Nintendo Switch Unpatchable Bootrom Exploits Released

Discussion in 'News' started by InsaneNutter, Apr 24, 2018.

By InsaneNutter on Apr 24, 2018 at 9:10 PM
  1. InsaneNutter

    InsaneNutter Resident Nutter Staff Member

    Joined:
    Jun 1, 2007
    Messages:
    10,880
    Likes Received:
    2,951
    Location:
    Yorkshire, England
    fusee.jpg

    Its been known for several months now multiple independent teams had discovered various unpatchable bootrom exploits in the Tegra X1 SoC (system on chip), which is used in the Nintendo switch and various other devices.

    Essentially if you have an Nintendo Switch right now its hackable and Nintendo can't do anything to patch it, meaning every Switch out in the wild at present can be hacked regardless of the firmware version it's currently on.

    The only way Nintendo can patch this exploit is with a newer hardware revision of the Switch. With that in mind if you want Nintendo Switch hacks in the future, now is the time to pickup a console before new unhackable Switches land in shops.

    To get a bit more technical the a big exists in the RCM mode, a USB-based rescue mode intended for initial flashing of Tegra devices and recovery of bricked devices. Normally, RCM mode only allows signed images to be loaded, however thanks to the bug its possible to load your own code from here and have full control over the Nintendo Switch.

    For now what has been released is a tethered vulnerability, meaning you need to enter RCM mode and load a USB-based exploit from a PC. However it's already been confirmed in the Fusee Gelee FAQ its perfectly possible to exploit the Switch without been tethered to a PC, this and a lot of other upcoming nice things haven't been release yet.

    What is out there at the moment is mainly intended for developers and not the end user. A CFW (custom firmware) for the Nintendo Switch has been in development for several months. This is called Atmosphere and is scheduled to be released "early summer" with a current ETA around June 2018. Based on my understanding of the Fusee Gelee FAQ this is when things will be a lot more accessible for the average end user and we will very likely get an untethered way to launch CFW, Homebrew and Linux.

    If any of the above interests you at this point all you really need to do is ensure you own an Nintendo Switch as every console out there to date is exploitable, then sit back and good things will come to those who wait. Of course with a bit of tinkering you can boot Linux right now.

    After i've had some free time to mess about with things on my Switch I might post some guides up, however the Switch is something we hope to cover more in depth on Digiex as the scene progresses this year and it's more accessible to the end user.

    For now if you want some additional reading I'd suggest looking at fail0verflow's ShofEL2, a Tegra X1 and Nintendo Switch exploit, the Fusée Gelée FAQ and the Vulnerability Disclosure PDF for Fusée Gelée.

    Some Githubs to keep an eye on: shofel2, fusee-launcher and Atmosphere (CFW).

    Do you plan to hack your Nintendo Switch? if so what appeals to you the most about hacking it?
     

Comments

Discussion in 'News' started by InsaneNutter, Apr 24, 2018.

Share This Page