Nintendo Switch Hack: Proof of Concept of the Nintendo Switch Webkit exploit published
Developer LiveOverflow has published a Proof of Concept file to confirm the iOS 9.3 webkit exploit is working on the Nintendo Switch. The exploit had been announced earlier by qwertyoruiop, the hacker behind the iOS 9.3 Jailbreak which used the same vulnerability as its starting point (CVE-2016-4657).
Nintendo Switch webkit exploit confirmed with PoC
Along with the Proof of Concept, LiveOverflow has published a detailed explanation on how the exploit works (video below), as well as a summary on how to launch the Nintendo Switch browser (a feature that most Switch owners still ignore exists – check out DNSwitch for details)
With LiveOverflow’s work, Nintendo Switch owners can now confirm that their console is vulnerable to the webkit exploit. This is the first exploit released for the console, only a few days after the Switch was released to the public. It is still unclear why the Switch shipped with known exploits unpatched in its browser.
Nintendo Switch hack – What next?
What’s been released is just a proof of concept: it confirms that the browser is vulnerable to the attack. To the end user, this brings pretty much nothing at this point. For hackers, however, this is an entry point to start analyzing the internals of the Nintendo Switch OS: it is now possible to start looking at the RAM and understand a bit more about the device’s firmware. Typically this kind of exploit then leads to the possibility to dump a few libraries, which is then followed by a hunt for a privilege escalation vulnerability (basically, a kernel exploit), which would give full access to the device.
Nintendo switch Webkit exploit – Download and test
You can test the exploit on your Nintendo Switch by getting the files from LiveOverflow’s github, and host it locally on your server. Using DNSwitch or a proxy (following LiveOverflow’s video below), you should be able to point the Switch’s browser to the file in order to test.
If you run into issues confirming the exploit, this thread on GBATemp has some troubleshooting steps, in particular:
If I set up my server with his exact files freshly unzipped from his github master (not just poc1.html but also his index.html which redirects to it), then I am able to get to the end of the PoC reliably.
Source: LiveOverflow, via qwertyoruiop
Whoa that was fast
nice! Fist!
Wololo you shouldn’t encourage people and hackers to hack the console and reduce switch life span give the beautiful console at least 4 year so they make some good games. let’s people’s logic work and just support Nintendo otherwise we won’t see anything good coming.
From Kurdistan with Love
Consoles hacks have nothing to do with their lifespan. Also, I’m not necessarily encouraging anything, just reporting on what’s going on. With that being said, to me hacking is all about being curious and I see nothing wrong with that. On the contrary, I feel sorry for the people who don’t have the curiosity to understand how their devices tick 🙂
SEGA Dreamcast
the Dreamcast was doomed to fail even before its release, i remember arguing with a friend about it and the PS2 and i told him unequivocably that the PS2 would be the lead console, however at the time i didn’t know about the xbox and the scene which would circle that but the PS2 was still the best of the 3
Ditto.
The most successful consoles were all easily hacked, stop feeding into large companies’ propaganda.
The 3DS was hacked and it’s still pretty big. The PS Vita was hacked but was already dead. The PSP was hacked and that didn’t reduce it’s lifespan. Heck, even the Wii was hacked (And quite easily) and it’s ranked among the best of their consoles
to be fair the wii and the 3ds had a nice large library of games and both consoles were already extremely popular before they were hacked.
Nintendo defence force so strong lmao
If Switch has no ASLR, it means soon we will have code exec.
Afaik 3ds and wii u both have aslr, I don’t see why the Switch wouldn’t…?
ASLR is broken
http://www.pcworld.com/article/3170583/security/javascript-based-aslr-bypass-attack-simplifies-browser-exploits.html
so should we buy now a switch or can we wait and buy it when something more substantial comes from this thing?
This might boost hardware sales incredibly.
Yes, now im really interested to buy one Switch……
Same
It’s sad that the companies dont survive with hardware sales only. Explointing the hardware will inevitable lead to software hack thus piracy. Game sale loss will translate in shot life spam of the system.
Well, it’s like that guy once sang, welcome to the jungle babe.
this isn’t the point where they will start looking at the firmware, if Ninty had any sense they would have sandboxed the browser
meanwhile its pretty much impossible to get one at the moment.
“It is still unclear why the Switch shipped with known exploits unpatched in its browser.”
Because Nintendo believes in “Security through obscurity”. They think that if the Browser isn’t accessible, it’s safe from hacks.
More like hushed development. I think it’s common knownledge nowadays that obfuscation is not a real security mesure, just a delay (in some cases a significant one).
Maybe Nintendo launched the thing on such state expecting to have time to correct such breaches and aiming to update it in some weeks. Well, unfortunately for them our friendly neighbor hackers were faster.
It also means nintendo is too busy policing youtube making sure only select groups post nintendo content lol