Reseacher publish a tool that can jailbreak Nintendo Switch

Recently, Kate Temkin, a hardware hacking team member of the ReSwitched team, publicly disclosed a bug in the Nvidia Tegra X1 chipset that could allow anyone to break the Nintendo Switch console with a simple operation.

Kate Temkin referred to this loophole as Fusée Gelée, which affected the recovery model of Tegra’s Nvidia Tegra family of embedded processors, including all Tegra X1 chips that power the Nintendo Switch console. The vulnerability was described as “unrepairable” because it exists in a read-only bootrom in the Tegra chip and can only be remedied through the factory’s small patches. Once the device is shipped, there is no chance of a rescue. Except for Switch, a large number of devices containing Tegra X1 chips will be affected.

The Fusée Gelée vulnerability allows anyone to crack the Nintendo Switch console and run arbitrary code without even opening the device. Just use a simple wire to short a specific pin on the right side of the Joy-Con connector, such as on Twitter. The fail0verflow team suggested it. This vulnerability affects Nvidia’s Tegra SoC and has nothing to do with the software stack available on the device. It is believed to affect all Nvidia Tegra SoCs released before the T186/X2, allowing early boot ROM code execution.

To demonstrate the execution of the bootROM, the hacker Kate Temkin published proof of concept of the Fusée Gelé, which contains an example payload that exposes the protected IROM from the Nintendo Switch and fuses information.