Fail0verflow and other hacker reveal details bootrom leak Nintendo Switch
The Nvidia Tegra X1 soc from the Nintendo Switch has a leak in the bootrom. Two different hackers are publishing details about the leak. Nintendo and Nvidia can’t fix the leak, because the bootrom is read-only.
The leak allows hackers to flash any software in USB recovery mode without the hardware performing the usual security checks, fail0verflow reports. Fail0verflow calls the leak Shofel2, Kate Temkin refers to it as Fusée Gelée. The bootrom leak underlies running Linux on the Switch, something Fail0verflow showed in February.
To exploit the vulnerability, users must put the Switch into USB recovery, a mode that usually allows repairers to recover bricked devices. The hardware checks whether the firmware used is authentic. Thanks to the leak, that doesn’t happen.
The leak does require users to have a USB host, such as a Linux PC, at boot time. Nintendo and Nvidia can’t fix the Switch leak, but it could create a system to recognize hacked Switch consoles on its online services, Ars Technica says.
Temkin was the first to release details of the leak, but it seems that many people have been aware of the details in recent months. Fail0verflow actually planned to release details on Wednesday. Temkin will later come up with a guide to exploiting the vulnerability to load proprietary firmware on the Switch.