The "unpatchable" exploit that makes every current Nintendo Switch hackable


Recommended Posts

A newly published "exploit chain" for Nvidia Tegra X1-based systems seems to describe an apparently unpatchable method for running arbitrary code on all currently available Nintendo Switch consoles.  Hardware hacker Katherine Temkin and the hacking team at ReSwitched released an extensive outline of what they're calling the Fusée Gelée coldboot vulnerability earlier today, alongside a proof-of-concept payload that can be used on the Switch.

 

"Fusée Gelée isn't a perfect, 'holy grail' exploit—though in some cases it can be pretty damned close," Temkin writes in an accompanying FAQ.

 

The exploit, as outlined, makes use of a vulnerability inherent in the Tegra X1's USB recovery mode, circumventing the lock-out operations that would usually protect the chip's crucial bootROM. By sending a bad "length" argument to an improperly coded USB control procedure at the right point, the user can force the system to "request up to 65,535 bytes per control request." That data easily overflows a crucial direct memory access (DMA) buffer in the bootROM, in turn allowing data to be copied into the protected application stack and giving the attacker the ability to run arbitrary code.

 

On the Switch, the hardest part of the exploit seems to be forcing the system into USB recovery mode. To do this without opening the system requires shorting out a certain pin on the right Joy-Con connector (the bit on the side of the system where the Joy-Con clicks into place). The hacking team at Fail0verflow tweeted a picture of a small plug-in device that can apparently provide this short-out easily, and the team joked that a simple piece of wire from the hardware store can do so today. Temkin also tweeted a picture suggesting that simply exposing and bending the pin in question would also work.

 

 

 

 

 

Full article@ Ars Technica

Hopefully this doesn't kill software releases and sales à la NDS / PSP :/ Nintendo has been working on a new SoC for a few months now though; presumably because they were notified of the exploit, so if you want one of these exploit capable Switches buy one soon.

  • 3 weeks later...

I assume this has been blown wide open now? I'm seeing entire switch rom library dumps happening on private torrent sites. Not that I've looked into what's happening as this progresses much at the moment.

  • 2 weeks later...
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • Microsoft isn't happy you're using unsupported Exchange versions, announces final deadline by Usama Jawad Earlier this month, Microsoft announced Exchange Server Subscription Edition (SE), which is the official transition of the product to the Modern Lifecycle Policy, where software is continuously serviced without an end-of-life date, as long as you keep it updated. It also revealed surprising, but brief, Extended Security Updates (ESUs) for Exchange 2016 and 2019. As it winds down support for these products, the company has expressed some displeasure that some customers are using even older and, obviously, unsupported versions of Exchange. In a blog post, the company has noted that it currently offers migration tools that enable the migration of public folders from on-premise Exchange 2013 or older versions to Exchange Online. This is by design, but Microsoft is now changing its tune on the topic. Starting from October 1, 2025, customers leveraging Exchange 2010 or older versions of the software will not be allowed to use Microsoft's tools to migrate their public folders to Exchange Online. Microsoft believes that this deprecation will reduce reliance on legacy systems and enhance "long-term service reliability". Any migrations that are attempted after the aforementioned date will fail, so Microsoft has urged customers to complete their migrations as soon as possible. If customers want to move their data to Exchange Online after October 1, they will first have to upgrade to a newer Exchange version, which is Exchange 2013, but it is important to keep in mind that supported versions are 2016 and 2019. Microsoft has emphasized in a rather stern tone that it does not encourage using unsupported versions of Exchange Server at all, and it has just put out this advisory because it is aware that public folder migrations from legacy systems are currently active, even though they shouldn't be. Needless to say, customers should upgrade to Exchange Server 2016 or 2019 as quickly as possible, but ideally, they should consider moving to Exchange Server SE at this point, considering that the other two versions are running out of support soon, too.
    • A little bit, yeah, if you ask me. Granted, he has the right to be upset with this jerk user that attacked him, but why drop the entire project just because of ONE person? Seems a little exaggerated.
    • Xbox July Update brings PC app cloud upgrades and Rewards support by Pulasthi Ariyasinghe The Xbox team at Microsoft has another major series of updates hitting its platforms. The Xbox July Update is primarily bringing new features to the PC application, while cloud gaming services are also being upgraded. A lot of these additions were a part of Insider testing sessions previously, but now they are ready for prime time. First off, Game Pass Ultimate members can now stream supported games over the cloud, as long as they own a copy on the Xbox store. The Stream Your Own Game feature can be accessed via the Cloud Gaming section on the Xbox PC app. The feature now boasts over 250 supported games too, with recent additions including classic Assassin's Creed titles, LEGO games, and the Saints Row series. Upcoming games to the lineup include RoboCop: Rogue City – Unfinished Business, Tetris Effect Connected, Wo Long Fallen Dynasty, and more. Check here to get a full list of games. Don't forget that cross-device play histories on the app also landed for Xbox Insiders earlier this month, letting players see what games they have been playing regardless of console, PC, or cloud Xbox platform being used. Another new feature announced today as landing on the PC app this month is Rewards with Xbox. Only available in select markets and only for those above 18, Rewards can now be found in the Home section with easy access to checking out how to get more points, track progress, and more. The Xbox and Antstream Arcade joint venture, the Retro Classics app, is gaining seven more games too. These are Caesar, Conquests of Camelot: The Search for the Grail, Gabriel Knight: Sins of the Fathers, Hard Head, Okie Dokie, Skate Boardin’, and Skeleton+. Lastly, mouse and keyboard as well as touch controls continue to roll out for more games, with Police Simulator: Patrol Officers getting support for the former while South of Midnight has gained the latter.
  • Recent Achievements

    • Week One Done
      NeoWeen earned a badge
      Week One Done
    • One Month Later
      BA the Curmudgeon earned a badge
      One Month Later
    • First Post
      Doreen768 earned a badge
      First Post
    • One Month Later
      James_kobe earned a badge
      One Month Later
    • Week One Done
      James_kobe earned a badge
      Week One Done
  • Popular Contributors

    1. 1
      +primortal
      674
    2. 2
      ATLien_0
      256
    3. 3
      Xenon
      165
    4. 4
      neufuse
      145
    5. 5
      +FloatingFatMan
      116
  • Tell a friend

    Love Neowin? Tell a friend!