All existing Nintendo switches have a patch unmodifiable vulnerability

Nintendo SwitchTo NVIDIATegra processorAlthough it is equipped with vulnerability of this processor, it is clear that it is possible to hack Nintendo Switch, "All existing Nintendo Switch can be hacked, vulnerability can not patch fix It has become a big topic by saying that.

The "unpatchable" exploit that makes every current Nintendo Switch hackable | Ars Technica
https://arstechnica.com/gaming/2018/04/the-unpatchable-exploit-that-makes-every-current-nintendo-switch-hackable/

Nintendo Switch is equipped with NVIDIA's Tegra X1 based processor, but I can hack the Nintendo Switch with this Tegra processor's vulnerability "Fusée Gelée" with hardware hacker Katherine TemkinReSwitchedHacking team demonstrates the concept and detailsGitHubPublished on above.


"Fusée Gelée" is a vulnerability that exploits the vulnerability inherent in Tegra X1's USB recovery mode and avoids the lockout operation that protects bootROM. By sending an incorrect coded USB control procedure to an incorrect length argument to the correct place, the user can "request up to 65535 bytes per control request" to the system. Since this data can easily overflow the direct memory access (DMA) buffer in the boot ROM, it is possible to copy the data to the protected application stack and let attackers execute arbitrary code about.

The hacking method that exploited this vulnerability appeared in the following article.

Hint of Nintendo Switch is advanced to a considerable level - GIGAZINE


If you plan to use "Fusée Gelée" with Nintendo Switch, you need to use USB recovery mode. In order to use the USB recovery mode without opening the Nintendo Switch's enclosure, it is necessary to short the specific pin in the Joy-Con connector on the right.

The fail 0verflow of the hacking team who had been engaged in hacking earlier with "Fusée Gelée" started developing the "SwitchX PRO" to short the specific pin in the right Joy-Con connector part I reveal it on Twitter.

Introducing our new, revolutionary technology for Nintendo Switching. Welcome to SwitchX PRO. Coming soon.pic.twitter.com/d3xGawrW1u

- failoverflow (@ fail 0verflow)April 23, 2018

The most problematic issue of vulnerability "Fusée Gelée" is that Nintendo and other Tegra vendors can not fix vulnerabilities using downloadable patches and so on. This is because Tegra chips can not change problematic boot ROMs once they leave the manufacturing plant, Temkin of hardware hacker said "Unfortunately, when ODM_PRODUCTION fuse is burned, Updating the bootROM is impossible because access to the fuse required to set ipatches on the device is blocked. " In addition, Nintendo and NVIDIA declined to comment on "Fusée Gelée".

Ars Technica of overseas media wrote that "Nintendo is not completely helpless in this situation", and even when the abuse of "Fusée Gelée" spreads widely, when you sign in to the server of Nintendo "hacking The system that can be detected "pointed out. In addition, we should be able to disable the on-line function of the detected "hacked system". In fact, Nintendo will use pirated edges in similar ways when pirated versions of Pocket Monster Sun & Moon for Nintendo 3DS are discoveredNintendo 3DS online function unavailableI am doing it.


Temkin says, "Some people who have discovered these vulnerabilities by themselves may have a lot of bad things," some groups already said, "By transferring information on hacking to a small number, I am trying to get it. " In order to combat such power, Temkin says that details of "Fusée Gelée" was announced.