Months ago, word leaked out to the public of an “unpatchable” exploit method that allowed Switch users to run custom firmware, homebrew code, and even pirated software on all existing hardware. Now, Nintendo is reportedly selling Switch systems that have been fixed at the factory to protect against this exploit.
The report comes from prolific Switch hardware hacker SciresM, who writes that at least some Switches currently on retail shelves are not vulnerable to the coldboot exploit known in hacking circles as “Fusée Gelée.” SciresM suspects that Nintendo has used the iPatch system on the system’s Nvidia Tegra chip to burn new protective code into the boot ROM, cutting off the USB recovery mode overflow error that previously let hackers in.
These boot-ROM iPatches are relatively simple for Nintendo to implement in the factory when the system is manufactured, but they are impossible to load onto the tens of millions of Switch units that had already been sold before the exploit was made public.
The newly protected Switch hardware is reportedly loaded with firmware version 4.1.0, which has been outdated since the release of version 5.0.0 in March. That suggests these units are not sporting a new, more secure version of Nvidia’s Tegra chip (known internally as “Mariko”), which was first hinted at in the code for that version 5.0.0 firmware.
The older firmware also suggests the protected Switch units were manufactured (and iPatched) earlier this year, well before the Fusée Gelée exploit went public in April. That’s not too hard to believe. Both Team fail0verflow and Team ReSwitched, which discovered similar Switch exploits while working separately, have said they provided “responsible disclosure” details of their exploit to Nintendo and Nvidia months before going public. It seems Nintendo may have used that head start to get protected hardware to market a little sooner than would have otherwise been possible. (Nintendo has not responded to a request for comment from Ars Technica.)
In any case, SciresM says the older 4.1.0 firmware is still susceptible to a (still unpublished) software-level exploit method he has developed, called deja vu. But that exploit has reportedly already been patched out of systems with 5.0.0 firmware or later as part of the usual back-and-forth, hack-and-firmware-patch battle that the Fusée Gelée exploit completely circumvented.
The presence of new Switch hardware that’s not susceptible to Fusée Gelée could increase interest in the tens of millions of previously sold Switch units that are still easily exploitable. Demand for such systems among hackers and homebrew aficionados may increase as time goes on and as Nintendo continues banning hacked systems from its online network. For now, though, hackers should start checking the provenance of any Switch hardware they may want to tinker with.
- Inside Nintendo’s “perfect” method for detecting online Switch piracy
- Nintendo Switches Hacked to Run Linux—Unpatchable Exploit Released
- Report: A new Nintendo Switch model will arrive in 2019
- The Nintendo Switch Hits Another Major Sales Milestone
- Switch is selling well, but Nintendo thinks it can sell even better