
How the Nintendo Switch prevents downgrades by irreparably blowing its own fuses - jonluca
https://blog.jonlu.ca/posts/nintendo-switch?ref=hn
======
hd4
There is an easy workaround developed by the Switch homebrew community, simply
upgrade from within a custom firmware (such as Atmosphere-NX) and run a tool
called ChoiDuJourNX which bypasses the fuse-burning.

If you're careful you can keep a backup trail going all the way back to your
original device firmware and restore/downgrade it using the Hekate system
tool. It has already been pointed out that there isn't much reason to do this,
AFAIK the main reason people either held out on older firmwares or kept up a
backup trail to them was in order to take advantage of possible firmware-
version-specific exploits, the gold standard being a coldboot exploit.

~~~
roblabla
The reason this "easy workaround" works at all is that there is a BootROM
exploit that trivially allows running arbitrary code in the BootROM. This
allows us to run our own bootloader instead of Nintendo's, bypassing their
fuse burning logic. Had Nvidia not fucked up their USB implementation (along
with other part of their platform), this would have been harder to bypass.

[0]:
[https://www.reddit.com/r/SwitchHacks/comments/7rq0cu/jamais_...](https://www.reddit.com/r/SwitchHacks/comments/7rq0cu/jamais_vu_a_100_trustzone_code_execution_exploit/)

~~~
artsyca
I don't want to sound like I'm pontificating or defecating on the corporacy at
everyone's favorite hardware company but it strikes me that these sorts of
lapses are cultural and stem from this tedious emphasis everyone places on
having "relaxed working environments"[0]

Does it surprise you that the product of this culture also has relaxed
security characteristics?

[0] [https://www.nvidia.com/en-us/about-nvidia/culture-at-
nvidia/](https://www.nvidia.com/en-us/about-nvidia/culture-at-nvidia/)

~~~
monsieurbanana
Thank you for making me laugh in these trying times.

~~~
artsyca
I gotta keep it real for you sir banana, the only way to have a legit
conversation on this platform is to have an equal number of up and downvotes.

------
adrr
What happens if some hacker finds a remote exploit and starts blowing all the
fuses on people's devices?

~~~
londons_explore
If this was widespread, Nintendo would just release a firmware without fuse
checks.

~~~
roblabla
More like, they'd just release a firmware without the remote exploit in the
first place. The consoles that got their fuses wiped would be bricked anyways,
you wouldn't be able to install the firmware without fuse-checks on it through
normal methods (Nintendo, however, could replace them easily).

------
bibabaloo
I'm curious, how do Nintendo justify such an anti-consumer protection? It
seems like it only really has upside for them.

~~~
nottorp
As far as i know Nintendo is the only console maker still having region locks
and being extremely fussy about transferring your purchases when your hardware
dies/is replaced.

I'd call THAT anti consumer.

Correct me if i'm wrong, but that's the impression I got from reading here and
there and the reason I don't own Nintendo products.

~~~
currymj
Nintendo’s portable systems (going back to the Game Boy and including the
Switch) have never had region locks, on the logic that somebody might want to
buy a new game while traveling. The consoles (except for Switch) do, though.

~~~
pokemod97
The 3ds did have region locks on it. I think the rest didn't.

~~~
nottorp
Funny enough, that's when I wanted to buy a Nintendo portable. 3D without
glasses seemed interesting. Then I noticed that not many games are available
in eastern europe and I wasn't willing to jump through hoops to give them my
money.

------
wolfgke
> There are 256 bits in the set of ODM_RESERVED fuses, and there are 8
> ODM_RESERVED. This allows for 32 fuses, or 32 future FW versions (provided
> they burn a fuse on every major release).

Can someone explain how the author gets from the numbers 256 and 8 to the
count of 32 fuses?

~~~
nitrogen
Maybe that's 256 bits divided into eight chunks of 32?

~~~
indigo945
I think it's the other way around, there's 32 fuse-bytes of 8 fuse-bits each,
adding up to 256 bits of PROM.

------
outadoc
I'm unclear on how these hardware fuses actually work. Are they actual fuses
that can be burnt on will by excessive power?

When the article says:

> The boot loader verifies a specific fuse, FUSE_RESERVED_ODM7, to prevent
> downgrading. Each software version expects a different number of fuses to be
> blown [...]

