4/26/2018 Behind the scenes with the hackers who unlocked the Nintendo Switch | Ars Technica

OPEN WIDE —

Behind the scenes with the hackers who unlocked the Nintendo
Switch
"The best way to get a chip security audited is to put it in a game console"
KYLE ORLAND - 4/26/2018, 2:35 AM
Aurich Lawson

Enlarge

For end users, Monday's public disclosure of the Fusée Gelée exploit will make it relatively simple to run
FURTHER READING
arbitrary code on the Nintendo Switch and other Nvidia Tegra X1-based hardware. For Kate Temkin and The “unpatchable” exploit that
the hackers at Team ReSwitched, though, discovering and publicizing the exploit was full of technical and makes every current Nintendo
ethical difficulties. Switch hackable [Updated]

ReSwitched's work on the Switch began last year, Temkin tells Ars, with an engineer going by the handle
Hedgeberg working on "voltage glitching, a technique where we very, very briefly momentarily deprived the processor of power in order to make it
misbehave. On Tegra X1 processors, if you precisely time that power 'glitch,' you can actually bypass the point where the system 'locks' the bootROM—
effectively bypassing the mechanism that keeps the bootROM code secret."

By October, the team had used this method to extract a copy of that secretive bootROM, and by January,
FURTHER READING
Temkin says she was spending weeks reverse-engineering and documenting that code. That process Hackers seem close to publicly
"involves comparing views of machine code we'd extracted to Nvidia's technical documentation and unlocking the Nintendo Switch
gradually inferring what the code was intended to do," Temkin said.

Other hackers at December's 34C3 conference also cited Nvidia's own documentation as key to their own efforts to unlock the Nintendo Switch, saying
that "Nvidia backdoored themselves" with a published bypass method.
SUBSCRIPTIONS SI

Hiding in plain sight?

As part of her "day job" as a security contractor and teacher, Temkin says she already maintains a collection of USB hacking tools that helped in
reverse-engineering the Tegra's flawed USB controller code. Once that was done, it was relatively simple to spot the "length request" vulnerability that

https://arstechnica.com/gaming/2018/04/behind-the-scenes-with-the-hackers-who-unlocked-the-nintendo-switch/ 1/4
4/26/2018 Behind the scenes with the hackers who unlocked the Nintendo Switch | Ars Technica
lets an attacker overflow a DMA buffer and insert code into the application stack, she said. "[It's] not particularly difficult to find if you had a bit of USB
expertise."

"Interestingly, if I had been less interested in reverse engineering and more in security auditing, I would almost definitely have been able to find this
bug without having gained access to the bootROM," she added. "Some of the standard auditing techniques I teach my students would have easily
found the vulnerability."

Along those same lines, Temkin says Nvidia may have hurt its own hardware security by attempting to hide its bootROM code from the public. "I
imagine if their bootROMs were open source, this would have been found almost immediately, and even a binary distribution of the bootROM would
have made it so researchers could easily identify the vulnerability, leading to a more immediate fix," she said.

Temkin says the same basic USB vulnerability has existed in Tegra chips "for the better part of a decade" and only remained hidden for this long
because not many people cared much about previous Tegra-powered devices. "I’ve joked before that the best way to get a chip security audited is to
put it in a game console," she said. "If it had been discovered in any of the earlier processors, it could easily have been fixed before Nvidia began
implementing the X1."

In response to a request for comment from Ars Technica, an Nvidia spokesperson pointed us to a security notice posted Tuesday, which notes that
"this issue cannot be exploited remotely, even if the device is connected to the Internet. Rather, a person must have physical access to an affected
processor’s USB connection to bypass the secure boot and run unverified code." Nvidia also notes that subsequent Tegra systems (like the X2) and
Nvidia GPUs are not affected by the same issue.

Nintendo of America told Ars "we have nothing to announce on this topic."

Responsible disclosure
Revealing an unpatchable method to unlock every single current X1 chip is not something Team ReSwitched takes lightly, Temkin said. The team
disclosed its full report to Nvidia and vendors like Nintendo in March, she said, and signed an agreement with Nvidia to withhold public disclosure until
June 15. That agreement became moot, though, when another anonymous group started leaking some of the same vulnerability details publicly early
Monday morning. At that point, "we no longer felt there was a benefit to the public to keeping our work private," Temkin said.

Even before that, though, previous tweets from Team fail0verflow showed that group had already found its own arbitrary code exploit for the Switch
(which would, coincidentally, turn out to be the same one Team ReSwitched found, Temkin says). Just knowing that such a vulnerability was out there
was "incredibly motivating," Temkin said. "It's easier to find yourself motivated to spend weeks on end reverse-engineering when you know that other
hackers have found things."

