It’s only Tuesday and it’s already been a big week for Nintendo Switch owners, or at least those who would like to hack their console and open the door to homebrew software. Hacking the Switch is a pastime that’s still in its infancy, but two different groups have come forward with new vulnerabilities that open the floodgates, so to speak. Most interesting of all, these aren’t exploits that Nintendo can patch, and every Switch that’s currently out in the wild is vulnerable to them.
Yesterday, Kate Temkin and the team at ReSwitched detailed a new exploit they’re calling Fusée Gelée. This exploit takes advantage of bugs in the Switch’s bootROM and USB recovery mode, which can be exploited to run arbitrary code. Temkin and ReSwitched have documented the exploit over on GitHub, notifying both Nintendo and NVIDIA of the vulnerability in the process.
ReSwitched isn’t the only group that has found this exploit. In a blog post today, the team at fail0verflow detailed ShofEL2, an exploit that takes advantage of this buggy code in the same way Fusée Gelée does. The group even shared a video of Linux running on the Switch, with the demonstrator using the console’s touchscreen to navigate through the OS.
So, why is this vulnerability such a big deal? After all, this isn’t the first time we’ve heard of hackers gaining access to the Switch and using those exploits to run different operating systems. In short: These exploits are something to get excited about because the Switch’s bootROM is hard coded, meaning it can’t be updated to fix the vulnerability. That, in turn, means each of the 14 million Switch units Nintendo has sold thus far are affected by this, and there’s nothing Nintendo nor NVIDIA can do to permanently change that.
This, obviously, is great news for people who view the Switch as an excellent machine for running custom OSes and homebrew applications, as it means that any Switch in existence at this moment can be exploited to run that software. Running the exploit doesn’t require use of a modchip either, as the Switch’s USB recovery mode can be accessed by simply by shorting a pin on the connector for the right-hand Joy-Con.
That doesn’t mean we won’t see hackers and modders release modchips to help users along in the future, but Temkin points out in an FAQ about Fusée Gelée that this exploit can indeed be carried out without any modification to the console itself.
For most Switch owners, this discovery doesn’t mean much at the moment. We’re still in the early days of ShofEL2 and Fusée Gelée, which means that the custom firmwares required to run homebrew applications don’t exist yet. While tech savvy users could likely perform this exploit with the information these groups have shared thus far, both fail0verflow and ReSwitched say they’ll have user-friendly guides coming up soon – in ReSwitched’s case, we’ll see those guides and general public disclosure land on June 15.
WARNING: If you’re going to try apply this exploit by yourself, it’s best to heed fail0verflow’s warning. “If your Switch catches fire or turns into an Ouya, it’s not our fault,” the group writes over on GitHub. “It’s stupidly easy to blow up embedded platforms like this with bad software (e.g. all voltages are software-controlled). We already caused temporary damage to one LCD panel with bad power sequencing code. Seriously, do not complain if something goes wrong.”
While this is exciting news for the homebrew community, this is awful news for Nintendo and NVIDIA. It’s inevitable that people will eventually start using this vulnerability for piracy, and the fact that it can’t be patched means there isn’t much Nintendo can do to stop it. The two can, of course, patch the vulnerability on new Tegra processors that are rolling off the production line, but that doesn’t solve the problem of existing Switches.
Nintendo will likely do what it can to make life difficult for those using a modded Switch – such as ban those consoles from playing online – but without the option for an actual fix, it seems like this vulnerability is here to stay. We expect to hear a lot more about this exploit as we move into deeper into summer, so stay tuned for more.