• The Nintendo Switch can be hacked with a paperclip via an unpatchable exploit
    40 replies, posted
The “unpatchable” exploit that makes every current Nintendo Swit.. A newly published "exploit chain" for Nvidia Tegra X1-based systems seems to describe an apparently unpatchable method for running arbitrary code on all currently available Nintendo Switch consoles. Hardware hacker Katherine Temkin and the hacking team at ReSwitchedreleased an extensive outline of what they're calling the Fusée Gelée coldboot vulnerability earlier today, alongside a proof-of-concept payload that can be used on the Switch. On the Switch, the hardest part of the exploit seems to be forcing the system into USB recovery mode. To do this without opening the system requires shorting out a certain pin on the right Joy-Con connector (the bit on the side of the system where the Joy-Con clicks into place). The hacking team at Fail0verflow tweeted a picture of a small plug-in device that can apparently provide this short-out easily, and the team joked that a simple piece of wire from the hardware store can do so today. Temkin also tweeted a picture suggesting that simply exposing and bending the pin in question would also work. What makes this exploit particularly worrisome for Nintendo and other Tegra vendors is that it apparently can't be fixed via a simple downloadable patch; the flawed bootROM in question can't be modified once the Tegra chip leaves the factory. That's an important security measure if the bootROM itself is secure but a big problem if the bootROM is exploited, as seems to be the case here (Nintendo and Nvidia were not immediately available to respond to a request for comment). Right now, the general public's use of this exploit is limited to a "proof of concept" python program and payload that can be used to display usually protected information from the Switch's boot instruction ROM (this method requires tethering the Switch to a computer via USB, but Temkin suggests in the FAQ that future payloads will allow data to be loaded from the Switch's SD card). Fuller details of how to use the exploit will be published on June 15, Temkin writes, adding on Twitter that "guides and information so you can use it too are forthcoming." And work continues on a custom Switch bootloader called Atmosphère which will apparently take advantage of the exploit to run. While this is the first public disclosure of this low-level method for hacking the Switch, there's ample evidence that many other hackers had independently discovered similar methods in their own research. In fact, this kind of exploit appears to have been key to last September's effort to discover a method to unlock a copy of NES Golf that was hidden on every Switch console.As Switch hacker smealum tweeted earlier today, "seemingly everyone had everything for months—that it remained 'secret' so long is kinda incredible." [Update: Shortly after this piece went live, Fail0verflow alleged that it had been holding to "a 90-day responsible disclosure window for ShofEL2 ending on April 25th. Since another person published the bug so close to our declared deadline, we're going to wait things out. Stay tuned." That update also included a screen of the Dolphin emulator apparently running Nintendo's Legend of Zelda: Wind Waker on a Nintendo Switch.] https://files.facepunch.com/forum/upload/58149/aff4c886-fa7a-4393-a077-f56f2d3b2633/image.png
Hah, that's awesome. I would love to be able to run emulators on the Switch. That would honestly give me more incentive to buy one.
people are already running Dolphin on the Switch
Fail0verflow already posted a pic of it, they had some shots of the switch running Linux so Dolphin was to be expected. https://cdn.discordapp.com/attachments/297543081232826369/438140357923045386/DbfyJBPU0AAeFv0.png Apparently it's about the same performance as the GPD Pocket
Windows 10 plz
That's incredible hell yeah
Also not exactly meant for ARM. Of course there are a few Windows for ARM builds, but it's probably not easy to modify specifcally for the Switch. Linux is easier since you can modify its source as much as you need for any random piece of hardware. Should be noted that a future hardware revision by Nintendo and Nvidia could end up fixing this issue. There's a similar exploit on every 3DS Nintendo never fixed in revisions (similar in concept, mostly a completely different bug), but they could act different for the Switch.
I think it will be fixed because of the implications that it can have on Nvidia's self driving car program which uses the same Tegra chips as the Switch
Team twizzers v2? (the wii was hacked by bridging across a chip with tweezers). I also want to point out that while this may not be patchable, it sure is fixable. Its already confirmed that newer switches have slightly different hardware to patch exploits like these from the past. Nintendo is not going to quit their fight
I might actually buy a console for the first time in over a decade.
Apparently there is a GameCube emulator on the switch as well that might be able to take advantage of
they will sell a key for people with shaky hands that can't do this with a paperclip
Finally have a reason to buy one
there was some kind of code found on the switch hinting at a possible hardware revision to fix this exploit so if you're gonna buy a switch to hardmod it you should probably do so now
If you're seriously thinking about buying a Switch for the purpose of hacking it, do it as soon as possible. Nintendo are already planning on a revision of the system that 99% probably fixes this exploit, it could come out as soon as next month.
I forsaw something like this coming, so I bought my console a few months ago. They really do need a hardware revision, not only because exploit in the tegra but other components that don't follow specs (USB-C) If my console bricks itself due to a third party component, under federal law I'm not paying shit for a replacement
I was kind of regretting updating to Switch OS 5.0 with its new KASLR being a major blockade to homebrew, but a hardware bootrom exploit pretty much opens the homebrew barn door by driving through it with a tank. I'm in no rush to hack my Switch, especially since I'm not done with online yet and I'm sure Nintendo's going to be on the prowl for homebrewed devices going online for banning and possibly bricking, but when I get bored (or if Ninty's paid online turns out to be hella not worth it) in a few years it's cool to know that my launch-day Switch can be repurposed and its useful life extended.
It’s Pandora Battery all over again
The switch makes a nice portable homebrew machine, cheaper than a gpd pocket with comparable performance.
It's only cheaper if you don't have an already sizeable steam account, like a lot of people here do.
I hope Nintendo also improves the performances a little in the new machine
Don't count on it, they said something along the lines of wanting to not fragment the userbase
Where's the optimistic rating when you need it?
What makes this exploit particularly worrisome for Nintendo and other Tegra vendors is that it apparently can't be fixed via a simple downloadable patch; the flawed bootROM in question can't be modified once the Tegra chip leaves the factory. That's an important security measure if the bootROM itself is secure but a big problem if the bootROM is exploited, as seems to be the case here (Nintendo and Nvidia were not immediately available to respond to a request for comment). Haha holy shit. This is beyond nutty. If the hardware/software is exploited, it's all shrugs from there. Good job Tegra Guess they thought no one would be crazy enough to try it. Clearly they haven't heard of console hackers
Invest in pre-patch switches
Guess I'll be keeping my first generation Switch around if they come out with a *new* Nintendo Switch later. That way I can have one for legit Nintendo Switch purposes, and one to fool around with.
Aren't they already doing that?
Neat. The Switch is the first Nintendo console that I've bought so I'm not all that familiar with their hacking scene. But I take it that if you do something like this you can't use the regular OS anymore and play games like usual ever again?
In the long run it would be like how it works with the 3DS probably.
I take it that allows you to do both? Either way the melodramatic people who are crying that the Switch/Nintendo is going to die crack me up. Nothing will change in the grand scheme of things, at least not for many years to come. 95% of Switch users are probably not tech savvy enough to do it and the remaining portion's majority will probably not bother either until the Switch is much older.
Sorry, you need to Log In to post a reply to this thread.