Published: Tue, April 24, 2018
IT&Software | By Alfonso Woods

Nvidia Flaw Opens Door For Nintendo Switch Hack

Nvidia Flaw Opens Door For Nintendo Switch Hack

That would not be useful for a chip-level bootROM exploit like the one in the case.

What do you think of this Nintendo Switch exploit? A sticking point for several gamers has been the inability to backup save game files to any form of external media, meaning that if the console dies, so do the hours of save game data.

For now, the hack is of little use to the typical Switch user.

Following the release of the exploit chain, it will be possible for pirates and hackers to run modified and emulated games on the Switch.

You can head over to the Fail0ver post for the full technical breakdown, but the gist of the situation is that once all of the technical stuff is out of the way, a user would be free to run any unsigned code they want on the Nintendo Switch. "By carefully constructing a USB control request, an attacker can leverage this vulnerability to copy the contents of an attacker-controlled buffer over the active execution stack, gaining control of the Boot and Power Management processor (BPMP) before any lock-outs or privilege reductions occur", she explained.

This unpatchable Nintendo Switch hack was revealed by hacker Katherine Temkin and the hacking team at ReSwitched as they rolled out a detailed outline of how this Nintendo Switch exploit works.

As Temkin describes, the "Fusée Gelée" exploit is baked into the read-only memory of the Nvidia Tegra X1 used in the Switch, and therefore can't be patched in a software update.

The Reswitched team has started teasing "fusée gelée" as a proof-of-concept coldboot execution hack capable on the Switch.

However, getting the Switch to get into the USB recovery mode is the most hard part of making the exploit work which requires shorting out a pin on the right Joy-Con connector. As such, the chips in other systems and devices could be open to exploitation by savvy hackers or malicious actors with a bit of tech know-how. The goal of the weird looking device is to give the user full access to the Bootrom of the console, meaning it Nintendo is no longer the captain of their ship. There are a few ways that Nintendo can fight against pirates, such as detecting consoles that are running the exploit and banning them from online services, but the window for a fix from the gaming juggernaut is extremely narrow, if not permanently closed. The process is still extremely complex and shouldn't be undertaken lightly.

Like this: