Nintendo is in for a rough ride this week as their newest console, the Nintendo Switch is under attack by hackers. What’s more, these Switch hackers say Nintendo can’t patch their new jailbreak. And why, you may ask, is that? Because the hackers say the exploit is due to a bug in the system’s processor chip, meaning that, no matter what they do, Nintendo won’t be able to patch the exploit out in a firmware update.
The flaw in the Switch’s code is the Tegra processor’s USB Recovery Mode (RCM), which the hackers state can be easily overflowed with data using another computer tethered via the USB connection. Doing this means that you are able to bypass security surrounding the Boot ROM, enabling you to access what can be installed and run on the Switch. This can include a number of things, such as running a fully accesible Linux to running every Doom game out there.
While this isn’t the first time that the vulnerability of the Switch has been reported about, it is the first time that the tools on how to do the hack have been released to the public. The hacks were spoken about by hacking group ReSwitched, who calls their method Fusée Gelée, as well as Fail0verflow who’s named their method ShofEL2. The two codes they use are inherently different, however, both adopt similar steps and utilize the same bug in Nvidia’s Tegra X1 processor.
Both groups added that the bug is in the hardware, rather than code, hence why they then later said that Nintendo can’t do much in retaliation. At this point all Nintendo can do is fix the issue for future consoles in a hardware revision. However, that means every Switch that’s been manufactured until this point contains a permanently exploitable weakness. The damage, it seems, is done. Check out the video below to see the Linux in action on the Nintendo Switch.
While initiating the exploit found by the two hacking groups is a lot more complex than the average player can handle, it is doable. A significant part of it relies on shorting the number 10 Pin in the Switch’s right-hand Joy-Con connector. Apparently, this boots up the Tegra chip’s recovery mode, at which point an individual can take full advantage of the flaw in the chip, allowing an overflow of data to occur. This then leads to direct to access to the Boot ROM.
The bug is a pretty devastating one for Nintendo, especially due to how it highlights the vulnerability of the Switch’s system. What’s more, it also has the potential for far more devastating consequences even outside hackers simply being able to run custom operating systems. The vulnerability is there, and unfortunately, there’s nothing Nintendo can do about it.
Both exploits are in their early stages, with Fail0verflow claiming that it has Dolphin (the GameCube and Wii emulator) running on the Nintendo Switch. This may cause many people to dream of a future where they can upload their devices with old Nintendo classics and play them with one flick of a button, all without paying a single cent. But that, our dear readers, is not completely true.
In its FAQ, Fail0verflow wrote how easy it was to break platforms like the Nintendo Switch by running faulty software on them. “We already caused temporary damage to one LCD panel with bad power sequencing code,” it wrote on its blog. “If your Switch catches on fire or turns into an Ouya, it’s not our fault.”
So, lesson learned. Do not try and do this hack yourself with any old program, otherwise you’ll sorely regret it. Of course, that didn’t stop Failoverflow from bragging about the accomplishment anyway.
ShofEL2 also supports running Switch homebrew. Technically. pic.twitter.com/pIcxvmsgPj
— fail0verflow (@fail0verflow) April 23, 2018
ReSwitched also shared its breakdown of the method ‘Fusée Gelée’ this week, opting to post it now and then, later on, expand its explanation of its complete findings on June 5th. ReSwitched hacker Katherine Temkin stated that “Fusée Gelée was responsibly disclosed to Nvidia earlier, and forwarded to several vendors (including Nintendo) as a courtesy.”
Failoverflow did the same, in order to separate the work they did with software piracy that it felt was sure to follow after the exploit’s reveal. While some may already consider themselves pirates regardless of what they say, Failoverflow reiterated in their group post that they only do this “for fun and homebrew, and nothing else.”
We’re unsure how Nintendo will respond to this, but when they do we don’t doubt that groups ReSwitched and Fail0verflow will be watching.