:13:53,229 the most privileged part is 287 00:13:53,230 --> 00:13:55,539 trussoni. And it just is a krypto 288 00:13:55,540 --> 00:13:56,589 interface. Pretty much. 289 00:13:58,060 --> 00:14:00,189 It's designed in a way that the keys 290 00:14:00,190 --> 00:14:01,539 never leave the trust. So hopefully. 291 00:14:01,540 --> 00:14:03,759 Well, that's that's how they wanted 292 00:14:03,760 --> 00:14:06,549 it. So it kind of works like a hardware 293 00:14:06,550 --> 00:14:07,550 secret 294 00:14:09,120 --> 00:14:11,259 and then you have the kernel. 295 00:14:11,260 --> 00:14:13,789 So its goal is just 296 00:14:13,790 --> 00:14:15,849 to enforce process, isolation and 297 00:14:15,850 --> 00:14:18,309 communication between processors. 298 00:14:18,310 --> 00:14:20,499 And as the Iowa Review, 299 00:14:20,500 --> 00:14:22,689 it controls the menu and 300 00:14:22,690 --> 00:14:24,189 then it has what are called base 301 00:14:24,190 --> 00:14:26,079 services. These are processors with 302 00:14:26,080 --> 00:14:27,099 Áslaug and everything. 303 00:14:27,100 --> 00:14:28,839 And this FS module, which is the 304 00:14:28,840 --> 00:14:31,219 filesystem driver and 305 00:14:31,220 --> 00:14:33,369 NCM, which is not really interesting, and 306 00:14:33,370 --> 00:14:34,989 some which is a service manager. 307 00:14:34,990 --> 00:14:36,039 This one's pretty interesting. 308 00:14:36,040 --> 00:14:38,109 It, um, it 309 00:14:38,110 --> 00:14:40,119 enforces the whitelist of which process 310 00:14:40,120 --> 00:14:41,830 is allowed to talk to which process. 311 00:14:42,880 --> 00:14:45,909 And then this RPM loader, which just 312 00:14:45,910 --> 00:14:48,069 loads and creates new processors 313 00:14:48,070 --> 00:14:50,499 and then SBL, which is the interface 314 00:14:50,500 --> 00:14:51,500 to trust. 315 00:14:52,270 --> 00:14:53,439 And then they have a bunch of micro 316 00:14:53,440 --> 00:14:55,509 services like the GPU 317 00:14:55,510 --> 00:14:58,569 driver, Wi-Fi, driver, Bluetooth 318 00:14:58,570 --> 00:15:00,099 and stuff like that. 319 00:15:00,100 --> 00:15:02,269 And then finally, we have at the lowest 320 00:15:02,270 --> 00:15:03,370 level we have the game or 321 00:15:04,450 --> 00:15:05,450 the Web browser. 322 00:15:07,090 --> 00:15:09,339 So the Web, so the Web browser game, 323 00:15:09,340 --> 00:15:11,559 sandbox, we only get 324 00:15:11,560 --> 00:15:13,179 access to approximately half of the 325 00:15:13,180 --> 00:15:14,180 calls. 326 00:15:15,460 --> 00:15:17,859 And there are 40 user services 327 00:15:17,860 --> 00:15:19,329 which are. Yeah. 328 00:15:19,330 --> 00:15:20,919 Services that you're supposed to access 329 00:15:20,920 --> 00:15:21,920 as a user. 330 00:15:22,720 --> 00:15:24,429 And it has a concept of process 331 00:15:24,430 --> 00:15:26,559 filesystems. So a game can really 332 00:15:26,560 --> 00:15:28,179 only access its own save data and save 333 00:15:28,180 --> 00:15:29,239 games. 334 00:15:29,240 --> 00:15:31,689 Um, and it can mount SD card, 335 00:15:31,690 --> 00:15:33,849 which is when we want to make a homebrew 336 00:15:33,850 --> 00:15:35,680 exploit, for example, we want to 337 00:15:37,990 --> 00:15:39,969 load files of the card like elfs, 338 00:15:41,530 --> 00:15:44,139 but we can't do that just from the 339 00:15:44,140 --> 00:15:45,140 browser alone 340 00:15:46,480 --> 00:15:48,399 and then the service sandbox, which is 341 00:15:48,400 --> 00:15:50,769 where all the drivers are at. 342 00:15:50,770 --> 00:15:52,899 We have like 20 more Sisco's. 343 00:15:52,900 --> 00:15:55,179 It's mostly just for talking to 344 00:15:55,180 --> 00:15:57,549 DMA devices and handling 345 00:15:57,550 --> 00:15:58,550 IP communication. 346 00:16:00,010 --> 00:16:01,689 It has to service whitelist, but it's 347 00:16:01,690 --> 00:16:03,339 vastly reduced, but you get access to a 348 00:16:03,340 --> 00:16:05,499 few more and the services 349 00:16:05,500 --> 00:16:07,659 don't have any access at 350 00:16:07,660 --> 00:16:08,949 all. In general, there are a few 351 00:16:08,950 --> 00:16:11,139 exceptions, but this is pretty powerful 352 00:16:11,140 --> 00:16:12,969 because even if you were to elevate, 353 00:16:12,970 --> 00:16:15,279 let's say, go into the GPU driver, 354 00:16:15,280 --> 00:16:17,379 you don't get any extra file access 355 00:16:17,380 --> 00:16:18,380 as a result. 356 00:16:19,480 --> 00:16:20,949 And they sometimes need to talk to 357 00:16:20,950 --> 00:16:22,799 external devices. So they have MMI 358 00:16:22,800 --> 00:16:23,800 mapped. 359 00:16:24,730 --> 00:16:26,859 But even if a malicious driver tries 360 00:16:26,860 --> 00:16:29,529 to do it, you may request outside its own 361 00:16:29,530 --> 00:16:30,849 process outerspace. 362 00:16:31,930 --> 00:16:33,069 The kernel is actually the one who 363 00:16:33,070 --> 00:16:34,749 maintains the autonomy for all the bus 364 00:16:34,750 --> 00:16:36,819 messers. So a malicious 365 00:16:36,820 --> 00:16:40,219 driver cannot really askia 366 00:16:40,220 --> 00:16:42,279 a device to do something it's 367 00:16:42,280 --> 00:16:43,280 not supposed to do. 368 00:16:45,140 --> 00:16:46,970 The base service unbox, which is those 369 00:16:48,200 --> 00:16:50,359 five, six processes that 370 00:16:50,360 --> 00:16:51,360 are special, 371 00:16:53,240 --> 00:16:54,769 they are bundled inside the colonel 372 00:16:54,770 --> 00:16:56,989 package together with the colonel and 373 00:16:56,990 --> 00:16:58,789 they have approximately the same size as 374 00:16:58,790 --> 00:17:00,739 the normal services. 375 00:17:00,740 --> 00:17:02,209 But these ones don't have a service 376 00:17:02,210 --> 00:17:04,459 whitelist because these ones are the ones 377 00:17:04,460 --> 00:17:05,989 that actually enforce the whitelist. 378 00:17:05,990 --> 00:17:08,088 So you can't 379 00:17:08,089 --> 00:17:09,889 like they are they're the ones who 380 00:17:09,890 --> 00:17:11,599 enforce it and also fill it in 381 00:17:12,619 --> 00:17:14,719 and maintain it so they can 382 00:17:14,720 --> 00:17:16,999 check themselves basically. 383 00:17:17,000 --> 00:17:18,649 And they also because they maintain the 384 00:17:18,650 --> 00:17:20,000 file system, they have no 385 00:17:21,890 --> 00:17:23,809 wait list for, they can access everything 386 00:17:23,810 --> 00:17:24,810 basically. 387 00:17:25,910 --> 00:17:27,979 So we're going places 388 00:17:27,980 --> 00:17:30,139 and we start from the lower 389 00:17:30,140 --> 00:17:32,839 back, the most underprivileged part. 390 00:17:32,840 --> 00:17:35,029 And yeah, so we start with 391 00:17:35,030 --> 00:17:37,379 Webjet, that's the emulator. 392 00:17:37,380 --> 00:17:40,129 And um, 393 00:17:40,130 --> 00:17:41,809 yeah. So they've had a bunch of bugs 394 00:17:41,810 --> 00:17:43,849 here. They fix them all, but it just 395 00:17:43,850 --> 00:17:45,289 keeps coming more. 396 00:17:45,290 --> 00:17:47,599 Um, it's used for 397 00:17:47,600 --> 00:17:49,849 each of uh like when you buy games 398 00:17:49,850 --> 00:17:52,459 online and manual and other stuff, 399 00:17:52,460 --> 00:17:54,889 but it's always over htp or. 400 00:17:54,890 --> 00:17:56,959 Yeah, we can control the data except with 401 00:17:56,960 --> 00:17:57,960 this one game. 402 00:17:59,240 --> 00:18:01,859 Also Firmware 2.0 input 403 00:18:01,860 --> 00:18:03,439 implemented a new way of launching the 404 00:18:03,440 --> 00:18:05,749 browser. You can just 405 00:18:05,750 --> 00:18:07,699 create a new access point and act like a 406 00:18:07,700 --> 00:18:09,079 wi fi. 407 00:18:09,080 --> 00:18:11,539 And yeah, you can just render arbitrary 408 00:18:11,540 --> 00:18:13,400 HTML because it thinks it's a login page 409 00:18:14,870 --> 00:18:17,059 for a particular WiFi network. 410 00:18:17,060 --> 00:18:19,399 And yet we just took this Pegasus exploit 411 00:18:19,400 --> 00:18:20,699 and just works. 412 00:18:20,700 --> 00:18:22,999 Um, so when we get 413 00:18:23,000 --> 00:18:24,559 the memory of the browser, the first 414 00:18:24,560 --> 00:18:26,779 thing we find is that it's 415 00:18:26,780 --> 00:18:28,699 linking, it's dynamic, linking with a 416 00:18:28,700 --> 00:18:30,379 file called STK. 417 00:18:30,380 --> 00:18:32,719 And when we run strings 418 00:18:32,720 --> 00:18:34,519 on it, it's not an alpha, but we convert 419 00:18:34,520 --> 00:18:35,520 it enough. 420 00:18:36,170 --> 00:18:38,059 We get pretty much all of their function 421 00:18:38,060 --> 00:18:39,649 names, which is really nice when you 422 00:18:39,650 --> 00:18:40,879 reverse engineering stuff. 423 00:18:40,880 --> 00:18:43,009 We get names of all the calls and all 424 00:18:43,010 --> 00:18:44,779 the fancy. 425 00:18:44,780 --> 00:18:46,249 Some of the crypto stuff. 426 00:18:46,250 --> 00:18:47,250 Yeah. 427 00:18:48,280 --> 00:18:49,979 So, yeah, this is what we're going to do 428 00:18:49,980 --> 00:18:50,980 later. 