HACKERS HAVE REVEALED how Nintendo's Switch can be made to run arbitrary code through an exploit of an unpatchable flaw in the console's Nvidia Tegra X1 chip.
Katherine Temkin, a self-confessed hardware hacker from the ReSwitched hacking team, posted details of a proof-of-concept exploit the team is calling Fusée Gelée.
The exploit makes use of a vulnerability at the silicon level of the Tegra X1 chip's USB recovery mode that would normally prevent hardware tinkerers from accessing the system's bootROM. This 'coldboot' vulnerability allows for the entire 'root-of-trust' for the processor to be compromised.
Temkin provided a more technical summary on Github for people with a head for such information.
"The USB software stack provided inside the boot instruction rom (IROM/bootROM) contains a copy operation whose length can be controlled by an attacker. By carefully constructing a USB control request, an attacker can leverage this vulnerability to copy the contents of an attacker-controlled buffer over the active execution stack, gaining control of the Boot and Power Management processor (BPMP) before any lock-outs or privilege reductions occur," she explained.
"This execution can then be used to exfiltrate secrets and to load arbitrary code onto the main CPU Complex (CCPLEX) "application processors" at the highest possible level of privilege (typically as the TrustZone Secure Monitor at PL3/EL3)."
However, this exploit does require the Switch to be forced into USB recovery mode, which requires the shorting of a pin in the right-hand JoyCon connector. This seems like a pretty risky thing to do to a near £300 console, but hackers from Fail0verflow jokingly tweeted a picture of a device to do so, as well as a piece of wire that suggests the shorting isn't too tricky.
Introducing our new, revolutionary technology for Nintendo Switch modification. Welcome to SwitchX PRO. Coming soon. pic.twitter.com/d3xGawrW1u— fail0verflow (@fail0verflow) 23 April 2018
Once the exploit is, er, exploited, it can not only allow data to be exfiltrated but also allow for custom bootloaders; Temkin is working on here own one called Atmosphere.
While Nintendo is no fan of customer bootloaders, the data exfiltration is a bigger concern as it could lead to Switch games being pirated.
Temkin disclosed the vulnerability to Nintendo and Nvidia noting that she provided Nvidia with an "adequate window" to communicate with its customers and partners on how to mitigate the problem.
But given its a hardware-level issue in existing Tegra X1 chips, it is seemingly unpatchable as a bootROM update is not possible with the hardware in its current form.
While piracy and bootloaders might be a concern for Nintendo, Nvidia arguably has a bigger problem on its hands as the vulnerability could be in all the Tegra X1 chips it has shipped. As such, the chips in other systems and devices could be open to exploitation by savvy hackers or malicious actors with a bit of tech know-how.
"Given the potential for a lot of bad to be done by any parties who independently discover these vulnerabilities, I thought it best to disclose this immediately and under terms that ensured that the vulnerability reached the public quickly," said Temkin.
To make matters even more tricky for Nintendo and Nvidia, Fail0Verflow also decided to publish its bootRom exploit known as ShofEL2 as well as a Linux loader for the Switch; it had been sitting on the latter for nearly 90 days as part of a responsible flaw disclosure but as someone else had published the bug it decided to reveal its take ahead of the 25 April deadline.
Jokes aside, we have a 90-day responsible disclosure window for ShofEL2 ending on April 25th. Since another person published the bug so close to our declared deadline, we're going to wait things out. Stay tuned.— fail0verflow (@fail0verflow) 23 April 2018
So it looks like there's now a good few chip-level exploits out in the wild, though caution is advised as Fail0verflow warned that "it's stupidly easy to blow up embedded platforms like this with bad software". Hobby hackers, consider yourselves warned. µ
Who said the week after I/O was boring?
But only inside the house
JerryRigEverything puts the OnePlus 6 through its paces
McAfee claims campaign is the work of 'Sun Team', rather than Lazarus