eFuses get physically melted by software.<p>Microsoft bricked thousands of illicit China-developer xbox360 kits one spring morning, in the winter of 2010.<p>they also have bricked retail xbox360 consoles of nefarious (teenage) actors. cannot go into more detail on that one. maybe after a few more years.
There are things called fuses on AVRs that cannot be changed by running code but can be set and unset multiple times by an external programmer. These are apparently different.<p><a href="https://en.wikipedia.org/wiki/Efuse" rel="nofollow">https://en.wikipedia.org/wiki/Efuse</a> describes the mechanism of action: "eFuses can be made out of silicon or metal traces. In both cases, they work (blow) by electromigration, the phenomenon that electric flow causes the conductor material to move."
I unintentionally blow the eFuse on the Qualcomm chips I'm developing for, all the time .. its very frustrating and surprisingly easy to do with their tools.<p>I'm ideologically opposed to using this feature 'productively', but it definitely makes it simpler (cheaper) for the company to maintain installed base versions...
> There are 256 bits in the set of ODM_RESERVED fuses, and there are 8 ODM_RESERVED. This allows for 32 fuses, or 32 future FW versions (provided they burn a fuse on every major release).<p>32? Is that it? So if Nintendo want to push more than 32 updates, they either need to not blow any more fuses, or stop using the fuses when they've all gone? Wouldn't they be totally useless then?
Not a console player, can someone explain why consumers want to downgrade their console(s)? I Googled a bit and it seems people would like to have more vulnerable to hack their devices, but why did they upgrade in the first place? Is it forced upgrade?
If you think burnable fuses to prevent downgrading is interesting, wait until you see the black magic that Apple cooked up to prevent iPhone downgrades.<p>No fuses there - just an incredibly complex mess of nonces, digitally signed tickets, and secret generator keys.
Well this might not be entirely true. Hackers found a way to downgrade the Xbox 360 after fuses were blown but you would not be able to use online functions with your home brew or pirated games unless they developed a dual kernel boot and used a normal kernel and no home brew to go back online. <a href="https://www.engadget.com/2007-08-25-efuse-successfully-blown-xbox-360-kernel-downgrades-possible.html" rel="nofollow">https://www.engadget.com/2007-08-25-efuse-successfully-blown...</a>
Why does it need to physically modify the hardware via melting fuse when that fuse is read by enclave / boot loader code itself? If trusted code is trusted then couldn’t it store its state securely without melting fuses?<p>I must be missing something, either the bootloader execution is trusted and should be able to store state securely, Secure Enclave style, or it’s not and melting things doesn’t solve the problem as compromise of the code means the fuses can be ignored..
Million dollar question. Anyone know about the inner workings of the various Switch modchips that allow homebrew on newer consoles with RCM exploit patched?
As per the article there are 32 fuses, meaning they can support 32 ‘irreversible’ firmware updates. There have already been 13. What happens when update #33 is needed? Or are they banking on the switch being superseded by that point?
Permanently altering the physical state of your device doesn't mean causing destruction from a legal perspective. I wonder if an owner can sue companies that do this.
How is this considered legal? I get the cat and mouse chase between devs and the reverse engineering communities, but this seems to cross the line into physical destruction of property, at least at face value.
Technically pretty interesting, but I'd never buy something like this. Had enough of encrypted BIOSes that you can only downgrade using a hardware programmer, and Samsung's Kox protection (actually also eFuse) which fortunately only blocks their proprietary garbage from being used ever again. I pay to own not get owned.
>> Each software version expects a different number of fuses to be blown — if more than is expected, it fails to boot<p>That branch in the code could be interfered with. Over writing it with NOOP instructions might not be easily possible due to verification of code signing but there’s other techniques like power glitching.
I went to a 3rd party repair guy to get my PS4 slim repaired. He started talking about efuses and how if the companies detect anomalies in their firmware they blow the fuses so they have to take it back to main company to get it fixed. Its quite strange to see the topic a day after at the top of hackernews.
Does this mean the upgraded Switch can never be upgraded again? If the upgrade fuses are blown this would imply no further upgrades are possible. If Nintendo can bypass the fuses others might be able to also and hence downgrade their systems.
There is one thing about video-game piracy that I never understood. Back when I was a kid, there was a lot of piracy for Playstation 1 games. In my home country you could buy any game for the price of a Big Mac. It didn't matter that the game CDs contained copy-protection, the CDs you could buy also had them and were indistinguishable from the original CDs.<p>Then PS2 came (or was it PS3?) and all the pirate CDs/DVDs simply disappeared. I never understood what made game media piracy nonviable with newer consoles. Why can't the pirates simply copy every single bit of the newer game media as they did before?. I think the WII had some piracy CDs easily available but you also had to mod your console somehow. I'd be happy to have an answer from any of the hackers here :).<p>Edit: I'm not talking about "home piracy" where you copy your CD in your PC using cloning software, I'm talking about industrial one, you could buy these games in real stores that also sold other stuff brought from China.
I believe we need new laws declaring that consumers can run whatever versions of software they want on devices they OWN.<p>This applies to iPhones, Gaming consoles, and Teslas too.<p>Companies must allow downgrades, and consumers must be able to permanently disable update prompts.
Companies can only get away with this crap because consumers are so still so darn ignorant. I think most people won't accept a car that prevents you from changing your own oil or replacing your own wiper fluid, so it always boggles my mind that so many are still buying computers that lock users out of the firmware and boot process.<p>A Switch is just a toy anyways. Buy a different toy.
This is common in modern embedded devices. Sometimes they're called eFuses.<p><a href="https://imxdev.gitlab.io/tutorial/Burning_eFuses_on_i.MX/" rel="nofollow">https://imxdev.gitlab.io/tutorial/Burning_eFuses_on_i.MX/</a>
This is an interesting idea, but quoting Stalin, isn't the really important thing the program that counts the burnt fuses? Maybe that's also exploitable<p>Anyway, the article also says that an exploit is already available to bypass that