The 'Unpatchable' Exploit That Makes Every Current Nintendo Switch Hackable

An anonymous reader quotes a report from Ars Technica: A newly published "exploit chain" for Nvidia Tegra X1-based systems seems to describe an apparently unpatchable method for running arbitrary code on all currently available Nintendo Switch consoles. Hardware hacker Katherine Temkin and the hacking team at ReSwitched released an extensive outline of what they're calling the Fusee Gelee coldboot vulnerability earlier today, alongside a proof-of-concept payload that can be used on the Switch. "Fusee Gelee isn't a perfect, 'holy grail' exploit -- though in some cases it can be pretty damned close," Temkin writes in an accompanying FAQ. The exploit, as outlined, makes use of a vulnerability inherent in the Tegra X1's USB recovery mode, circumventing the lock-out operations that would usually protect the chip's crucial bootROM. By sending a bad "length" argument to an improperly coded USB control procedure at the right point, the user can force the system to "request up to 65,535 bytes per control request." That data easily overflows a crucial direct memory access (DMA) buffer in the bootROM, in turn allowing data to be copied into the protected application stack and giving the attacker the ability to run arbitrary code. The exploit can't be fixed via a downloadable patch because the flawed bootROM can't be modified once the Tegra chip leaves the factory. As Temkin writes, "unfortunately, access to the fuses needed to configure the device's ipatches was blocked when the ODM_PRODUCTION fuse was burned, so no bootROM update is possible. It is suggested that consumers be made aware of the situation so they can move to other devices, where possible." Ars notes that Nintendo may however be able to detect "hacked" systems when they sign on to Nintendo's servers. "The company could then ban those systems from using the Switch's online functions."

Nintendo should have used custom hosts files

Nintendo should have used custom hosts files in the Switch. That would have made them unhackable. I'm sure APK will agree with this.

Banned from online?

Nintendo begins charging for online service in September so I wasn't going to be playing online after that anyway. Losing access to the eShop doesn't matter so much if you're pirating all the games. This is a shitty development for Nintendo and game developers.

Re:Banned from online?

This is a shitty development for Nintendo and game developers.

Apart from their sales-drones going into panic-mode I doubt they will see much impact.

There have been exploits for many platforms before this. When they show up people have already bought most of the games they were going to buy anyway and it is not like a large part of the consumer base will use the exploit.
The users of the exploit will mainly be gamers that couldn't afford getting the games they wanted before or those who wants to play games they weren't willing to pay for.
Apart from that it will be a handful of homebrew developers or speedrunners that wants in-game timestamping that will use it.

Essentially a bunch of people will have fun with it and Nintendo and game developers won't lose much because of it.
The thing that could harm their bottom line is if someone sets up shop and sells hacked consoles to the less technology-savvy, but if anyone does that they become a pretty convenient target for Nintendo.

Sounds promising

So if I'm understanding TFS correctly users might be able to take control of their devices and use them for something other than their intended purpose?

Sounds good to me!

Re:Sounds promising

[Darinbob]

I wouldn't call this an exploit. I find it bizarre that the world takes these extreme measures to lock down a purchased product as a matter of fact, instead of treating it as a violation of consumer rights. Now there are devices where such paranoia is reasonable, but I don't think this is reasonable in a consumer game market.

Re:Sounds promising

Not when considering that a few years ago all my friends' pre-teen kids had a Nintendo DS/DS2/3DS and none of them had any original games. They all had gotten a Supercard or something similar together with a microSD-card filled with hundreds of ROMs. Using exploits it became too easy to run copied games on the older Nintendo handhelds. You don't need to have any technical how-to, just go to the store and buy a small cartridge, get game ROMs from a friend and pop the microSD-card into the cartridge.

A console manufacturer not trying to prevent their product from running copied games will not attract as many developers and that in turn will make the platform less desirable since fewer games are produced for it.

So I don't believe this is paranoia, just them trying to protect their investment. If you think that is anti-consumer rights, talk to your local representative.

Correction

The 'Unpatchable' Exploit That Makes Every Current Nintendo Switch ownable by the person in possesion of it, which can be a good thing.

Re: Correction

[kurkosdr]

I find it funny that FOSSies were super worried about access to the source code (never mind that several proprietary games have been hand-hacked using hex editors with great results, without the need for a line of source code) and the real threat to user freedom came from a GPL kernel locked behind locked bootloaders and locked root access. Nice foresight there Mr Stallman! Now excuse me, an Android phone of mine crapped its own /system partition and I cannot reinstall the OS (like I can with evil non-free Windows) because locked bootloader. No, honestly.

