The Switch was heavy! Tegra kernel vulnerabilities cannot be fixed, the jailbreak is just around the corner-vulnerability warning-the black bar safety net

2018-04-25T00:00:00
ID MYHACK58:62201890069
Type myhack58
Reporter 佚名
Modified 2018-04-25T00:00:00

Description

! The researchers released a Fusée Gelée vulnerability PoC code, the vulnerability is Nintendo Switch the host in the embedded processor relates to the Nvidia Tegra code. This vulnerability is named“FuséeGelée”, is a cold start to crack, you can allow the user to bypass the device lock in the Switch running on custom code. Vulnerability in the sense that to those that the user provides to run a custom game or to export the device data may be, These are the current Switch prohibited. Fusée Gelée is unable to repair ! On a technical level, the Fusée Gelée is just a trivial buffer overflow vulnerability. The problem is that the vulnerability is in the Switch of the bootROM component, the component is located in the Nvidia Tegra Chipset, for controlling the device to start the program. This component in the left the Nintendo factory will be at the hardware level is locked, it cannot be through a firmware patch updates. That is the Fusée Gelée impossible to repair, unless Nintendo in order to prevent the escape decided to recall all the consoles, but this apparently also unlikely. The jailbreak process is extremely simple To use this Fusée Gelée vulnerability difficulty is not high, the user need to force restart the Switch, and then enter the USB recovery mode, and then use the USB cable to connect, through the console running the Python script. May the entire process is the most difficult part is forced to Switch into USB recovery mode, you need to short the right handle Slots of the two contacts. But that's okay, found the vulnerability of the great Katherine Temkin as we provide full guidance, including the FAQ page, shorting pin tutorial as well as PoC code. Due to the current PoC code only at Switch on the display device data, the Temkin ensure that in 6 months 15 day publish more about using the Fusée Gelée scripts and information. Scrambling exposure vulnerability Interestingly, the hack Switch sparked the team who compete with each other. Temkin said she was in advance of the disclosure of a vulnerability, because another hardware hacking team previously said they would in a few weeks to release a Switch chip exp. Hardware hacking team exists between the fierce competition, and Temkin want online first to publish vulnerabilities, Temkin is ReSwitched team members. In fact, studies Switch jailbreak of more than this two team, in Temkin released Fusée Gelée vulnerability details after team Fail0verflow also released their Nvidia Tegra vulnerability ShofEL2 it. The team have also continued to improve the use of attack, try to make the jailbreak easier, Temkin is currently being studied to improve FuséeGelée vulnerabilities, and integrate them into a named Atmosphère jailbreak tool pack, The tool pack is planned for 6 December release. While Fail0verflow announced that they will launch a customized tool switchx pro, so that the shorting pins becomes easier. But they also joked that in fact any electronic store and buy the wire it can be done. ! Fusée Gelée vulnerability affects other devices Anyway, Fusée Gelée vulnerability should be the majority of Switch the player of the gospel, but the vulnerability could also have serious consequences. This hack took advantage of the Nvidia Tegra X1 chip, version 210 is the USB recovery mode vulnerability that can bypass the protection chip is a key part of the bootROM, by sending ultra-long control request causes a memory overflow, thereby obtaining a direct memory access. This vulnerability affects a large number of Tegra devices, not just Switch, even more than the Tegra X1 chip. Therefore rush to the premature publication of vulnerability details may also be too hasty.