Vulnerability of Tegra X1 used in Nintendo Switch opens up modding possibilities
#1
via: Tech Crunch

The exploit involves shorting out a pin in the right Joy-Con connector which forces the system into USB recovery mode. Then a command is sent with a large `length` value which allows the attacker to send a large control request which in turn causes a buffer overflow allowing the attacker's code to be copied over to Switch's application memory.

All of these happens in the Boot ROM so this is something that can only be patched during the manufacturing process. In other words, once it is in user's hand (current estimation is more than 14.8 mil), Nintendo can do nothing about it unless they issue a recall.

A few groups - ReSwitched, Fail0verflow, Team Xecuter - seem to have discovered the vulnerability independently. ReSwitched calls the exploit "Fusée Gelée" whereas Fail0verflow calls it "ShofEL2".

The exploit requires physical access so it's not necessarily a huge security risk. It does open up doors for modding Switch to run software that it isn't designed to run such as running Linux, http://running games released for older ...a emulator, or running custom firmware (CFW). Work is currently underway to make modchips that allow users to utilize the exploit without having to mess around with the internals of Switch. Several exploit codes has already been released, for example fail0verflow's (includes a Linux loader) and ReSwitch's. fail0verflow's code contains this disclaimer in the README

Quote:If your Switch catches fire or turns into an Ouya, it's not our fault. It's stupidly easy to blow up embedded platforms like this with bad software (e.g. all voltages are software-controlled). We already caused temporary damage to one LCD panel with bad power sequencing code. Seriously, do not complain if something goes wrong.

Nintendo would probably implement some mechanism to ban the user from their online services or the user's account if it detects the Switch is modified though, so users aren't exactly free to do whatever they want. Also, word on the street is that Nintendo is shipping a new hardware revision soon which would likely patch this vulnerability.

Further reading
Reply




Users browsing this thread: 1 Guest(s)