Switch Hardware Exploit

by All in One

All in One
( ˃ ヮ˂)
Posts: 1,138
Threads: 9
Joined: May 2016
Reputation: 5
04-23-2018, 10:26 PM (This post was last modified: 04-23-2018, 11:17 PM by All in One.)
#77357 (1)

Quote:Vulnerability Summary

The USB software stack provided inside the boot instruction rom (IROM/bootROM) contains a copy operation whose length can be controlled by an attacker. By carefully constructing a USB control request, an attacker can leverage this vulnerability to copy the contents of an attacker-controlled buffer over the active execution stack, gaining control of the Boot and Power Management processor (BPMP) before any lock-outs or privilege reductions occur. This execution can then be used to exfiltrate secrets and to load arbitrary code onto the main CPU Complex (CCPLEX) "application processors" at the highest possible level of privilege (typically as the TrustZone Secure Monitor at PL3/EL3).

Basically, there's a fairly easy to use exploit that gives you all the access you need to do stuff like homebrewing and since it's based on hardware there's not a whole lot Nintendo can really do about it once the hack has been made. This only got disclosed a few hours ago so obviously there's nothing to be done with it yet but given enough time...
Seems Nintendo is likely already aware of it since they've already announced a hardware revision so if you're interested in having an exploitable Switch it's probably best to grab one soon.

Edit: I guess "nothing" isn't quite the right word for it. You can install Linux on it, if you'd like.

[+] 2 users love All in One's post