The "unpatchable" exploit that makes every current Nintendo Switch hackable


Recommended Posts

A newly published "exploit chain" for Nvidia Tegra X1-based systems seems to describe an apparently unpatchable method for running arbitrary code on all currently available Nintendo Switch consoles.  Hardware hacker Katherine Temkin and the hacking team at ReSwitched released an extensive outline of what they're calling the Fusée Gelée coldboot vulnerability earlier today, alongside a proof-of-concept payload that can be used on the Switch.

 

"Fusée Gelée isn't a perfect, 'holy grail' exploit—though in some cases it can be pretty damned close," Temkin writes in an accompanying FAQ.

 

The exploit, as outlined, makes use of a vulnerability inherent in the Tegra X1's USB recovery mode, circumventing the lock-out operations that would usually protect the chip's crucial bootROM. By sending a bad "length" argument to an improperly coded USB control procedure at the right point, the user can force the system to "request up to 65,535 bytes per control request." That data easily overflows a crucial direct memory access (DMA) buffer in the bootROM, in turn allowing data to be copied into the protected application stack and giving the attacker the ability to run arbitrary code.

 

On the Switch, the hardest part of the exploit seems to be forcing the system into USB recovery mode. To do this without opening the system requires shorting out a certain pin on the right Joy-Con connector (the bit on the side of the system where the Joy-Con clicks into place). The hacking team at Fail0verflow tweeted a picture of a small plug-in device that can apparently provide this short-out easily, and the team joked that a simple piece of wire from the hardware store can do so today. Temkin also tweeted a picture suggesting that simply exposing and bending the pin in question would also work.

 

 

 

 

 

Full article@ Ars Technica

Hopefully this doesn't kill software releases and sales à la NDS / PSP :/ Nintendo has been working on a new SoC for a few months now though; presumably because they were notified of the exploit, so if you want one of these exploit capable Switches buy one soon.

  • 3 weeks later...

I assume this has been blown wide open now? I'm seeing entire switch rom library dumps happening on private torrent sites. Not that I've looked into what's happening as this progresses much at the moment.

