Console hacks – and any for that matter – come in two flavours. There’re the software hacks that attempt to root out insecurities in code structures and information parsing, which often force firmware updates to prevent exploitations. The other is far harder to sort out. Hardware vulnerabilities allow users to dig deep into a system’s OS and Root structures, and it’s what a bunch of talents programmers are doing to the Nintendo Switch. And since the flaw lies in the Nvidia Tegra X1 chip that powers the device, there’s not much Nintendo can do about it right now.
Two groups have gotten ahead of some pretty strange Pastebin dumps that occurred over the weekend, revealing near identical methods for getting homebrew app and Linux to run on the gaming tablet. Both ways include shorting out the 10 Pin on the right Joy-Con slot on the side of the Switch, which reveals a hardware level exploit on the Tegra X1 chip itself. It allows users to overflow the chip in Recovery Mode and access the Boot ROM. The ROMs in question appeared online, showing without a doubt that access had been achieved. A method that was in fact detailed as early as January.
Two groups have stated that the method works, and informed both Nvidia and Nintendo about the exploits over 90 days ago. The sudden activity seems to be spurred on by a third group, which wants to capitalise on the exploit to run pirated apps on the Switch in the future with the sale of modchips that might make the process easier. Both Fail0verflow and ReSwitched don’t seem to agree with this, and instead want to make sure that their work on the homebrew software isn’t confused with that for monetary, illegitimate gain.
The problem is a fix. Nintendo can’t patch this flaw out, since it’s impossible for the firmware to detect when it’s being used. Since Nvidia have been made aware of the problem, it is possible that the chip maker has already started producing fixed chips for shipment. This could line up with the recent patent reports that show a slightly updated Switch heading to market, which could include the new version of the Tegra X1 chip. This is what Eurogamer’s report on this story suggests, and it seems the easiest route for Nintendo to avoid this going forward.
But that still leaves nearly 15 million Switch devices on the market just waiting to be exploited, and even more until Nintendo decides to eventually fix this. The method for getting this exploit running is still super complicated and messy, and easy to brick or destroy your Switch with. It’s far from the easy mods that get pirated software up and running on a dime, but it’s the first step in getting there. And if Nintendo doesn’t fix it, that will be just around the corner too.
Last Updated: April 25, 2018