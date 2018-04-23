The 'Unpatchable' Exploit That Makes Every Current Nintendo Switch Hackable (arstechnica.com) 47
An anonymous reader quotes a report from Ars Technica: A newly published "exploit chain" for Nvidia Tegra X1-based systems seems to describe an apparently unpatchable method for running arbitrary code on all currently available Nintendo Switch consoles. Hardware hacker Katherine Temkin and the hacking team at ReSwitched released an extensive outline of what they're calling the Fusee Gelee coldboot vulnerability earlier today, alongside a proof-of-concept payload that can be used on the Switch. "Fusee Gelee isn't a perfect, 'holy grail' exploit -- though in some cases it can be pretty damned close," Temkin writes in an accompanying FAQ. The exploit, as outlined, makes use of a vulnerability inherent in the Tegra X1's USB recovery mode, circumventing the lock-out operations that would usually protect the chip's crucial bootROM. By sending a bad "length" argument to an improperly coded USB control procedure at the right point, the user can force the system to "request up to 65,535 bytes per control request." That data easily overflows a crucial direct memory access (DMA) buffer in the bootROM, in turn allowing data to be copied into the protected application stack and giving the attacker the ability to run arbitrary code. The exploit can't be fixed via a downloadable patch because the flawed bootROM can't be modified once the Tegra chip leaves the factory. As Temkin writes, "unfortunately, access to the fuses needed to configure the device's ipatches was blocked when the ODM_PRODUCTION fuse was burned, so no bootROM update is possible. It is suggested that consumers be made aware of the situation so they can move to other devices, where possible." Ars notes that Nintendo may however be able to detect "hacked" systems when they sign on to Nintendo's servers. "The company could then ban those systems from using the Switch's online functions."
Nintendo begins charging for online service in September so I wasn't going to be playing online after that anyway. Losing access to the eShop doesn't matter so much if you're pirating all the games. This is a shitty development for Nintendo and game developers.
So if I'm understanding TFS correctly users might be able to take control of their devices and use them for something other than their intended purpose?
Sounds good to me!
I wouldn't call this an exploit. I find it bizarre that the world takes these extreme measures to lock down a purchased product as a matter of fact, instead of treating it as a violation of consumer rights. Now there are devices where such paranoia is reasonable, but I don't think this is reasonable in a consumer game market.
A portable Linux machine with 4 gigs of RAM sounds handy.
Finally we can play Tux Racer on the Switch!
Local only? (Score:4, Insightful)
So it's an bug that can only be exploited locally, is this really a big deal? I'm not worried that people can now run arbitrary code on hardware they own.
You are not but Nintendo is.
Re:Local only? (Score:5, Interesting)
Is that bad?
Re: (Score:3)
I had mentioned to a coworker who is a console game user, and he was surprised and taken aback that people who weren't sleazeballs were modding their games on PCs. He thought we were being very risky to change the UI in Skyrim. I think there's been a lot of astroturfing to convince players that only cheaters would modify games.
Glad (Score:3)
Well, maybe don't play games with friends you don't trust?
Doesn't that mean shutting down the MMOs completely?
Hard to cheat in MMOs that way, most processing is done server side. And even then it only applies to PvP MMOs.
In other words (Score:4, Funny)
It's finally time to get one now that you may actually own one?
Nintendo, again leaving the competition in the dust when it comes to building what the users really want!
All new games released from this point will probably patch your Switch for you.
They cannot: that would require burning a new game ROM.
I think we can safely assume that new devices will have an updated ROM, without the bug,
"All new games released from this point will probably patch your Switch for you."
I mean, even reading the fucking summary states that this is purely hardware and no software can fix it, because it's locked down and can't be modified due to burnt-out e-fuses.
Why "move to other devices"? (Score:5, Insightful)
It is suggested that consumers be made aware of the situation so they can move to other devices, where possible
Why the hell would they do that? Because the device's general utility has suddenly improved?
Re:Why "move to other devices"? (Score:5, Insightful)
It's like the guards at the prison all quit and removed the gates on their way out... and so the prisoners are being urged to pool their own money to hire new guards and rebuild the gates ASAP for their safety.
2 choices (Score:3)
1) Hack your switch and be able to turn it into an awesome, open device able to emulate and do all sorts of things it wasn't designed to do, or
2) Keep it unhacked and be able to play new games that come out that require the latest Nintendo updates (of which I'm sure you would be blocked from when they detect that your system has been hacked).
This was the same deal with the Wii.
That is, I'll admit, _one_ problem. Another is that the DRM and proprietary licensing for DRM are so expensive and restrictive that smaller, more creative game developers cannot afford to publish new products, or that the DRM interferes with desirable, basic functionality such as saving games. DRM has not always been a net benefit to game developers.
" Keep it unhacked and be able to play new games that come out that require the latest Nintendo updates"
Uh, no, because Nintendo can't update the hardware because of burnt fuses in the firmware chip.
It allows the customer, and any cracker who can get that deep into the hardware, to break the irreversible fuse. Not necessarily a good thing to have lurking, by default, in every copy of the hardware. There should be an additional non-reversible fuse option, that disables all the other irreversible fuses.
The "attacker" you say? (Score:3)