The past 48h have been historical for the Nintendo Switch scene, culminating with the release of multiple implementations of the RCM vulnerability on the Nvidia Tegra bootrom, and opening the doors of hacking to virtually every Nintendo Switch available today, independently of its installed firmware.
But it’s also been confusing, with multiple releases and announcements crammed in two very short days. So here’s a small recap for future reference.
Oct 2017: Nvidia Tegra Bootrom dump
In October 2017, hacking team Reswitched announced they had been able to dump the Nvidia Tegra Bootrom. Given that the Tegra powers the Nintendo Switch, this was an important event. The team did not publish that bootrom (probably for copyright reasons), but given their track record on the Switch so far, proof was not really needed.
It was unclear at the time how much effort they would focus on reverse engineering the bootrom: the team were in the middle of releasing their work for a 3.0.0 exploit, which back then was considered as the holy grail of firmwares for Switch hacks.
But extracting this code from the chip was a feat in itself, and an exploitable bug in the SoC of the Switch would basically mean game over for Nintendo, as it would give hackers full control of the console at startup. Additionally, we wrote at the time:
Some people have stated that the bootrom could also reveal more than bugs, such as for example a backdoor process to get the device into service mode. This is of course only random speculation at the moment.
Those guesses were actually spot on, as we would learn later.
Jan-Apr 2018: Hacking teams share promising news
In January 2018, Team Xecuter, popular for creating and selling hardware mods on multiple gaming systems, announced they would be soon releasing a “solution” for Switch hacking, which would work on all firmwares. It was a bit hard to believe, but this group had a successful track record on older console generations.
From our perspective, it was sad that what was touted as the “ultimate” solution would come from a for-profit group, but it was better than nothing.
Although neither Reswitched nor Fail0verflow had promised a release by then (Fail0verflow in particular had become known for not releasing their exploits on the latest generation of consoles), in hindsight it should have been clear: multiple hacking teams now had access to the Tegra Bootrom, and had found exploits in it. Possibly the same exploits. And although we, the general public, only knew about 3 teams actively working on those exploits, it turned out others had found these vulnerabilities as well. A race was secretly on.
Between February and April, things hummed along, and the scene was looking forward to “something good” for 2018: Fail0verflow demonstrated Linux running on the Switch on their exploit, while still not mentioning any release. In parallel, Ktemkin and Reswitched announced they would release their exploit chain and a custom firmware in Summer 2018. The release date was mostly dictated by the timeline of the group’s responsible disclosure of the bug to Nvidia.
Meanwhile Team Xecuter, who had promised their “solution” in time for Spring, were scrambling to “finalize” their product. They were likely busy obfuscating their modchip as much as possible, to avoid a quick reverse-engineer by competitors or open source proponents. This effort would turn out to be a waste of time.
Apr 2018: The Tegra Bootrom “leak”, and the explosion of releases
By mid April, the future was bright for the Switch hacking scene which was expecting two releases for 2018: an imminent for-profit modchip from Team Xecuter, and an open source solution from Reswitched, for those patient enough to wait until July~ish. Fail0verflow were showcasing cool stuff, but nobody expected them to release an actual exploit.
Around April 23rd, a dump of the Tegra bootrom was published anonymously on the intertubes. That data in itself wasn’t useful for the end user, but skilled hackers could use it to start looking for the vulnerabilities that had been secretly used by the 3 hacking teams. This was big, and I made the assumption it could precipitate some of the carefully planned releases. But that was not an exploit yet, it just made it easier for lots of people to start looking for one.
However that “leak” triggered a bunch of follow up releases from various sources: some hackers started sharing scripts to help debugging the bootrom with popular reverse engineering tools, among other things.
Then, less than 24h after the bootrom leak, an anonymous source shared details of “the” Recovery Mode exploit used by Fail0verflow, Reswitched, and, as far as we know, Team Xecuter.
And because hacking is easy; the Tegra X1 Bug.
Tegra X1 RCM forgets to limit wLength field of 8 byte long Setup Packet in some USB control transfers. Standard Endpoint Request GET_STATUS (0x00) can be used to do arbitrary memcpy from malicious RCM command and smash the Boot ROM stack before signature checks and after Boot ROM sends UID. Need USB connection and way to enter RCM (Switch needs volume up press and JoyCon pin shorted).
Reminder: Real hackers hack in silence. You all suck.
The cat was out of the bag, and this had the effect of a bomb.
Fail0verflow stated they actually had secret plans to release all of their work on April 25th due to their disclosure policy. Ktemkin revealed that the planned date for the Fusee Gelee exploit was June 15th. The releases also confirmed these hacking groups had been using the exact same vulnerability. For us regular people, it was an epic discovery to see how easily one can boot the Nintendo Switch in Recovery Mode, and how that could then be leveraged to load unsigned code onto the device.
By April 24th, 2018, every Nintendo Switch owner had all the necessary tools, available for free and open source, to hack their console.
In parallel to these massive releases, multiple hackers have released their own work, in particular older, patched software exploits for the console. Plutoo for example released the source code of the 3.0.0 exploit, as well as some details on a 1.0.0 exploit. SciresM also released details of “nspwn”, an exploit that was patched in firmware 5.0.0.
Some of these parallel releases, on any normal day, would have been huge news for the scene. But in the wake of the Tegra Exploit release, those were just hackers publishing their work for historical reference.