Nintendo Switch prevents downgrading system software by physically changing the device

ByScott Akerman

System software that runs on many game machines updates the software at any time to deal with security problems and so on. However, it is a fact that there are a certain number of people who intentionally downgrade system software and try to exploit using vulnerabilities, and not to downgrade is also considered as one of security measures. According to security researcher John Lucas de Caro, "Nintendo Switch is preventing system software downgrading by physically destroying the fuse in the chip."

How the Nintendo Switch prevents downgrades by irreparably blowing its own fuses
https://hackernoon.com/how-the-nintendo-switch-prevents-downgrades-by-irreparably-blowing-its-own-fuses-884bd3b7a8ba

Because Nintendo Switch does not downgrade system software, every time the system software version goes up, we take the approach to physically change the device.

Nintendo Switch is called "NVIDIA Tegla X1"SoCThis SoC is used to operate fuses in the chipdriverIs attached. In other words, using this driver makes it possible to destroy fuses with software instructions, so that physical changes can be made to the device at any timing.

ByRazor 512

According to Mr. Karo, Nintendo Switch is disabling system software downgrade in the following manner.

1. When starting Nintendo Switch,Boot loaderCheck the state of the fuse.
2. If the number of fuses matches the number associated with the system software version, start up the system.
3. If the number of destroyed fuses is less than expected, destroy the fuse to the correct number before starting the system.
4. If the number of destroyed fuses is greater than expected, do not boot the system assuming they are downgraded.

In order to downgrade the system software to the previous version after understanding this mechanism, it is necessary to physically restore the destroyed fuse in the SoC together with the downgrade of the software itself. Despite theoretically possible restoration of the fuse, Mr. Karo said that it is too difficult and not a realistic response.

ByShardayyy

There are 32 fuses in the SoC of "NVIDIA Tegla X1". Therefore, even if the fuse is destroyed every major version up where the version number is incremented by 1, Mr. Karo said that it will be able to deal with 32 major updates in total.

However, the process of checking the state of the fuse can be bypassed and is not thorough. For this reason, the mechanism adopted by Nintendo Switch is thought to have a strong time-consuming meaning to prevent downgrading easily.