429 00:18:51,760 --> 00:18:54,369 So the game application, 430 00:18:54,370 --> 00:18:56,439 yeah, they knew we were going to get this 431 00:18:56,440 --> 00:18:58,749 at some point and with Webcke 432 00:18:58,750 --> 00:18:59,750 it is pretty easy. 433 00:19:00,940 --> 00:19:02,679 So what we didn't done is we're trying to 434 00:19:02,680 --> 00:19:04,569 blackbox trying to elevate our privileges 435 00:19:04,570 --> 00:19:06,009 from the sandbox. 436 00:19:06,010 --> 00:19:08,199 So my my 437 00:19:08,200 --> 00:19:09,759 my handle is Pluto. 438 00:19:09,760 --> 00:19:12,309 And there's a service called Cloo. 439 00:19:12,310 --> 00:19:14,169 So I don't believe in fate. 440 00:19:14,170 --> 00:19:16,659 But yeah, I looked into the service 441 00:19:16,660 --> 00:19:18,249 and it's a user accessible service. 442 00:19:18,250 --> 00:19:19,269 That's what we use for. 443 00:19:19,270 --> 00:19:20,980 We think please for preload 444 00:19:22,270 --> 00:19:24,519 there three commands to take an integer 445 00:19:24,520 --> 00:19:25,520 sign integer. 446 00:19:27,130 --> 00:19:30,069 And if you feel it's a big value, 447 00:19:30,070 --> 00:19:31,539 you know, it's crashes. 448 00:19:31,540 --> 00:19:33,579 And this is just like an array autobahns 449 00:19:33,580 --> 00:19:34,869 read where we control the index 450 00:19:34,870 --> 00:19:37,119 completely so we can just give 451 00:19:37,120 --> 00:19:39,279 it a negative index and we can read out 452 00:19:39,280 --> 00:19:41,889 the entire binary of service. 453 00:19:41,890 --> 00:19:43,539 So this way we can dump the code of 454 00:19:43,540 --> 00:19:45,369 Années, which is one of the. 455 00:19:47,140 --> 00:19:48,639 So we managed to get one of the micro 456 00:19:48,640 --> 00:19:51,069 services for just blackbox 457 00:19:51,070 --> 00:19:52,899 poking things. 458 00:19:52,900 --> 00:19:54,999 And now we're going to look into the s.m, 459 00:19:55,000 --> 00:19:56,529 which is the service manager is the one 460 00:19:56,530 --> 00:19:59,049 that enforces the white list of 461 00:19:59,050 --> 00:20:00,819 which services you're allowed to access. 462 00:20:02,800 --> 00:20:04,929 So the way you you ask it for, 463 00:20:04,930 --> 00:20:06,579 you give it a string and it gives back a 464 00:20:06,580 --> 00:20:09,159 handle to that service that you ask for 465 00:20:09,160 --> 00:20:11,229 and you send it appeared you 466 00:20:11,230 --> 00:20:13,329 send your kid so that 467 00:20:13,330 --> 00:20:15,399 it knows which whitelist to 468 00:20:15,400 --> 00:20:16,869 enforce. 469 00:20:16,870 --> 00:20:19,599 But yeah, what if we just don't call 470 00:20:19,600 --> 00:20:21,579 the initialize function so we never 471 00:20:21,580 --> 00:20:22,539 actually give it up? 472 00:20:22,540 --> 00:20:24,969 It turns out that the variable 473 00:20:24,970 --> 00:20:26,619 that's supposed to sort of is on 474 00:20:26,620 --> 00:20:28,480 initialized, it will just be zero. 475 00:20:29,590 --> 00:20:31,959 And so as some things were a process, 476 00:20:31,960 --> 00:20:32,960 we did zero. 477 00:20:43,390 --> 00:20:45,309 And then we get access to everything, so, 478 00:20:48,040 --> 00:20:50,169 um, but we still we 479 00:20:50,170 --> 00:20:51,849 can talk to everything, but we don't have 480 00:20:51,850 --> 00:20:53,979 the code. So we want to do is we 481 00:20:53,980 --> 00:20:55,299 want to dump all the code in the system 482 00:20:55,300 --> 00:20:56,300 so we can analyze it. 483 00:20:57,370 --> 00:20:59,559 So if you look at the monitor launched 484 00:20:59,560 --> 00:21:01,959 it launched this way and 485 00:21:01,960 --> 00:21:04,059 all the code comes from this F.S.B loader 486 00:21:04,060 --> 00:21:05,949 service. It has a function called Mount 487 00:21:05,950 --> 00:21:07,239 Code. 488 00:21:07,240 --> 00:21:09,369 So we just need to connect to it and read 489 00:21:09,370 --> 00:21:11,059 out all the binaries. Right. 490 00:21:11,060 --> 00:21:12,669 Uh, when we try to connect, we get some 491 00:21:12,670 --> 00:21:14,889 error message. Turns out 492 00:21:14,890 --> 00:21:16,179 the kernel and forces, you can only have 493 00:21:16,180 --> 00:21:17,200 one section at a time, 494 00:21:19,240 --> 00:21:20,829 but this section is currently held by the 495 00:21:20,830 --> 00:21:21,459 loader. 496 00:21:21,460 --> 00:21:23,559 So the loader has a solution to the 497 00:21:23,560 --> 00:21:25,779 filesystem driver. 498 00:21:25,780 --> 00:21:28,029 But if we crash loader, the colonel 499 00:21:28,030 --> 00:21:29,799 will garbage collect the reference count 500 00:21:29,800 --> 00:21:31,899 will go to zero and 501 00:21:31,900 --> 00:21:33,849 it will release decision. 502 00:21:33,850 --> 00:21:36,339 So we find a command in Loader 503 00:21:36,340 --> 00:21:38,409 that you just give it a thread handle 504 00:21:38,410 --> 00:21:39,410 and it crashes. 505 00:21:40,300 --> 00:21:42,939 So we get all the code binders, 506 00:21:42,940 --> 00:21:44,679 just carry them out. 507 00:21:44,680 --> 00:21:46,869 This really nice. Well, now we can really 508 00:21:46,870 --> 00:21:48,279 understand the system a lot better. 509 00:21:50,110 --> 00:21:52,269 And finally, we look at Colonel, and 510 00:21:52,270 --> 00:21:54,369 for that, we're going to take a little 511 00:21:54,370 --> 00:21:56,439 bit of a detour. So Derek is going to 512 00:21:56,440 --> 00:21:59,019 talk next about 513 00:21:59,020 --> 00:22:01,239 what happens before the system 514 00:22:01,240 --> 00:22:02,240 is put it up. So. 515 00:22:11,550 --> 00:22:13,589 OK, it seems like we lost some time on 516 00:22:13,590 --> 00:22:15,659 the demo, so I'm trying to hurry a little 517 00:22:15,660 --> 00:22:16,660 bit, 518 00:22:17,820 --> 00:22:20,009 so, OK, so far this was 519 00:22:20,010 --> 00:22:22,469 all achieved by just using 520 00:22:22,470 --> 00:22:25,199 black box, black box testing 521 00:22:25,200 --> 00:22:27,269 and, you know, like so black box 522 00:22:27,270 --> 00:22:29,429 testing is fun, except that it's 523 00:22:29,430 --> 00:22:31,919 not because, well, 524 00:22:31,920 --> 00:22:34,079 the switch uses an Michoacana and 525 00:22:34,080 --> 00:22:36,989 that means the tech surface is 526 00:22:36,990 --> 00:22:39,269 pretty low. It seems quite unlikely 527 00:22:39,270 --> 00:22:41,399 that you will get some primitive 528 00:22:41,400 --> 00:22:42,749 where you can just dump the entire 529 00:22:42,750 --> 00:22:45,149 country. And also 530 00:22:45,150 --> 00:22:46,979 there's Asel are in the privileged 531 00:22:46,980 --> 00:22:48,149 processes. 532 00:22:48,150 --> 00:22:50,669 So you might even need to vulnerability's 533 00:22:50,670 --> 00:22:53,189 in the process to get access 534 00:22:53,190 --> 00:22:54,479 to like 535 00:22:56,280 --> 00:22:58,319 Crellin system because that only purge 536 00:22:58,320 --> 00:22:59,619 process can use. 537 00:23:01,020 --> 00:23:03,089 So yeah, like I 538 00:23:03,090 --> 00:23:05,309 was testing on the kernel, I was kind of 539 00:23:05,310 --> 00:23:07,319 a dead end for us. 540 00:23:07,320 --> 00:23:09,359 And when you think about the chain of 541 00:23:09,360 --> 00:23:11,489 trust, what kid is 542 00:23:11,490 --> 00:23:13,589 pretty much at the 543 00:23:13,590 --> 00:23:14,639 end? 544 00:23:14,640 --> 00:23:16,829 So maybe it's 545 00:23:16,830 --> 00:23:19,019 a new console. So maybe you why not 546 00:23:19,020 --> 00:23:21,539 just start at the other end 547 00:23:21,540 --> 00:23:23,609 so we 548 00:23:23,610 --> 00:23:26,549 can have a look at the boot sequence? 549 00:23:26,550 --> 00:23:28,889 And it's very cool because 550 00:23:28,890 --> 00:23:31,019 it's all documented publicly by 551 00:23:31,020 --> 00:23:33,359 and video and yeah, 552 00:23:33,360 --> 00:23:35,429 you get a bunch of information just 553 00:23:35,430 --> 00:23:36,869 for free. 554 00:23:36,870 --> 00:23:39,239 And the way it works is there is a bridge 555 00:23:39,240 --> 00:23:41,579 that runs on the ARM seven, which is like 556 00:23:41,580 --> 00:23:44,279 a super old and crappy CPU 557 00:23:44,280 --> 00:23:46,859 that they call the Eppy and P, 558 00:23:46,860 --> 00:23:49,319 which means like Booch 559 00:23:49,320 --> 00:23:51,839 on power management processor. 560 00:23:51,840 --> 00:23:53,909 And this this 561 00:23:53,910 --> 00:23:55,289 is actually not a custom Buderim. 562 00:23:55,290 --> 00:23:56,759 It's written by Invidia. 563 00:23:56,760 --> 00:23:58,949 But as you already 564 00:23:58,950 --> 00:24:01,289 mentioned, Nintendo Hassan 565 00:24:01,290 --> 00:24:02,609 custom patches on it, 566 00:24:04,350 --> 00:24:06,839 the BAJRAM wheel 567 00:24:06,840 --> 00:24:08,939 well as it is, as it is 568 00:24:08,940 --> 00:24:11,189 explained in the documentation, 569 00:24:11,190 --> 00:24:13,349 it will just load the BCT, which is the 570 00:24:13,350 --> 00:24:15,449 boot configuration, Taylor and the 571 00:24:15,450 --> 00:24:17,939 second stage loader from Immanency. 