Re: Correction

You didn't make a correction. You simply reworded it for clarity. You think of hackable as a negative but plenty of people (and not just malicious people) see hackable as a positive trait. With that in mind, the original wording was absolutely correct.

Re: Correction

...the real threat to user freedom came from a GPL kernel locked behind locked bootloaders and locked root access.

When the war was fought for Free Software, the war shifted to Unfree Hardware. It's why the GPLv3 was created. In the end, though, there's nothing to prevent hardware makers from making various workarounds to complying with the intent of the GPLv3 because of things like shell companies, international law, and the like. The best that can be done is to keep the major players in check as best as possible. GPLv3 was published in 2007 in response to TiVo-ization. Android 1.0 was released in 2008. Linus and crew were unwilling to license the Linux kernel under GPLv3 either for ideological reasons--I believe that was most of it--or the difficulty to finding all contributors and rewriting all the parts where there was ambiguity of license. So, yea, Stallman did see.

PS - AFAIK, nothing in the Switch is FOSS. It might have all the components of an Android tablet, but I'm fairly certain it's a progression of the 3DS line--just because pragmatically, that's the sort of thing Nintendo does. It's also a GPU exploit that was one of the major hacks for the 3DS for a while as well, which was apparently patched for the Switch?

Re: Correction

Now you can turn it in to a shitty tablet!

Or maybe start to pirate games some how. ðY

Re: Correction

[ChunderDownunder]

A portable Linux machine with 4 gigs of RAM sounds handy.

Re: Correction

[Bing+Tsher+E]

Finally we can play Tux Racer on the Switch!

Re: Correction

[jimtheowl]

" .. funny that FOSSies .."

MS is trying hard to portray themselves as the new friends of 'FOSSies'. You are not helping them.

".. several proprietary games have been hand-hacked using hex editors with great results"

If you think that the purpose of FOSS is to hack games, you are missing the big picture. Even in the context of a gaming console, it is mostly about the journey, not the destination. Hacked consoles have never made a dent in the game console market. Perhaps worth noting is that the vendor has an incentive to keep the console locked so they can sell it under cost and expect to recover the profits.

It can be especially problematic to the vendor if consoles are bought in massive quantities to act in a cluster as opposed to a game platform

".. the real threat to user freedom came from a GPL kernel locked ..."

Open source software and open hardware are connected but distinct and not mutually exclusive issues. Open systems vs proprietary hardware is not a new thing.

".. phone of mine crapped its own /system partition and I cannot reinstall the OS.. (like I can with evil non-free Windows .."

So.. you are the guy who bought that last Windows phone?

Re: Correction

A portable Linux machine with 4 gigs of RAM sounds handy.

How will that be handier than current gen smartphones with 3-8 gigs of RAM?
The problem with Linux on smartphones is that the lack of keyboard makes them limited.
The problem with Linux on the Switch is likely to be that the lack of keyboard makes it limited.

Re: Correction

The Switch has real, physical buttons. That alone would make it incredibly useful to run emulators and any other kind of game.

Re: Correction

The problem with Linux on smartphones is you can't even install it at all because the phone is locked.
If the phone isn't locked you can't install it at all because it's not available for it.
If it's available for the phone about nothing will work anyway because there are no drivers.
If there are drivers congrats you are the lonely owner of an abandonware Ubuntu phone, or a Jolla Sailfish.

Now the irony is that the Switch is supposed to be an unsupported, closed, locked down, walled garden, shackled game console but it uses an off-the-shelf CPU with integrated peripherals that has been available on a devkit for years.
https://elinux.org/Jetson_TX1
Unlike phones, we might say the Nintendo Switch was supported by linux before it was even released.

Re: Correction

The problem with Linux on smartphones is you can't even install it at all because the phone is locked.

Are you talking about iPhones? Because every other smartphone already has Linux installed.

Re: Correction

[kurkosdr]

The GPLv2 is a free software license, blessed by Stallman himself, and the Linux kernel that uses it has evolved into the worst threat to user freedom (and security), because of locked bootloaders and locked root. You can say that this is not free software, but truth is Stallman failed to predict the real threat to user freedom when he crafted the GPLv2 (the GPLv3 is a classic case of shutting the doors after the wolves have been inside). Living in the ivory tower known as the MIT, he failed to see most people don't give jack squat about the source code. They just want the ability to (re)install the OS and modify the binaries on devices they own.

