“If your Switch catches fire or turns into an Ouya, it’s not our fault.” –Fail0verflow, 2018
An insane flow of releases happened over the past 24h on the Nintendo Switch scene, following the leak of the Tegra bootrom by an unknown hacking group yesterday.
A few minutes ago, team fail0verflow have released their own implementation of the hack, along with a port of Linux for the Nintendo Switch. The hack is compatible with all Nintendo Switch devices independently of their firmware (unless we’re mistaken, the necessary hardware revision to fix the bug has started to hit the stores only very recently).
Fail0verflow were actually intending to release their whole work on April 25th, in compliance with their disclosure window of the Tegra vulnerability. The leak from yesterday has accelerated their release by a couple days.
Fail0verflow’s Tegra exploit relies on the Tegra’s USB Recovery Mode (RCM), and it appears to be the same vulnerability vector as Kate Temkin‘s Fusee Gelee (ktemkin has disclosed her exploit a few hours ago too, technically beating Fail0verflow to the punch, and we will be writing about that as well as we catch up on the news).
The release, as it is right now, is not really end-user friendly, but fail0verflow say hackers should have no difficulty setting things up.
In practice, you will have to boot the Nintendo Switch in recovery mode (according to Fail0verflow, this can be done by holding the Volume Up, Home, and Power buttons at the same time on the console itself) while having it connected via USB to a computer ready to serve the exploit. We’ve seen more complex ways to launch hacks than this one, in particular in such early days.
Download ShofEL2 and Linux patches for Nintendo Switch
Fail0verflow’s release can be fetched from their various github repositories below. You will have to build the stuff yourself.