Nintendo Switch's patch Successfully launching Linux and Wii emulators using a vulnerability that can not be corrected, destroying terminals if they are abused



Nintendo SwitchNVIDIA's at the heartTegra processorAlthough it carries, there is vulnerability on this chip, and it is clear that you can hack a terminal by attaching it. The hacking group reveals what kind of things can be done with this Tegra processor vulnerability.

fail 0verflow :: ShofEL 2, a Tegra X 1 and Nintendo Switch exploit
https://fail0verflow.com/blog/2018/shofel2/

Switch Hackers Say Nintendo Can not Patch Their New Jailbreak
https://kotaku.com/switch-hackers-say-nintendo-cant-patch-their-new-jailbr-1825508582

As for the hacking using the vulnerability existing in Nintendo Switch's Tegra processor, as of January 2018,Suggested existenceIt was done.

Meanwhile, ReSwitched of the hacking group revealed on April 23, 2018 is the vulnerability of Tegra processor installed in Nintendo Switch. According to ReSwitched, it is possible to avoid the lockout operation that protects the bootROM by using the vulnerability inherent in the USB recovery mode of the Tegra processor, and it is possible to hack the terminal by using this. There is a problem with built-in chip bootROM, but it is impossible to change this once you leave manufacturing factory, so existing Nintendo Switch can not fix vulnerability on Tegra processor Is regarded as a problem.

All existing Nintendo switches have a patch unmodifiable vulnerability - GIGAZINE


It is a hacking group different from ReSwitchedfail 0verflowHas announced the "ShofEL 2" method of hacking Nintendo Switch using the same Tegra processor vulnerability. Although it is attached with the same vulnerability as ReSwitched announced hacking method, it is said that different codes are used, not exactly the same hacking method.

However, as with the ReSwitched method in ShofEL 2, it is necessary to short the 10 pin of the Joy - Con connector on the right side of the Nintendo Switch. This will start the recovery mode of the Tegra processor, so we can exploit the vulnerability to cause data overflow and access to bootROM. Although it is a considerably hacking hack to general Nintendo Switch users, "This is a catastrophic bug in security and it exceeds the category that hackers can execute mere custom OS", Kotaku of overseas game media He wrote. Actually fail 0verflow says that this vulnerability occurs early in the terminal boot process, so it will be able to extract any data on the device including bootROM itself and all cryptographic keys.

By using this vulnerability, fail 0verflow allows you to use the open source emulator for GameCube and Wii on Nintendo SwitchDolphinWe have been claiming to have been successful in operating the.


In addition, we are also showing movies of running Linux on Nintendo Switch using ShofEL 2. In the movie, there is a way to do web browsing on the Nintendo Switch and check the website and Twitter.

Linux on the Nintendo Switch - YouTube


According to fail 0verflow, it is easy to break the Nintendo Switch body by executing malicious software about the vulnerability of Tegra processor. In fact, fail 0 verflow says it succeeded in damaging the liquid crystal panel using the power sequencing code.

In addition, fail 0verflow uses this vulnerability to address the Nintendo SwitchHomebrewIt is revealing on Twitter that it is under construction.


Kotaku wrote that Nintendo "might change the hardware in the future" to cope with the defect of Nintendo Switch,Eurogamer"The" T214 "Tegra processor referenced in the Nintendo Switch's 5.0.0 firmware update may be a manifestation of Nintendo's plan to change the T210Tegra processor in question," Nintendo changed the built-in chip I guess it is.

in Software,   Hardware,   Video,   Game,   Security, Posted by logu_ii