Re: Correction

[jimtheowl]

I'm not sure if you are trying to provoke some kind of reaction by talking about Stallman blessing suff and the Linux kernel, but Stallman's predictions or lack thereof are of no interest to me. I'm a BSD user myself and prefer using products with that license (less hassle to redeploy) but favor the GPL when it is important that new code remains open (for example: paid by the public).

As far as what 'most people' want, you can base market decisions on that, not freedom.

I sure care about having access to source code, even when I don't know if I'll ever have time to look at it. You don't have to, but perhaps should stop trying to push others into that hole.

Local only?

[Enigma2175]

So it's an bug that can only be exploited locally, is this really a big deal? I'm not worried that people can now run arbitrary code on hardware they own.

Re:Local only?

You are not but Nintendo is.

Re: Local only?

Itâ(TM)s a big deal when it lets you play roms. Then I will buy a switch and never buy another game.

Re:Local only?

[ELCouz]

This is bad for Nintendo and game developers. At least somebody will come with a custom firmware to export save games so people can back them up.

Re:Local only?

[Arab]

That's not the point, if you can execute arbitrary code, you can load software onto the system, and that leads to things like the homebrew channel the Wii and Wii U had.

Re:Local only?

[Darinbob]

Is that bad?

Re:Local only?

[Darinbob]

I had mentioned to a coworker who is a console game user, and he was surprised and taken aback that people who weren't sleazeballs were modding their games on PCs. He thought we were being very risky to change the UI in Skyrim. I think there's been a lot of astroturfing to convince players that only cheaters would modify games.

Re:Local only?

It's an excuse to go shout "HACKED! WITH HACKS!" again. Clickbait with hijacked terms, whee.

Re:Local only?

[drinkypoo]

I had mentioned to a coworker who is a console game user, and he was surprised and taken aback that people who weren't sleazeballs were modding their games on PCs. He thought we were being very risky to change the UI in Skyrim. I think there's been a lot of astroturfing to convince players that only cheaters would modify games.

Is it a surprise that console gamers don't know jack? The whole point of consoles is to make games accessible to people who find computers confusing.

Re: Local only?

It depends. Are you Nintendo or a Switch game developer? Someone that would rather game companies continue being interested in game development for the Switch?

Re: Local only?

Sounds good to me.

Re:Local only?

Yeah, the NES was made because people really had trouble using a C64. Try and think beyond the last 5 years of console making, would you?

Re:Local only?

[drinkypoo]

Yeah, the NES was made because people really had trouble using a C64. Try and think beyond the last 5 years of console making, would you?

I just sold my console collection including a top-loading NES and SNES, a Virtual Boy, and lots of other old-school goodies. I know from console games. However, I am talking about the present, where we live. Try to keep up.

Glad

[AndyKron]

I'm sure glad I don't know what this is.

Splatoon 2 Aimbots ahoy!

"The company could then ban those systems from using the Switch's online functions."

Here's hoping.
If you want to hack your Switch to run whatever you like when you're offline then you should be free to do so.
If you're hacking your Switch for aimbots and wallhacks in online games then you can FOAD.

Re:Splatoon 2 Aimbots ahoy!

[Darinbob]

Well, maybe don't play games with friends you don't trust?

Re: Splatoon 2 Aimbots ahoy!

[Bing+Tsher+E]

Doesn't that mean shutting down the MMOs completely?

Re: Splatoon 2 Aimbots ahoy!

[Darinbob]

Hard to cheat in MMOs that way, most processing is done server side. And even then it only applies to PvP MMOs.

In other words

[Opportunist]

It's finally time to get one now that you may actually own one?

Nintendo, again leaving the competition in the dust when it comes to building what the users really want!

Re:In other words

No, because all new consoles will likely have this patched. If you wanted a Switch for the purpose of loading custom software once it became possible to do so, you should have bought one as early as you could.

Re: In other words

[Bing+Tsher+E]

All new games released from this point will probably patch your Switch for you.

Re: In other words

New games have been patching Nintendo consoles all the way back to the Wii. But as reported in TFS, this is not something that can be fixed in software, it will require a hardware fix.