572 00:24:17,940 --> 00:24:20,099 So at this point, you don't really 573 00:24:20,100 --> 00:24:22,229 need know what the obesity is, but 574 00:24:22,230 --> 00:24:24,659 basically it holds the boot from where 575 00:24:24,660 --> 00:24:26,879 the next well well, the 576 00:24:26,880 --> 00:24:29,339 where the second stage loader is located 577 00:24:29,340 --> 00:24:31,589 in the emcee and it also 578 00:24:31,590 --> 00:24:32,760 contains the signatures. 579 00:24:34,150 --> 00:24:36,299 Um, so when 580 00:24:36,300 --> 00:24:38,669 that's the usual boot flow on the switch, 581 00:24:38,670 --> 00:24:40,199 it will try to boot from infancy. 582 00:24:40,200 --> 00:24:42,389 But if that fails because, for example, 583 00:24:42,390 --> 00:24:44,549 the C is missing, it 584 00:24:44,550 --> 00:24:47,129 will enter a recovery mode 585 00:24:47,130 --> 00:24:49,319 which allows you to send USB messages 586 00:24:49,320 --> 00:24:50,519 to the Buderim. 587 00:24:50,520 --> 00:24:52,889 And if you might think, yeah, this is the 588 00:24:52,890 --> 00:24:54,359 ultimate pectore. 589 00:24:54,360 --> 00:24:56,359 Well, unfortunately, it's not, because 590 00:24:56,360 --> 00:24:58,439 all messages must be signed 591 00:24:58,440 --> 00:25:00,839 by using Nintendo's private RSA 592 00:25:00,840 --> 00:25:02,640 key. And of course, we don't have that. 593 00:25:04,390 --> 00:25:06,479 Uh, but what we can do is we 594 00:25:06,480 --> 00:25:08,609 can dump the see, which is 595 00:25:08,610 --> 00:25:10,259 like super easy. 596 00:25:10,260 --> 00:25:12,269 And we did that. 597 00:25:12,270 --> 00:25:15,029 And we got a pretty nice overview 598 00:25:15,030 --> 00:25:17,279 of all the boot components 599 00:25:17,280 --> 00:25:19,319 that are stored on the EMC. 600 00:25:19,320 --> 00:25:21,419 So this is a little bit complicated. 601 00:25:21,420 --> 00:25:23,939 But what you can see is 602 00:25:23,940 --> 00:25:26,019 the boot from on the left, it 603 00:25:26,020 --> 00:25:28,349 loads something that is called package 604 00:25:28,350 --> 00:25:30,209 one, which is basically 605 00:25:31,530 --> 00:25:33,989 the second stage bootloader and next 606 00:25:33,990 --> 00:25:37,109 stage in one image. 607 00:25:37,110 --> 00:25:39,179 And the first part is actually 608 00:25:39,180 --> 00:25:41,279 stored on E.M.S. 609 00:25:41,280 --> 00:25:42,269 in plaintext. 610 00:25:42,270 --> 00:25:44,459 It is not encrypted and 611 00:25:44,460 --> 00:25:46,889 the other part is encrypted 612 00:25:46,890 --> 00:25:48,000 by using. 613 00:25:50,790 --> 00:25:53,729 Universal universal encryption 614 00:25:53,730 --> 00:25:55,979 keys, it's not there's no 615 00:25:55,980 --> 00:25:58,499 console's unique encryption there. 616 00:25:58,500 --> 00:26:00,109 So how does it work? 617 00:26:00,110 --> 00:26:02,529 How does the package one, 618 00:26:02,530 --> 00:26:04,549 the decrypts the next stage? 619 00:26:06,150 --> 00:26:08,339 So they have this feature where 620 00:26:08,340 --> 00:26:10,559 they lower the keep block from 621 00:26:10,560 --> 00:26:12,719 in and see which is console 622 00:26:12,720 --> 00:26:16,349 unique and it basically contains 623 00:26:16,350 --> 00:26:19,499 encrypted keys and 624 00:26:19,500 --> 00:26:22,259 package one. Lawder generates 625 00:26:22,260 --> 00:26:24,419 a couple of key to 626 00:26:24,420 --> 00:26:26,879 decrypt that key block and then it uses 627 00:26:26,880 --> 00:26:29,039 the decryption keys from that 628 00:26:29,040 --> 00:26:31,259 key block to decrypt the next 629 00:26:31,260 --> 00:26:32,260 stage. 630 00:26:33,530 --> 00:26:35,599 So we would like to get this key 631 00:26:35,600 --> 00:26:37,919 because the car 632 00:26:37,920 --> 00:26:40,219 is also encrypted 633 00:26:40,220 --> 00:26:42,379 when it's part of a package, too, 634 00:26:42,380 --> 00:26:44,389 as you can see on the right. 635 00:26:44,390 --> 00:26:46,609 And well, 636 00:26:46,610 --> 00:26:49,009 this key is only available to 637 00:26:49,010 --> 00:26:51,229 this package, one loader. 638 00:26:51,230 --> 00:26:53,389 So that means we need 639 00:26:53,390 --> 00:26:55,609 to get code execution in package 640 00:26:55,610 --> 00:26:56,610 one loader. 641 00:26:57,660 --> 00:27:00,139 OK, so 642 00:27:00,140 --> 00:27:01,549 how do you get some keys? 643 00:27:01,550 --> 00:27:02,600 Well, in the past, 644 00:27:03,620 --> 00:27:05,689 as you might know, we clicked 645 00:27:05,690 --> 00:27:07,739 the three years and got the keys and we 646 00:27:07,740 --> 00:27:09,589 released the EU and got the keys. 647 00:27:09,590 --> 00:27:11,839 So maybe, 648 00:27:11,840 --> 00:27:14,029 yeah, maybe 649 00:27:14,030 --> 00:27:15,619 you can click the switch and get the 650 00:27:15,620 --> 00:27:16,939 keys. 651 00:27:16,940 --> 00:27:19,399 So we wanted to try that, and 652 00:27:19,400 --> 00:27:21,619 in order to do this, 653 00:27:21,620 --> 00:27:23,839 you want to get Constitution Package One 654 00:27:23,840 --> 00:27:26,389 Law Order and 655 00:27:26,390 --> 00:27:28,729 basically you want to acknowledge the 656 00:27:28,730 --> 00:27:30,979 component and load the package and order, 657 00:27:30,980 --> 00:27:32,539 which is the Buderim. 658 00:27:32,540 --> 00:27:34,639 But how is this 659 00:27:34,640 --> 00:27:36,019 actually verified? 660 00:27:36,020 --> 00:27:38,149 So the boot from this 661 00:27:38,150 --> 00:27:40,459 is that BCT, which I've 662 00:27:40,460 --> 00:27:43,099 already mentioned, and 663 00:27:43,100 --> 00:27:45,229 this is basically 664 00:27:45,230 --> 00:27:46,230 a 665 00:27:47,570 --> 00:27:49,879 plan to explore start on the 666 00:27:49,880 --> 00:27:50,989 E.M.S. 667 00:27:50,990 --> 00:27:53,089 and it contains all the signatures of the 668 00:27:53,090 --> 00:27:54,199 bootloader. 669 00:27:54,200 --> 00:27:56,599 And then there's an 670 00:27:56,600 --> 00:27:58,909 AP signature on top, or as AP 671 00:27:58,910 --> 00:28:00,769 says, it's a really strong signature 672 00:28:00,770 --> 00:28:02,929 scheme and 673 00:28:02,930 --> 00:28:05,599 it uses the hours a public key, 674 00:28:05,600 --> 00:28:07,669 which you can see on the 675 00:28:07,670 --> 00:28:10,459 top to verify the signature. 676 00:28:11,990 --> 00:28:14,359 And this public key is 677 00:28:14,360 --> 00:28:15,839 Hashd. 678 00:28:15,840 --> 00:28:18,779 And this hash is stored 679 00:28:18,780 --> 00:28:21,029 in the Fuze of the device, 680 00:28:21,030 --> 00:28:23,240 so you cannot you cannot change it. 681 00:28:25,800 --> 00:28:28,319 Basically, what we want to do is 682 00:28:28,320 --> 00:28:30,329 when the bureau verifies this publicly 683 00:28:30,330 --> 00:28:32,489 using the hash, we want to 684 00:28:32,490 --> 00:28:34,749 klich this hash 685 00:28:34,750 --> 00:28:36,929 check because then we can put 686 00:28:36,930 --> 00:28:39,299 our own public key and our own 687 00:28:39,300 --> 00:28:41,429 BCT signatures, and that's 688 00:28:41,430 --> 00:28:43,799 our own bootloader signatures 689 00:28:43,800 --> 00:28:45,650 so we can sign on bootless. 690 00:28:46,860 --> 00:28:48,989 OK, but we don't. 691 00:28:48,990 --> 00:28:51,329 Well, we didn't have the Buderim then 692 00:28:51,330 --> 00:28:53,759 back there and 693 00:28:53,760 --> 00:28:55,949 we didn't know when this check like 694 00:28:55,950 --> 00:28:58,349 the hash tag, when when does it happen. 695 00:28:58,350 --> 00:29:00,569 So we have to find the timing for 696 00:29:00,570 --> 00:29:02,939 it. And for that we can 697 00:29:02,940 --> 00:29:04,829 take a look at the invincibles. 698 00:29:05,850 --> 00:29:07,289 You can just sniff it. 699 00:29:08,770 --> 00:29:10,839 So we get a really nice dump of 700 00:29:10,840 --> 00:29:13,059 all the comments that are issued 701 00:29:13,060 --> 00:29:14,859 by the Buderim to the see. 702 00:29:16,230 --> 00:29:18,479 So you can see that if 703 00:29:18,480 --> 00:29:20,639 it's the time difference 704 00:29:20,640 --> 00:29:22,979 between each command that 705 00:29:22,980 --> 00:29:25,079 was issued and 706 00:29:25,080 --> 00:29:27,299 it's basically the 707 00:29:27,300 --> 00:29:29,549 time that the patrol needed to 708 00:29:29,550 --> 00:29:32,579 do some operation between those streets. 709 00:29:32,580 --> 00:29:34,649 So when the when the 710 00:29:34,650 --> 00:29:37,019 when the beseeches was good, 711 00:29:37,020 --> 00:29:39,659 it took quite some time 712 00:29:39,660 --> 00:29:41,249 to verify it. 713 00:29:41,250 --> 00:29:43,379 And when you 714 00:29:43,380 --> 00:29:46,259 put, like an invalid 715 00:29:46,260 --> 00:29:48,509 public in the BCT, the BCT 716 00:29:48,510 --> 00:29:50,849 validation will fail and it will actually 717 00:29:50,850 --> 00:29:53,099 start ringing next to you. 718 00:29:53,100 --> 00:29:55,859 And then you can see the 719 00:29:55,860 --> 00:29:57,209 difference is much smaller. 