Earlier this year hackers started to show evidence of an exploit that allowed you to load custom software on a Nintendo Switch game console. Theoretically that opens the door for homebrew applications, modified games, or even running an alternate operating system such as a GNU/Linux distribution on Nintendo’s latest game system. It could also make it possible to run pirated games, which is why console makers usually don’t encourage this sort of thing.
But now a team of hackers called ReSwitched have described a bootrom vulnerability called Fusée Gelée that makes it possible for anyone to hack a Nintendo Switch… assuming you’re willing to do a little hardware hacking too.
While this security vulnerability could also make it possible for someone else to hack your device, they’d need physical access to your hardware. So the risk of someone installing code on your Switch without your knowledge isn’t all that great.
ReSwitched team member Katherine Temkin says the vulnerability affects the NVIDIA Tegra X1 processor used in all 15 million Nintendo Switch consoles sold to date, as well as other devices with Tegra X1 processors. And it cannot be patched via a software update. The only way for Nintendo and NVIDIA to create devices that aren’t vulnerable would be to release new hardware.
That said, it does take a little bit of work to hack your own Switch. In order to exploit the Fusée Gelée vulnerability, you’ll need to put the Nintendo Switch into USB recovery mode, which requires shorting out a pin on the right Joy-Con connector. You could do that by bending a pin, using a wire, or eventually by purchasing a small accessory designed just for that purpose.
And there is a chance you’ll damage your $300 game console by attempting to hack it. So proceed with caution.
For now, the Fusée Launcher is basically just a sample payload that lets you hack a Switch and add software that doesn’t do much of anything. Eventually ReSwitch plans to release a custom firmware version called Atmosphère that will allow users to run homebrew games and applications. The first release of Atmosphère is tentatively scheduled for this summer.
Meanwhile, the folks at another hacking team, fail0verflow, had also discovered the vulnerability exploited by Fusée Gelée, and they’ve released their own exploit, called ShofEL2. It’s already possible to use it to load a full-fledged GNU/Linux-based operating system such as Arch on a Switch console.
Both hacker teams had disclosed the vulnerability to affected parties including NVIDIA and Nintendo and both had been planning to wait for a period of time before releasing them to the public, in order to allow those companies a chance to come up with strategies for addressing the bugs. But this weekend somebody published details about the vulnerability, so both fail0verflow and ReSwitched went ahead and made their work public.
That opens the door for homebrew, custom firmware, and other hacks (including, possibly, piracy). And while I wouldn’t be surprised to see Nintendo start shipping new Switch devices that are protected from the vulnerability, even if that happens there will still be millions of affected devices already in the wild.
I suspect we’ll start to see eBay and Craigslist sellers highlight the hackable nature of used 1st-gen Switch hardware pretty soon.
Update: NVIDIA has issued a response to the vulnerability, confirming that it exists, but highlighting that “this issue cannot be exploited remotely, even if the device is connected to the Internet. Rather, a person must have physical access to an affected processor’s USB connection to bypass the secure boot and run unverified code.”