Hackers explain how to get the root key for Nintendo Switch

Hacker plutoo, who once got the root key of Nintendo Switch in 2018, has released a method to get the root key of the latest Nintendo Switch with enhanced security function by the update.

Full key extraction of NVIDIA ™ TSEC
https://gist.githubusercontent.com/plutooo/733318dbb57166d203c10d12f6c24e06/raw/15c5b2612ab62998243ce5e7877496466cabb77f/tsec.txt

At the beginning of the release, Nintendo Switch was so easy to hack that there was also a method of 'screwing aluminum foil into the JoyCon rail and shorting it to force it into debug mode'. Mr. plutoo, who announced how to get the root key this time, is a person who has disclosed how to access Nintendo Switch at the kernel level and gain complete control of the terminal as of 2018.

Hacking of Nintendo Switch has advanced to a considerable level-GIGAZINE

by Bryan Ochalla

As mentioned above, plutoo had almost completely hacked the Nintendo Switch as of 2018, but after this Nintendo has solved the hacking problem with an update. It is common to update the software to address security issues. However, when the Nintendo Switch was released, the problem was a hardware problem, and it was thought that it was almost impossible to fix what was already on the market. In the midst of these difficulties, Nintendo solved the problem by using an encryption unit called 'TSEC ' installed in Nvidia Tegra X1 which is the main CPU of Nintendo Switch.

This TSEC has independent SRAM, independent secure boot, bus mastering function and direct memory access to the memory of Nintendo Switch, and Nintendo distributed firmware update 6.2.0 in November 2018 with 'TSEC'. The method of 'starting after forcibly restarting the memory to disable hacking' is realized. We have succeeded in disabling existing hacking methods without any modification of the hardware.

This time, plutoo has released a method of breaking through the TSEC and pulling out the root key from the Nintendo Switch again. According to him, the Nintendo Switch is designed to stabilize at a voltage of 1.1V, which greatly exceeds the required voltage of 0.6 to 0.7V of CMOS, in order to prevent the voltage shortage of the mounted CMOS. However, the Nintendo Switch is equipped with a function called 'voltage scaling' that 'the main CPU adjusts its own voltage according to the performance setting to raise or lower the output', and controls the voltage from the CPU. It was possible.

Since a vulnerability to execute code from the main CPU has already been discovered, plutoo sent a command to lower the voltage. We found that the entire chip freezes at a voltage of 0.6V or less, but an error called 'bit inversion' occurs in the memory at a low voltage of 0.6 to 0.72V.

When a differential failure analysis was performed to determine the private key from the difference in behavior between the time of error and the normal time, the following keys related to AES were actually found.