720 00:29:57,210 --> 00:29:59,279 So that means the Buderim 721 00:29:59,280 --> 00:30:01,679 will see, oh, the 722 00:30:01,680 --> 00:30:03,059 the public is wrong. 723 00:30:03,060 --> 00:30:05,519 I will not I will not try to verify 724 00:30:05,520 --> 00:30:07,049 the rest of the BCT. 725 00:30:07,050 --> 00:30:09,179 And with that they basically leaked 726 00:30:09,180 --> 00:30:11,339 the time of check 727 00:30:11,340 --> 00:30:13,769 when the Buderim checks the 728 00:30:13,770 --> 00:30:14,770 public. He has. 729 00:30:15,870 --> 00:30:18,659 OK, so this was all in theory 730 00:30:18,660 --> 00:30:21,299 and basically 731 00:30:21,300 --> 00:30:23,639 it took like one month to develop 732 00:30:23,640 --> 00:30:25,499 a glittering set up. 733 00:30:25,500 --> 00:30:27,569 And this is this just uses 734 00:30:27,570 --> 00:30:29,279 power clicking. 735 00:30:29,280 --> 00:30:31,889 So what I did was 736 00:30:31,890 --> 00:30:34,949 I first dissolved all the capacitors 737 00:30:34,950 --> 00:30:37,349 on the voltage titrated that was 738 00:30:37,350 --> 00:30:40,049 that powers the seven and 739 00:30:40,050 --> 00:30:43,169 then have used an FPGA 740 00:30:43,170 --> 00:30:45,569 to basically control 741 00:30:45,570 --> 00:30:47,909 Somerset's. And those muscles 742 00:30:47,910 --> 00:30:50,069 will pretty much lower 743 00:30:50,070 --> 00:30:52,709 the voltage for a short time. 744 00:30:52,710 --> 00:30:55,529 So hopefully the 745 00:30:55,530 --> 00:30:58,529 public high hatcheck will fail. 746 00:30:58,530 --> 00:31:00,959 And and then 747 00:31:00,960 --> 00:31:02,369 when you get code execution, 748 00:31:03,660 --> 00:31:05,729 we are pretty lazy and we just beat 749 00:31:05,730 --> 00:31:08,039 back the clock 750 00:31:08,040 --> 00:31:10,079 because we actually found some clock 751 00:31:10,080 --> 00:31:11,849 divider register. 752 00:31:11,850 --> 00:31:13,979 So basically, 753 00:31:13,980 --> 00:31:15,719 by changing the frequency, we could 754 00:31:15,720 --> 00:31:16,720 encode 755 00:31:17,820 --> 00:31:21,029 the data of all the secret keys 756 00:31:21,030 --> 00:31:24,089 bit by bit, sending it to FPGA. 757 00:31:24,090 --> 00:31:27,059 And then we got 758 00:31:27,060 --> 00:31:29,399 all the keys and 759 00:31:29,400 --> 00:31:30,779 with that, all the binaries. 760 00:31:42,750 --> 00:31:44,819 OK, so, um, so 761 00:31:44,820 --> 00:31:46,859 thanks, Derek, you got us all the keys, 762 00:31:46,860 --> 00:31:47,999 which is really nice. 763 00:31:48,000 --> 00:31:50,069 So now we can analyze the Colonel White 764 00:31:50,070 --> 00:31:52,049 white box instead of black box, which 765 00:31:52,050 --> 00:31:53,579 means we can read the code. 766 00:31:53,580 --> 00:31:55,169 And the first thing you do when you want 767 00:31:55,170 --> 00:31:56,969 to explode something is you find out the 768 00:31:56,970 --> 00:31:58,509 memory map because you want to go up 769 00:31:58,510 --> 00:31:59,429 memory eventually. 770 00:31:59,430 --> 00:32:02,399 Where should you write? 771 00:32:02,400 --> 00:32:04,499 So it turns map to the high address 772 00:32:04,500 --> 00:32:07,229 somewhere. If you see 773 00:32:07,230 --> 00:32:09,689 it's read execute. 774 00:32:09,690 --> 00:32:11,489 But this actually is a virtual address 775 00:32:11,490 --> 00:32:13,559 that maps to dirham and then they 776 00:32:13,560 --> 00:32:15,779 have a different mirror that's read. 777 00:32:15,780 --> 00:32:16,829 Right. 778 00:32:16,830 --> 00:32:18,899 So we can 779 00:32:18,900 --> 00:32:21,299 actually bypass the read-only portion by 780 00:32:21,300 --> 00:32:23,249 using the other address instead. 781 00:32:23,250 --> 00:32:25,109 And the three of are the same floor. 782 00:32:25,110 --> 00:32:26,819 But I think they're thinking here is 783 00:32:26,820 --> 00:32:28,739 that, yeah, it makes the code a lot 784 00:32:28,740 --> 00:32:31,079 cleaner. So they just, uh, 785 00:32:31,080 --> 00:32:33,149 always keep this door a mirror inside 786 00:32:33,150 --> 00:32:34,809 the door at this space. 787 00:32:34,810 --> 00:32:36,779 Um, all the objects are Elkadi using a 788 00:32:36,780 --> 00:32:39,449 slagheap, which is like one 789 00:32:39,450 --> 00:32:41,609 object type, and all the 790 00:32:41,610 --> 00:32:43,559 applications are of the same size. 791 00:32:43,560 --> 00:32:45,659 So this makes use of Kifri is really 792 00:32:45,660 --> 00:32:47,849 difficult to exploit because 793 00:32:47,850 --> 00:32:50,039 you can't overlap two different 794 00:32:50,040 --> 00:32:52,379 two objects of different type, which 795 00:32:52,380 --> 00:32:53,519 you usually want to do. 796 00:32:53,520 --> 00:32:55,379 So you can only overlap an object with a 797 00:32:55,380 --> 00:32:58,019 different object, um, 798 00:32:58,020 --> 00:32:59,909 that has the same types of some of the 799 00:32:59,910 --> 00:33:02,019 fields would be different, but. 800 00:33:02,020 --> 00:33:04,929 Um, most of the pointers are still valid 801 00:33:04,930 --> 00:33:07,029 for both objects will still 802 00:33:07,030 --> 00:33:08,239 be at the same offset. 803 00:33:08,240 --> 00:33:10,779 So, yeah, and 804 00:33:10,780 --> 00:33:12,399 now the kernel cannot execute this line 805 00:33:12,400 --> 00:33:14,179 code because they use the privileged 806 00:33:14,180 --> 00:33:16,239 you'd never bet on, which 807 00:33:16,240 --> 00:33:18,099 is a hurdle that you have to get through. 808 00:33:19,380 --> 00:33:21,359 Um, I'm not sure if anyone paid 809 00:33:21,360 --> 00:33:23,999 attention, so just explain this, the 810 00:33:24,000 --> 00:33:26,069 strictly right is the permissions 811 00:33:26,070 --> 00:33:27,929 for the first three are privileged 812 00:33:27,930 --> 00:33:30,179 permissions and the lower three 813 00:33:30,180 --> 00:33:33,359 are usually land permissions. 814 00:33:33,360 --> 00:33:34,829 And there's something a little bit weird 815 00:33:34,830 --> 00:33:37,229 here. So, um, 816 00:33:37,230 --> 00:33:39,179 they accidentally mapped the kernel into 817 00:33:39,180 --> 00:33:41,249 userspace as, uh, 818 00:33:41,250 --> 00:33:42,509 executable. 819 00:33:42,510 --> 00:33:44,549 And it's mostly useless. 820 00:33:44,550 --> 00:33:46,709 But, uh, it 821 00:33:46,710 --> 00:33:48,329 means that we can use this we can just 822 00:33:48,330 --> 00:33:49,829 jump in the kernel from userspace and we 823 00:33:49,830 --> 00:33:52,499 will execute kernel functions in 824 00:33:52,500 --> 00:33:53,849 userspace context. 825 00:33:53,850 --> 00:33:56,489 But we can use this as an áslaug bypass 826 00:33:56,490 --> 00:33:57,929 because the kernel is always not at the 827 00:33:57,930 --> 00:33:59,999 same address. So we can 828 00:34:00,000 --> 00:34:01,020 use it for gadget's. 829 00:34:02,450 --> 00:34:04,549 But this really we haven't really 830 00:34:04,550 --> 00:34:07,309 owned the colonel yet, so the Ayumu 831 00:34:07,310 --> 00:34:08,809 is one of the parts of the current you 832 00:34:08,810 --> 00:34:09,928 can attack. 833 00:34:09,929 --> 00:34:11,988 It's yeah, it's no 834 00:34:11,989 --> 00:34:14,279 controller of the sea. 835 00:34:14,280 --> 00:34:16,249 Um, the idea is that all of the North Sea 836 00:34:16,250 --> 00:34:18,139 bass masters are protected, so. 837 00:34:20,920 --> 00:34:23,158 You sign it and aerospace identifier 838 00:34:23,159 --> 00:34:25,468 Essid, and then you assign a pitch 839 00:34:25,469 --> 00:34:27,569 table to that acid and 840 00:34:28,590 --> 00:34:30,289 every device that goes through the item 841 00:34:30,290 --> 00:34:31,799 and you can only access what's left in 842 00:34:31,800 --> 00:34:32,849 the pitch table. 843 00:34:32,850 --> 00:34:34,589 And the colonel maintains this pitch 844 00:34:34,590 --> 00:34:35,729 table. That's why it's secure. 845 00:34:35,730 --> 00:34:38,039 So a malicious driver can't, 846 00:34:38,040 --> 00:34:40,499 uh, violate the 847 00:34:40,500 --> 00:34:42,459 process isolation. 848 00:34:42,460 --> 00:34:44,519 And so this this, of course, is that 849 00:34:44,520 --> 00:34:46,559 you can only access your own heat through 850 00:34:46,560 --> 00:34:47,908 DNA. 851 00:34:47,909 --> 00:34:49,829 There's a functionality for accessing it 852 00:34:49,830 --> 00:34:51,149 for another process as well. 853 00:34:51,150 --> 00:34:53,009 You can lend memory, but. 854 00:34:53,010 --> 00:34:54,010 Yeah. 855 00:34:54,400 --> 00:34:56,559 So how do we bypass this and so we 856 00:34:56,560 --> 00:34:58,689 got the official data sheet, three 857 00:34:58,690 --> 00:35:00,849 thousand pages, and we can just search 858 00:35:00,850 --> 00:35:02,409 for bypass this and then you 859 00:35:04,780 --> 00:35:05,780 get this. 860 00:35:15,480 --> 00:35:17,669 So the GMU is a memory management unit 861 00:35:17,670 --> 00:35:19,889 inside the GPU and, yeah, 862 00:35:19,890 --> 00:35:22,169 it supports bypassing, 863 00:35:22,170 --> 00:35:24,509 passing something so Invidia 864 00:35:24,510 --> 00:35:25,800 back door themselves. 