Namidairo 8 hours ago

I'm surprised that there are modern Tegra devices shipping with identical SBK across their production line.

I would have thought they'd do some mixing based on serial number or chip id as a baseline.

Or at least that's what the hash of their SBK implies.

I do enjoy seeing the boot chain on Tegra get broken yet again though.

bigyabai 9 hours ago

The 80% chance that someone develops a bootloader exploit is my favorite part of owning COTS Nvidia hardware. Doubly-so on locked-down platforms like the Nintendo Switch that really do benefit from having a homebrew store.

  • gjsman-1000 6 hours ago

    It will be interesting to see if the Switch 2 ever gets a mod chip, because NVIDIA has a completely reengineered boot chain that should be impenetrable. Combine that with an OS that already is impenetrable (no useful exploits in half a decade), we might be waiting an Xbox One-level amount of time.

    https://gbatemp.net/threads/switch-2-data-gathering-for-poss...

    • bigyabai 2 hours ago

      > we might be waiting an Xbox One-level amount of time.

      You never know! People said that about the Switch at launch, and then someone softmodded it with a paperclip and USB-C.

      • tripdout an hour ago

        Sounds interesting, got a link?

        • Namidairo a few seconds ago

          Most likely referring to CVE-2018-6242 aka "Fusée Gelée"

          The paperclip was just the easiest way of triggering RCM, which is a standard feature on Tegra. The vulnerability lay in that they didn't bounds check certain types of USB requests properly.