I suppose it is possible that there is still vulnerable hardware on store shelves, but I wouldn't bet on it.

Re: In other words

[Antique+Geekmeister]

They cannot: that would require burning a new game ROM.

I think we can safely assume that new devices will have an updated ROM, without the bug,

Re: In other words

[Khyber]

"All new games released from this point will probably patch your Switch for you."

I mean, even reading the fucking summary states that this is purely hardware and no software can fix it, because it's locked down and can't be modified due to burnt-out e-fuses.

Re:In other words

No, because all new consoles will likely have this patched.

The ones that is currently in store at your local supermarket is unlikely to have the patch.
If you run out and get one now it will be exploitable.
If you wait a month it won't.

Ban Workaround

I thought they could ban you from their servers too, but since they're all Nvidia Tegra X1-based systems, I just sent them an improperly coded USB control procedure at the right point and changed the ban-state for my account.

Why "move to other devices"?

[K.+S.+Kyosuke]

It is suggested that consumers be made aware of the situation so they can move to other devices, where possible

Why the hell would they do that? Because the device's general utility has suddenly improved?

Re:Why "move to other devices"?

[Gavagai80]

It's like the guards at the prison all quit and removed the gates on their way out... and so the prisoners are being urged to pool their own money to hire new guards and rebuild the gates ASAP for their safety.

Re:Why "move to other devices"?

[Xenx]

I don't know why your average person using a Switch would be overly concerned about the security of it. But, somehow in the off chance that you're in a position where you do.. technically this would be a risk. It's better to suggest not using it, and then letting the user make the choice on their own.

Re:Why "move to other devices"?

[AmiMoJo]

I think she was referring to Nintendo and other users of the Nvidia chip that has this flaw. The only way they can fix it in future devices is to move to a different system-on-chip.

Nintendo will probably have to hope that Nvidia creates a new version of this part, because moving to a different SoC isn't really a good option because it would create fragmentation.

Re:Why "move to other devices"?

[tlhIngan]

I think she was referring to Nintendo and other users of the Nvidia chip that has this flaw. The only way they can fix it in future devices is to move to a different system-on-chip.

Nintendo will probably have to hope that Nvidia creates a new version of this part, because moving to a different SoC isn't really a good option because it would create fragmentation.

Not really. The flaw is a bug in the boot ROM. All they have to do is fix the boot ROM. Existing Switches out there are vulnerable to the hack, but the new ones with the fixed ROM won't be.

This is not new - nVidia actually had to scrap a bunch of parts before back in the original Xbox days when a bug in the ROM was found.

Nintendo's options are to simply silently upgrade the SoC and let the existing units in the channel sell through so if you buy now, you'll get a vulnerable one, but next week, who knows.

Then they can in a few months introduce a new-and-improved version that can encourage people to upgrade, which would take a bunch of vulnerable units off by having them upgraded. This would make the supply of vulnerable units blip a tiny bit in the used market, but it'll be mixed by the general resold console market.

Re:Why "move to other devices"?

[AmiMoJo]

All they have to do is fix the boot ROM.

That's easier said than done.

This is an industrial system-on-chip. They can't just update the software whenever they feel like pushing out a new version. Their customers require it to be stable and unchanging because they have to certify each version and want to buy exactly the same part for the lifetime of the product, which for things like cars and industrial machinery can be 10+ years.

A change will require a new part number, and they will either have to convince big customers to adopt the new version and certify all their software on both new and old, or they will have to keep supplying them with the old one and come up with some mitigations such as removing test points to make the hack harder.

Nintendo is probably one of the more flexible customers in that they probably can adopt a new version, but for people like car manufacturers using Tegra parts for safety critical systems like driver aids / self driving it's a huge pain. They may opt to ignore the problem because modifying your car is less of an issue for them than modifying your console is for Nintendo.

Re: Why "move to other devices"?

Sure they can. They purposely blow e-fuses in manufacturing to make the boot-rom read only. They can update it before they blow the e-fuse. It's the same reason why all the Xbox 360 jtag hacks were fixed. Microsoft blew an e-fuse during firmware updates to stop people from doing the jtag exploit. Turns out this particular choice however is what makes it impossible for Nintendo to fix, though we still need a valid user mode exploit to access this particular exploit. Those can still be patched.

Re:Why "move to other devices"?

You might want to be careful when buying a used Switch because you can no longer be sure whether the bootloader has been modified somehow.

