The "unpatchable" exploit that makes every current Nintendo Switch hackable


Recommended Posts

A newly published "exploit chain" for Nvidia Tegra X1-based systems seems to describe an apparently unpatchable method for running arbitrary code on all currently available Nintendo Switch consoles.  Hardware hacker Katherine Temkin and the hacking team at ReSwitched released an extensive outline of what they're calling the Fusée Gelée coldboot vulnerability earlier today, alongside a proof-of-concept payload that can be used on the Switch.

 

"Fusée Gelée isn't a perfect, 'holy grail' exploit—though in some cases it can be pretty damned close," Temkin writes in an accompanying FAQ.

 

The exploit, as outlined, makes use of a vulnerability inherent in the Tegra X1's USB recovery mode, circumventing the lock-out operations that would usually protect the chip's crucial bootROM. By sending a bad "length" argument to an improperly coded USB control procedure at the right point, the user can force the system to "request up to 65,535 bytes per control request." That data easily overflows a crucial direct memory access (DMA) buffer in the bootROM, in turn allowing data to be copied into the protected application stack and giving the attacker the ability to run arbitrary code.

 

On the Switch, the hardest part of the exploit seems to be forcing the system into USB recovery mode. To do this without opening the system requires shorting out a certain pin on the right Joy-Con connector (the bit on the side of the system where the Joy-Con clicks into place). The hacking team at Fail0verflow tweeted a picture of a small plug-in device that can apparently provide this short-out easily, and the team joked that a simple piece of wire from the hardware store can do so today. Temkin also tweeted a picture suggesting that simply exposing and bending the pin in question would also work.

 

 

 

 

 

Full article@ Ars Technica

Hopefully this doesn't kill software releases and sales à la NDS / PSP :/ Nintendo has been working on a new SoC for a few months now though; presumably because they were notified of the exploit, so if you want one of these exploit capable Switches buy one soon.

  • 3 weeks later...

I assume this has been blown wide open now? I'm seeing entire switch rom library dumps happening on private torrent sites. Not that I've looked into what's happening as this progresses much at the moment.

