Security researchers have discovered a Nintendo Switch vulnerability in Nvidia’s Tegra line of embedded processors which enables the attackers to run arbitrary code on all currently available consoles.
Nicknamed Fusée Gelée and ShofEL2, the exploits lead to a coldboot execution hack that can be forced by the users to install Linux, run unofficial games, custom firmware, and other unsigned code on Nintendo Switch consoles, which is normally not possible.
These exploits make use of the buffer overflow vulnerability in the USB software stack of read-only boot instruction ROM (IROM/bootROM), permitting any unauthenticated arbitrary code execution on the game console before any lock-out operations take effect.
The buffer overflow vulnerability is a common coding error and it occurs when more data is put into a fixed-length buffer than the buffer can handle. The adjacent memory space becomes overwritten and corrupted thereby allowing the attackers to execute code of their choice. A user can overload a Direct Memory Access (DMA) buffer within the bootROM and then execute it to gain access on the device before the security part of the boot process happens.
Hardware hacker Katherine Temkin of ReSwitched says that the execution can be used to exfiltrate secrets and to load arbitrary code onto the main CPU Complex application processors at the highest possible level of privilege (typically as the TrustZone Secure Monitor at PL3/EL3).
But this exploitation needs the users to have physical access to the hardware console to force the Switch into USB recovery mode (RCM). However this can be done easily by pressing and shorting out certain pins on the right Joy-Con connector, without the need to open the system.
fail0verflow team says that a simple piece of wire from the hardware store could be used to bridge Pin 10 and Pin 7 on the console’s right Joy-Con connector, and Katherine Temkin suggests that simply exposing and bending the pins might also make it possible. When done you can connect the Switch to your computer using a cable (USB A → USB C) and then run any of the available exploits.
Katherine Temkin has released Fusée Gelée, and it allows device owners only to display device data on the screen. She has planned to release more details about exploiting Fusée Gelée on June 15, 2018. She is also working on customized Nintendo Switch firmware called Atmosphère, which can be installed via Fusée Gelée.
ShofEL2 exploit which was released by the fail0verflow team allows users to install Linux on Nintendo Switches. The team warns that they have already caused temporary damage to one LCD panel with bad power sequencing code and so should not bring up with complains if anything goes wrong.
In the interim, another team of hardware hackers Team Xecutor is also composing to sell an easy-to-use consumer version of the exploit which is bound to work on any Nintendo Switch console nevertheless of the currently installed firmware.
The vulnerability is not just limited to the Nintendo Switch and affects Nvidia’s entire line of Tegra X1 processors. Fusée Gelée was disclosed to NVIDIA earlier, and forwarded to several vendors as a courtesy. The bootROM component comes integrated into Tegra devices to control the device boot-up routine and all happens in Read-Only memory and so the vulnerability cannot be patched by Nintendo with a simple software or firmware update. As the bug is in the Boot ROM, it requires a hardware revision and it can be patched only during the manufacturing process. The company needs to address this issue in the future using some hardware modifications.