In an alarming situation developed for the avid users of Nintendo as it was discovered that the hikers can intrude the device. The company however, could not manage to patch the exploit with hardware and software updates. The users are exploiting the loophole. For instance, fail0verflow transformed the Switch into a fully-featured Linux tablet.
Although the procedures to actually bypassing the switch boot security are hard, you can run your code on the device.
“By carefully constructing a USB control request, an attacker can leverage this vulnerability to copy the contents of an attacker-controlled buffer over the active execution stack, gaining control of the Boot and Power Management processor (BPMP) before any lock-outs or privilege reductions occur,” Temkin writes.
This means the hackers can gain high level access, before security part of the boot process runs. This is done by overloading the Direct Memory Access (DMA) buffer with a bootROM. Since all this operation occurs in the Read-Only memory, the exploit cannot be patched.
“Since this bug is in the Boot ROM, it cannot be patched without a hardware revision, meaning all Switch units in existence today are vulnerable, forever,” writes fail0verflow. “Nintendo can only patch Boot ROM bugs during the manufacturing process.”
How the Hack can happen?
First, a user has to engage the USB recovery mode. This mode is present in all Tegra-based devices. After the USB recovery mode is active , the exploit needs to be put into play, which can be done with any vanilla Linux distribution on PC, and theoretically most Android phones. The solution for doing the latter has not yet been created. And again, the rest of the process makes my eyes glaze over, but it’s probably catnip for coders who want to get their hands dirty turning the Switch into a homebrew machine.