Nintendo Switch: Team Reswitched dumped the Tegra 210 bootrom (and what that means for you)
Hacker SciresM announced a few days ago that Team Reswitched was able to dump the bootrom of the Tegra 210, the SoC that powers the Nintendo Switch.
How does the dump of the Nintendo Switch bootrom help the scene?
The files dumped through that process have not been shared by the reswitched team, and it’s possible they will never share them.
However it is likely that it will help them reverse engineer the boot process of the Nintendo Switch, and look for vulnerabilities there. Finding an exploitable bug in the boot process generally implies full control of a device, the possibility to install custom firmwares in the future, and in general would be much more harder to patch for Nintendo (at least without a hardware revision).
Reverse engineering is a painful and long process however, and there’s no guarantee an exploitable bug would actually be found in Nvidia’s SoC. If one exists, it’s not even sure this will be used in the next steps of Switch hacking, given that Reswitched have already shared most of their work on Switch firmware 3.0.
How did Reswitched dump the Nintendo Switch bootrom?
Some people have stated that the bootrom could also reveal more than bugs, such as for example a backdoor process to get the device into service mode. This is of course only random speculation at the moment.
People were also wondering how the dump process happened, with some assuming that maybe the bootrom had been dumped from an Nvidia Shield (powered by the tegra 210 as well) rather than a Switch directly. “Same difference”, said hacker hedgeberg (not his actual words): it’s the same chip, so it does not matter whether the bootrom was dumped from one device or the other. (Conversation screenshots below courtesy of @kekmaster97.)
Speaking of Hedgeberg, he does great videos of hardware glitching on consoles. These are very instructive so I suggest you check his Twitch channel.
Besides Hedgeberg, hackers haxandeor and daeken are credited for the work in SciresM’s announce.
Source: @SciresM, thanks to everyone who sent tips about this.
Doesn’t mean anything for me! But at least I get to post 87th. yeah!
cool but we are far from anything worth while
i have a switch on 3.0
will buy another one for mario next week or so
Implying you can find one
Closer than you think, though. As it stands, we’re on pace to crack the system faster than the 3DS and much much faster than the Vita. These early days matter more than most appreciate.
To be fair, there’s a good chance a few more huge hurdles will present itself and it’s likely that although we’ll technically be able to crack the system it could be a full year before a public release AFTER it is determined to be worth releasing.
But we’ve found far more doors this early on than dead ends.
If they dont release it then its as good as never finding it in the first place.
Congrats for wasting everyones time with some FAKE news.
Fake as unreleased is the same as fake.
“Some people have stated that the bootrom could also reveal more than bugs, such as for example a backdoor process to get the device into service mode. This is of course only random speculation at the moment.”
Then what is the point of this article? Just to get clicks for ad revenue? This all boils down to “this isn’t useful info at the moment, we’re just speculating happy thoughts” so how is this news?
thank god i use adblock and do not deactivate on wololo.net
Dumping the bootrom is a notable, newsworthy step in the process of finding bugs to exploit in the console. It means that people can start investigating and reverse-engineering the low-level boot time code, which was previously unknown with no possibility to exploit it.
A good example of what can come from bootrom bugs is the current state of the 3DS scene, where you can now insert a special cart into any console, hold some buttons and have a completely unpatchable hack installed. That particular trick is based on the discovery of a recovery mode in the bootloader, and a bug with signature checking that is exploited to gain control over the system much earlier than any other hack, before any patchable software even starts. Both of these weren’t possible to find until the 3DS bootrom was dumped.
As for the speculative side, the speculation is purely that the Switch might have a service or recovery mode hidden that can now be found, like the PSP and 3DS had and were both successfully exploited. The rest of the article is about the actual newsworthy item, that the bootrom has now been dumped. Even if there is no recovery mode, there’s still the chance of finding bugs to exploit.
uhm, *** whiners
Im more bothered about the fact my device is on fw 2.5.x and i pre ordered Mario Odyse which is going to come with the latest firmware bundled 🙁
-still hacks the wii-
Yes, best emulation station.
Only surpassed by the wiiU since a few weeks (gamepad inputs usable in nintendont).