Then again, the Switch is a games console, so what's the worst that a bootloader could do? Ransomware?

Re:Why "move to other devices"?

if people can hack a network using a wired thermostat they can do the same with your switch

Re:Why "move to other devices"?

Your reply seems to imply you are under the impression that Nvidia chips exist only in locked down Nintendo game consoles or something.

You've honestly never seen an Nvidia chip anywhere else in your life?

That's kinda sad. If you don't mind me asking, what exactly do you get out of reading articles posted to slashdot? Is it the recent political article fad?
You should probably be made aware that slashdot is traditionally for technical articles about technology and other topics geeks tend to be interested in. As someone with no interest in technology I'm just surprised there is any draw for you is all.

Re:Why "move to other devices"?

This is not a normal nvidia chip. So if you're thinking its in all kinds of shit, it's not. It's in he switch, the nvidia dev kits.. And maybe some teslas but I think they use a different chip than the Nintendo uses. That being said it still takes local access so if it is in the tesla you probably have to have access to some special port buried deep in the dashboard so I don't see people making autopilot kill everyone with a tesla.

Re:Why "move to other devices"?

Not only are you an idiot, but you don't understand and aren't even trying to understand how this works.. You need physical access to the device. You need to be able to power cycle the device and the other list of hoops to jump through. You can't "hack" the switch over the Internet.

Re:Why "move to other devices"?

The boot ROM is where the boot loader is stored, the boot rom is not writable, there would be no way to modify the boot loader. This is why Nintendo CAN NOT fix the issue at hand. You think for a site like slashdot more people would understand this shit. Plebs are ruining electronics forums for nerds..

Re:Why "move to other devices"?

[Xenx]

Their statement doesn't imply they'd be able to hack the switch remotely. It merely states that if a network can be hacked using a wired thermostat, it could be hacked using a Switch. That being the case, your Switch becomes a potential vector for attack on your network. Sure, they would need to gain physical access to the device.. but that isn't impossible. The likelihood of it happening to your average person is low, but if you were someone of import then it becomes a more realistic concern.

2 choices

[TheDarkener]

1) Hack your switch and be able to turn it into an awesome, open device able to emulate and do all sorts of things it wasn't designed to do, or

2) Keep it unhacked and be able to play new games that come out that require the latest Nintendo updates (of which I'm sure you would be blocked from when they detect that your system has been hacked).

This was the same deal with the Wii.

Re: 2 choices

The problem will be if it means content developers cease producing new games because they cannot secure a return. You can downlosd every single game for the Nintendo DS and play it from an sd card in an R4 adapter. This has significantly reduced the value of game carts for the Nintendo DS. That kind of hack is only partially possible for 3DS games, so they are still produced.

Re: 2 choices

[Antique+Geekmeister]

That is, I'll admit, _one_ problem. Another is that the DRM and proprietary licensing for DRM are so expensive and restrictive that smaller, more creative game developers cannot afford to publish new products, or that the DRM interferes with desirable, basic functionality such as saving games. DRM has not always been a net benefit to game developers.

Re: 2 choices

The estore is full of $3 shovel ware. I think small devs are doing just fine.

Re:2 choices

[Khyber]

" Keep it unhacked and be able to play new games that come out that require the latest Nintendo updates"

Uh, no, because Nintendo can't update the hardware because of burnt fuses in the firmware chip.

Re:2 choices

" Keep it unhacked and be able to play new games that come out that require the latest Nintendo updates"

Uh, no, because Nintendo can't update the hardware because of burnt fuses in the firmware chip.

Nintendo can't "update" hardware, eh? Well, here's all new "Switch Lite+" which is required to play new Nintendo store releases and games. It's not like Nintendo hasn't done this before with 3DS or anything...

Re:2 choices

"Hacking" appears to be non-persistent. If you want to play the latest games then simply reboot.

Re:2 choices

With the Wii you could do both, same with DS, I imagine this will be the case here too

Re: 2 choices

The problem will be if it means content developers cease producing new games because they cannot secure a return.

But it won't mean that.
Even with DRM they cannot force people to buy their games so they will have to do make a qualified guess about how many will buy a possible game and match it against what their development costs would be before proceeding.
Some piracy doesn't change this procedure.
At most it will prevent some games that would have barely broken even from being produced.

