The Nintendo Switch will soon be a hacker's haven, but not those who want their data – the way SNES emulators and Linux run on their portable game consoles. A bug released today in a switch's Nvidia chip, allows power users to inject and modify code in the system, however they wish.
The exploit, known as Fusée Gelée, was first suggested by the developer Kate Temkin a few months ago. She and others at ReSwitched worked on demonstrating and documenting the exploit, including on Nvidia and Nintendo.
Although the responsible disclosure is to be applauded, it will make no difference here: This error is not the case, which can be fixed with a patch. Millions of switches are permanently vulnerable to total jailbreaking; only new ones with code that has been factory-optimized are immune.
This is because the error is embedded in the read-only memory of the Nvidia Tegra X1
As you can imagine, getting any code on a device that's deep in its processes is a huge, big flaw. Luckily, it's only available to someone with direct, physical access to the switch. But that alone makes it an extremely powerful tool for anyone who wants to modify their own console.
The modding of consoles is done for many reasons, and piracy is among them. But people also want to do things that Nintendo does not allow, how they back up their saved games, run custom software like emulators, or extend the capabilities of the operating system beyond the meager features that the company has provided.
Temkin and her colleagues had planned to publicly post the vulnerability on June 15, or if someone released the vulnerability independently of them, whichever came first. It turned out to be the latter, which was not surprising to anyone in the community. The X1 exploit seems to have been an open secret.
The exploit was published anonymously by some hackers and Temkin subsequently released the team's documentation on GitHub. If that's too technical, there are also a few multilingual plain text about the bug in a FAQ that was released earlier this month. I asked Temkin for some more details.
In addition to Temkin, failOverflow has announced a small device that will short a pin in the USB port and put the device into recovery mode to prepare for exploitation. And Team Xecuter announced a similar hardware attack months ago.
The answer to the most obvious question is no, you can not just start it and Wave Race 64 (or a pirated Zelda) will play 15 minutes on your Switch 15 minutes from now. The exploit still requires the technical ability to implement, though, as with many other hacks of this type, someone will likely transfer it to a nice GUI that guides normal users through the process. (This certainly happened with the NES and SNES Classic editions.)
Although the exploit can not be resolved with a software update, Nintendo is not powerless. It is likely that a modified switch will be excluded from the company's online services (as they are) and possibly also the user account. Although the hacking process is low risk compared to soldering needed for modchips from past decades, it does not present a golden ticket.
In other words, Fusée Gelée will certainly open the floodgates for developers and hackers little for Nintendos official ecosystem and would rather see what they can do this great piece of hardware themselves.
I have asked Nintendo and Nvidia for a comment and will update it when I hear it.