865 00:35:27,690 --> 00:35:29,640 So this is a game you attack, 866 00:35:30,900 --> 00:35:32,639 you can set be 31 in the pitch table 867 00:35:32,640 --> 00:35:34,769 entry and it's in hardware. 868 00:35:34,770 --> 00:35:36,989 So you can fix it and 869 00:35:36,990 --> 00:35:37,990 video. Thank you. 870 00:35:46,720 --> 00:35:48,579 So this is one way of doing it and they 871 00:35:48,580 --> 00:35:50,169 can fix it, but we also had a different 872 00:35:50,170 --> 00:35:52,239 way of bypassing the simu 873 00:35:52,240 --> 00:35:54,429 and it has to do it's a trust issue. 874 00:35:54,430 --> 00:35:56,799 So the loader 875 00:35:56,800 --> 00:35:58,529 loads the permissions that we have from 876 00:35:58,530 --> 00:36:00,909 EFS. And if we own efforts 877 00:36:00,910 --> 00:36:03,189 or vulnerability, Nafez, we can just tell 878 00:36:03,190 --> 00:36:05,289 it what we're allowed to do so 879 00:36:05,290 --> 00:36:06,909 we can tell it where we should be allowed 880 00:36:06,910 --> 00:36:08,649 to access the memory controller and then 881 00:36:08,650 --> 00:36:10,329 we can just assign acid's so we can 882 00:36:10,330 --> 00:36:13,359 assign the acid zero here to our device. 883 00:36:13,360 --> 00:36:14,920 Just means don't do 884 00:36:16,690 --> 00:36:17,770 any virtual addressing. 885 00:36:19,300 --> 00:36:21,729 So we can do all over dirham, 886 00:36:21,730 --> 00:36:24,009 pretty much so the answer is simple, 887 00:36:24,010 --> 00:36:25,539 we can just the critics in the room, so 888 00:36:25,540 --> 00:36:27,879 we can just it but that 889 00:36:27,880 --> 00:36:30,459 doesn't work because there's a 890 00:36:30,460 --> 00:36:32,409 security feature in the remote 891 00:36:32,410 --> 00:36:34,989 controller. You can specify a 892 00:36:34,990 --> 00:36:36,909 contiguous memory range that's protected 893 00:36:36,910 --> 00:36:39,009 from DNA and they protect this to 894 00:36:39,010 --> 00:36:40,029 include all of the kernels. 895 00:36:40,030 --> 00:36:41,290 So we can't really touch it. 896 00:36:42,670 --> 00:36:44,409 But we inspected the code a little bit 897 00:36:44,410 --> 00:36:46,749 more. And when they allocate the 898 00:36:46,750 --> 00:36:48,829 handle table and they 899 00:36:48,830 --> 00:36:50,889 are two different ways of allocation, 900 00:36:50,890 --> 00:36:53,259 if you have a smaller table, 901 00:36:53,260 --> 00:36:54,760 less than 40 capacity, 902 00:36:55,810 --> 00:36:57,969 you you just use the internal struct 903 00:36:57,970 --> 00:36:59,829 as storage. 904 00:36:59,830 --> 00:37:01,929 But if you have more than 40, 905 00:37:01,930 --> 00:37:02,919 they are in the pool. 906 00:37:02,920 --> 00:37:04,389 And this is the same pool that's used for 907 00:37:04,390 --> 00:37:06,729 all the memory of all the user processes. 908 00:37:06,730 --> 00:37:08,469 And this pool is not protected by the 909 00:37:08,470 --> 00:37:11,139 carveout, but the 910 00:37:11,140 --> 00:37:12,939 handle table just is trusted like it 911 00:37:12,940 --> 00:37:15,219 contains kernel pointers and everything. 912 00:37:15,220 --> 00:37:17,019 And yeah, we can just inmates. 913 00:37:18,240 --> 00:37:20,549 So we can create a shared memory object, 914 00:37:20,550 --> 00:37:21,550 which is just 915 00:37:22,860 --> 00:37:25,499 primitive that the current provides and 916 00:37:25,500 --> 00:37:28,559 we can tell it to share the kernel to 917 00:37:28,560 --> 00:37:30,479 and I'm going to inject it into our 918 00:37:30,480 --> 00:37:32,579 Handal table of our process and then we 919 00:37:32,580 --> 00:37:34,829 can use the skull to map it into our 920 00:37:34,830 --> 00:37:36,929 own process. So then it will move the 921 00:37:36,930 --> 00:37:39,449 kernel into our process, thinking it's 922 00:37:39,450 --> 00:37:41,519 a shared memory and then 923 00:37:41,520 --> 00:37:43,409 we can just patch it or insert a back 924 00:37:43,410 --> 00:37:44,669 door or anything. 925 00:37:44,670 --> 00:37:46,469 So this is the way we own the kernel. 926 00:37:47,760 --> 00:37:48,879 And here's some code. 927 00:37:48,880 --> 00:37:51,239 Uh, yeah. 928 00:37:51,240 --> 00:37:52,229 And now we're going to talk. 929 00:37:52,230 --> 00:37:53,230 Yeah. 930 00:37:59,240 --> 00:38:00,349 Now, we're going to talk a little bit 931 00:38:00,350 --> 00:38:01,939 about Drosten, so there were. 932 00:38:06,720 --> 00:38:08,879 All right, so is this 933 00:38:08,880 --> 00:38:11,099 nice execution environment program 934 00:38:11,100 --> 00:38:13,469 and we are seeing there glitching 935 00:38:13,470 --> 00:38:15,569 actually give us a method to decrypt 936 00:38:15,570 --> 00:38:17,129 package one point one, and it just 937 00:38:17,130 --> 00:38:19,619 contains the trust on payload. 938 00:38:19,620 --> 00:38:21,839 You know what I will show you in 939 00:38:21,840 --> 00:38:23,489 the next 10 minutes or so is where we can 940 00:38:23,490 --> 00:38:25,590 actually ignore just at all. 941 00:38:26,940 --> 00:38:29,019 So the 942 00:38:29,020 --> 00:38:30,600 Army supports trust on 943 00:38:31,610 --> 00:38:33,779 the code running under a secure A3, 944 00:38:33,780 --> 00:38:35,909 which is just as soon as we call 945 00:38:35,910 --> 00:38:37,769 it, is called a secure monitor. 946 00:38:37,770 --> 00:38:38,859 This is an official name. 947 00:38:38,860 --> 00:38:41,099 Nintendo calls it the same, but 948 00:38:41,100 --> 00:38:43,259 on the Nintendo switch, it doesn't 949 00:38:43,260 --> 00:38:44,369 monitor anything. 950 00:38:44,370 --> 00:38:45,629 All right. 951 00:38:45,630 --> 00:38:48,779 So the secure monitor. 952 00:38:48,780 --> 00:38:50,939 Hmm. It's the first code 953 00:38:50,940 --> 00:38:53,219 that runs on the arm, the main CPU. 954 00:38:53,220 --> 00:38:55,439 So the seven decrypts packets, 955 00:38:55,440 --> 00:38:56,939 one point one it. 956 00:38:56,940 --> 00:38:59,609 Right. The Treston payload to 957 00:38:59,610 --> 00:39:01,109 ram. That is what we saw. 958 00:39:01,110 --> 00:39:03,119 It's this small ram in the arm. 959 00:39:03,120 --> 00:39:05,309 The aide that's distressed Sunseeker 960 00:39:05,310 --> 00:39:07,619 memory puts up the Army 961 00:39:07,620 --> 00:39:09,299 eight times there. 962 00:39:09,300 --> 00:39:11,369 And then this is actually the first task 963 00:39:11,370 --> 00:39:13,529 of the security monitor already 964 00:39:13,530 --> 00:39:14,849 booting the horizon kernel. 965 00:39:14,850 --> 00:39:17,039 All right. So we saw 966 00:39:17,040 --> 00:39:19,169 this package at this point 967 00:39:19,170 --> 00:39:21,229 because it will be in main RAM, 968 00:39:21,230 --> 00:39:23,349 then secure monitoring will start 969 00:39:23,350 --> 00:39:25,709 deriving some keys, the package 970 00:39:25,710 --> 00:39:27,989 to write to Col to 971 00:39:27,990 --> 00:39:30,059 the dirham and 972 00:39:30,060 --> 00:39:32,579 decrypt the the package modules 973 00:39:32,580 --> 00:39:34,649 and then just start executing the 974 00:39:34,650 --> 00:39:37,049 kernel. So this is the most important 975 00:39:37,050 --> 00:39:38,729 task probably, or one of the most 976 00:39:38,730 --> 00:39:39,869 important ones. 977 00:39:39,870 --> 00:39:41,669 And the second most important task of 978 00:39:41,670 --> 00:39:44,519 this agreement was actually cryptography. 979 00:39:44,520 --> 00:39:46,769 So cryptography 980 00:39:46,770 --> 00:39:48,959 is not directly done in software by the 981 00:39:48,960 --> 00:39:51,209 secure monitor, but they 982 00:39:51,210 --> 00:39:53,909 actually make use of this nice security 983 00:39:53,910 --> 00:39:56,099 engine that is provided by Invidia, 984 00:39:56,100 --> 00:39:58,619 the technical security engine 985 00:39:58,620 --> 00:40:00,999 and other some 986 00:40:01,000 --> 00:40:02,579 not so important task is 987 00:40:03,900 --> 00:40:05,969 Treston or the security is actually 988 00:40:05,970 --> 00:40:08,339 used to start stop the additional 989 00:40:08,340 --> 00:40:10,439 CPU because as we've seen, we have four 990 00:40:10,440 --> 00:40:11,639 CPU course. 991 00:40:11,640 --> 00:40:13,409 We start executing from core three 992 00:40:13,410 --> 00:40:15,839 initially. So we have to have means 993 00:40:15,840 --> 00:40:17,949 to stop the attackers. 994 00:40:17,950 --> 00:40:20,309 And the last important part is the sleep 995 00:40:20,310 --> 00:40:22,739 mode. So the Tegra actually 996 00:40:22,740 --> 00:40:25,049 supports some deep sleep mode 997 00:40:25,050 --> 00:40:26,759 to save some battery. 998 00:40:26,760 --> 00:40:28,559 This is always a nice feature of Nintendo 999 00:40:28,560 --> 00:40:30,389 consoles, usually very long through the 1000 00:40:30,390 --> 00:40:31,390 Sleetmute. 1001 00:40:32,250 --> 00:40:34,439 Now take a good 1002 00:40:34,440 --> 00:40:35,839 look at this list. 1003 00:40:35,840 --> 00:40:37,949 And this is actually not important for 1004 00:40:37,950 --> 00:40:38,999 homebrew at all. 1005 00:40:39,000 --> 00:40:41,069 That's why I said we can really just 1006 00:40:41,070 --> 00:40:44,249 ignore the Trussoni completely. 