Re: 2 choices

Sure we may consider the cat is out of the bag, but once you've booted linux, you may only run linux games on it. Linux games that are CPU-agnostic or were ported to ARM. The usual doom, quake, duke3D, tux games and emulators.

My understanding is they haven't cracked the built-in OS itself. Or the DRM for the games.
I expect the Switch OS is encrypted. The games are encrypted too. Easiest way to play games is to just boot the built-in OS, at which point you're running an unhacked console.
You can of course do a lot of piracy by running emulators : say, SNES or arcade version of Street Fighter II. Super Mario 64, etc.
That's unwanted noise for Nintendo, but it's the equivalent of running that on a PC.

Re:2 choices

[TheDarkener]

I'm talking about software updates.

Re:2 choices

[Chelloveck]

3) Buy *two* systems, one to hack and one to play new games. Double the sales! Nintendo is just looking at this wrong.

Re:2 choices

[Shados]

Assuming they are making a profit on hardware (though I think NIntendo usually is). Makes attach rate on games look bad though.

Fuses

When confronted with the concept of irreplaceable fuses in hardware I always get this profoundly sick feeling deep inside my stomach. I'm sure I'm not the only one; the whole idea seems perverse somehow.

Fuses have their place

From a manufacturer's point of view, having fuses reduces the number of parts they have to ship.

For example, if I want to ship a PC that my enterprise customers can permanently lock the bootloader so that it's useless to a thief but which is unlocked by default, I only have to ship one model.

If I were not allowed to use fuses or some equivalent technology, I would have to create several slightly-different models. All but one of the models would have a locked bootloader that was uniquely configured to a particular enterprise customer's requirement.

Granted, that's a made-up atypical case but it does illustrate the value of allowing the customer to make irreversable modifications of this type.

Re: Fuses have their place

[Bing+Tsher+E]

It allows the customer, and any cracker who can get that deep into the hardware, to break the irreversible fuse. Not necessarily a good thing to have lurking, by default, in every copy of the hardware. There should be an additional non-reversible fuse option, that disables all the other irreversible fuses.

Re: Fuses have their place

[sconeu]

So why not use the hack to patch the ROM?

Re: Fuses have their place

You don't know what a one time but able fuse is do you? They are implemented in the silicon. Once burnt the only way to reconnect the trace is to destroy the silicon chip meaning you can't use it afterwards. Now do you see why what you said makes no sense?

Highdude702(mods and such)

Re: Fuses have their place

Burnable not but able. Stupid fucking auto-incorrect.

The "attacker" you say?

[chispito]

Is "attacker" what you call an owner unlocking his or her device? Do you call people who root their Android devices, or people who jailbreak their iOS devices "attackers?"

Re:The "attacker" you say?

[AmiMoJo]

Reading the FAQ she points out that it's not just the Switch that is vulnerable here, it's other devices that use the same SoC and potentially all Tegra X1 parts. They are used in things like in-car nav/entertainment systems, self-driving AI systems, smart TVs and set top boxes, all kinds of stuff.

The potential for malicious use exists. Reminds me of those smart fridges in Silicon Valley.

Re:The "attacker" you say?

The attacker is the non-owner who does this to brick the device for the owner.

Re:The "attacker" you say?

I had a looking at newer cars, just looking through the window. These things are worse that japanese toilets! Too many buttons to count, and a stupid tablet in the middle.
It wouldn't be a bad thing to hijack this crap. When you're bored, reboot and play Quake with the wheel buttons. I hope that the steering and pedals and ignition etc. aren't depending on the system right?

Re:The "attacker" you say?

[chispito]

Reading the FAQ she points out that it's not just the Switch that is vulnerable here, it's other devices that use the same SoC and potentially all Tegra X1 parts. They are used in things like in-car nav/entertainment systems, self-driving AI systems, smart TVs and set top boxes, all kinds of stuff.

The potential for malicious use exists. Reminds me of those smart fridges in Silicon Valley.

Did you see anything that suggests this is possible without physical access? In my skim over TFA, nothing jumped out at me as being possible via web/wifi.

Re:The "attacker" you say?

These things are worse that japanese toilets!

Dude! Have you actually USED one of those toilets? They are wonderful, heated seat, built in bidet, with dryer! I want one so bad for my own home.

The hacker's a dude, BTW

As I scanned the story, I thought, 'Wow, a female doing low-level, really tough,hardware hacking! Waaaaiit, it's gotta be a dude...'
>Checks youtube video from hack author
>hacker is clearly, openly a dude in makeup, using the cringe-iest-ever falsetto voice.

