The exploits was first uncovered by console hackers ‘fail0verflow’ with the group’s ShofEL2 release, as well as the Fusée Gelée hack from Kate Temik and the team at ReSwitched. Since the vulnerability extends to most Tegra devices, the nature of the exploit was fully disclosed to Google, Nintendo and Nvidia by both the hackers well in advance.
While fail0verflow was set to release its exploit on April 25th, it pre-poned the release once the Switch’s boot ROM dump leaked. The video below shows Linux running on an unmodified Switch due to the exploit.
How to hack Nintendo Switch? “Choosing whether to release an exploit or not is a difficult choice,” fail0verflow wrote in a blog post accompanying the release of its exploit. “Given our experiences with past consoles, we’ve been wary of releasing vulnerability details or exploits for fear of them being used primarily for piracy rather than homebrew. “That said, the Tegra bootrom bug is so obvious that multiple people have independently discovered it by now; at best, a release by other homebrew teams is inevitable, while at worst, a certain piracy modchip team might make the first move. 90 days ago, we begun the responsible disclosure process with Google, as Tegra chips are often used in Android devices. The disclosure deadline has now lapsed. The bug will be made public sooner or later, likely sooner, so we might as well release now along with our Linux boot chain and kernel tree, to make it very clear that we do this for fun and homebrew, and nothing else.” The reason Nintendo cannot patch to stop the hack is because the flaws are reportedly hardware-based that allow homebrew code to run on the hybrid console. So, the only way for Nintendo to patch the hack and remove the ROM exploit would be to alter the Nividia Tegra X1’s architecture — the processor that powers the Switch. Homebrew code is mostly used to emulators of classic video game platforms like the SNES, but it can also be used to pirate or modify software. Basically, every Switch released till date and going forward is vulnerable to the exploit until the Tegra chip is modified. “Since this bug is in the Boot ROM, it cannot be patched without a hardware revision, meaning all Switch units in existence today are vulnerable, forever.” The group goes on to explain the exploit’s process, which basically requires a wire bridge (or a 3D printed tool). “As it turns out, what Tegra calls the Home button is actually connected to Pin 10 (the rearmost pin) on the right hand side Joy-Con connector. You can just use a simple piece of wire to bridge it to e.g. a screw on the rail (easiest), or pins 10 and 7 (or 1) together (10 and 9 won’t work),” writes fail0verflow. Nintendo has yet to comment on how it plans to address the exploits. When reached for comment a spokesperson at the company said, “We have nothing to announce on this topic.” Source: Eurogamer