1007 00:40:44,250 --> 00:40:46,439 But let's look at it 1008 00:40:46,440 --> 00:40:49,259 anyways for completeness sake. 1009 00:40:49,260 --> 00:40:51,809 So the Tagaris e 1010 00:40:51,810 --> 00:40:53,159 I mentioned it's a hardware krypto 1011 00:40:53,160 --> 00:40:55,809 engine. It supports ESR, 1012 00:40:55,810 --> 00:40:58,589 RSG, all the good things. 1013 00:40:58,590 --> 00:41:00,899 And maybe you remember from the 3D, 1014 00:41:00,900 --> 00:41:02,519 they had this Kiesler concept. 1015 00:41:02,520 --> 00:41:04,169 It's apparently a good concept, so they 1016 00:41:04,170 --> 00:41:05,669 kept it for here as well. 1017 00:41:05,670 --> 00:41:07,859 So you have 16 key slots for a Yes. 1018 00:41:07,860 --> 00:41:10,029 Two four hours a you can lock 1019 00:41:10,030 --> 00:41:11,079 them individually. 1020 00:41:11,080 --> 00:41:13,199 This is for example, but the boot uses 1021 00:41:13,200 --> 00:41:15,059 the SB Keys written to a key slot. 1022 00:41:15,060 --> 00:41:17,099 It's locked. So you can just read it out. 1023 00:41:17,100 --> 00:41:18,719 I mean, it gets cleared once we're in 1024 00:41:18,720 --> 00:41:20,189 this area. 1025 00:41:20,190 --> 00:41:22,259 But in the 1026 00:41:22,260 --> 00:41:23,909 trust zone, code does the same. 1027 00:41:23,910 --> 00:41:26,069 It drives some keys into the upper keys 1028 00:41:26,070 --> 00:41:27,299 lots and locks them. 1029 00:41:27,300 --> 00:41:29,579 So even if you get code 1030 00:41:29,580 --> 00:41:31,709 execution in a trust zone, you wouldn't 1031 00:41:31,710 --> 00:41:33,779 be simply able to just read out 1032 00:41:33,780 --> 00:41:36,239 this keys so that that's quite secure. 1033 00:41:37,350 --> 00:41:39,629 All right, and what's 1034 00:41:39,630 --> 00:41:42,229 another interesting thing about the 1035 00:41:42,230 --> 00:41:44,099 is that the crypto operations actually 1036 00:41:44,100 --> 00:41:46,139 don't just operate on memory, you can 1037 00:41:46,140 --> 00:41:48,269 actually encrypt and decrypt between 1038 00:41:48,270 --> 00:41:50,849 key slots. So this actually enables you 1039 00:41:50,850 --> 00:41:53,279 to do some secure key derivation. 1040 00:41:53,280 --> 00:41:55,169 So you can imagine having a key in one 1041 00:41:55,170 --> 00:41:57,719 key slot key slot could be locked 1042 00:41:57,720 --> 00:41:59,729 and then you could actually decrypt this 1043 00:41:59,730 --> 00:42:02,489 key slot into another one without ever 1044 00:42:02,490 --> 00:42:04,679 having any keys leaving into 1045 00:42:04,680 --> 00:42:05,579 memory. 1046 00:42:05,580 --> 00:42:07,769 So this maybe you could think 1047 00:42:07,770 --> 00:42:09,359 of some cool things you could do with 1048 00:42:09,360 --> 00:42:10,360 that. 1049 00:42:11,070 --> 00:42:13,289 So how does the cryptography 1050 00:42:13,290 --> 00:42:15,419 work on the left 1051 00:42:15,420 --> 00:42:16,889 side, you see the secure world, this 1052 00:42:16,890 --> 00:42:18,599 would be the secure monitor. 1053 00:42:18,600 --> 00:42:20,309 The right side is the nonsecure world or 1054 00:42:20,310 --> 00:42:21,749 the user mode. 1055 00:42:21,750 --> 00:42:23,789 Mostly this is used in the file system 1056 00:42:23,790 --> 00:42:24,689 module. 1057 00:42:24,690 --> 00:42:26,879 So what you have to do at first, 1058 00:42:26,880 --> 00:42:29,849 you have to request a key encryption key 1059 00:42:29,850 --> 00:42:31,619 and then a secure world will generate 1060 00:42:31,620 --> 00:42:32,609 this key encryption key. 1061 00:42:32,610 --> 00:42:34,859 You put some parameters, it'll wreck 1062 00:42:34,860 --> 00:42:35,819 the key encryption key. 1063 00:42:35,820 --> 00:42:37,679 And this is where the important part 1064 00:42:37,680 --> 00:42:40,019 comes in. It'll actually use a random 1065 00:42:40,020 --> 00:42:41,099 session key. 1066 00:42:41,100 --> 00:42:43,259 So even if you get a key encryption 1067 00:42:43,260 --> 00:42:44,909 key from one session, once you report 1068 00:42:44,910 --> 00:42:47,039 your console, your switch, and the 1069 00:42:47,040 --> 00:42:48,419 next time it'll be invalid. 1070 00:42:48,420 --> 00:42:50,309 So even if you, for example, exploit the 1071 00:42:50,310 --> 00:42:52,379 file system module and grab 1072 00:42:52,380 --> 00:42:54,209 one key encryption key, you won't be able 1073 00:42:54,210 --> 00:42:55,919 to use it after the reboot. 1074 00:42:55,920 --> 00:42:57,929 So this is a security sign there. 1075 00:42:57,930 --> 00:43:00,779 But on the other hand, 1076 00:43:00,780 --> 00:43:02,729 how do you use these key encryption keys? 1077 00:43:02,730 --> 00:43:04,979 Will you pass an 1078 00:43:04,980 --> 00:43:07,469 encrypted key into a secure 1079 00:43:07,470 --> 00:43:09,749 world along with the key encryption keys? 1080 00:43:09,750 --> 00:43:11,279 And this is and unwrapped the keys 1081 00:43:11,280 --> 00:43:13,319 decrypted and then the plaintext final 1082 00:43:13,320 --> 00:43:15,419 key actually is passed back to 1083 00:43:15,420 --> 00:43:16,379 use them. 1084 00:43:16,380 --> 00:43:18,029 So that's quite interesting. 1085 00:43:18,030 --> 00:43:20,219 So what you actually find is 1086 00:43:20,220 --> 00:43:22,439 that, for example, the filesystem module 1087 00:43:22,440 --> 00:43:24,719 doesn't use the hardware 1088 00:43:24,720 --> 00:43:26,369 crypto engine to decrypt games or 1089 00:43:26,370 --> 00:43:28,049 binaries or whatnot at all. 1090 00:43:28,050 --> 00:43:30,119 So this is all done by accelerated 1091 00:43:30,120 --> 00:43:32,219 hardware, accelerated 1092 00:43:32,220 --> 00:43:33,359 instruction, actually. 1093 00:43:33,360 --> 00:43:35,639 So in theory, 1094 00:43:35,640 --> 00:43:37,169 you could, for example, exploit the file 1095 00:43:37,170 --> 00:43:39,239 system and you'll get some permissions 1096 00:43:39,240 --> 00:43:41,519 and then ask the security 1097 00:43:41,520 --> 00:43:43,709 monitor to derive all the keys for 1098 00:43:43,710 --> 00:43:45,809 you. All right. So this is another 1099 00:43:45,810 --> 00:43:47,400 reason why it's not really important. 1100 00:43:49,160 --> 00:43:51,259 Now, the last task 1101 00:43:51,260 --> 00:43:52,939 we've seen is to Sleetmute. 1102 00:43:52,940 --> 00:43:54,629 So this is actually a string from the 1103 00:43:54,630 --> 00:43:57,109 secure monitoring to call it Zoome 1104 00:43:57,110 --> 00:43:59,729 apparently means good night or something. 1105 00:43:59,730 --> 00:44:02,059 And so on a sock 1106 00:44:02,060 --> 00:44:03,019 there is the small thing. 1107 00:44:03,020 --> 00:44:05,209 It's the power management controller. 1108 00:44:05,210 --> 00:44:07,069 And this controls to sleep and wake 1109 00:44:07,070 --> 00:44:09,299 transitions and 1110 00:44:09,300 --> 00:44:10,399 and system sleep. 1111 00:44:10,400 --> 00:44:12,079 The entire system on a chip is powered 1112 00:44:12,080 --> 00:44:14,509 down except for the PMC. 1113 00:44:14,510 --> 00:44:15,919 So there is a small block that's 1114 00:44:15,920 --> 00:44:18,139 Always-On and the dirham is put 1115 00:44:18,140 --> 00:44:20,269 into some self refreshment so that 1116 00:44:20,270 --> 00:44:21,289 it keeps the contents. 1117 00:44:21,290 --> 00:44:23,359 Right now, if you 1118 00:44:23,360 --> 00:44:25,489 into sleep mode, the monitor 1119 00:44:25,490 --> 00:44:27,229 actually has to save some states. 1120 00:44:27,230 --> 00:44:29,689 Right? So it does its bills to secure 1121 00:44:29,690 --> 00:44:31,849 memory into external Deran, which is 1122 00:44:31,850 --> 00:44:32,869 untrusted. 1123 00:44:32,870 --> 00:44:34,129 But but it's all right. 1124 00:44:34,130 --> 00:44:35,889 It's encrypted, so don't worry. 1125 00:44:36,890 --> 00:44:39,439 And it also authenticates to TCM, 1126 00:44:39,440 --> 00:44:40,489 to PMC. 1127 00:44:40,490 --> 00:44:42,349 So it's encrypted and authenticated to 1128 00:44:42,350 --> 00:44:43,459 contest it. 1129 00:44:43,460 --> 00:44:44,509 Right. 1130 00:44:44,510 --> 00:44:46,579 And it tells the security engine to 1131 00:44:46,580 --> 00:44:47,929 save its context to dirham. 1132 00:44:47,930 --> 00:44:49,189 You also have to retain the keys. 1133 00:44:49,190 --> 00:44:50,479 I mean, you have to use them after you 1134 00:44:50,480 --> 00:44:51,949 wake up. Right. 1135 00:44:51,950 --> 00:44:54,229 And then we signal the arm to 1136 00:44:54,230 --> 00:44:56,059 put everything into this ELPIDIO mode, 1137 00:44:56,060 --> 00:44:58,489 which is like the slow power mode 1138 00:44:58,490 --> 00:44:59,839 and then wake up. You just roll 1139 00:44:59,840 --> 00:45:02,419 everything up from back and forth. 1140 00:45:02,420 --> 00:45:04,639 So this is the Ohio and 1141 00:45:04,640 --> 00:45:06,769 the Buttram will restore desisted 1142 00:45:06,770 --> 00:45:08,029 from dirham. 