The "unpatchable" exploit that makes every current Nintendo Switch hackable


Recommended Posts

A newly published "exploit chain" for Nvidia Tegra X1-based systems seems to describe an apparently unpatchable method for running arbitrary code on all currently available Nintendo Switch consoles.  Hardware hacker Katherine Temkin and the hacking team at ReSwitched released an extensive outline of what they're calling the Fusée Gelée coldboot vulnerability earlier today, alongside a proof-of-concept payload that can be used on the Switch.

 

"Fusée Gelée isn't a perfect, 'holy grail' exploit—though in some cases it can be pretty damned close," Temkin writes in an accompanying FAQ.

 

The exploit, as outlined, makes use of a vulnerability inherent in the Tegra X1's USB recovery mode, circumventing the lock-out operations that would usually protect the chip's crucial bootROM. By sending a bad "length" argument to an improperly coded USB control procedure at the right point, the user can force the system to "request up to 65,535 bytes per control request." That data easily overflows a crucial direct memory access (DMA) buffer in the bootROM, in turn allowing data to be copied into the protected application stack and giving the attacker the ability to run arbitrary code.

 

On the Switch, the hardest part of the exploit seems to be forcing the system into USB recovery mode. To do this without opening the system requires shorting out a certain pin on the right Joy-Con connector (the bit on the side of the system where the Joy-Con clicks into place). The hacking team at Fail0verflow tweeted a picture of a small plug-in device that can apparently provide this short-out easily, and the team joked that a simple piece of wire from the hardware store can do so today. Temkin also tweeted a picture suggesting that simply exposing and bending the pin in question would also work.

 

 

 

 

 

Full article@ Ars Technica

Hopefully this doesn't kill software releases and sales à la NDS / PSP :/ Nintendo has been working on a new SoC for a few months now though; presumably because they were notified of the exploit, so if you want one of these exploit capable Switches buy one soon.

  • 3 weeks later...

I assume this has been blown wide open now? I'm seeing entire switch rom library dumps happening on private torrent sites. Not that I've looked into what's happening as this progresses much at the moment.

  • 2 weeks later...
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • Half the problem was that they had the damn MSN team as part of Windows for some dumb reason. Now that's finally been changed and we're seeing the effects with you finally being able to turn off the recommended section in the start menu.
    • It hasn't been a decade? Not really. The Settings app in 11 isn't the same as the one in 10. Sure the name is the same but they, probably, redid it all over again, not just changed the top UI layer. I think the old one in Win10 is coded in a way that made it a chore to move more complicated things over. Since the change to the one in Win11, they've actually started move things over and adding things a bit quicker. The fact is that some of the more advanced settings/options are low on the list because few users bother with them compared to the basic ones everyone will go through at some point, like changing the background for example.
    • Free Download Manager 6.28.1.6321 by Razvan Serea Free Download Manager is a powerful, easy-to-use and absolutely free download accelerator and manager. FDM accelerates downloads by splitting files into sections and then downloading them simultaneously. As a result download speed increases up to 600%, or even more! FDM can also resume broken downloads so you needn`t start downloading from the beginning after casual interruption. FDM lets you download files and whole web sites from any remote server via HTTP, HTTPS and FTP. You can also download files using BitTorrent protocol. In addition, Free Download Manager allows you to: adjust traffic usage; to organize and schedule downloads; download video from video sites; download whole web sites with HTML Spider; operate the program remotely, via the internet, and more! Free Download Manager is compatible with the most popular browsers Google Chrome, Firefox, Microsoft Edge, Internet Explorer and Safari. Free Download Manager 6.28.1.6321 changelog: Improved add-ons support. Improved M3U support. Fixed: crash bug in BitTorrent module. Fixed: minor bugs. Windows: a bit improved installer. Windows: Firefox bug workaround. Android: Qt updated to 6.9.1. Download: Free Download Manager (64-bit) | 45.8 MB (Freeware) Links: Home Page | Linux, Mac, Android | MS Store | Screenshot Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • Tariffs have nothing to do with this pricing. It was always intended to be slightly more expensive then the S25+
    • Hello, The static link still downloads 10.3.2040.0 from May 22, 2025. The 10.3.2412.0 version can be downloaded directly from emclient.com/dist/v10.3.2412/setup.msi. Regards, Aryeh Goretsky
  • Recent Achievements

    • Contributor
      GravityDead went up a rank
      Contributor
    • Week One Done
      BlakeBringer earned a badge
      Week One Done
    • Week One Done
      Helen Shafer earned a badge
      Week One Done
    • First Post
      emptyother earned a badge
      First Post
    • Week One Done
      Crunchy6 earned a badge
      Week One Done
  • Popular Contributors

    1. 1
      +primortal
      662
    2. 2
      ATLien_0
      269
    3. 3
      Michael Scrip
      236
    4. 4
      Steven P.
      164
    5. 5
      +FloatingFatMan
      149
  • Tell a friend

    Love Neowin? Tell a friend!