sha256 (csecret_00) = 7c20cef183f6184f7c5a877040ec63fa44ad42178b1aa6af9932568fc468e426
sha256 (csecret_01) = 43449338c1bc8ceb1b3232a611f955f9095254f492117a158528589cd16f2930 NVIDIA TSEC code signing key
sha256 (csecret_02) = 2816295b45e08837846afbe093cd4a3ab5492174798d2e1872fceeccc0463e0f
sha256 (csecret_03) = eb06713d87ad94c9832549eb2057f014b5fd34853c0f8ce4108aecd3b23c8a58
sha256 (csecret_04) = 7fafa6babbc8600ec42969ac81e16701320c4611e4cc910b4c51adcf14363212
sha256 (csecret_05) = 49371c6ccb2cf64c10633164c202a3f7d03a17a0e0098ab7bcd9f84ae9a4805c
sha256 (csecret_06) = 8475f02b86bbf722654e43b1fef32ac22c740d10aa4432b93d5b2035523c2c94 NVIDIA TSEC code encryption key
sha256 (csecret_07) = d6ecab46e243d80af83ca5f8bdf440b595459ecb39f2e083a50f793ade04822c
sha256 (csecret_08) = 8ca7cc625a593699870e11056aa52124cc5565df0d934b6431854910314b6c51
sha256 (csecret_09) = 6836e01fce672b276e3746fac8e7a133a986c7922f2bddebd3c231fcd6a6bac5
sha256 (csecret_0a) = 96240c628444c83b527fb8de96bbc39e3c9ef4c46952286a57f9d7efe0847ae2
sha256 (csecret_0b) = afa6d401592ca2ac21451064a632b6eecc72bb887d29ac93ce7c0de3e2c9212
sha256 (csecret_0c) = d19495a97b6dd1dac8ee099107c731cdab49c0e1ec5b3cd1b38480d70dbe7003
sha256 (csecret_0d) = 1c081ad4d8c7da9291ec4f5de06e558177fc0faf613fb7d9ff0005ef66f63d61
sha256 (csecret_0e) = b2429bfb5de59191b825f9675c4320b5e1dfb5cc0e7a8161c5dab64313eb9a63
sha256 (csecret_0f) = 34141a2aa355cfa1d14ec921db288d1cd04c810c3c30c69abb34bb1542a9966f
sha256 (csecret_10) = 678d1b92f9dd7e46bdc9bd96378896f58da01e933d5056c812c9d3a948b709b4
sha256 (csecret_11) = 7e0aec4bfd4160035d04aec8e2aa0e7668ae769681f8a2c6ba62d31791f072aa
sha256 (csecret_12) = 641622358b351d50e7f3f2cfee6864a68fa7803a649a2bcade226a99a143918a
sha256 (csecret_13) = 86899161828e7b3ebb8b90e73261d2e34b8b5314f070f9811cf4173570024665
sha256 (csecret_14) = 735146a321f46b7d130226b0aea05d2042363374b0674e9015d80c4eb17f6e7b
sha256 (csecret_15) = 9c90367e3b4191706f1018861f1622e233d905445e6f2463bedbdea2f4395205
sha256 (csecret_16) = 6e607b4265f213530df9d6c9574af4a3a6d5c7282f19214144ac03cda69b68f1
sha256 (csecret_17) = fdc6ed08368fc2f19f8f8979fe7545f6f9136897d369045d3afd160756d82c3d
sha256 (csecret_18) = 40c4d1dfb08fb9963ad20076681651a124f325a6065db51c1b88b2efd8799d01
sha256 (csecret_19) = eb9b9813c0a08f7c6af56907e09c5df8e53d2d4299914038fa867578ced8b656
sha256 (csecret_1a) = c62e4708e163252adeac56f749cf025a8921a86f786e2cc396304ebd2e625354
sha256 (csecret_1b) = 0bde3d9cb209d1c132d1c9e80c0ccf595e3feef411be7ee590e181af57421815
sha256 (csecret_1c) = a9dc5a0a27de9214909c8dd933cdd82e6df1cc2d09cb654466406e2cebad0017
sha256 (csecret_1d) = c58b9370c0c67dbebaf8925f734e29940a3de70d3815fd644f2835f4f0ebb106
sha256 (csecret_1e) = 02667ae7cbe9a608a648eec9876dc66159068aceb872901a085ce6968f5d17a1
sha256 (csecret_1f) = 2885bc4f35d01ad469997b6a36a9bfa2976d62ae5dc48a1f96ecbc73bc770528
