Nintendo Switch Hack: Proof of Concept of the Nintendo Switch Webkit exploit published
Developer LiveOverflow has published a Proof of Concept file to confirm the iOS 9.3 webkit exploit is working on the Nintendo Switch. The exploit had been announced earlier by qwertyoruiop, the hacker behind the iOS 9.3 Jailbreak which used the same vulnerability as its starting point (CVE-2016-4657).
Nintendo Switch webkit exploit confirmed with PoC
Along with the Proof of Concept, LiveOverflow has published a detailed explanation on how the exploit works (video below), as well as a summary on how to launch the Nintendo Switch browser (a feature that most Switch owners still ignore exists – check out DNSwitch for details)
With LiveOverflow’s work, Nintendo Switch owners can now confirm that their console is vulnerable to the webkit exploit. This is the first exploit released for the console, only a few days after the Switch was released to the public. It is still unclear why the Switch shipped with known exploits unpatched in its browser.
Nintendo Switch hack – What next?
What’s been released is just a proof of concept: it confirms that the browser is vulnerable to the attack. To the end user, this brings pretty much nothing at this point. For hackers, however, this is an entry point to start analyzing the internals of the Nintendo Switch OS: it is now possible to start looking at the RAM and understand a bit more about the device’s firmware. Typically this kind of exploit then leads to the possibility to dump a few libraries, which is then followed by a hunt for a privilege escalation vulnerability (basically, a kernel exploit), which would give full access to the device.
Nintendo switch Webkit exploit – Download and test
You can test the exploit on your Nintendo Switch by getting the files from LiveOverflow’s github, and host it locally on your server. Using DNSwitch or a proxy (following LiveOverflow’s video below), you should be able to point the Switch’s browser to the file in order to test.
If you run into issues confirming the exploit, this thread on GBATemp has some troubleshooting steps, in particular:
If I set up my server with his exact files freshly unzipped from his github master (not just poc1.html but also his index.html which redirects to it), then I am able to get to the end of the PoC reliably.
Source: LiveOverflow, via qwertyoruiop




yay
first xD
*puts on rubber gloves*
hahathats funny
Now I just need to decide if I want to stay down on a lower FW in order to wait for something of note…. I am leaning towards no. May buy a second Switch for this purpose… but I’d like to keep multiplayer functionality and look forward to seeing how the OS evolves from Nintendo’s side.
Seems like a system that really lends itself to homebrew. It’s got the option of a traditional control scheme, it has motion controls, detachable controls, decent battery life, a nice portable screen size, wifi, a touch screen, it even has a built in MicroSD.
If the scene can dig into the internals of the switch software, I predict some very interesting homebrew.
Would be sweet for a PSP or Vita emulator!! But then again…here’s hoping 🙂
wouldn’t mind for a SNES emulator too!
It would be hilarious if we could run homebrew emulators before the official Virtual Console rollout. Hopefully Retroarch for Android will not need to be altered much to run on the Switch. The future of the Switch is looking very bright (unless you’re a Nintendo employee, stockholder or Switch developer). Than I’d be pretty worried.
pls dont kill nintendo with those hacks , for those who want to play ps vita just get a f,,, ps vita and same for snes there is like a zillion snes emu why do you need more? you guys dont see the entire picture if one true hack its out for the switch then the developers wont make games ( atlus , ea etc )
So you say, if the device gets hacked early, certain publishers like ea, ubisoft and activision will stay away from it????
THAT WOULD BE F****** AWESOME!!!! NO DLC INFESTED ***, NO YEARLY SEQUELS, NO RIP OFFS!!! HAPPY!!!
Just good ninty stuff and some not so as*y publisher titles.
That’s not true at all. Many systems have been massive successes despite being hacked or even having piracy available, for example DS and 3DS. This does not make or break a console.
totally agree!!! i think nintendo switch is brilliant console, please don’t kill it, just f…ing leave it along please!!!! we can already have nes, snes, gb, gba etc emu on pretty much every consoles!!! a psp is only ~€50 and you can get a like-new psv for less than €100, they are not expensive!!! you want play, but it !!!
i want new games on switch!!! just f…ing leave it along,would you !!!
Hackers and homebrew developers will never leave consoles alone.
Ok, we will, just because you asked nicely.
Not.
Does anyone know if some FPGA magic would help the hacking process along at this point? That’s something I actually could help with, and I could really use a project to refresh my FPGA / VHDL skills which have been dormant since graduation.
Or maybe some brazilian trickery with a RasPi would be beneficial…
You’re an idiot. Homebrew (and even PIRACY) doesn’t kill a console. Just because we have custom code execution on a console doesn’t mean developers won’t make games for it. The original DS had a TON of piracy and homebrew during its lifetime and sales were still really really high and games were still being made for it. Or even the PS2. There’s a lot of consoles that have had piracy and homebrew during their lifetime and they weren’t killed and games were still produced. PSVita emulators will definitely not be on the Switch. And why are you complaining about more SNES emulators? I think we should have more emulators being made for new systems or architecture. It lets developers learn more and, if they enjoy it, have fun. Don’t you think it’s cool to be able to run code for one console on another piece of hardware?
how f***ing stupid are you to say things like that?? are you brain damage or something? PIRACY won’t kill a console? yah, probably won’t “kill” it, but definitely will do serious damage, what’s the difference? especially for a new console. why do you think game componies won’t put big effort in pc games any more? or are you just too stupid to understand this?
also, it is handy to run code for one console on another piece of hardware, but there’s nothing “cool” about this. you buy a console, use somebody else’s homebrew and emu to run a game downloaded online which is dumped by another person, and you think this is cool? what a loser you have to be to think this is cool. you write your own emulator, or you build your own console that can run other consoles’ game, that’s cool.
and more emulators? play the retro games on your phones, xbox, ps3, 3ds, whatever, don’t f***ing break a new console for this!!! see the big picture please, or are you just a loser who doesnot have money to buy games? wanna something cool, wanna more emu? write your own PSV, PS4, XboxOne emu!!!
for god’s sake learn to spell and i guess you are a rich brat who never had to think about money or at least it sounds that way when you call people that can’t buy every new system or game a loser just because you come from a privileged place.
Outdated arguments. Come back with some new ones.
*** illiterate yuppies.
And people still make games for pc?
Pls hack this console and let nintendo die. i wanna see nintendog fans tears
TQ
Just wait til they manage to access the APX mode.
loving how many kids with switches are scared shitless of this news
With the newly released information that the Switch is literally just a Shield TV shoved back into tablet format, I’m willing to make a bet that, after we’ve busted the Kernel, SOMEONE is going to install Android on this baby again and we’ll be back to square 1, but plus a pair of neat controllers. (also, I think I caught you playing GTAV Wololo, next time i’ll say hello. 🙂 )
Oh Nintendo, Nintendo, Nintendo… You had one job, make the Switch hack-resistant, and you blew it. It’s impossible to lock down a web browser, so I figured for sure they would skip it entirely, but no, they did the dumbest thing possible and included webkit, giving hackers an easy attack vector, but still severely gimped end-user functionality. This asinine decision is going to really hurt Ninty’s bottom line over the next few years.
I was going to hold off on the Switch until I knew if game piracy would be possible or not. Looks like I can’t use that excuse anymore…
Chrome is based on WebKit too