Unpatchable boot ROM exploits released for Nintendo Switch
A group of new hardware exploits that allow homebrew code have been released for the Nintendo Switch. Normally, a software patch would be issued by the manufacturer to close off the exploit and nullify the execution of homebrew code on a console, but that won’t help in this case. This is because both of the exploits released so far rely on taking advantage of known vulnerabilities in the Nvidia X1 Tegra processors built into the Switch hardware.
These exploits can about after someone dumped the full boot ROM code for the console online.
The exploits have been delivered by veteran console hackers fail0verflow with its ShofEL2 release, and the Fusée Gelée hack from Kate Temik, which is fully documented here. According to the hackers, the nature of the exploit was fully disclosed to Google, Nintendo and Nvidia some time ago. fail0verflow was set to release its exploit on 25th April, but brought it forward once the boot ROM dump leaked.
According to one of the hackers:
“That said, the Tegra bootrom bug is so obvious that multiple people have independently discovered it by now; at best, a release by other homebrew teams is inevitable, while at worst, a certain piracy modchip team might make the first move. 90 days ago, we begun the responsible disclosure process with Google, as Tegra chips are often used in Android devices. The disclosure deadline has now lapsed. The bug will be made public sooner or later, likely sooner, so we might as well release now along with our Linux boot chain and kernel tree, to make it very clear that we do this for fun and homebrew, and nothing else.”
One modder already released a version of Linux that will run on the hardware, which you can view below.
What this means now is that the floodgates are open for coders, hackers and modders to start releasing tools and homebrew applications that expand the capability of what the console can do. These releases won’t appear for a while, but they’ll certainly be out faster than Nintendo can retrofit it’s manufacturing process to fix the bug. We’ll likely see a bunch of new apps like emulation tools, among other things, so retro gaming fans might be in for a treat. Although the most likely outcome is that game and software piracy on these consoles is about to spike.
It’s possible that Nintendo could implement software fixes that make it harder to reverse engineer their code, but they still need to change out the processor. Which is something the console maker might do anyway, because references in the 5.0.0 firmware release mention the possibility for RAM capacity upgrades and a newer T214 (newer than the T210 which powers the console now) processor in future hardware iterations.
And the only way Nintendo can lock out the hack is to switch out the processor being used for a different model. Whatever they decide to do, this is going to be costly to fix for Nintendo, both in time and money. And even as Nintendo is working hard to ensure support for their console with high-profile releases like Wolfenstein II, this diversion is sure to hurt their efforts for a while.
ISKMogul is a growing video game publication that got its start covering EVE Online, and has since expanded to cover a large number of topics and niches within the purview of gaming.