sha256 (csecret_20) = 14fc0140daafc49631356da9a6ef5d96ca20b8d45ce63e4227aededbcd0056bf
sha256 (csecret_21) = 5ad7845f27ea0aa7c717ff56d4cffe5d060a374d86a0e820bdc13fc5f553226b
sha256 (csecret_22) = ab1cf064eedfeaa7f71db717bfbcfdbd73b6db7ba356e37cc299d8b731cffe24
sha256 (csecret_23) = 81fdc5ebcd592f59a063a66155f6b08e48cc89e19c6fb8d3a2756c9ac0590f8f
sha256 (csecret_24) = c8312de41a98f7c55c4e21184b1f34a7578145c2cbeca78a9556978dd84939e3
sha256 (csecret_25) = b20226d3accc9e554278f3ba7157460ebff8a88757e850d57591342b0a275542
sha256 (csecret_26) = cefe01c9e3eeef1a73b8c10d742ae386279b7dff30a2fbc0aabd058c1f135833 OEM key: Nintendo
sha256 (csecret_27) = d3ade4766781a5d9862b350867c2572dcb7f513b28c3a812170cd856dfb54f95
sha256 (csecret_28) = 73f4a07cd1f061f81c42b32e3dd1ffa0ac1114d40df92205869e60a1e537d2ac
sha256 (csecret_29) = d97b8509b66ae9b33ed6d1e46b37449ed6f7f3e7f4bc03a59004994ff833bb71
sha256 (csecret_2a) = 08a0edf7bf91d7fa685ca77246b8394fa4edd0e06639e53e6fa835436b09560f
sha256 (csecret_2b) = 6d3a215979ae17a947e7c2772d1efec9b0ac9b0063f4e0a64fe93f779fc70188
sha256 (csecret_2c) = 20c358eeed4f03cc03ddbad4f9cf9e6f83a86c61fe434ee259789a63ba2178b7
sha256 (csecret_2d) = 07923cbd0e19d3b8c81d3f5d4df8ef58ec667f94e6096897de34c1ebf878b2b0
sha256 (csecret_2e) = b8706c9d52b7fe020c3c833cfde328dbcda24c290be60c658b3c1784da85340b
sha256 (csecret_2f) = e0c6273094f499180139a06133e582565cc1cd23478a6180914950a672e3bfaf
sha256 (csecret_30) = 3477d86ed721fd5112c94a566f26b4d30cd7ae78de1b047eb21a709a7934d073
sha256 (csecret_31) = d2bf372d3a1b652a31b0fa1264086c8fdce8ab491889dce2cfb4db71eab758b8
sha256 (csecret_32) = fc65d00eb14406f76a940368722c4f3b8ab11d1abf44e32499103492cf714af9
sha256 (csecret_33) = fa7f4a5cb39ae9205177f3da8f8c2f88ec7f8d14b8c6f75b2dbb661f30ec076d
sha256 (csecret_34) = 4aa215afd1a0ab118ab60db1fbc5ee769907a1b58813ec417e7f1519a5cc4243
sha256 (csecret_35) = ae64ed29f1158feee2c3e858b2868197c173b07e6d1d281dbd458449770c492b
sha256 (csecret_36) = 083bd0a21da79ae6b63c9e01035fad9334983c79a43d555dba5481c6d531b30f
sha256 (csecret_37) = 9cc2735bc70f0c756279c41b85dd558e00783dd8ec4202f4db0f6c384b43dda2
sha256 (csecret_38) = 90483d58fc3e7c298b353f3d9295d8a81d8bb9f5182bcfcf3c8c60e9b6537aec
sha256 (csecret_39) = 78a4c4ad790921ab5c6f3224ea394fb53e576110d1fa467b3aa942b5c141cfa8
sha256 (csecret_3a) = a28b03e2bee0c18640f9607db3cf430af0fc7a9b61b002f3369333e13dec3080
sha256 (csecret_3b) = eec13d2a63a89e35834d6e1c2ca879ef556e3e970efaf08bee406979f271e9a9
sha256 (csecret_3c) = 29b30980914a0201a195dab7c5494d2ca9c94205619c2f91dd74ddeea24d14f0
sha256 (csecret_3d) = aeff5b69a19c6a1b767dfae9fd57ffcb11ba2f5eb34f0e013a922d9474218d11
sha256 (csecret_3e) = 6b07bc90e01a40ae51fd718e2ef751fb174c14c8cb4f68a00be847f020bdc1a6
sha256 (csecret_3f) = 374708fff7719dd5979ec875d56cd2286f6d3cf7ec317a3b25632aab28ec37bb