Does this mean FUSE_RESERVED_ODM7 actually contains multiple fuses?

~~~
ThePowerOfFuet
> I'm unclear on how these hardware fuses actually work. Are they actual fuses
> that can be burnt on will by excessive power?

No, they're not like the fuses in your house. These can be blown by software
to irrevocably change something which can then be verified later, or in other
cases to prevent reprogramming of a microcontroller (which can be programmed
only if the programming fuse is still intact.

>Does this mean FUSE_RESERVED_ODM7 actually contains multiple fuses?

No, that's the name of one fuse. Once you upgrade the device next time, the
upgrade tool would, for example, blow FUSE_RESERVED_ODM8; older software would
verify that this fuse (and the higher-numbered ones) are NOT blown, and refuse
to boot otherwise.

~~~
arghwhat
> No, that's the name of one fuse.

No, it's a 32-bit segment belonging to the 256-bit odm_reserved segment.
FUSE_RESERVED_ODM7 is specifically the _last_ 32-bit segment.

Some fuse information can be read here:
[https://docs.nvidia.com/jetson/archives/l4t-archived/l4t-323...](https://docs.nvidia.com/jetson/archives/l4t-archived/l4t-3231/index.html#page/Tegra%20Linux%20Driver%20Package%20Development%20Guide/bootloader_secure_boot.html).

------
dvhh
This was already in use in other game system (for example the xbox 360, see
[https://en.wikipedia.org/wiki/IBM_eFUSE](https://en.wikipedia.org/wiki/IBM_eFUSE)
)

~~~
CodeArtisan
Also in use in Samsung smartphones:
[https://en.wikipedia.org/wiki/Samsung_Knox#e-fuse](https://en.wikipedia.org/wiki/Samsung_Knox#e-fuse)

~~~
Mindwipe
Lots of embedded devices really. Pretty much all satellite/cable set top boxes
too.

~~~
marcan_42
More modern chips contain fuses than not these days. It's e.g. how you turn
off broken silicon or swap in redundant bits, when devices are tested.

------
camgunz
Are these fuses extremely small? I would assume they’re easy to bypass
otherwise.

~~~
wutbrodo
From the beginning of the article:

> It’s theoretically possible to physically modify the SoC and replace the
> fuses, but it’s so prohibitively invasive and expensive that it’s not a real
> option.

~~~
camgunz
Yeah I read that but, I wanted to know why.

------
m101
Why do they bother with this if someone is going to make a software
workaround? Seems like people who would look to downgrade firmware might also
be the same that would be able to implement the workaround.

~~~
hd4
Apathy. The vast majority of consumers won't bother. Also, the Switch's
security was actually comparatively solid. It was a flaw in the Tegra X1
(thanks Nvidia!) component that led to an exploit being discovered.

------
mmglr
A few questions:

1\. What was the intended use case behind the Tegra having 32 blowable fuses?
Did Nvidia intend for those fuses to be used in this manner?

2\. What is a non-retail switch?

~~~
mlyle
Fuses and OTP are a very common thing to throw in to systems. Most
microcontrollers offer capabilities like this, and now they're drifting into
more general purpose, larger SOCs. Maybe you use it to keep a serial number,
or to separate product families, or for something like this.

Tegra's main purpose of the fuses is to handle holding cryptographic keys,
boot parameters, and to disable the debug port. But since they have a fuse
unit already, they provide a few words for the end-user to use as they please.

I too am curious what "non-retail" means in this context.

~~~
sirn
>I too am curious what "non-retail" means in this context.

Maybe dev kits? AFAIK Switch has at least two dev kits (SDEV/EDEV) for
different purposes so it kinda makes sense to call them non-retail.

------
lkjaero
Maybe this is a dumb question, but can these fuses be blown by accident? Eg:
too much power in the switch. How do they mitigate this?

------
unnouinceput
Nintendo switch emulator. Game over.

------
classics2
Clickbait title.

------
monadic2
Shameful, honestly.

------
slim
It backfires like this : users are trained to never upgrade. Games that target
a specific version lose sales.

~~~
hrktb
As a user, I feel Nintendo has been pretty good about updates: they don't
update a lot, and each updates has user facing features with QOL improvements.

It's not in the same situation as iOS updates that were effectively slowing
down the devices or Windows Update that don't seem to the user to bring
anything.

~~~
FakeRemore
> each updates has user facing features with QOL improvements

You must be joking. The meme about "stability intensifies" with Switch updates
isn't just a joke. Most of their updates are minor bugfixes and "increasing
stability" (fixing exploits). They're far more interested in fixing exploits
than they ever were in improving the OS in any meaningful way for the user.
It's been 3 years and the only major QOL change I see on that list is making
the all software page not useless.