-__-

Re:The hacker's a dude, BTW

haha.... yes, yes that is what we expected. The internet has made the disdain stroooong in you.

possible nintendo smackdown

Can't Nintendo make sure games don't run unless they download some x, y or z file?

Real-world implication of the hack

[DrYak]

I find it funny that FOSSies were super worried about access to the source code (never mind that several proprietary games have been hand-hacked using hex editors with great results, without the need for a line of source code)

The problem is that all the hand-hacks that you mention, even if successfully done in practice, are theoretically against copyright and other DCMA-alike laws (though in some jurisdictions they are expressly covered by local "fair use"-alike exception. I think you *could* be allow to bypass security to access your own device that you own in several European countries).

So even if it was done, it's something that in theory we would not be allowed to. The whole idea behind copyleft licenses (like the GPL family) is to expressly allow end-users to modify the code running on device they own in this way.

and the real threat to user freedom came from a GPL kernel locked behind locked bootloaders and locked root access. Nice foresight there Mr Stallman!

Yeah, and if you were paying attention, Stallman did not only foresee it, he was even the one to come up with a name for that : he suggested "tivoization" named after the first device with widespread public knowledge to have such signed firmware locking the access.

The whole reasons to release a new "version 3" of the GPL was exactly to complain agaisnt companies who abuse GPL code by locking it behind signature checks in the bootloader.
It's for company that pretend to follow the letter of GPLv2 (by publishing the code) while at the same time violating its spirit (finding a loophole so the users is free to study and modify the code, just not the peculiar install that is running on the company's hardware that the user has bought. You could modify the code published by Tivo, but you could only install it on a self-built PVR/PCTV, you cannot upload your mods to your own Tivo).

But hey, you were probably among the first to complain about the "restictiveness" of GPLv3, how it's even more an evil virus than the previous GPLs, etc.

(NOTE: Linus refused to switch Linux to GPLv3.
- for a practical reason, because currently the Linux license says "GPL version 2" without adding the optionnal "or any future". So switching to GPLv3 would have required to comb through the git log to find every single last developer/patch submitter/Etc. that is still responsible for lines of codes that are still present in the modern linux (survived later patching and code removal), and then ask every single one of them to confirm accepting the license change.
- for theoretical reasons : Linus considers himself a pragmatist. Current GPLv2 already allows users to at least see the code, and play around with it and learn from what the publishers have modified. The maker of the device gets to decide what goes with their device (barring user access using signatures). The user get to vote with their wallet and decide which maker they want to support).

(Also, I suspect that the forking that did happen back in recent history around controversial re-licensing (see XFree86 vs Xorg).
Also, GPLv3 was seen as controversial by some companies. See Apple : even if the newer GPLv3-ed GCC are popular elsewhere, Apple did decide to stick with pre-GPLv3 older GCC 4.2, and has been progressively replacing everything with LLVM as their default supported compiler.
Given that, Linus might have been right to be afraid of losing marketshare / mindshare by switching to GPLv3)

Cue in eternal debates of corporate developers finding that BSD is more free because more permissive, and end users finding that GPL is more free because it enforces the end-users' freedoms being kept.

Now excuse me, an Android phone of mine crapped its own /system partition and I cannot reinstall the OS (like I can with evil non-free Windows) because locked bootloader. No, honestly.

Yup, so why don't you go and hand hexedit it wi

Today I learned...

[morphotomy]

Today I learned that someone running their own code on a machine they bought is considered an "attacker".

Awesome!

[XSportSeeker]

This is great news, I hope the community comes up with great new ways of using the Switch that Nintendo isn't willing to do.
Dual booting Android, being able to backup *gasp, such a novel notion* your saves, among several other things that the Switch has the hardware to do, but it doesn't because Nintendo fears it might create a pathway for a hack or something.
Nintendo might hate it, but this could potentially make the Switch a thousand times more enticing for costumers.
And yes, pirates will make use of the exploit. But I hate the fact that Nintendo keeps stepping back on features their paying costumers want just because of the potential for exploits. If the company is going to adopt an anti-consumer posture because of fears of piracy and exploits, I'd rather they end up with an unpatchable device so they can be freed of speculative crap.

Now Nintendo, your precious Switch is already wide open. Get to working on the features we are asking for.
Signed, a paying costumer.