The "unpatchable" exploit that makes every current Nintendo Switch hackable


Recommended Posts

A newly published "exploit chain" for Nvidia Tegra X1-based systems seems to describe an apparently unpatchable method for running arbitrary code on all currently available Nintendo Switch consoles.  Hardware hacker Katherine Temkin and the hacking team at ReSwitched released an extensive outline of what they're calling the Fusée Gelée coldboot vulnerability earlier today, alongside a proof-of-concept payload that can be used on the Switch.

 

"Fusée Gelée isn't a perfect, 'holy grail' exploit—though in some cases it can be pretty damned close," Temkin writes in an accompanying FAQ.

 

The exploit, as outlined, makes use of a vulnerability inherent in the Tegra X1's USB recovery mode, circumventing the lock-out operations that would usually protect the chip's crucial bootROM. By sending a bad "length" argument to an improperly coded USB control procedure at the right point, the user can force the system to "request up to 65,535 bytes per control request." That data easily overflows a crucial direct memory access (DMA) buffer in the bootROM, in turn allowing data to be copied into the protected application stack and giving the attacker the ability to run arbitrary code.

 

On the Switch, the hardest part of the exploit seems to be forcing the system into USB recovery mode. To do this without opening the system requires shorting out a certain pin on the right Joy-Con connector (the bit on the side of the system where the Joy-Con clicks into place). The hacking team at Fail0verflow tweeted a picture of a small plug-in device that can apparently provide this short-out easily, and the team joked that a simple piece of wire from the hardware store can do so today. Temkin also tweeted a picture suggesting that simply exposing and bending the pin in question would also work.

 

 

 

 

 

Full article@ Ars Technica

Hopefully this doesn't kill software releases and sales à la NDS / PSP :/ Nintendo has been working on a new SoC for a few months now though; presumably because they were notified of the exploit, so if you want one of these exploit capable Switches buy one soon.

  • 3 weeks later...

I assume this has been blown wide open now? I'm seeing entire switch rom library dumps happening on private torrent sites. Not that I've looked into what's happening as this progresses much at the moment.

  • 2 weeks later...
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • ah yes, the person who thinks Bill Gates is a plant for Monsanto........
    • Meta announces 20-year nuclear energy partnership to support its data centres by Fiza Ali Meta announced a 20-year partnership with Constellation Energy today to secure nuclear power from the Clinton Clean Energy Center, reinforcing its commitment to clean energy for its data centre operations. Meta’s data centres lie at the heart of its global operations, powering everything from social media platforms to artificial intelligence technologies. As demand for AI accelerates, these facilities require vast and consistent amounts of electricity to maintain performance, reliability, and uptime. Meta currently matches its electricity consumption with 100% clean and renewable energy. As energy demands increase, particularly due to the growth of AI workloads, the company is incorporating additional energy sources such as nuclear power to maintain a consistent supply. Under the agreement, which begins in 2027, Meta will purchase 1,121 megawatts of emissions-free nuclear electricity from the Clinton plant in Illinois. The deal includes an additional 30 megawatts of capacity to the local grid and will help maintain the long-term operation of the facility without relying on state subsidies. It also supports over 1,100 local jobs and contributes $13.5 million annually in tax revenue. In parallel with the Constellation agreement, Meta is progressing its previously announced Request for Proposals (RFP) for new nuclear capacity. Since the RFP was launched early this year, the company has received more than 50 qualified submissions from utilities, developers, and nuclear-technology manufacturers spanning over 20 states. Meta has shortlisted several projects with the aim of developing between 1 and 4 gigawatts of new nuclear capacity. These projects are intended to accelerate development where execution is feasible and timelines are clear. Through both the Constellation agreement and its ongoing RFP process, Meta is positioning nuclear energy as a key component of its long-term energy strategy. This approach forms part of the company's "Tripling Nuclear Pledge," through which it aims to amplify the market for nuclear power in the United States.
  • Recent Achievements

    • Week One Done
      jrromero17 earned a badge
      Week One Done
    • One Month Later
      jrromero17 earned a badge
      One Month Later
    • Conversation Starter
      johnwin1 earned a badge
      Conversation Starter
    • One Month Later
      Marwin earned a badge
      One Month Later
    • One Year In
      fred8615 earned a badge
      One Year In
  • Popular Contributors

    1. 1
      +primortal
      223
    2. 2
      snowy owl
      156
    3. 3
      ATLien_0
      135
    4. 4
      Xenon
      127
    5. 5
      +FloatingFatMan
      125
  • Tell a friend

    Love Neowin? Tell a friend!