Difference between revisions of "Nintendo Switch"
| Line 95: | Line 95: | ||
The product code is prefixed by HEG, and is internally recognised as Aula. This model uses a serial number prefix of XT. | The product code is prefixed by HEG, and is internally recognised as Aula. This model uses a serial number prefix of XT. | ||
=== Nintendo Switch Dock === | |||
=== Nintendo Switch OLED Dock === | |||
==Tegra X1== | ==Tegra X1== | ||
| Line 103: | Line 107: | ||
This is the only model of the Tegra X1 vulnerable to CVE-2018-6242 (known as fusee-gelee or ShofEL2). | This is the only model of the Tegra X1 vulnerable to CVE-2018-6242 (known as fusee-gelee or ShofEL2). | ||
The Tegra T210 is the original model of the processor, released in 2015 by Nvidia and used in the original 2017 model of the Nintendo Switch. This SoC | The Tegra T210 is the original model of the processor, released in 2015 by Nvidia and used in the original 2017 model of the Nintendo Switch. This SoC, codenamed Erista, runs on a 20nm process node. | ||
In mid- | In mid-2018, Nintendo began shipping units with a modified bootrom IRAM patch (ipatch) written at the factory, effectively mitigating CVE-2018-6242, and largely patching out the main community entrypoint for custom firmware access. These, alongside Mariko units, are commonly referred to as "patched units". | ||
The CPU uses four ARMv8 ARM Cortex-A57 cores clocked at 1GHz in [[Nintendo Switch#Horizon|Horizon]] (docked or handheld), but officially supports clock speeds up to 1.9GHz. | The CPU uses four ARMv8 ARM Cortex-A57 cores clocked at 1GHz in [[Nintendo Switch#Horizon|Horizon]] (docked or handheld), but officially supports clock speeds up to 1.9GHz. | ||
Revision as of 22:08, 16 March 2022
The Nintendo Switch is a console manufactured and released by Nintendo on March 3rd, 2017, as their second entry into the eighth generation of video game consoles. It is their most recent family of consoles, and succeeds the Nintendo 3DS and Wii U families of systems.
This console is equipped with a dock to facilitate home-console gameplay on an external display, while also serving as a handheld device poised with detachable controllers (dubbed as Joy-Con controllers) for use when disconnected from the dock.
As of 2022, the Nintendo Switch has surpassed the Nintendo Wii in sales, making it Nintendo's best selling console in its history.
In the same year, Nintendo president Shuntaro Furukawa described the Nintendo Switch as being "in the middle of its lifecycle", implying that official support will persist for the foreseeable future.
Hardware
Powered primarily by its Tegra X1 line of SoCs (system on a chip processors), the Nintendo Switch is a midrange gaming tablet and was, at the time of release, the most powerful handheld to date released by a dedicated gaming company. There have been a number of hardware revisions ever since the initial release, mainly in relation to the Tegra X1. Every revision aside from Switch Lite uses a 16Wh (4310mAh at 3.7v) battery.
| Revision | Product Code | Working Name | Release Date | Exploitable | Processor Revision | MSRP |
|---|---|---|---|---|---|---|
| Nintendo Switch | HAC-001 | Icosa | 2017/03/03 | Software | Erista | $299.99 |
| Nintendo Switch (2018) | HAC-001 | Icosa | Mid 2018 | Software | Erista | $299.99 |
| Nintendo Switch | HAC-001(-01), HAD | Iowa | 2019, August | Modchip | Mariko | $299.99 |
| Nintendo Switch Lite | HDH-001 | Hoag | 2019/09/20 | Modchip | Mariko | $199.99 |
| Nintendo Switch (OLED Model) | HEG-001 | Aula | 2021/10/08 | Modchip | Mariko | $349.99 |
Nintendo Switch
This is the original release of the console with model HAC-001. All units of this model are vulnerable to fusee-gelee, as the original Tegra X1 was used here.
The product code is prefixed by HAC, and is internally recognised as Icosa, alongside the next soft-revision. These models use a serial number prefix of XA.
Nintendo Switch (2018)
Featuring no other hardware changes, this model uses the original Tegra X1 with a fusee mitigation as an IRAM patch to the bootROM. This is generally considered the worst model, as the only known way to trigger custom firmware is by a software exploit on an outdated firmware, or a modchip, but with none of the performance or battery benefits of the Tegra X1+, which can be had with the HAC-001(-01).
This model was released around the middle of 2018, with no exact manufacture or shipment date known.
Nintendo Switch (HAC-001(-01))
The first model of the console to feature the Mariko revision. As the Tegra X1+ uses a smaller process node, it is (by proxy) more energy efficient, leading to cooler thermals and longer battery life. Nintendo has dubbed standard Switch consoles using the Tegra X1+ as HAC-001(-01) units.
The product code is prefixed by HAC, and is internally recognised as Iowa. This model uses a serial number prefix of XK. The product code can also be shown to be HAD.
This revision is easily identifiable by the box it is shipped in; normal Switch models with the Tegra X1+ ship in boxes with an overtly red design. These consoles are commonly referred to as V2 or "redbox" units by the community.
No price difference was observed.
Nintendo Switch Lite
This unit is a more compact version of Nintendo Switch, and lacks the ability to dock. This inability is hardware-based, as the P13USB chip is not present, the the DisplayPort lanes from the SoC are not actually exposed anywhere on the main PCB, meaning that there's no way to get the video stream onto an external device using the original hardware alone. The rumble feature is not present, and games that rely on HD Rumble will not function properly. Likewise, games that require separate Joy-Con controllers, such as Super Mario Party, or 1-2-Switch!, will not operate correctly if used in handheld mode without external controllers. There is no kickstand present, negating the possibility of an official tabletop mode. The Nintendo Switch Lite otherwise operates the same as any Nintendo Switch in handheld mode.
