A newly published "exploit chain" for Nvidia Tegra X1-based systems seems to describe an apparently unpatchable method for running arbitrary code on all currently available Nintendo Switch consoles. Hardware hacker Katherine Temkin and the hacking team at ReSwitched released an extensive outline of what they're calling the Fusée Gelée coldboot vulnerability earlier today, alongside a proof-of-concept payload that can be used on the Switch.
In the FAQ, Temkin says she has previously notified Nvidia and vendors like Nintendo about the existence of this exploit, providing what she considers an "adequate window [for Nvidia] to communicate with [its] downstream customers and to accomplish as much remediation as is possible for an unpatchable bootROM bug."
Months ago, word leaked out to the public of an "unpatchable" exploit method that allowed Switch users to run custom firmware, homebrew code, and even pirated software on all existing hardware. Now, Nintendo is reportedly selling Switch systems that have been fixed at the factory to protect against this exploit.
Hacker Katherine Temkin and the hacking group ReSwitched have been in pursuit of the 'Holy Grail' of Nintendo Switch exploits ever since its launch, and a recent post by the team suggests it may have found the next best thing. According to a detailed report, the exploit in question - known as the Fusée Gelée coldboot vulnerability - uses the Tegra X1's USB recovery mode, which bypasses the lock-out operations that would usually protect the chip's crucial bootROM.
How many times did they say it was "unpatchable"? Are the previous exploits still unpatchable or were they patched regardless?They break the console and then contact Nintendo about it? Well, I guess that's nice of them. Maybe Nintendo should hire a team of hackers for testing purposes (not sure if the "hat" terminology applies to console hackers).
switch is region free. So they don't need to mod it to play games from other countries. So the only hack they can do will be bad for the system. Some hackers have sold snes mini with all the games installed which is a major loss for nintendo.
@Spectra: There are many things that are unpatchable because of how the hardware works or how integral the issue is to the running of the code. There's an item duolication glitch in "Breath of the Wild" that's been known for 8 months or so, in fact, it was the firdt ever item duplication glitch found for the game, but it cannot be patched out because it relies on the same thing the game relies on to keeö the game running if there's a memory overflow.
For those who complain over systems being hacked and the method being made public, don't seem to understand infosec concepts here. Whether or not you're interested in hacking the console, this is a good thing, because whenever exploits are found they can be patched or redesigns made. More secure hardware and more secure OS will come out of this. And maybe if we're lucky, some additions or improvements will be made in that redesign that otherwise would not have. 2b1af7f3a8