A month after presenting his “Jamais vu” TrustZone exploit on Nintendo Switch 1.0.0, and after confirming he had a Trustzone exploit on firmwares 3.x, hacker SciresM is back with a TrustZone exploit named “déjà vu”. This exploit is working on the latest firmware 4.1.0 (technically a version of the 3.x exploit that doesn’t rely on the same kernel exploits used in 3.x). His advice: Don’t update the console when the next firmware update shows up.
The developer Showcased the exploit on youtube (video below), with the following credits:
Arbitrary TrustZone code execution on 4.x via deja vu, successfully implemented courtesy of Motezazer, Ktemkin, and myself.
In practice, this could mean significant control of the console for users up to firmware 4.1.0, as Trustzone is responsible for cryptography on the system. I contacted SciresM who explained that he is also working on a Custom Firmware for the Nintendo Switch, named Atmosphere and which will be entirely open source. It’s not a stretch to assume that this will be leveraging déjà vu.
SciresM also told me he hopes to release déjà vu sooner than later, for people to tinker with.
I asked what firmware people should stay on if they hope for homebrew on their Switch. His answer was unambiguous:
If you’re on 1.0.0, stay on 1.0.0. If you’re on 2.0.0-3.0.0, stay where you are or get on 3.0.0 for HBL stuff If you’re on 3.0.1-4.1.0, feel free to update to 4.1.0
The full video of the exploit Proof of Concept below: