Hacker Katherine Temkin and the folks at ReSwitched have published a Nintendo Switch exploit. Like it’s the case in general, it could invite a host of custom stuff and piracy to millions of Switches currently alive.
The coldboot hack, known as Fusée Gelée, targets Nvidia Tegra X1 chip present on the Nintendo Switch. One can access the USB recovery mode on the Tegra chip and bypass the security protecting the bootROM.
However, getting control of the device to install emulators and Linux distros may not be easy. The hacker group Fail0verflow posted a picture of a tiny device that can short a particular pin on the right Joy-Con connector to access the USB recovery mode. Without that, doing the same is a bit of a task.
“Fusée Gelée isn’t a perfect, ‘holy grail’ exploit– though in some cases it can be pretty damned close,” Temkin said in a blog post earlier this month.
“The relevant vulnerability is the result of a ‘coding mistake’ in the read-only bootrom found in most Tegra devices. This bootrom can have minor patches made to it in the factory (‘ipatches’), but cannot be patched once a device has left the factory.”
Once a person is in, they could run arbitrary code and unofficial software on Switch, but physical access is required. That won’t be a problem for people who own a Nintendo Switch and want to use it the way they like.
The road isn’t buttery smooth, and technical expertise is still required to make Switch dance to your tunes. Temkin said that people with lack of knowledge could end up damaging their device.
The vulnerability is already disclosed to Nvidia as well as Nintendo, and it was scheduled for public disclosure on June 15, 2018, or in case someone else spills the beans. After some hacker anonymously revealed the details, Temkin published the exploit and a proof-of-concept payload on the GitHub repo of ReSwitched.
Unfortunately, for Nintendo Switch already in the hands of a customer, a software update would do next to nothing in fixing the bug as it exists on a read-only memory. However, Nintendo can still spot and block people using modded devices from accessing their online services and warranty privileges.