  • 2 weeks later...
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • Bet Apple things they invented naming stuff with the year
    • My home system is a 5800X (upgraded from 2700X) with a 7800 XT. I can't comment as to why you feel so strongly about the differences, but I have used both Windows 10 and 11 for literally thousands of hours each; I'd guess over 10,000 hours on Windows 10 and maybe half that on Windows 11. Earlier builds of Windows 11 had some pretty big UI lag issues, which did annoy me, but not enough to go back to Windows 10. 23H2 and forward have corrected all those issues for me and I have no complaints at all at this time. Let me clarify what I meant by "Windows 11 runs perfectly fine." I don't mean it is merely acceptable; I mean that I don't perceive a difference between it and Windows 10. I chose the word "fine" because I don't believe that either 10 or 11 are perfect in that area and both have the rare UI hiccup, but in my experience, their responsiveness is at the same level.
    • WinToUSB 9.9 by Razvan Serea WinToUSB allows you to install and run a fully-functional Windows on external hard drive, USB flash drive or Thunderbolt drive. It is so easy and efficient, with just 3 steps and a few minutes, you can create your first portable Windows 11/10/8/7 or Windows Server directly from an ISO, WIM, ESD, SWM, VHD, VHDX file or CD/DVD drive, or you can clone currently running Windows installation to USB or Thunderbolt drive as portable Windows. WinToUSB also supports creating Windows installation USB drive from Windows 11/10/8/7 and Windows Server installation ISO, with it you can install Windows from the USB drive easily. Note: The WinToUSB Free Edition is solely intended for non-commercial, private, and personal use on home computers. It should be noted that technical support is not available for the free edition. Use of WinToUSB Free Edition within any organization or for commercial purpose is strictly prohibited. WinToUSB key features include: Creation of Windows To Go from ISO, WIM, ESD, SWM, VHD(X) or DVD drive.Improved Clone Windows 11/10/8/7 to USB/Thunderbolt drive as portable Windows. Creation of Windows To Go on Non-Certified Windows To Go USB drive. Encrypt Windows To Go with BitLocker to keep your data safe. Creation of Windows installation and bootable WinPE USB drive with BIOS & UEFI support. Download Official Windows 11/10/8.1 ISO file from Microsoft. Use any edition of Windows 11/10/8/7 and Windows Server 2022/2019/2016/2012/2010 to create Windows To Go USB drive. Windows To Go (Portable Windows) Creator WinToUSB allows you to install & run fully-functional Windows on an external HDD/SSD, USB flash drive or Thunderbolt drive, which means you can carry the portable Windows drive to anywhere and use it on any computer. Faster installation and cloning speed compared to competing products Support any edition of Windows 11/10/8/7 and Windows Server Creation of Windows To Go from ISO, WIM, ESD, SWM, VHD(X) or CD/DVD drive Clone currently running Windows to USB/Thunderbolt drive Creation of Windows To Go on Non-Certified Windows To Go drive Create BitLocker encrypted Windows To Go Workspace Create portable Windows for Intel-based Mac computers Support for creating VHD(X)-based Windows To Go Windows Installation USB Creator WinToUSB releases a feature called "Windows Installation USB Creator" which allows you to create a Windows installation USB drive from a Windows 11/10/8/7/vista/2022/2019/2016/2012/2008 installation ISO file with a few simple steps, with this feature you can create a bootable Windows installation USB drive to install Windows on both Traditional BIOS and UEFI computers by using the same USB drive. Bypass Windows 11 system requirements (TPM 2.0, Secure Boot, Minimum hardware and Microsoft account) Install Windows on both BIOS and UEFI computers by using the same USB drive Windows PE Bootable USB Creator This feature allows you to create a bootable Windows PE USB drive, it can help you transfer the contents of a Windows PE ISO file to a USB drive and make the USB drive bootable, and this feature supports the creation of a bootable WinPE USB driver that supports both Traditional BIOS and UEFI computers. WinToUSB 9.9 changelog: Added option to disable BitLocker automatic drive encryption when creating Windows installation USBs Fixed bug: setup.exe cannot bypass the Windows 11 system requirements Fixed bug: Cloned Windows ARM64 cannot start properly Fix other minor bugs Download: WinToUSB 9.9.0 | 28.7 MB (Freeware) Links: Home Page | Free vs Pro Comparison | Screnshots Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • Maybe you don't realize this...but everything you said agreed with me. Yes, many tech outlets reported on Ryzen 9000 issues prior to 24H2, which I already addressed, and as I already said, that issue only existed for a few short months. Ryzen 9000 was released the same quarter of 2024 as 24H2. So again...months, not years. I also already said 24H2 showed some minor improvements on older Ryzen CPU. The article you posted agrees with me, and even says the improvements were only 3-5%, which is even more petty an amount than I estimated. If you want to fuss on the 3-5% numbers, then yes, I will grant you that was an issue for an extended amount of time. In my opinion, that is such a small amount it isn't worth fussing over, but you are welcome to a different option. However, if that was your point, then you didn't make that point in good faith, because you highlighted Ryzen 9000 so much, which had a FAR bigger and FAR shorter issue, it's really a very different conversation.
  • Recent Achievements

    • Week One Done
      abortretryfail earned a badge
      Week One Done
    • First Post
      Mr bot earned a badge
      First Post
    • First Post
      Bkl211 earned a badge
      First Post
    • One Year In
      Mido gaber earned a badge
      One Year In
    • One Year In
      Vladimir Migunov earned a badge
      One Year In
  • Popular Contributors

    1. 1
      +primortal
      495
    2. 2
      +FloatingFatMan
      252
    3. 3
      snowy owl
      251
    4. 4
      ATLien_0
      228
    5. 5
      +Edouard
      191
  • Tell a friend

    Love Neowin? Tell a friend!