All posts in “Nintendo”

Unstoppable exploit in Nintendo Switch opens door to homebrew and piracy

The Nintendo Switch may soon be a haven for hackers, but not the kind that want your data — the kind that want to run SNES emulators and Linux on their handheld gaming consoles. A flaw in an Nvidia chip used by the Switch, detailed today, lets power users inject code into the system and modify it however they choose.

The exploit, known as Fusée Gelée, was first hinted at by developer Kate Temkin a few months ago. She and others at ReSwitched worked to prove and document the exploit, sending it to Nvidia and Nintendo, among others.

Although responsible disclosure is to be applauded, it won’t make much difference here: this flaw isn’t the kind that can be fixed with a patch. Millions of Switches are vulnerable, permanently, to what amounts to a total jailbreak; only new ones with code tweaked at the factory will be immune.

That’s because the flaw is baked into the read-only memory of the Nvidia Tegra X1 used in the Switch and a few other devices. It’s in the “Boot and Power Management Processor” to be specific, where a misformed packet sent during a routine USB device status check allows the connected device to send up to 64 kibibytes (65,535 bytes) of extra data that will be executed without question. You need to get into recovery mode first, but that’s easy.

As you can imagine, getting arbitrary code to run on a device that deep in its processes is a huge, huge vulnerability. Fortunately it’s only available to someone with direct, physical access to the Switch. But that in itself makes it an extremely powerful tool for anyone who wants to modify their own console.

Modding consoles is done for many reasons, and indeed piracy is among them. But people also want to do things Nintendo won’t let them, like back up their saved games, run custom software like emulators, or extend the capabilities of the OS beyond the meager features the company has provided.

Temkin and her colleagues had planned to release the vulnerability publicly on June 15 or when someone releases the vulnerability independent of them — whichever came first. It turned out to be the latter, which apparently came as a surprise to no one in the community. The X1 exploit seems to have been something of an open secret.

The exploit was released anonymously by some hacker and Temkin accordingly published the team’s documentation of it on GitHub. If that’s too technical, there’s also some more plain-language chatter about the flaw in a FAQ posted earlier this month. I’ve asked Temkin for a few more details.

In addition to Temkin, failOverflow announced a small device that will short a pin in the USB connector and put the device into recovery mode, prepping it for exploitation. And Team-Xecuter was advertising a similar hardware attack months ago.

The answer to the most obvious question is no, you can’t just fire this up and start playing Wave Race 64 (or a pirated Zelda) on your Switch 15 minutes from now. The exploit still requires technical ability to implement, though as with many other hacks of this type, someone will likely graft it to a nice GUI that guides ordinary users through the process. (It certainly happened with the NES and SNES Classic Editions.)

Although the exploit can’t be patched away with a software update, Nintendo isn’t powerless. It’s likely that a modified Switch would be barred from the company’s online services (such as they are) and possibly the user’s account as well. So although the hacking process is, compared with the soldering required for modchips of decades past, low on risk, it isn’t a golden ticket.

That said, Fusée Gelée will almost certainly open the floodgates for developers and hackers who care little for Nintendo’s official ecosystem and would rather see what they can get this great piece of hardware to do on their own.

I’ve asked Nintendo and Nvidia for comment and will update when I hear back.

Sega to release Mega Drive Mini this year

Just like Nintendo before it, Sega is releasing a mini version of its iconic Mega Drive game system. The system is supposed to be available sometime in 2018 and the company also announced at least 15 classic Sega games will hit the Switch this summer to celebrate the system’s 30th anniversary.

Sega turned to AtGames to build the hardware according to this Facebook post. AtGames had previously built the shoddy Sega Genesis Flashback so hopefully this system will be better than that version. Nintendo paid attention to the details in its retro systems and it showed. The mini NES and SNES are lovely throwbacks that bring the best of past to the present — I just wish the controllers had longer cords.

Growing up I had an SNES because my parents thought Sega games were too violent. Basically, Killer Instinct instead of Mortal Kombat. I hope I can handle Scorpion’s finishing moves now.

If that’s not enough nostalgia, Sega Ages series producer Kagasei Shimomura hints Sega Dreamcast games could also hit the Switch, which if happens, could bring Phantasy Star Online or Jet Set Radio to Nintendo’s system.

Also, Bryce, our all-star illustrator, didn’t know the Genesis was called Mega Drive outside of North America. He can’t be alone.

FTC warns companies that void warranties over using 3rd party services

The days of reading the small print to see whether a repair or new part for your ailing laptop will void its warranty may be coming to an end. The FTC has officially warned several companies that their policies of ceasing support when a user attempts “non-approved” repairs or servicing are likely illegal.

