Bad news today for Nintendo and Nvidia. Over the past 24 hours or so, a lot has suddenly happened in the world of hacking, particulary involving the Nintendo Switch. A new exploit was discovered from Nvidia Tegra-based hardware, which includes Nintendo’s hardware. This exploit allows a user to load arbitrary code via the bootROM, and all that’s needed is to get the system to go into USB recovery mode.
The crucial point here, even if you don’t really understand the jargon, is that it is not possible to address this exploit on a software level, meaning it can’t be patched out via firmware updates. Any Switch currently out of production is vulnerable and ostensibly will be in perpetuity. Multiple hacker groups have expressed knowledge of this exploit, one individual even posting images of the Switch running the Dolphin emulator through Linux and playing Wind Waker. See, when a Switch is out of production, a specific fuse is deliberately blown to prevent further modification to the bootROM. Because of that hardware-level limitation, that’s what prevents the exploit from being addressed indirectly.
Hacker Katherine Temkin originally released her knowledge of the exploit, calling it Fusée Gelée. She posted a proof of concept payload, explaining how it works and how one would get it running. Originally, Temkin planned to release more information in June, in order to arm the public with knowledge and not empower bad actors with gatekept knowledge. Now, Fail0verflow has released its own version of the exploit. Be warned! Messing with this stuff has a very real chance to damage the Switch, so proceed at your own risk.
Source: Ars Technica