A video from Team fail0verflow shows how the Tegra X1 exploit can be used to get Linux running on a Nintendo Switch.

(Shortly after Temkin released details of Fusée Gelée, fail0verflow published details of its own SofEL2 exploit, including a method for installing Linux on
the Nintendo Switch. This came before the end of what fail0verflow says was its own 90-day "responsible disclosure" window, which was set to expire
April 25).
https://arstechnica.com/gaming/2018/04/behind-the-scenes-with-the-hackers-who-unlocked-the-nintendo-switch/ 2/4
4/26/2018 Behind the scenes with the hackers who unlocked the Nintendo Switch | Ars Technica
With fail0verflow publicizing the existence of an exploit, ReSwitched didn't see any point in keeping the existence of its own exploit secret from the
public, Temkin said. Discussing the vulnerability publicly, she said, can "help to further raise awareness of the flaws in Tegra processors," while
demonstrating "responsible disclosure" and sharing discoveries with the chipmaker first can encourage future cooperation between vendors and
security auditors.

Where do we go from here?

That said, Temkin says Team ReSwitched had frequent conversations about the ethical implications of the exploit's wider disclosure, including the
potential that it could lead to users pirating copyrighted games. "It's difficult to balance the goals of 'opening up' closed hardware and preventing
things like piracy," she said. "Unfortunately, enabling people to have full access to their systems inevitably means that some people are going to use
that access in ways we don’t agree with."

"I do strongly disagree with the idea of hiding software exploits and then releasing modchips that use (potentially obfuscated) versions of them,"
Temkin continued, referencing Team Xecutor's parallel effort to develop and sell a Nintendo Switch mod chip using a similar exploit. "I think it’s both
unethical—as it gives malicious actors a chance to pick up and use the vulnerabilities before they can be addressed or public knowledge can spread—
and against the spirit of knowledge-exchange we want to see in the console-hacking community."

Going forward, Temkin said Team ReSwitched will continue work on Atmosphère, a customized firmware that could be installed with the Fusée
Gelée exploit. The open source project will "enable things like having homebrew applications that you can launch right from the Switch’s home menu,"
she said.

As for Nintendo, Temkin said she expects the company will soon release an unadvertised, "silent" update to the Switch hardware. The Switch's internal
code already contains references to a more secure "T214" version of the X1 chip, she says, which could replace the vulnerable "T210" revision that's in
current Switch systems.

As Temkin notes in her Fusée Gelée FAQ, though, all 15-million-plus Switches currently in consumer hands "will continue to be able to use Fusée Gelée
throughout its life." In the cat-and-mouse battle between console hackers and console makers, that's the kind of discovery that stands out.

LATEST ARS VIDEO >

Blizzard answers unsolved mysteries of the Hearthstone
universe
Blizzard's Ben Brode, game director on Hearthstone, sheds some light on the
unsolved mysteries of the Hearthstone universe. Any card combos the
Hearthstone designers never intended? How does Blizzard decide which
characters to take from World of Warcraft? What will happen to the classic set
as it continues to lose cards every year? Blizzard answers all these questions,
and more!

KYLE ORLAND
Kyle is the Senior Gaming Editor at Ars Technica, specializing in video game hardware and software. He has journalism and computer science degrees from University
of Maryland. He is based in the Washington, DC area.

EMAIL kyle.orland@arstechnica.com // TWITTER @KyleOrl

READER COMMENTS 34 SHARE THIS STORY

← PREVIOUS STORY NEXT STORY →

Related Stories
Today on Ars

https://arstechnica.com/gaming/2018/04/behind-the-scenes-with-the-hackers-who-unlocked-the-nintendo-switch/ 3/4
4/26/2018 Behind the scenes with the hackers who unlocked the Nintendo Switch | Ars Technica
RSS FEEDS CONTACT US NEWSLETTER SIGNUP
VIEW MOBILE SITE STAFF Join the Ars Orbital Transmission
ABOUT US ADVERTISE WITH US mailing list to get weekly updates
delivered to your inbox.
SUBSCRIBE REPRINTS

Email address SUBSCRIBE

CNMN Collection
WIRED Media Group
Use of this Site constitutes acceptance of our User Agreement (effective 1/2/14) and Privacy Policy (effective 1/2/14), and Ars Technica Addendum (effective 5/17/2012). View our Affiliate Link
Policy. Your California Privacy Rights. The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with the prior written permission of Condé
Nast.

https://arstechnica.com/gaming/2018/04/behind-the-scenes-with-the-hackers-who-unlocked-the-nintendo-switch/ 4/4