Nintendo Switch: Team Reswitched dumped the Tegra 210 bootrom (and what that means for you)
How does the dump of the Nintendo Switch bootrom help the scene?
The files dumped through that process have not been shared by the reswitched team, and it’s possible they will never share them.
However it is likely that it will help them reverse engineer the boot process of the Nintendo Switch, and look for vulnerabilities there. Finding an exploitable bug in the boot process generally implies full control of a device, the possibility to install custom firmwares in the future, and in general would be much more harder to patch for Nintendo (at least without a hardware revision).
Reverse engineering is a painful and long process however, and there’s no guarantee an exploitable bug would actually be found in Nvidia’s SoC. If one exists, it’s not even sure this will be used in the next steps of Switch hacking, given that Reswitched have already shared most of their work on Switch firmware 3.0.
How did Reswitched dump the Nintendo Switch bootrom?
Some people have stated that the bootrom could also reveal more than bugs, such as for example a backdoor process to get the device into service mode. This is of course only random speculation at the moment.
People were also wondering how the dump process happened, with some assuming that maybe the bootrom had been dumped from an Nvidia Shield (powered by the tegra 210 as well) rather than a Switch directly. “Same difference”, said hacker hedgeberg (not his actual words): it’s the same chip, so it does not matter whether the bootrom was dumped from one device or the other. (Conversation screenshots below courtesy of @kekmaster97.)
Speaking of Hedgeberg, he does great videos of hardware glitching on consoles. These are very instructive so I suggest you check his Twitch channel.
Besides Hedgeberg, hackers haxandeor and daeken are credited for the work in SciresM’s announce.
Source: @SciresM, thanks to everyone who sent tips about this.