  • 2 weeks later...
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • Chrome. Because it just works Chrome. Because it just works  
    • I'm curious as to how Apple will marketing it's (lacking) AI-thingy compared to other players in the market. I'm not pro-AI on OS'es, but having practically nothing looks kinda 'sad' to me also.
    • Anthropic cuts off Windsurf's Claude 3.x access: What it means for users by Paul Hill The popular AI-native coding tool, Windsurf, has announced that Anthropic has cut off first-party capacity to its Claude 3 series of models, including Claude 3.5 Sonnet, 3.7 Sonnet, and 3.7 Sonnet Thinking. Until Windsurf can find some capacity to support the demand for these models, it has had to make some short-term changes. One action Windsurf is taking to ease capacity issues is offering a promo rate for Gemini 2.5 Pro of 0.75x credits instead of the usual 1x. Gemini 2.5 Pro is a strong alternative to Claude models for coding, so it could help ease the capacity burden. Additionally, Windsurf has totally removed direct access to the affected Claude models for Free tier users and those trialing the Pro plan. However, you can add your own Claude API key to continue using the model in Windsurf. Claude Sonnet 4 is also available via your own key. Who it affects, and how As a result of the change, users who rely on the Claude 3 series models within Windsurf may experience slower response times or temporary unavailability. As an alternative, users could use the free SWE-1 models or the heavily discounted promo of GPT-4.1. There are other models available for paying customers, too. Users on the Free plan or enjoying a trial of Pro are the most affected by this change is it completely removes first-party capacity, forcing them to create a key and add it manually in Windsurf. This is a big barrier to entry, but some people might be willing to do this as Claude is widely seen as one of the best AI models for coding. The move could be considered a fairly big blow to Windsurf, which was recently in acquisition talks with OpenAI. Given Claude’s reputation as a strong AI for coding, developers could be less likely to use Windsurf now that it doesn’t come with Claude's set and is ready to go on the Free plan. Why it's happening The change came with less than a week’s notice for Windsurf to adapt to the change. While the press release doesn’t disclose the reasons for Anthropic's decision, there is a strong likelihood that it has something to do with OpenAI’s potential acquisition of the IDE. Anthropic and OpenAI were the original leaders competing in the AI race, and Anthropic won’t want to give OpenAI any help if it can help it. The chagrined Windsurf said that it was concerned about Anthropic’s decision and said the move would harm the entire industry, not just Windsurf. It’s unclear what it means by this, as it didn’t elucidate on this thought. Reactions As mentioned earlier, if you have been using Claude models and now feel abandoned by Anthropic and Windsurf, following the latter’s recommendation to use Gemini Pro 2.5 could be a sensible idea. While first-party capacity has been removed, Windsurf is still actively working with other inference providers to restore capacity and full access to the models. Windsurf, while disappointed with Anthropic's move, said the magic of its IDE doesn’t come from the models themselves. Instead, it’s all about the software’s deep contextual understanding, intentional user experience, and unique features like Previews, Deploys, and Reviews. Despite this setback, it will keep trying to deliver “magic.” Given everything, users will now need to decide whether Gemini 2.5 Pro meets their needs or if they need to hunt for a Claude 3 series API key to restore Claude functionality in Windsurf. If you use Windsurf, do not overlook its own model, SWE-1, as it’s also very capable and free to use. This decision by Anthropic highlights the main issue with relying on third parties to provide AI tools that we increasingly rely upon. For businesses like Windsurf, it means they will diversify the models they offer or, as Windsurf has already done, create their own LLMs that they control. For end users, being able to download a language model and run it offline is increasingly becoming easier and ensures users don’t lose access to their favorite models. Windsurf is not the only AI IDE on the scene, and this move could cause problems for it if other players continue to offer Claude models, at least in the short term, while it searches for more capacity. It will also reduce trust between model creators like Anthropic and the companies that rely on the models.
    • Tesla instructor reportedly said staff leave with a 'negative taste in their mouth' by Hamid Ganji Tesla has been making the headlines over the past few months due to Elon Musk's controversy in the Department of Government Efficiency, aka DOGE. People have been marching to the streets, boycotting Tesla, and even setting their already-bought Tesla cars on fire. Tesla temporarily shut down its factory in Austin for the week of Memorial Day, and employees could either take paid time off or attend a series of training sessions. Business Insider now claims to have obtained a recording of the sessions that reveals some interesting details about the Tesla culture and how its employees feel about the company. The Tesla instructor reportedly asked employees to respond if they ever felt "I can't work under these conditions" and were uneasy about the company's constant change. "I know I have," the instructor said. "A lot of people leave this company, and they have kind of a negative taste in their mouth," the Tesla instructor added. "They think: 'Man, it was terrible. It was bad. I got burnt out. I feel like I didn't get anything done, nobody listened to me.'" Hundreds of Tesla employees allegedly attended the meetings, where they were asked to take more responsibility for improving the company's culture. "Leadership has kind of another level of responsibility for trying to guide and direct that culture," the instructor told Tesla staff. "But at the end of the day, it's us as the people on the ground that are the reflection of the culture." Tesla's factory in Austin produces Cybertruck and Model Y. The staff said shutting down the factory for the sake of Memorial Day has been unusual for the company. Elon Musk recently announced that he would leave his position at the White House and added that he'll remain Tesla CEO for another five years. In the meantime, the latest data shows Tesla sales in Europe have dropped 49 percent, and the company's profit in Q1 2025 declined by 71 percent.
  • Recent Achievements

    • Dedicated
      jbatch earned a badge
      Dedicated
    • Week One Done
      Leonard grant earned a badge
      Week One Done
    • One Month Later
      portacnb1 earned a badge
      One Month Later
    • Week One Done
      portacnb1 earned a badge
      Week One Done
    • First Post
      m10d earned a badge
      First Post
  • Popular Contributors

    1. 1
      +primortal
      275
    2. 2
      snowy owl
      158
    3. 3
      +FloatingFatMan
      147
    4. 4
      ATLien_0
      141
    5. 5
      Xenon
      131
  • Tell a friend

    Love Neowin? Tell a friend!