Skip to main content

Reported Nvidia Tegra X1-Based Vulnerability Affects Every Nintendo Switch Made To Date

There's no shortage of people who want to load custom games on their console of choice. This so-called "homebrew" scene often delves into a console, figures out where it's most vulnerable, and then uses exploits meant specifically to allow them to run software you won't find in any game store. (And, yes, this kind of thing often enables piracy as well.) Which is exactly what several independent groups did to the Nintendo Switch.

Nintendo released the Switch in March 2017. In many ways, it's the ideal platform for homebrewers and pirates. It's a portable device, which are often favored by homebrewers, and Nintendo's decision not to launch the Virtual Console with the Switch could inspire people to use some less-than-legal methods to play their favorite games on the company's latest-and-greatest console. The Switch is just asking to be hacked.

It turns out that Nvidia and Nintendo accidentally gave homebrewers the keys to the kingdom with every Switch manufactured to date. Several groups have discovered a flaw in Nvidia's Tegra X1 chip--which is also used in the Nvidia Shield, Google Pixel C, and other devices--that allows for arbitrary code execution on the Switch. Exploiting that vulnerability allows Switch owners the opportunity to effectively "jailbreak" the device.

The vulnerability was first disclosed by ReSwitched, which dubbed it Fusée Gelée, but the folks at fail0verflow claim to have discovered it first and planned to make their own public disclosure two days after ReSwitched did. Either way, it's clear that this issue was simply waiting to be found, if only because two independent groups managed to do so while they were poking around the Switch to work on their various projects.

For fail0verflow, that project was getting Linux to run on the Switch, which is exactly what the group appears to have done:

Both ReSwitched and fail0verflow say there's no way to fix this vulnerability in Switch consoles that have already been sold. The problem is said to be introduced early in the manufacturing process, so Nintendo could address the issue with the next batch of consoles, but this particular genie isn't going to be put back in its bottle. Anyone willing to root around with their Switch will be able to use this vulnerability to run homebrew games.

Neither ReSwitched nor fail0verflow said they disclosed the vulnerability to Nvidia--fail0verflow did reveal the problem to Google because Tegra SoCs are used in some Android products, but the group didn't go straight to Nvidia. We've reached out to the company to learn more about the extent of the vulnerability and whether or not devices like the Nvidia Shield and other Tegra X1-equipped products are also affected by it.

  • Giroro
    They didn't go to Nvidia, because they didn't want to have to create a new brand for all their non-Nvidia exploits.
    Reply
  • redgarl
    Where is the PR and the gloomy naming convention for the exploit? No FlForce (FailForce) or GeezForce?
    Reply
  • stdragon
    Thank God the ROI isn't worth hacking these to mine Bitcoin =) That means plenty of children are in luck to still find and play games on one.
    Reply
  • alextheblue
    20913675 said:
    Thank God the ROI isn't worth hacking these to mine Bitcoin =) That means plenty of children are in luck to still find and play games on one.
    Only ASIC miners are worth it for Bitcoin. GPU crunching is not cost effective. For other cryptocurrency which is GPU-friendly, PC hardware is best because you can take a single board and strap a TON of GPUs to it. They've even got mining boards that make it super easy. On top of that you can custom-tune the GPUs. Basically you're not replicating a crapload of unnecessary hardware.

    With that being said, I really dislike cryptocurrency in its current form.
    Reply
  • stdragon
    Last I checked, ASIC units such as the ones from Antminer are priced pegged to the ROI rate. The whole thing has got "sucker" written all over it for those that buy.

    Anyways, at one point I was initially worried the Nintendo Switches would be slurped up to mine. But after looking at the architecture specs of the SoC unit, the math basically = waste of time/money. Like I said, I'm pleased with the outcome of that :) Crypto can die in fire
    Reply
  • JM123
    https://github.com/reswitched/fusee-launcher/blob/master/report/fusee_gelee.md

    This looks a lot like a report document to nvidia if not who is the target of that document
    Reply
  • stdragon
    I own a Switch - This is a non-issue :) No remote hacking of any sort is to be concerned about. If anything, it let's you root the Switch to run effectively, any OS you want. It's a local hack, and requires physical port access to execute the exploit. It reads more serious than it really is as the practicality is reserved for those that want to tinker with their own hardware.

    Reply