A hardware-bound vulnerability has been discovered in the Nintendo Switch, and any other device which uses the same Tegra based processor, which could potentially lead to developers and hackers inaugurating the homebrew scene to the Switch ecosystem at last. The details of the vulnerability are, to the layman, highly technical, and your author is ignorant of their fullest implications. Here’s the summary from github:
Videos by ComicBook.com
“This report documents Fusรฉe Gelรฉe, a coldboot vulnerability that allows full, unauthenticated arbitrary code execution from an early bootROM context via Tegra Recovery Mode (RCM) on NVIDIA’s Tegra line of embedded processors. As this vulnerability allows arbitrary code execution on the Boot and Power Management Processor (BPMP) before any lock-outs take effect, this vulnerability compromises the entire root-of-trust for each processor, and allows exfiltration of secrets e.g. burned into device fuses.”
As we mentioned, this applies to pretty much any device which uses a Tegra based processor, but for the sake of this article, we want to focus more acutely on the Nintendo Switch. In github’s report are instructions for coders and tinkerers to try out a kind of proof-of-concept on their Switches. After connecting their Nintendo Switches to a PC with a USB cable, they’re able to boot up the Switch in a kind of recovery mode in a few different ways.
Perhaps the most straight-forward way, now, is by grounding one of the Joy-Con pins and holding the volume up button while booting up the Switch. This would typically require cracking open your hardware, but it looks like fail0verflow has made things easier by 3D-printing a device that will ground the pin for you:
Introducing our new, revolutionary technology for Nintendo Switch modification. Welcome to SwitchX PRO. Coming soon. pic.twitter.com/d3xGawrW1u
โ fail0verflow (@fail0verflow) April 23, 2018
At the moment, there isn’t much one can do with this information. You can turn your Nintendo Switch into a fancy linux-based tablet with Joy-Con, but that’s not going to do us any good. What we need now is for some low-level (now untalented; low-level in this instance means working with code more directly tied to the hardware) code to create our own custom firmware that won’t totally brick the console.
And they’ll have plenty of time to do this. The nature of this vulnerability is tied to the hardware itself, and not the software, so Nintendo will never be able to release an update or patch that makes this impossible to do. Until we see a hardware revision in the future, millions of Nintendo Switch owners will be able to trigger this vulnerability and tinker.
Could this lead to a homebrew scene? Absolutely it could. It’s going to take a while for that to happen, though, and there will more than likely be many Nintendo Switches sacrificed to the cause before anything resembling functional homebrew makes its way to me or you. We’ll keep you updated.