1143 00:45:08,030 --> 00:45:10,139 Then it'll pass Aamco execution to 1144 00:45:10,140 --> 00:45:11,479 assign one bobin. 1145 00:45:11,480 --> 00:45:12,979 And this one would be a bit like a 1146 00:45:12,980 --> 00:45:14,209 bootloader for dirham. 1147 00:45:14,210 --> 00:45:15,919 So instead, from an end boot, a cold 1148 00:45:15,920 --> 00:45:17,869 boot, we're doing a warmblood. 1149 00:45:17,870 --> 00:45:20,149 So from dirham and 1150 00:45:20,150 --> 00:45:21,329 this one would be unsigned. 1151 00:45:21,330 --> 00:45:22,609 That's nice. 1152 00:45:22,610 --> 00:45:24,889 What this does it just decrypt the secure 1153 00:45:24,890 --> 00:45:27,319 monitor from dirham to trust and verify 1154 00:45:27,320 --> 00:45:29,509 it with the authentication information 1155 00:45:29,510 --> 00:45:31,339 that we have left in PMC. 1156 00:45:31,340 --> 00:45:33,439 And then if you will just resume 1157 00:45:33,440 --> 00:45:35,359 running theory. 1158 00:45:35,360 --> 00:45:37,849 This all sounds very good, but 1159 00:45:37,850 --> 00:45:39,949 for completeness sake, we can 1160 00:45:39,950 --> 00:45:42,709 just remove the trust from Treston. 1161 00:45:42,710 --> 00:45:44,899 So as we've already 1162 00:45:44,900 --> 00:45:46,369 seen from Pluto, there are some trust 1163 00:45:46,370 --> 00:45:47,389 issues. 1164 00:45:47,390 --> 00:45:49,399 We can just ask the colonel to map the 1165 00:45:49,400 --> 00:45:52,249 lower dirham. With all this data stored, 1166 00:45:52,250 --> 00:45:54,949 we can map in PMC into user mode, 1167 00:45:54,950 --> 00:45:58,309 the PMC registers, etc., etc. 1168 00:45:58,310 --> 00:46:00,439 And we just seen that these 1169 00:46:00,440 --> 00:46:02,029 are crucial. We can process. 1170 00:46:02,030 --> 00:46:04,189 Right. We've seen that the trust 1171 00:46:04,190 --> 00:46:06,679 on memory is decrypted from the araminta, 1172 00:46:06,680 --> 00:46:08,089 it's around and whatnot. 1173 00:46:08,090 --> 00:46:10,399 So if you plug all these 1174 00:46:10,400 --> 00:46:12,589 areas in just the right way, 1175 00:46:12,590 --> 00:46:14,869 you get code execution from 1176 00:46:14,870 --> 00:46:16,729 from user mode. 1177 00:46:16,730 --> 00:46:18,979 Right. So, yeah. 1178 00:46:25,760 --> 00:46:28,009 But as I said, it's it's 1179 00:46:28,010 --> 00:46:30,409 just a fun thing to do is not very useful 1180 00:46:30,410 --> 00:46:31,819 for homebrew anyways. 1181 00:46:31,820 --> 00:46:32,820 Thank you. 1182 00:46:40,240 --> 00:46:41,270 All right, so it's pretty green. 1183 00:46:43,030 --> 00:46:45,159 OK, so what we've done so far is 1184 00:46:45,160 --> 00:46:47,049 when we put the kernel, we made a USB 1185 00:46:47,050 --> 00:46:49,239 debugger up 1186 00:46:49,240 --> 00:46:51,489 and it's. 1187 00:46:52,630 --> 00:46:54,789 Yeah, it works, you can use your 1188 00:46:54,790 --> 00:46:56,769 programs, you can put break points and 1189 00:46:56,770 --> 00:46:58,839 inspect the registers, you don't get 1190 00:46:58,840 --> 00:47:00,939 the symbols yet, but it's open 1191 00:47:00,940 --> 00:47:02,949 source. So if anyone wants to add it, it 1192 00:47:02,950 --> 00:47:04,479 currently requires a criminal exploit, 1193 00:47:04,480 --> 00:47:05,769 but we don't share it. 1194 00:47:05,770 --> 00:47:07,899 But hopefully someone will make 1195 00:47:07,900 --> 00:47:09,789 their own buy this after the stock. 1196 00:47:11,230 --> 00:47:12,819 But what we really care about is 1197 00:47:12,820 --> 00:47:15,159 homebrew. So we've made Liban X, 1198 00:47:15,160 --> 00:47:17,559 which is user mode homebrew 1199 00:47:17,560 --> 00:47:18,849 library. 1200 00:47:18,850 --> 00:47:20,829 We have we provide all the kernel 1201 00:47:20,830 --> 00:47:22,689 primitives like you can create threads. 1202 00:47:22,690 --> 00:47:25,689 You can mutex you can 1203 00:47:25,690 --> 00:47:27,369 talk to all the processors using IPCA. 1204 00:47:27,370 --> 00:47:29,649 We have nice wrappers for everything 1205 00:47:29,650 --> 00:47:30,999 we have for the working network 1206 00:47:31,000 --> 00:47:32,049 filesystem. 1207 00:47:32,050 --> 00:47:34,029 We can act as a USB host. 1208 00:47:34,030 --> 00:47:36,670 We have the controllers working and 1209 00:47:37,690 --> 00:47:39,340 it's Metzgar. 1210 00:47:44,510 --> 00:47:46,699 OK, so we have about four working 1211 00:47:46,700 --> 00:47:48,799 and this really long time, I think our 1212 00:47:48,800 --> 00:47:51,289 friend LSH worked on this for like 1213 00:47:51,290 --> 00:47:52,340 two weeks, full time 1214 00:47:53,660 --> 00:47:55,789 running like Android binder 1215 00:47:55,790 --> 00:47:57,589 IPC interface inside their own IPCA 1216 00:47:57,590 --> 00:48:00,109 interface. It's pretty crazy, but 1217 00:48:00,110 --> 00:48:02,359 yeah, we have it working and 1218 00:48:02,360 --> 00:48:04,999 we're pushing the updates so 1219 00:48:05,000 --> 00:48:06,460 anyone can just use this now. 1220 00:48:08,370 --> 00:48:10,229 So but still, there's work to be done, 1221 00:48:10,230 --> 00:48:12,509 right? We enjoy reversing 1222 00:48:12,510 --> 00:48:13,439 Friday code a lot. 1223 00:48:13,440 --> 00:48:15,899 It's a lot of fun and it's fun. 1224 00:48:15,900 --> 00:48:17,280 I hope you agree. And 1225 00:48:18,650 --> 00:48:20,619 we still have work to be done, right. 1226 00:48:20,620 --> 00:48:22,439 So we don't have any GPU acceleration 1227 00:48:22,440 --> 00:48:23,909 right now in Lebanon. 1228 00:48:23,910 --> 00:48:25,109 So right now, everything is software 1229 00:48:25,110 --> 00:48:27,479 rendering and 1230 00:48:27,480 --> 00:48:28,709 all support. 1231 00:48:28,710 --> 00:48:31,139 We don't have it right now. So, uh, 1232 00:48:31,140 --> 00:48:32,639 and then we want people to make games 1233 00:48:32,640 --> 00:48:34,859 because otherwise the hacking is for 1234 00:48:34,860 --> 00:48:35,860 nothing. Um, 1235 00:48:36,960 --> 00:48:39,239 so we can't release 1236 00:48:39,240 --> 00:48:41,369 it today, but we're working on a homebrew 1237 00:48:41,370 --> 00:48:44,539 launcher, so there will be homebrew soon. 1238 00:48:44,540 --> 00:48:46,859 Uh, it's, uh, in collaboration 1239 00:48:46,860 --> 00:48:48,929 with a dance team team with which 1240 00:48:48,930 --> 00:48:50,999 which actually implemented a lot of 1241 00:48:51,000 --> 00:48:52,049 the exploit. 1242 00:48:52,050 --> 00:48:54,359 So we're just like trying to make it a 1243 00:48:54,360 --> 00:48:56,549 nice, stable platform for homebrew 1244 00:48:56,550 --> 00:48:57,839 and yeah. 1245 00:48:57,840 --> 00:49:00,239 Get on firmware three if you're lower 1246 00:49:00,240 --> 00:49:02,159 and stay stay there. 1247 00:49:02,160 --> 00:49:03,160 So 1248 00:49:04,380 --> 00:49:05,789 thank you to everyone involved and 1249 00:49:05,790 --> 00:49:07,259 especially yellow, you couldn't make it. 1250 00:49:07,260 --> 00:49:09,419 So now we have the demo working 1251 00:49:09,420 --> 00:49:11,129 and I'll have it, uh, not. 1252 00:49:30,100 --> 00:49:31,260 Also, thanks to our 1253 00:49:32,530 --> 00:49:34,809 this is a all of 1254 00:49:34,810 --> 00:49:35,820 thanks to Nintendo. Well, 1255 00:49:37,210 --> 00:49:38,590 it's a pretty nice system. 1256 00:49:45,720 --> 00:49:48,309 So you do 1257 00:49:48,310 --> 00:49:49,310 a. 1258 00:49:50,200 --> 00:49:51,460 It is you know, 1259 00:49:52,710 --> 00:49:54,159 this is where you 1260 00:49:55,600 --> 00:49:56,600 know. 1261 00:50:00,580 --> 00:50:02,529 This is just something I wrote like last 1262 00:50:02,530 --> 00:50:04,559 night, but. 1263 00:50:04,560 --> 00:50:05,560 Hopefully works. 1264 00:50:12,000 --> 00:50:13,000 Thank you. 1265 00:50:21,920 --> 00:50:23,419 If we have time for questions, we can 1266 00:50:23,420 --> 00:50:25,489 have them, we 1267 00:50:25,490 --> 00:50:27,079 have time for some questions. 1268 00:50:27,080 --> 00:50:29,089 There are microphones stationed around 1269 00:50:29,090 --> 00:50:31,639 the auditorium, numbered one through six. 1270 00:50:31,640 --> 00:50:32,989 You have a question burning that you 1271 00:50:32,990 --> 00:50:34,639 would like to ask then, please. 1272 00:50:34,640 --> 00:50:36,049 I would ask you to line up behind these 1273 00:50:36,050 --> 00:50:37,789 microphones and I will call you. 1274 00:50:37,790 --> 00:50:40,009 Also, there is a signal angel who 1275 00:50:40,010 --> 00:50:41,509 is taking questions from the Internet, 1276 00:50:41,510 --> 00:50:43,429 and I see that he already has one. 1277 00:50:43,430 --> 00:50:45,439 So, dear signal angel, please. 1278 00:50:45,440 --> 00:50:46,909 Our first question. 1279 00:50:46,910 --> 00:50:49,099 Thank you. When glitching to get 1280 00:50:49,100 --> 00:50:51,139 the keys, how long did it take to get the 1281 00:50:51,140 --> 00:50:53,719 keys with the, you know, the exact 1282 00:50:53,720 --> 00:50:54,979 right timing? 