Nintendo’s astonishingly popular Switch console was in the headlines a few months ago thanks to a hardware exploit found in the developer documentation of NVIDIA’s Tegra X1 platform. No, that’s not a joke – NVIDIA left a hardware backdoor in their firmware for debugging purposes, told everyone about it in plain English, and anyone brave enough to open their Switch could run the exploit and hack the system. As it turns out, this week the Tegra platform is in the news again with details of an exploit, and it’s one that leaves systems so wide open that there might as well not be any protection at all, affecting users of the NVIDIA Shield consoles as well as the Nintendo Switch.
The latest flaw is found inside the Tegra X1’s hardware, sitting conveniently inside the boot and power management firmware that runs the device. It’s been given a fancy name too – Fusée Gelée. The hack’s details can be found inside this whitepaper on the vulnerability, but the tl;dr summary detailing how to do the hack is actually quite amusing.
To use this proof-of-concept on a Nintendo Switch:
Set up an Linux or macOS environment that meets the criteira above, and which has a working python3 and pyusb installed.
Connect the Switch to your host PC with a USB A -> USB C cable
Ensure the Switch cannot boot off its eMMC. The most straightforward way to to this is to open the back cover and remove the socketed eMMC board; corrupting the BCT or bootloader on the eMMC boot partition would also work
Trigger the RCM straps. Hold VOL_DOWN and short pin 10 on the right JoyCon connector to ground while engaging the power button
Set bit 2 of PMC scratch register zero. On modern firmwares, this requires EL3 or pre-sleep BPMP execution
Run the fusee-launcher.py with an argument of fusee.bin. (This requires intermezzo.bin to be located in the same folder as fusee-launcher.py.)
That’s it. No opening the console to solder wires, no fiddly EEPROM readers, no exploiting the software through the GPU. Absolutely anyone can run this hack on their Switch and do whatever they want with the device once they’ve gained control.
What’s actually happening here, though? Well, inside the boot and power management firmware is a vulnerability that relates to the USB interface when you boot the console. The USB controller ordinarily should not be responding to any requests for data, and it shouldn’t so much as load up a driver for a mouse. But in recovery mode, a standard feature of the Tegra platform called USB Recovery Mode (RCM) will allow data to be sent to the Tegra’s processor, bypassing any security protections so long as the data is properly formatted and secured with the right cryptographic cipher, using documented RCM commands made available by NVIDIA.
So once you’re set up and ready to send RCM commands to the device when it is starting to boot, you can do literally anything with it, including replacing the boot loader, replacing the operating system, installing Linux, running more hacks – you name it, it’s possible. Hacks which require physical device access are low-risk affairs, since there’s very little chance that an attacker is going to break into your house and run this attack on your console. However, the Tegra platform is used in several other home consoles made by NVIDIA, as well as a tablet and a handheld console under the Shield brand. The Tegra development kit is likewise vulnerable.
Because the attack uses a hardware exploit that bypasses any system protections, fixing this requires a new hardware revision that includes the addition of a few fuses to the firmware chip to prevent changing the firmware, as well as an updated version of the boot and power management firmware from NVIDIA. Existing devices will forever remain vulnerable to this attack even if their firmware is upgraded, so it is unlikely that a patch will ever be effective at stopping anyone from loading homebrew software or pirated games to the Switch.
If there’s an upside to this, it is that with unfettered access, developers of PC emulators for the Switch will now be able to learn more about the device and how its software functions, because with firmware access they can learn information about the security system, how games are encrypted, and how the hardware works, all to allow them to better emulate the Switch’s running environment on the PC. Neither NVIDIA nor Nintendo have commented on the exploit.