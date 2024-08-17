Key Takeaways - Nintendo Switch security flaw led to piracy

When the Nintendo Switch launched, it was a big event for a few reasons. No less was it a comeback story for Nintendo following the dreadful sales of the Wii U, but it was a promise to developers that piracy would no longer be a problem on Nintendo hardware. From the Nintendo DS, to the Wii, to the Wii U, and the Nintendo 3DS, piracy was a rampant issue across the company's entire portfolio. However, that quickly became a problem for the Switch as well, but this time, it wasn't really Nintendo's fault.

For context, the Nintendo Switch launched with the Nvidia Tegra X1 chip, an Arm-based SoC with powerful Maxwell graphics and a pretty big jump, all things considered, when compared to Nintendo's past forays into portable hardware. The Switch's ace up its sleeve was the fact that it was also a console that could be docked, hence why it needed the additional power, but as it turned out, an unpatchable hardware exploit meant that the door had been blown open to piracy on a Nintendo console yet again.

Fusée Gelée, an unpatchable hardware exploit

Nintendo's downfall was Nvidia

In 2018, hardware hacker Katherine Temkin and the ReSwitched team, a Nintendo Switch-focused hacking team, reported and disclosed a coldboot vulnerability to Nintendo and Nvidia. This vulnerability is pretty serious, as it allows for unsigned code to be run at boot time, and the exploit was in the boot ROM -- a small chip that contains code executed first when the device is powered on. ROM, standing for read-only memory, isn't replaceable or modifiable, which is why this exploit is unpatchable and, to this day, still hasn't been fixed on affected consoles.

How it works is quite simple. If a user boots the Switch into the Tegra X1 recovery mode (RCM), it can then accept commands sent over USB. The specific problem is in the rcm_read_command_and_payload function, as it reads data passed into it into a global buffer and copies it into a memory region before validating the size of the data being passed into it. The boot ROM’s stack is located near the memory region where the USB Direct Memory Access buffers are placed (0x40010000). Because the memory is unprotected, an attacker can overflow the stack by manipulating the USB control request length.

Because an attacker can overflow the stack, the return address of the function can be replaced with an attacker's payload instead. This gives the attacker complete control over the device before any security systems kick in, so that a user can boot anything that they want on the device. While this is a critical security vulnerability, it's something that can be leveraged by console hackers to boot custom firmware in a way that Nintendo can do nothing about it. This is also what enables users to boot Android and Linux on their Nintendo Switch, as this exploit can hijack the entire boot process of the Switch.

How a paperclip helped defeat the security of the Switch

It's all about getting into RCM mode

The Nintendo Switch, with its Tegra X1 SoC, can fall victim to this attack too, but there's a problem. There are only three ways you can end up in RCM mode on a device with a Tegra X1:

If the processor fails to find a valid Boot Control Table (BCT) + bootloader on its boot media

If processor straps are pulled to a particular value e.g. by holding a button combination

If the processor is rebooted after a particular value is written into a power management controller scratch register.

In the case of the Switch, the button combination to get to RCM was “Home”, “Volume Up” and “Power.” With the Switch, though, it doesn't connect to the Joycons until later in the boot-up process, so there's no way to press the Home button early enough in the boot process to enter RCM. That's where a paperclip comes in. If you used a paperclip to short pin 10 in the right Joycon rail of the Switch, it would simulate the pressing of the Home button. If you connected Pin 10 to Pin 1 during the boot up process of the Switch while pressing Volume Up and Power, the Switch would boot into RCM.

Because of this, people began to fashion paperclips to connect Pin 10 and Pin 1 together, but you still needed to be careful; shorting it incorrectly can damage the Joycon rail and render it unusable. This led to the creation of the "RCM jig," which was essentially just a paperclip inside of a plastic nub that would correctly short the two pins required to boot the Switch into RCM.

Once your Switch was in RCM and you had a payload you could deliver over USB, you could boot any software you wanted on the Switch, circumventing its security entirely. It's not exactly high-tech either; booting custom software on unpatched Nintendo Switches is ridiculously easy.

Nintendo will be extra careful with the Switch 2

The original Switch is still mostly unscathed

Funnily enough, if the hardware exploit in the original Switch hadn't happened, the Switch may have gone through most of its lifecycle without any major security incidents. What's known as "v2" Switches are unhackable through this method, as the security flaw has been patched. However, there are still modchips out there, and even flashcarts are beginning to make a comeback. Part of what's made the Switch so open to attack is the fact that every aspect of the system has been documented thanks to the unprecedented level of access that was gained very early on in its lifecycle.

Make no mistake, though. The Nintendo Switch 2 will be something that Nintendo puts a lot of time into safeguarding, which is funny to say given that people have said that about every device the company has launched since the Nintendo DS. It's arguably more true than ever, though, as the company put a lot of effort into the Nintendo Switch; it's just that the difficulties with Nvidia kind of put a pin in those plans for a secure console.

Having said that, there has also been a reduced appetite for hacking the original Switch. When modders were first trying to get into it, the RCM vulnerability was discovered very early on, and by that stage, there wasn't really much reason to try and find software exploits. When Nintendo eventually released patched Switch consoles (and the Switch OLED), interest had died down significantly from hobbyists. Why waste time trying to hack an already hacked console? Anyone who wants to mod even newer Switches could buy a modchip at this stage, so there wasn't really a rush to break into the Switch again.

I'm looking forward to the Nintendo Switch 2, and as someone who loves to read about tech and security, I'm kind of excited to see what becomes of it from a modding point of view. I'll almost certainly pick one up when it launches, but I'll be patiently waiting to see if there's any way to get custom software on one after its launch.