Nintendo Switch Homebrew Hacking Goes Big With NVIDIA Tegra Exploit

Posted: Apr 24 2018, 5:05am CDT | by , in News | Technology News

 
Nintendo Switch Homebrew Hacking Goes Big with NVIDIA Tegra Exploit
Credit: Kate Temkin

The Nintendo Switch got hacked and looks like there is no fix.

The homebrew and hacking communities are big and so is the Switch owner community. There is a large overlap of Switch owners that also love to tinker with their console and run custom code on it. The Nintendo Switch held up a year, but now it appears that the Nintendo Switch has been hacked open for homebrew code and custom firmware for good.

A coldboot vulnerability in all NVIDIA Tegra embedded processors has been found by multiple parties. Nintendo and NVIDIA have been informed about the exploit a while ago. A leak of the vulnerability has now all parties that know about it come forward with their hacks and findings. Most notably so far are the publications of Katherine Temkin, affiliated with ReSwitched. She describes the Fusée Gelée dubbed coldboot vulnerability in detail on GitHub.

The Fusée Gelée vulnerability allows full, unauthenticated arbitrary code execution from an early bootROM context via Tegra Recovery Mode (RCM) on NVIDIA's Tegra line of embedded processors. As this vulnerability allows arbitrary code execution on the Boot and Power Management Processor (BPMP) before any lock-outs take effect, this vulnerability compromises the entire root-of-trust for each processor. To exploit the bug in RCM the Switch has the be in USB boot mode.

Nvidia and Nintendo can't close the security hole because the relevant vulnerability is the result of a 'coding mistake' in the read-only bootrom found in most Tegra devices. This boot Rom can have minor patches made to it in the factory ('ipatches'), but cannot be patched once a device has left the factory, explains Katherine Temkin in this FAQ about Fusée Gelée.

This means that Nintendo can only protect new Nintendo Switch consoles against this hack. Get a Nintendo Switch now if you are into homebrew. Nintendo is not a fan of homebrew as they fear game pirating to go rampant. They will for sure release new Nintendo Switch generation that will not have that security hole.

Another group that published the exploit is Fail0verflow. They call the exploit ShofEL2 and deliver on top Linux on the Nintendo Switch. They also came up with a little jig that will let you enter RCM mode on the Switch without having to sacrifice a Joy-Con or hold a piece of wire. The jig shortcuts the pins 7 and 10 on the Joy-Con connector to enter RCM mode on the Switch.

Switch RCM Mode plug

Another group known as Team Xecute has announced to sell a modchip for the Nintendo Switch that is supposed to go beyond Fusée Gelée. Modchips worry Nintendo the most as they are mostly intended to run cracked video games.

This is just the start of homebrew and hacking on the Nintendo Switch. As Nintendo can't patch it via a firmware update, the vulnerability is here for good, you just need a Nintendo Switch console that did not get updated in the factory.

This story may contain affiliate links.

Find rare products online! Get the free Tracker App now.


Download the free Tracker app now to get in-stock alerts on Pomsies, Oculus Go, SNES Classic and more.

Latest News

Comments

The Author

<a href="/latest_stories/all/all/2" rel="author">Luigi Lugmayr</a>
Luigi Lugmayr () is the founding chief Editor of I4U News and brings over 15 years experience in the technology field to the ever evolving and exciting world of gadgets. He started I4U News back in 2000 and evolved it into vibrant technology magazine.
Luigi can be contacted directly at ml@i4u.com.

 

 

Advertisement

comments powered by Disqus