There is no doubt about the fact that Nintendo Switch is currently the most sought-after device. However, the device is also prone to be hacked. According to hackers Yellow8, Plutoo, Derrek, and Naehrwert, it is possible to hack Nintendo Switch and install unofficial homebrew software and pirated games on the device.
The hackers, minus Yehllow8, presented their findings at the 34C3 Hacking Conference held in Germany. The culprit for causing hack in the device is the Nvidia Tegra chip installed in the console. The chip allows hackers to use the feature used by the engineers at Nvidia to access internal functions of the chipset. It is worth noting that this particular feature is not typically accessible to the public.
The researchers presented their findings in the video, which demonstrated the way hackers benefitted from the fact that Nintendo Switch utilized an Off-the-Shelf Nvidia Tegra X1, which is a well-documented GPU and debugging hardware is also officially available at nominal rates. The documentation allows hackers to understand the method of bypassing system Memory Management Unit (SMMU). Plutoo explained that by using this chipset, Nvidia itself has installed a backdoor in the console.
The video that explains the hacking mechanism is available here but in case someone is interested in hacking, all that is required is to ensure that the device runs at Switch firmware version 3.0. That is, to keep the console offline so as to prevent new system updates, and to get a physical copy of the Pokken Tournament DX that arrives with firmware version 3.0. Afterwards, if the hackers release their own homebrew launcher, it will easily run on the device.
The hackers also provided details about the sm:hax exploit that results in the acquisition of root privileges by skipping the initialization step of a service so as to make the service manager think that the service had pid 0. It also explained the hardware glitching process that can provide Kernel decryption keys.
Naehrwert also showed how it was possible for him to bypass ARM’s Trustzone on Nintendo Switch but he regards this achievement as just-for-fun task and not useful for homebrew. Hacker Derrek has demonstrated the method with which Switch Hardware was glitched to retrieve Kernel keys. In the end of the video, the hackers stated that they won’t be releasing the exploits but a homebrew platform would be arriving soon.
This is not the first time when Nintendo Switch has been found vulnerable. Earlier this year, a jailbreaker discovered how Nintendo Switch could be hacked using iOS 9.3 WebKit exploit.