It’s the sort of thing where if you buy a device or car from a company, they inform you that unless you use approved, often internally branded parts, you’re voiding the warranty and your item will no longer be supported by the company.

The idea is that a company doesn’t want to be on the hook when a user replaces an old, perfectly good stick of RAM with a new, crappy one and then comes crying to them when the computer won’t boot. Or, in a more dire situation, replaces the brakes with some off-brand ones, which then fail and cause an accident. So there’s a reason these restrictions exist.

Unfortunately, they’ve come to encompass far more than these dangerous cases; perhaps you replace the RAM and then the power supply burns out — that’s not your fault, but because you didn’t use approved RAM the company takes no responsibility for the failure. The result is consumers end up having to buy components or servicing at inflated prices from “licensed” or “approved” dealers.

“Provisions that tie warranty coverage to the use of particular products or services harm both consumers who pay more for them as well as the small businesses who offer competing products and services,” explained Thomas Pahl, from the FTC’s Bureau of Consumer Protection, in the announcement.

The agency gave several examples of offending language in customer agreements, blanking out the names of the companies. Ars Technica was quick to connect these with the major companies they correspond to: Hyundai, Nintendo, and Sony. Here are the statements the FTC didn’t like, with the company names in bold where they were blank before.

  • The use of Hyundai parts is required to keep your . . . manufacturer’s warranties and any extended warranties intact.
  • This warranty shall not apply if this product . . . is used with products not sold or licensed by Nintendo.
  • This warranty does not apply if this product . . . has had the warranty seal on the PS4 altered, defaced, or removed.

It’s one thing to say, don’t overclock your PS4 or we won’t cover it. It’s quite another to say if the warranty seal has been “defaced” then we won’t cover it.

“Such statements generally are prohibited by the Magnuson-Moss Warranty Act,” the FTC announcement reads, and in addition “may be deceptive under the FTC Act.” The companies have 30 days to modify their policies.

This could be a major win for consumers: more repairs and service locations would be allowed under warranty, and modders of game consoles may be able to indulge their hobby without trying to hide it from the manufacturer. That will depend on the new phrasing of the companies’ policies, but this attention from the FTC will at the very least nudge things in the right direction.

8bitdo’s wireless adapter adds flexibility to Xbox, PlayStation and Switch controllers

Game controller compatibility is a labyrinthine nightmare most of the time: Some controllers work with some platforms some of the time, but it’s very hard to keep track of how and when. 8bitdo’s latest accessory adds some simplicity to the mix, enabling use of Xbox One, PlayStation 4 and Nintendo Switch controllers with Switch, Windows and macOS systems quickly and easily.

Yes, that means you can play your PC or Mac games with your favorite Xbox One X/S or DualShock 3/4 controller, or even use a Joy-Con. It also means that you can use a DualShock controller to play Breath of the Wild on the Switch, ion that’s what you want to do.

The USB dongle also works with Android TV hardware, and with Raspberry Pi-based devices. It supports DualShock 4 vibration and 6-axis motion control on Switch, and it works lag-free for low latency gaming requirements. It’s also a tiny bit smaller than either the dedicated Xbox or PlayStation dedicated PC wireless controller USB adapters (and supports a broader range of platforms).

Oh, and it’s also just $20 from Amazon. I’ve been using it for a couple of weeks now and it performs exactly as advertised. If you’re looking to cut down your controller clutter or just have a strong preference for once design over another, this is definitely a smart buy.

Hacker group manages to run Linux on a Nintendo Switch


Hacker group fail0verflow shared a photo of a Nintendo Switch running Debian, a distribution of Linux (via Nintendo Life). The group claims that Nintendo can’t fix the vulnerability with future firmware patches.

According to fail0verflow, there’s a flaw in the boot ROM in Nvidia’s Tegra X1 system-on-a-chip. when your console starts, it reads and executes a piece of code stored in a read-only memory (hence the name ROM). This code contains instructions about the booting process.

It means that the boot ROM is stored on the chip when Nvidia manufactures it and it can’t be altered in any way after that. Even if Nintendo issues a software update, this software update won’t affect the boot ROM. And as the console loads the boot ROM immediately after pressing the power button, there’s no way to bypass it.

The only way to fix it would be to manufacture new Nvidia Tegra X1 chips. So it’s possible that Nintendo asks Nvidia to fix the issue so that new consoles don’t have this vulnerability.

fail0verflow also says that you don’t need to install a modification chip to bypass the boot ROM. On the photo, it looks like they plugged something on the right side of the device, where the right Joy-Con is supposed to be.

If fail0verflow decides to share the exploit, it could open up many possibilities when it comes to homebrew software and, yes, pirated games. It could have some financial implications for Nintendo.