Fusee Gelee exploit in actionA security researcher has released a proof-of-concept exploit affecting the Nvidia Tegra line of embedded processors that come with Nintendo Switch devices.

Codenamed “Fusée Gelée,” the PoC is a cold-boot hack that lets a device owner to bypass device-lockdown and run custom code on the Switch.

This exploit opens the door for device owners to run custom games or export data saved on the device, currently forbidden on standard Nintendo Switch handsets.

Fusée Gelée is unpatchable

At the technical level, Fusée Gelée is nothing more than a trivial buffer overflow vulnerability. The problem is its location in the Switch’s bootROM component —found inside the Nvidia Tegra chipset— that controls the device’s boot-up routine.

This component is locked down at the hardware level after leaving the Nintendo factories, meaning they can’t be updated via a firmware patch.

This makes Fusée Gelée unpatchable, and it’s hard to believe Nintendo will recall millions of gaming consoles just to fix a jailbreak.

Exploitation requires forcing Switch in USB recovery mode

Exploiting Fusée Gelée isn’t that complicated either, albeit dangerous. Users need to force the Switch to reboot in USB recovery mode and then use the USB connection to launch a Python script via a console.

Probably the hardest part of the entire hack is forcing the Switch into USB recovery mode, which can be achieved by pressing and shorting two pins on the right Joy-Con connector.

Katherine Temkin, the hacker who discovered the exploit, has published a FAQ page about Fusée Gelée, how users could short the two pins, and the PoC code.

The current…

[SOURCE]