Nintendo Switch With BootROM Patch Hits Retail And Stymies Homebrew Folks For Now

Nintendo Switch
Nintendo is ardently opposed to third-party ROMs and running unauthorized emulation software, as it makes abundantly clear in its legalese. Related to that, it did not sit well with Nintendo that its hybrid Switch console could be hacked to run homebrewed software, due to a flaw in the NVIDIA Tegra chip inside. Now it's being reported that the latest Nintendo Switch consoles are shipping with update hardware and software mitigations that no longer allow modders to install custom software.

The flaw in question was deemed an unpatchable Tegra exploit, and that is true in the sense that Nintendo (and NVIDIA) couldn't just roll out an update to address the issue. It has to do with the Tegra X1's USB recovery mode. The exploit bypasses lock-out operations that normally would protect the chip's BootROM.

"As this vulnerability allows arbitrary code execution on the Boot and Power Management Processor (BPMP) before any lock-outs take effect, this vulnerability compromises the entire root-of-trust for each processor, and allows exfiltration of secrets e.g. burned into device fuses," hardware hacker and modder Katherine Temkin of the hacking team ReSwitched said at the time.

NVIDIA Tegra X1
NVIDIA Tegra X1 System-on-Chip (SoC)

The only way to effectively patch the exploit is to revise the actual Tegra X1 hardware, and apparently that is what NVIDIA did.

"To the surprise of no one, Nintendo (and NVIDIA) have rolled out an updated hardware that is fixed from this arbitrary write-flaw through a system known as iPatches. These are fuses with specific bits of code that fix flaws in the boot processes and other hardware level operations. These cannot be applied after leaving the factory (as the fuse allowing them to be written or edited is blown)," ResetEra reports.

So just as the flaw could not be patched in the wild, the new systems with updated hardware cannot be tweaked with the same exploit. This leaves modders with having to figure out ways to exploit Nintendo's kernel, which is rather secure.

One such method does exist. It's called Deja Vu, and it works with version 4.0.1. There is a caveat though. Nintendo largely patched the flaw in version 5.0.0. However, the newer Switch consoles with the updated Tegra chip are said to be still arriving with version 4.0.1, so there is a glimmer of hope for modders who buy a brand new Switch.

In short, if you're interested in modding the Switch, your best bet is to buy a used console. Barring that, grab one at retail sooner than later and hope it arrives with the older Tegra chip, and be sure not to update the software.

Via:  Resetera
Show comments blog comments powered by Disqus