Nintendo Switch Hacking Scene on Fire Thanks to Hardware Bug

Zubi KhanMay 16, 2018
Nintendo Switch Hacking Scene on Fire Thanks to Hardware Bug

The Nintendo Switch has been out for a little over a year now, but already it seems hackers have managed to crack the system wide-open thanks to a hardware vulnerability — custom firmware, a homebrew app store and even a port of the SNES classic OS are currently in the works or already available for Nintendo’s latest console-handheld hybrid.


All this is possible due to the Nintendo Switch hardware using the Nvidia Tegra X1 architecture in its design — the Tegra based hardware which has been available prior to the release of the Switch, has given hackers ample time to discover the particulars of the chipset, specifically a fault or exploit that lets arbitrary or unsigned code to be executed during the booting or startup process.

Unfortunately for Nintendo, this exploit in the hardware means that all currently available switches are vulnerable to this coldboot hack, coldboot meaning it occurs as the console itself is turning on from a powered off state. In order to circumvent this, Nintendo would have to deploy a hardware revision, meaning that a simple firmware update will not be able to patch the exploit due it being a flaw in the hardware and not the software.

One of the first hackers to discover and document this exploit in the Tegra based hardware is Kate Temkin, a security contractor, and teacher who specializes in hardware and software vulnerabilities. Temkin found the bootrom exploit thanks in part to Nvidia themselves, who released to the public a document that contained published information regarding vulnerabilities within their hardware and bootrom.

The actual exploit in question from Temkin is dubbed Fusée Gelée, an exploit that relies on shorting-out specific pins on the Nintendo Switch, which causes the system to boot into RCM or Rescue Mode, something that is normally reserved for USB related flashing or recovering from a brick at the factory or repair center. Once in RCM mode, thanks to Temkin’s work, hackers can launch unsigned code, prior to the switch even fully turning on.

In other words, Fusée Gelée has essentially opened the floodgates to hackers and homebrew developers that wish to develop for Nintendo Switch — some stand out applications currently available for the Nintendo Switch include ports of popular emulators such as FBA, or Final Burn Alpha, an emulator that emulates arcade classics, Checkpoint Switch, a popular port of a Nintendo 3DS save manager homebrew application, which allows end-users to actually backup, restore and exchange otherwise locked off Nintendo switch game saves, and finally, an early version of the SNES classic operating system, which is currently being ported over to the switch, effecivtly giving the console its own virtual console, despite Nintendo not having any plans for the service on their latest device.

As the Tegra based hardware used to power the Nintendo Switch also happens to support Android, which in itself is based on Linux, many users have also successfully managed to install a version of the popular operating on to their switches, this was first documented by the hacker group, fail0verflow, who in the past, worked in exploiting other popular video game consoles such as the PlayStation 3 and PlayStation 4.

Another popular hacker, known on Twitter as SciresM, who originally worked on several exploits for Nintendo 3DS, is also currently hard at work on the Nintendo switch, with plans to release a full custom firmware which he is calling Atmosphere. SciresM plans on releasing Atmosphere sometime during the summer — a custom firmware would allow users to run homebrew apps directly from the Nintendo switch, as if they were legitimately signed applications from the e-shop or something prebaked in with a regular firmware update, such as photo and video viewer.

Unfortunately, which often is the case with these sort of affairs, the current state of the Nintendo switch hardware has also invertedly lead to the development of a modchip device that allows users to run pirated copies of physical cartridge-based titles. The group known as Team Xecuter released a short video, demoing their mod kit, a device that utilizes the same exploit found by Temkin in order to boot what appears to be Team Xecuter’s own custom firmware, which seemingly allows the Nintendo Switch to boot pirated copies of popular titles.

It’s hard to tell where the future of these exploits will lead the Nintendo Switch team, but here’s hoping that it will ultimately end with more fun and unique homebrew experiences, rather than the dark and dingy route that is piracy.


Liked this article and want to read more like it? Check out Zubi Khan’s coverage of Yuzu, the world’s first Nintendo Switch emulator

Want to see more videos? Subscribe to our YouTube channel and check out the First 15: Fe, Monster Hunter World Beta: the Insatiable Nergigante, Dissidia Final Fantasy NT,  Star Wars Battlefront II, Sonic Forces + Episode Shadow, and  Super Mario Odyssey!

Don’t forget to tune in every Friday the Pixels & Ink Podcast to hear the latest news, previews, and in-depth game discussions!

Never miss when new CGM articles go out by following us on Twitter and Facebook!

CGMagazine is Canada’s premiere comics and gaming magazine. Subscribe today to get the best of CGM delivered right to your door! Never miss when a new issue goes live by subscribing to our newsletter! Signing up gives you exclusive entry into our contest pool. Sign up once, you’ll have a chance to win! Sign up today!