[https://en.wikipedia.org/wiki/Nintendo_Switch_system_softwar...](https://en.wikipedia.org/wiki/Nintendo_Switch_system_software)

~~~
hrktb
The only regression that seemed widespread was the joycon drift on pro
controller (which was bad, but fixed within a week).

Otherwise heavy Splatoon players might be hit more than others, but the
stability improvements seemed real. At some point the Switch had to be
rebooted every other day, nowadays it's something not needed in weeks perhaps.

For QOL the last big update allowing to remap buttons was a big deal. I
haven't tried moving data between to the SD card but it would also be a big
deal for people with more than 10 ~ 20 games, as space becomes scarce pretty
fast.

~~~
FakeRemore
> but the stability improvements seemed real. At some point the Switch had to
> be rebooted every other day

No idea what you're talking about.

> For QOL the last big update allowing to remap buttons was a big deal. I
> haven't tried moving data between to the SD card but it would also be a big
> deal for people with more than 10 ~ 20 games, as space becomes scarce pretty
> fast.

My point is that the amount of real QOL changes is extremely low for the
amount of time the console has been out. There's been nearly nothing, while
they just keep "increasing stability".

Frankly, the Switch's OS is still incredibly barebones and missing a lot of
QOL features and I'm tired of people defending Nintendo for being so half-
assed about the Switch. It's been three years. There's been barely any
progress, whether it's the OS, online infrastructure, or fixing the drift
issues. Do they have Yakuza debts they need to pay off or what? Where's all
the money going to?

~~~
hrktb
> No idea what you're talking about.

After some hours (10 ? 20?) of play on a few intensive games, it was slowing
down and/or becoming glitchy. The fan would not ramp up so it didn't seem to
be temperature.

I thought it was an isolated issue until a saw a few streamers hit the same
kind of issue and casually explain they forgot to reboot their switch.

> It's been three years.

I get your point. I kinda gave up on expecting shiny revolutionary features,
or comparing to the PS or Xbox.

My angle on it is pretty similar to when the iPhone came out. There was no
copy and paste, multi-tasking and was arguably slow for a lot of things, but
the pros outweighed the cons, and we knew Apple wouldn't be doing any big
leaps any day soon.

I'm still frustrated by iOS by the way, but still think it's worth it.

Nintendo's Switch is at that place for me at this point. I'll buy a PS5
anyway, and I'll be happy if Nintendo continues to bring new games and
paradigms on the table that the other makers are not touching.

~~~
FakeRemore
> I thought it was an isolated issue until a saw a few streamers hit the same
> kind of issue and casually explain they forgot to reboot their switch.

Interesting, thanks. I sold my Switch after a year, so I've only been
following up on it intermittently and missed this.

> My angle on it is pretty similar to when the iPhone came out. There was no
> copy and paste, multi-tasking and was arguably slow for a lot of things, but
> the pros outweighed the cons, and we knew Apple wouldn't be doing any big
> leaps any day soon.

I was okay with the Switch's OS in the beginning because I figured, sure, they
rushed this to market, but this is a relatively solid basis to keep building
and improving on. None of which happened. Queue my frustration with Nintendo.

I do feel by comparison iOS has made leaps and bounds (though admittedly,
depending on what features you wanted, it might have taken longer than you
might have wanted). I've since switched to Android (again), but I think there
was a very long period where I'd stay up to watch the Apple conference
revealing the new phones and iOS features, even when I didn't have any Apple
device. As far as I can remember, every year brought significant changes,
though of course I can't point out what they were for every year. The
introduction of the concept of files and a file manager made iOS much more
palatable to me, for example.

edit: [https://www.theverge.com/2011/12/13/2612736/ios-history-
ipho...](https://www.theverge.com/2011/12/13/2612736/ios-history-iphone-ipad)

Wanted to take a look. iOS 4 added multitasking. iOS 5 added the notification
center, iTunes wifi sync, OTA updates, iMessage. iOS 6 added, uh, .... the
beloved Apple Maps? iOS 7 was the visual overhaul, added the control center
(which I miss on Android), AirDrop, Camera and Photos were improved,
multitasking was greatly improved, TouchID was added, apps automatically
updating added.

Seems like there was a fairly steady stream of improvements almost every year.
SwitchOS hasn't seen anything remotely close. Of course, Apple is a much
larger company and has a much larger budget, but still, I think regardless of
how large or small a company, it should be capable of yearly improvements from
whatever place they're at any given time.

