- Hacking teams found a flaw with Nvidia’s Tegra X1 processor that allows for homebrew software.
- The vulnerability is hardware-based, so no number of software updates will patch it.
- The Tegra X1 can be found in the Nvidia Shield TV, Nvidia Shield Tablet, Google Pixel C, and Nintendo Switch.
Nvidia’s Tegra X1 processor might be almost three years old, but its use in the one-year-old Nintendo Switch means it still packs plenty of power. It also means that the console, along with the Nvidia Shield Tablet, Nvidia Shield TV, and Pixel C, have an exploit that could be a boon for hackers and homebrew software makers alike, reported Android Police.
Called “Fusée Gelée,” the exploit takes advantage of a flaw in the Tegra X1 chip that lets you gain access to its bootROM. Katherine Temkin and the ReSwitched hacking team found a way around the previously-inaccessible bootROM by forcing the Switch into USB recovery mode and overflowing a direct memory access (DMA) buffer.
To force the system into USB recovery mode, however, you must short out one pin on the right Joy-Con controller.
This is where fail0verflow comes in. The hacking team also found the exploit and said it was observing a 90-day responsible disclosure window with Google that would have ended April 25, which is why it chose to publish its findings today.
To start, fail0verflow tweeted a picture of a device that would make shorting out one of the right Joy-Con’s pins an easy procedure:
Introducing our new, revolutionary technology for Nintendo Switch modification. Welcome to SwitchX PRO. Coming soon. pic.twitter.com/d3xGawrW1u
— fail0verflow (@fail0verflow) April 23, 2018
Fail0verflow then explained that this is the same bug that Fusée Gelée exploited and that it has a tethered bootROM exploit and Linux for the Switch. Finally, the hacking team teased people by tweeting an image of The Legend of Zelda: The Wind Waker running on the Switch. The image implies that fail0verflow got the Dolphin emulator working on the console.
Regardless of how you learn about the Tegra X1 flaw, this is a hardware-based vulnerability. For Nintendo and Nvidia to fix the issue they would need to make changes to their manufacturing processes.
Also keep in mind that the flaw was found in the Switch. It is likely that the same vulnerability exists in the Shield TV, Shield Tablet, and Pixel C, since they use the same Tegra X1 processor, but that has not been confirmed yet.
Finally, fail0verflow emphasized that it released this information for the homebrew community, not for those who wish to pirate Switch content. It is near impossible to regulate how this exploit is used once it is discovered, however, so an uptick in Switch piracy would not be surprising.
If you wish to tinker with the exploit, do so at your own risk. You will need some technical savvy to pull this off on your own, but easier methods could become available if you wait a bit longer.
April 24, 2018 at 05:20PM