Slashdot Mirror

← Back to Stories (view on slashdot.org)

The 'Unpatchable' Exploit That Makes Every Current Nintendo Switch Hackable (arstechnica.com)

Posted by BeauHD on from the come-and-get-it dept.

An anonymous reader quotes a report from Ars Technica: A newly published "exploit chain" for Nvidia Tegra X1-based systems seems to describe an apparently unpatchable method for running arbitrary code on all currently available Nintendo Switch consoles. Hardware hacker Katherine Temkin and the hacking team at ReSwitched released an extensive outline of what they're calling the Fusee Gelee coldboot vulnerability earlier today, alongside a proof-of-concept payload that can be used on the Switch. "Fusee Gelee isn't a perfect, 'holy grail' exploit -- though in some cases it can be pretty damned close," Temkin writes in an accompanying FAQ. The exploit, as outlined, makes use of a vulnerability inherent in the Tegra X1's USB recovery mode, circumventing the lock-out operations that would usually protect the chip's crucial bootROM. By sending a bad "length" argument to an improperly coded USB control procedure at the right point, the user can force the system to "request up to 65,535 bytes per control request." That data easily overflows a crucial direct memory access (DMA) buffer in the bootROM, in turn allowing data to be copied into the protected application stack and giving the attacker the ability to run arbitrary code. The exploit can't be fixed via a downloadable patch because the flawed bootROM can't be modified once the Tegra chip leaves the factory. As Temkin writes, "unfortunately, access to the fuses needed to configure the device's ipatches was blocked when the ODM_PRODUCTION fuse was burned, so no bootROM update is possible. It is suggested that consumers be made aware of the situation so they can move to other devices, where possible." Ars notes that Nintendo may however be able to detect "hacked" systems when they sign on to Nintendo's servers. "The company could then ban those systems from using the Switch's online functions."

7 of 96 comments (clear)

  1. Sounds promising by Anonymous Coward · · Score: 2, Insightful

    So if I'm understanding TFS correctly users might be able to take control of their devices and use them for something other than their intended purpose?

    Sounds good to me!

    1. Re:Sounds promising by Darinbob · · Score: 4, Insightful

      I wouldn't call this an exploit. I find it bizarre that the world takes these extreme measures to lock down a purchased product as a matter of fact, instead of treating it as a violation of consumer rights. Now there are devices where such paranoia is reasonable, but I don't think this is reasonable in a consumer game market.

  2. Local only? by Enigma2175 · · Score: 3, Insightful

    So it's an bug that can only be exploited locally, is this really a big deal? I'm not worried that people can now run arbitrary code on hardware they own.

    --

    Enigma

  3. Why "move to other devices"? by K.+S.+Kyosuke · · Score: 5, Insightful

    It is suggested that consumers be made aware of the situation so they can move to other devices, where possible

    Why the hell would they do that? Because the device's general utility has suddenly improved?

    --
    Ezekiel 23:20
    1. Re:Why "move to other devices"? by Gavagai80 · · Score: 5, Insightful

      It's like the guards at the prison all quit and removed the gates on their way out... and so the prisoners are being urged to pool their own money to hire new guards and rebuild the gates ASAP for their safety.

      --
      This space intentionally left blank
    2. Re:Why "move to other devices"? by Xenx · · Score: 3, Insightful

      I don't know why your average person using a Switch would be overly concerned about the security of it. But, somehow in the off chance that you're in a position where you do.. technically this would be a risk. It's better to suggest not using it, and then letting the user make the choice on their own.

  4. Re:Banned from online? by Anonymous Coward · · Score: 2, Insightful

    This is a shitty development for Nintendo and game developers.

    Apart from their sales-drones going into panic-mode I doubt they will see much impact.

    There have been exploits for many platforms before this. When they show up people have already bought most of the games they were going to buy anyway and it is not like a large part of the consumer base will use the exploit.
    The users of the exploit will mainly be gamers that couldn't afford getting the games they wanted before or those who wants to play games they weren't willing to pay for.
    Apart from that it will be a handful of homebrew developers or speedrunners that wants in-game timestamping that will use it.

    Essentially a bunch of people will have fun with it and Nintendo and game developers won't lose much because of it.
    The thing that could harm their bottom line is if someone sets up shop and sells hacked consoles to the less technology-savvy, but if anyone does that they become a pretty convenient target for Nintendo.