Tegra X1 Exploit Opens Up Nintendo Switch, Other Devices

Tegra X1 Vulnerability XDA

NVIDIA’s powerful Tegra X1 chip sits at the heart of the Nintendo Switch, along with the Google Pixel C and the NVIDIA SHIELD TV, and a new exploit called Fusée Gelée has opened the Switch up for developers and has far-reaching implications for the two Android-running Tegra X1 devices. Fusée Gelée was originally found by engineer Katherine Temkin and hacking group ReSwitched, the exploit runs at the boot level, and seemingly cannot be patched on current Nintendo Switch units. It allows for full modification of the Switch’s code, up to and including running a full GNU/Linux distribution, and will likely mean similar developments for the SHIELD TV and the Pixel C.

Fusée Gelée can run at boot, and unlike previous exploits that could make a Switch run Linux, it does not require any sort of console modification, such as CPU and GPU tweaks or a mod chip. Speaking on the possibilities for the somewhat older and more well-documented Android devices, running a desktop version of a GNU/Linux distribution is likely only the beginning of the implications for this hack. It was originally meant to be fully disclosed in June, but is now live on GitHub, with a full disclosure log and files to build a launcher that can get users extended privileges at boot on any device powered by the Tegra X1 chipset.

The exploit takes place on a coprocessor meant for bootup and power management, which means that it can be used to gain access to, record, and control every single thing that an affected device does. The exploit is loaded over USB, which means that users won’t have to worry about the exploit being used remotely on their device by a malicious agent. What this essentially means is that the community now has a means to obtain literally all of the data, files and privileges needed to build any software at all for affected devices, from the ground up, as well as reverse-engineer anything those devices can do. While this could potentially go as far as letting the Pixel C run the Switch’s software and games, for example, but that’s a rather extreme logical leap from where things are now, and will require immense investments of time from development communities. Homebrew on the Switch and deep, system-level customization for the SHIELD TV and Pixel C are most likely the first places that this exploit will go, but how things will go from there is anybody’s guess. It’s worth noting that this exploit, now that it’s public, will likely be patched on Switches going forward, but the Pixel C has been discontinued and the NVIDIA SHIELD TV could either see a new production round with a patch intact, or a refresh with a new processor in the near future.