The product code is prefixed by HDH, and is internally recognised as Hoag. This model uses a serial number prefix of XJ.
The battery on this unit is also slightly smaller than any other Nintendo Switch at 13.7Wh (3570mAh at 3.8v), however, is able to garner more battery life than the original HAC-001. Nintendo Switch Lite uses the Tegra X1+ in all models.
Nintendo Switch Lite was originally uncovered via Horizon datamining and legitimate leaks.
Nintendo Switch (OLED Model)
This unit is the second major hardware revision to the Nintendo Switch hardware, including an OLED display on the tablet, as evident from the name. In addition to the display, the Joy-Con rails are more secure and the kickstand spans the entire width of the console, sporting an adjustable angle. The dock has also received a hardware update and now has an ethernet port replacing a USB 3.0 port from the original dock. The cooling solution in this model uses a thinner heatpipe. On the motherboard, the microSD Card slot and Game Card slot are all now on a socketed daughterboard, instead of each on their own module as on Erista consoles. The ambient light sensor was also relocated to the top, and the speakers are now downward-firing.
Nintendo Switch (OLED Model) was originally uncovered during Horizon datamining, as an unknown Aula model. At the time, Aula was speculated to be a "Pro" Nintendo Switch console with extra performance benefits, such as Nvidia's DLSS, to improve perceived software resolution.
The product code is prefixed by HEG, and is internally recognised as Aula. This model uses a serial number prefix of XT.
Nintendo Switch Dock
Nintendo Switch OLED Dock
Tegra X1
While there were three main revisions to the Tegra X1, there are zero performance differences employed by Nintendo between them.
The Tegra X1 uses effectively a quad-core CPU consisting of 4x Cortex A57s. There are four Cortex A53s present, but they are disabled and never used. This most likely would have been used in a big.LITTLE configuration like modern Snapdragon SoCs. The Google Pixel C, which uses the Tegra X1, also has these cores disabled, implying that this is a condition set during fabrication.
Erista (T210)
This is the only model of the Tegra X1 vulnerable to CVE-2018-6242 (known as fusee-gelee or ShofEL2).
The Tegra T210 is the original model of the processor, released in 2015 by Nvidia and used in the original 2017 model of the Nintendo Switch. This SoC, codenamed Erista, runs on a 20nm process node.
In mid-2018, Nintendo began shipping units with a modified bootrom IRAM patch (ipatch) written at the factory, effectively mitigating CVE-2018-6242, and largely patching out the main community entrypoint for custom firmware access. These, alongside Mariko units, are commonly referred to as "patched units".
The CPU uses four ARMv8 ARM Cortex-A57 cores clocked at 1GHz in Horizon (docked or handheld), but officially supports clock speeds up to 1.9GHz.
The GPU scales from 384MHz in handheld mode to 768MHz in docked mode, but officially supports speeds up to 921MHz.
Mariko (T214)
This revision was introduced starting in August 2019 with the HAC-001(-01) and Nintendo Switch Lite (HDH-001). Regardless of model, every Switch console manufactured after mid-2019 is a Mariko unit. This revision uses a 16nm process.
It uses nearly half of the wattage as the original console to run, thereby producing less heat and providing a longer battery life as a result.
Also known as the T210B01 revision, the T214 is capable of hitting higher clock frequencies without thermal throttling, and therefore can effectively serve as a more powerful SoC, if Nintendo ever chose to go this route. The homebrew community has managed to overclock the CPU of Mariko chips up to 2397MHz, and the GPU up to 1305MHz[1].
The bootROM has undergone a full rewrite, so CVE-2018-6242 is no longer present in any capacity and cannot be reintroduced in any form. By definition, these are also patched units, but the community often explicitly refers to them as Mariko units to differentiate from patched Erista units.
Horizon
Horizon (herein referred to as HOS or HorizonNX) is a heavy rewrite and reimagining of the Nintendo 3DS operating system of the same name. It is a microkernel-based operating system which delegates hardware operations to a limited selection of services, which software can reference to carry out its tasks. Synonymous system calls and security concepts are present to the 3DS version[2]. Given the relatively short timeframe the OS was developed in (early 2015 to early 2017), the 3DS base may explain how Nintendo pushed out a fully-functional OS so quickly.
I tend to name my devices after this OS given that the two devices which use it as an operating system have both been highly influential in my day-to-day life and technical journey.
Trivia
- The Nintendo Switch name was finalised in 2014, two years before the console's name was revealed in October 2016.
- Contrary to popular belief, Nintendo Switch is not based off of Android, Linux, nor FreeBSD in any capacity. These were either unfounded rumors, or an extrapolation based off of references in the open-source software credits found in the Nintendo Switch's OS. Horizon is Nintendo original.
- While the Nintendo Switch has a functional browser, it cannot be used for meaningful userland homebrew software as done on the Nintendo 3DS. The security system of the Switch treats applets and games as the most untrusted and grants extremely limited permissions to them.
- The launch day version of the Nintendo Switch system software is a pilot build, hence the launch day update increasing the major version to 2.0.0. There are combinations of software and hardware vulnerabilities on 1.0 that eventually lead to TrustZone-level takeover.