As a boring software engineer nowadays, these hackers "for fun and profit" make me proud of our profession. They're like a Robin Hood version of Alan Turing & co. working on cracking the Enigma encryption. No matter how tight the black box is, there is always a gap somewhere.<p>I've done some reversing when I was younger, cracked some software and hardware locks, there's nothing as exhilarating as breaking through something that looked impossible. Well done!
The concept of undervolting the chip, causing bitflips, to do a differential fault analysis[0] seems like a stroke of genius. I had no idea AES could be broken in such a fashion, of interfering with just the last 1-2 rounds of the cipher.<p>I wonder if it will be mitigated by requiring a larger minimum voltage?<p>[0] <a href="https://en.wikipedia.org/wiki/Differential_fault_analysis" rel="nofollow">https://en.wikipedia.org/wiki/Differential_fault_analysis</a>
Holy cow. Reading these recaps I feel a lot the Impostor Syndrome. I think I'm competent on what I do, but when I see those guys it's hard not to feel really dumb.<p>Congrats to them !
I've been out of the security game for a while, this almost reads like fiction. Good god this is nuts. I've heard of extracting keys with timing attacks but this is even more impressive!<p>Also, apparently the Switch perma-pwn got pwned? Sad face...<p>Also also, I hope other popular cryptoprocessors aren't so vulnerable?
Heh, I had a little laugh to myself reading this bit:<p>> (2) its own "secure boot"<p>As soon as you see the quotes, you know what's coming! It's like Chekhov's gun :)
Some features in NVIDIA chipsets, like changing the operating frequency, needs (hardware checked, I think) signed binary blobs. This prevents the open source nouveau driver from achieving good performance. Does this hack helps in this front?
Hat is off to the author for executing like that. I feel like I missed out by never playing games, as cracking them seems like the real game behind the game.<p>From a design perspective, this is why you don't have your entire ecosystem depend on a shared secret stored in secure hardware, even if they're written when the chip is still in the flasher at the fab. You need either to diversify your keys in the flasher, or do an initialization/personalization protocol to update the keys to new unique per-console ones so that a crack like this isn't portable across every other customer device. As a design consideration, it means the customer has to be online to personalize the device to get their unique keys, but that's the trade off.<p>The beauty of demonstrating this attack is that if you think game consoles with security modules are vulnerable to having ecosystem compromising shared secrets extracted, wait until you see phones.
> If you can get 1-2 bitflips in the last two rounds, you can solve for the key.<p>What about the bit flips allows the key to be solved for? That is the part of this I don't understand
It seems from accomplishments like this from amateurs that state level actors will have compromised any current "secure" or "trusted" computing platform.
This seems to indicate that this involves the Nintendo Switch, but that it only involves older models where the first layer of security was broken and now a second. Wouldn't the new models have patched the first layer of security by now where this wouldn't result in anything of value?
Why aren't more devices use smartcards for signing/crypto? They are omnipresent, satellite TV receivers had them, phones have them, banking cards ARE them. And yet gaming console manufacturers would rather invent their own measures to combat pwnage/piracy.
so how does this voltage glitching stuff work exactly? are caps to ground/buffers removed/defeated? is it timing dependent? (sounds like they're sending i2c messages to the power circuitry here?) do people do things like setup precise triggers or hook up function generators to kick the supply voltage around and just wait to get lucky?
The magic to me is that the CPU glitches are caused completely on the software side. With dedicated hardware such as flying probe testers this attack is state-of-the-art afaik.
But glitching the CPU only with software, i.e., causing hardware bugs only with software is what really surprised me.
What is a TSEC?<p>EDIT:<p><pre><code> Well, some clever guy ;-) reminded them that the T210 chip (the main CPU)
has a proprietary NVIDIA "security processor" called TSEC, which has: [2]
(1) its own SRAM (protected from the rest of the system)
(2) its own "secure boot" (protected from the rest of the system)
(3) bus mastering capabilities
(4) and.. is able to DMA to ARM7's memory</code></pre>
Seems the other TSEC exploits mentioned might refer to these:<p><a href="https://github.com/CAmadeus/falcon-tools" rel="nofollow">https://github.com/CAmadeus/falcon-tools</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34393" rel="nofollow">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3439...</a>