The Nintendo Switch had always been rumored to get a series of software hacks that worked on older versions of the software, but unfortunately, Nintendo was quick to fix these with a quick firmware update to negate the process, well it seems that the software wars are over as FailOverflow, one of the most renowned groups of device hackers on the planet, have released the schematics for a full-fledged Nintendo Switch Hardware Hack. After some hacker anonymously revealed the details, Temkin published the exploit and a proof-of-concept payload on the GitHub repo of ReSwitched.
"This report documents Fusée Gelée, a coldboot vulnerability that allows full, unauthenticated arbitrary code execution from an early bootROM context via Tegra Recovery Mode (RCM) on NVIDIA's Tegra line of embedded processors".
The toughest part of the exploit, on the Switch, appears to be forcing the system into the USB recovery mode. "Fusée Gelée isn't a ideal, "holy grail" exploit-though in some cases it can be pretty damned close", said ReSwitched's Kate Temkin. Temkin too tweeted an image suggesting that simply exposing and bending the pin in the question would also work.
The reason why this exploit could make things hard for Nintendo is that it is unpatchable as the bootROM can't be modified once Tegra chip leaves the production.
Temkin wrote, "Unfortunately, access to the fuses required to configure the device's ipatches was blocked when the ODM_PRODUCTION fuse was burned, so no bootROM update is possible".
How can this Nintendo Switch exploit be helpful for users?
Once the exploit is, er, exploited, it cannot only allow data to be exfiltrated but also allow for custom bootloaders; Temkin is working on here own one called Atmosphere. As such, the chips in other systems and devices could be open to exploitation by savvy hackers or malicious actors with a bit of tech know-how. What Nintendo could do instead, however, is push an update that checks whether a Switch has been hacked when accessing its servers, and then ban those systems.