1283 00:50:54,980 --> 00:50:57,469 Have you been able to anyhow automate 1284 00:50:57,470 --> 00:50:58,470 this task? 1285 00:51:01,530 --> 00:51:03,779 Sorry, could you repeat the question that 1286 00:51:03,780 --> 00:51:05,100 the speaker is a bit lazy? 1287 00:51:08,590 --> 00:51:10,179 GLITCHING to get the keys. 1288 00:51:10,180 --> 00:51:12,819 How long did it take and could you 1289 00:51:12,820 --> 00:51:14,949 anyhow automate this task? 1290 00:51:14,950 --> 00:51:17,709 OK, so the question was 1291 00:51:17,710 --> 00:51:19,329 how long it took to get the keys and if 1292 00:51:19,330 --> 00:51:20,330 we could automated it? 1293 00:51:21,350 --> 00:51:23,589 Yeah, it took about like one 1294 00:51:23,590 --> 00:51:25,959 month to get some 1295 00:51:25,960 --> 00:51:27,369 people up keys. 1296 00:51:27,370 --> 00:51:29,769 And just recently, like 1297 00:51:29,770 --> 00:51:31,780 I think last week, 1298 00:51:33,160 --> 00:51:35,379 we got some other keys 1299 00:51:35,380 --> 00:51:35,799 as well. 1300 00:51:35,800 --> 00:51:37,929 So, yeah, 1301 00:51:37,930 --> 00:51:40,029 um, regarding the glitching set up, yes. 1302 00:51:40,030 --> 00:51:43,059 It was possible to automate it because 1303 00:51:43,060 --> 00:51:44,679 we found the reset signal. 1304 00:51:44,680 --> 00:51:47,019 So after each clicking 1305 00:51:47,020 --> 00:51:49,029 attempt that failed, we could just reset 1306 00:51:49,030 --> 00:51:50,030 and try again. 1307 00:51:51,980 --> 00:51:53,290 Microphone number six, 1308 00:51:54,530 --> 00:51:57,169 yeah. Thank you for a great talk. 1309 00:51:57,170 --> 00:51:59,449 I would really like to rebuild 1310 00:51:59,450 --> 00:52:00,499 your little tech. 1311 00:52:00,500 --> 00:52:02,820 Is this stuff some of your neighbor? 1312 00:52:07,820 --> 00:52:09,799 So could you repeat it was something 1313 00:52:09,800 --> 00:52:11,789 about the taking reproducing it? 1314 00:52:11,790 --> 00:52:13,939 Yes, I would really like to try 1315 00:52:13,940 --> 00:52:15,199 it myself. 1316 00:52:15,200 --> 00:52:17,399 Is this information about the glitch 1317 00:52:17,400 --> 00:52:19,369 somewhere available? 1318 00:52:19,370 --> 00:52:20,869 So the question is, if the more 1319 00:52:20,870 --> 00:52:22,249 information is available on the glitch 1320 00:52:22,250 --> 00:52:24,169 attack and. 1321 00:52:25,870 --> 00:52:28,069 Yeah, well, basically, it's 1322 00:52:28,070 --> 00:52:30,009 just clicking. 1323 00:52:30,010 --> 00:52:32,329 Um, there's a lot of information 1324 00:52:32,330 --> 00:52:34,279 about it, but it's it's not that 1325 00:52:34,280 --> 00:52:35,959 difficult. I mean, you saw it was a 1326 00:52:35,960 --> 00:52:37,209 pretty cheap set up. 1327 00:52:37,210 --> 00:52:39,889 You just need some offsets 1328 00:52:39,890 --> 00:52:42,019 that somehow the voltage don't 1329 00:52:42,020 --> 00:52:42,949 you ground. 1330 00:52:42,950 --> 00:52:44,839 And that will just work, I guess. 1331 00:52:47,780 --> 00:52:48,780 Microphone one, 1332 00:52:49,970 --> 00:52:51,689 since there have been jokes about the 1333 00:52:51,690 --> 00:52:53,709 switch just being an Android tablet, if 1334 00:52:53,710 --> 00:52:55,979 you guys try to start running Android. 1335 00:53:00,150 --> 00:53:02,399 No, we didn't try that yet, but 1336 00:53:02,400 --> 00:53:04,269 I think it would be pretty sweet to have 1337 00:53:04,270 --> 00:53:05,459 Android running on switches. 1338 00:53:07,350 --> 00:53:09,509 Well, yeah, I think it would 1339 00:53:09,510 --> 00:53:11,459 only make sense with some kind of code 1340 00:53:11,460 --> 00:53:13,019 good exploit. 1341 00:53:13,020 --> 00:53:15,359 And yet we are still working 1342 00:53:15,360 --> 00:53:16,679 on that. So, yeah. 1343 00:53:18,510 --> 00:53:19,510 Signal Angel. 1344 00:53:21,060 --> 00:53:22,199 Thank you. 1345 00:53:22,200 --> 00:53:24,389 So you told about doing crypto on the 1346 00:53:24,390 --> 00:53:25,679 key slots. 1347 00:53:25,680 --> 00:53:28,049 Could you copy an encrypted 1348 00:53:28,050 --> 00:53:29,729 key from a locked key slot into an 1349 00:53:29,730 --> 00:53:31,889 unlocked key slot, read it out and then 1350 00:53:31,890 --> 00:53:32,890 decrypted. 1351 00:53:35,060 --> 00:53:37,039 So there are bits that actually or the 1352 00:53:37,040 --> 00:53:38,839 question was whether you could copy an 1353 00:53:38,840 --> 00:53:40,969 encrypted lock key slide into 1354 00:53:40,970 --> 00:53:42,649 an unlocked keys lot and then read it 1355 00:53:42,650 --> 00:53:44,959 out. So there are some bits 1356 00:53:44,960 --> 00:53:46,639 that actually controls whether you can 1357 00:53:46,640 --> 00:53:48,649 read right from a low key slot and you 1358 00:53:48,650 --> 00:53:50,359 could actually set it up such that you 1359 00:53:50,360 --> 00:53:52,909 wouldn't be able to encrypt 1360 00:53:52,910 --> 00:53:54,919 from a key slot into an unlocked key 1361 00:53:54,920 --> 00:53:55,429 slot. 1362 00:53:55,430 --> 00:53:57,169 So you can actually make it secure. 1363 00:53:57,170 --> 00:53:59,239 This is one that we thought of, but there 1364 00:53:59,240 --> 00:54:01,609 are mitigations against this attack by 1365 00:54:01,610 --> 00:54:03,019 the locking mechanism. 1366 00:54:03,020 --> 00:54:04,519 So unfortunately, that that's not 1367 00:54:04,520 --> 00:54:07,219 possible if you set it up correctly. 1368 00:54:07,220 --> 00:54:08,220 Thank you. 1369 00:54:08,990 --> 00:54:10,609 Microphone four. 1370 00:54:10,610 --> 00:54:11,869 Yeah. Thank you very much. 1371 00:54:11,870 --> 00:54:14,059 You just told us that we should 1372 00:54:14,060 --> 00:54:16,429 stay on exactly three 1373 00:54:16,430 --> 00:54:18,679 point zero point zero. 1374 00:54:18,680 --> 00:54:20,779 So what did change 1375 00:54:20,780 --> 00:54:22,369 from two to three? 1376 00:54:22,370 --> 00:54:24,529 That doesn't make a 1377 00:54:24,530 --> 00:54:27,109 whole group feasible on that version. 1378 00:54:27,110 --> 00:54:29,329 And what was patched for 1379 00:54:29,330 --> 00:54:31,579 three point zero point 1380 00:54:31,580 --> 00:54:33,829 one so that it doesn't work anymore. 1381 00:54:37,100 --> 00:54:39,529 So the question is why 1382 00:54:39,530 --> 00:54:41,419 it won't work beyond the three point zero 1383 00:54:41,420 --> 00:54:43,729 zero if I got it right, and the reason 1384 00:54:43,730 --> 00:54:46,099 is that the bug we 1385 00:54:46,100 --> 00:54:48,259 talked about where you 1386 00:54:48,260 --> 00:54:50,839 don't send the pitch, so think it's zero, 1387 00:54:50,840 --> 00:54:53,209 they fix that bug on three 1388 00:54:53,210 --> 00:54:55,369 one. So if you're below 1389 00:54:55,370 --> 00:54:56,509 that, you're still vulnerable. 1390 00:54:56,510 --> 00:54:58,789 But if you're above that, 1391 00:54:58,790 --> 00:55:00,979 you can bypass the whitelist 1392 00:55:00,980 --> 00:55:02,150 and you can really get anywhere. 1393 00:55:04,070 --> 00:55:05,419 So that's the answer to that. 1394 00:55:06,980 --> 00:55:07,980 But. 1395 00:55:09,500 --> 00:55:10,550 Something I was going to say. 1396 00:55:18,750 --> 00:55:20,899 Yeah, I would probably, yeah. 1397 00:55:20,900 --> 00:55:22,289 It wasn't anything important from my 1398 00:55:23,700 --> 00:55:25,559 microphone, too, yeah. 1399 00:55:25,560 --> 00:55:27,829 So this exploits work, 1400 00:55:27,830 --> 00:55:29,549 work. Some people touch us. 1401 00:55:29,550 --> 00:55:31,619 What have you been able to test 1402 00:55:31,620 --> 00:55:33,689 it on other web hits like The 1403 00:55:33,690 --> 00:55:34,690 Captive Portal? 1404 00:55:37,600 --> 00:55:39,759 Yeah, so the question was, if 1405 00:55:39,760 --> 00:55:41,349 there were expert only works with this 1406 00:55:41,350 --> 00:55:43,839 Tetris game and no, 1407 00:55:43,840 --> 00:55:44,840 the answer is that 1408 00:55:46,120 --> 00:55:47,769 the website is not actually bundled with 1409 00:55:47,770 --> 00:55:49,299 the game. It's more like a system 1410 00:55:49,300 --> 00:55:51,579 athlete. So so the game 1411 00:55:51,580 --> 00:55:53,319 just launches an update from the system 1412 00:55:53,320 --> 00:55:54,320 for firmware. 1413 00:55:55,360 --> 00:55:57,759 So we have 1414 00:55:57,760 --> 00:55:59,439 the same bug, the Pegasus one that we 1415 00:55:59,440 --> 00:56:01,509 demoed. Um, it works 1416 00:56:01,510 --> 00:56:03,039 up to two point 1417 00:56:04,060 --> 00:56:05,529 three, I think. 1418 00:56:05,530 --> 00:56:07,209 And then they fixed it and then it will 1419 00:56:07,210 --> 00:56:09,699 be fixed for all of the games. 1420 00:56:09,700 --> 00:56:11,829 But yeah, 1421 00:56:11,830 --> 00:56:13,989 if you're above 2.0, you don't 1422 00:56:13,990 --> 00:56:15,999 really have to buy this game, this Tetris 1423 00:56:16,000 --> 00:56:17,609 game, you can just launch it without it. 1424 00:56:17,610 --> 00:56:18,610 So. 1425 00:56:19,930 --> 00:56:21,189 All right. That was all the time we had 1426 00:56:21,190 --> 00:56:22,449 for questions. Let's give them another 1427 00:56:22,450 --> 00:56:23,559 round of applause.