Inside Fusée Gelée — The Unpatchable Entrypoint for Nintendo Switch Hacking
Written by Caolan Disini, Christopher Trinh, and Brandon Chen as part of BU CS 391 Network Security Fall 2019
Hacking Nintendo devices is certainly not a new endeavor — hackers have been publicly successful in breaching the security of Nintendo game consoles and handhelds going back as early as 2008 when the “Homebrew Channel” was released for the Nintendo Wii, less than just two years after the console launched. The Homebrew Channel, which was given the “Channel” moniker to cleverly fit in with the rest of the software on the Wii like the “Wii Shop Channel” and “Photo Channel”, was a piece of homebrew that allowed users to upload their own software and run utilities and other hacks on the Wii that Nintendo would never normally allow consumers to use on their hardware.
Homebrew: this is software developed by consumers of proprietary computer hardware platforms, such as game consoles, that have hardware restrictions and are not usually user-programmable. The development of homebrew software is often for the purposes of expanding the function of the restricted hardware device, such as making a game console do more than just play games by enabling DVD playback or serving as a home theater PC. [6]
Fast-forward to 2018: in barely one year since Nintendo’s latest flagship home console, the Nintendo Switch, had released, hackers have found a vulnerability that will let them develop and upload a new modern-day version of the Homebrew Channel for the Switch — and as it soon turned out, much more than just that as well.
A Different Kind of Vulnerability
Nvidia, an American technology company specializing in graphics processing units, is responsible for developing many of the graphical processors that the vast public uses in daily life — this most prominently includes the GeForce line of consumer-oriented graphics processing products, which are used in an overwhelming majority of computers and laptops today to take advantage of graphics-intensive programs like video games and video processing and editing software, for example. However, the product line that this post is most interested in exploring is the Tegra product family, a System on a Chip (SoC) series for mobile devices. (SoC chips integrate all the components of an electronic system into a single integrated circuit.) One of the most popular products that take advantage of this is the Nintendo Switch, a video game console developed by Nintendo and released in early 2017, which uses the Nvidia Tegra X1 chip to power its hardware.
However, around April 2018, an “exploit chain” (multiple exports chained together to create one large exploit) was discovered and published for Nvidia Tegra-X1 based systems. This exploit, named “Fusée Gelée” (literally, “frozen rocket” in French), was initially reported and responsibly disclosed by hardware hacker Katherine Temkin and “ReSwitched”, the Nintendo Switch-focused hacking team [1]. Fusée Gelée is a coldboot vulnerability that allows complete unauthenticated arbitrary code execution from the bootROM (boot instruction read-only memory, also known as IROM). This is huge — the bootROM is a small piece of mask read-only memory (ROM) inside the processor chip, and more significantly, it contains the very first code that is executed by the processor when the device turns on [8].
A coldboot exploit is thus very powerful — it allows attackers to load their own code on device startup, where no operating system has been loaded, no boot code has been executed, and most importantly, no security has been enabled. This means that with a coldboot exploit, a hacker can utilize it to do virtually anything it wants on the hardware. By comparison, a warmboot exploit works on top of an already running operating system. Depending on where the flaw is for a warmboot exploit, hackers can inherit a number of privileges from the affected code, but as a result, these exploits are usually not as powerful as coldboot exploits [2].
The Fusée Gelée vulnerability lies within the Tegra X1’s USB recovery mode [7]. This mode circumvents the lock-out operations that usually protect the chip’s bootROM. If the user somehow sends a bad “length” argument to an improperly coded USB control procedure at the right point, the user can then force the system to overflow a direct memory access buffer in the bootROM — this would allow data to be copied into the protected application stack and thus give the attacker the ability to run arbitrary code of their choice [2].
The reason why this is much more problematic than previous vulnerabilities for Nintendo hardware is that the flawed bootROM cannot be fixed via a simple downloadable patch or system firmware update — once the Tegra chip leaves the factory, the bootROM cannot be modified. This is an intentional security measure made to secure the bootROM: if the bootROM was unbreachable, then hackers cannot modify the system on a software level in any way to modify the bootROM. Unfortunately, this works in the opposite direction as well: if the bootROM can be breached, then the manufacturer cannot modify the system on a software level in any way to fix the exploited bootROM, as is the case here [3].
At the time that the exploit was reported in 2018, over 14.8 million vulnerable Switch systems were already shipped to the public — which meant that quite a significant number of systems were affected before Nintendo was made aware of the issue. In July 2018, hackers started reporting new Switch system models that were being shipped to consumers — however, these new models were not vulnerable to Fusée Gelée. It turns out that in June of 2018, there was a revision of the Nvidia Tegra X1 chip that patched the coldboot vulnerability. This was through an “irom_patch,” [10] otherwise known as an “ipatch” — essentially a bootROM revision for Tegra-based hardware. This patch came with a fix for the Fusée Gelée vulnerability [3]; the fix limits the USB control request’s size to a maximum of 255 bytes, effectively repairing the bad “length” argument that Fusée Gelée relied on to work.
The Worms Inside of the Apple
While previous exploits for Nintendo systems were primarily software-based, those exploits could be patched out completely via downloadable system firmware updates; these updates would then be required for the user to both use new software and games and access Nintendo’s online servers from that point on. However, a downloadable firmware update won’t work for a hardware chip-level exploit like this [1]. Outside of producing a new hardware revision to ship to consumers, Nintendo can still detect compromised systems when they sign on to Nintendo’s servers; once detected, Nintendo can then ban those systems from using the Switch’s online functions. These bans can range wildly: some bans simply just prevent users from playing online, while other bans (nicknamed “superbans” by the community) are more aggressive and completely ban a hacker’s console ID from accessing Nintendo’s content delivery network (CDN). As a result, users who are superbanned are entirely unable to update their games or system firmware over Nintendo’s online servers, which can ultimately render these affected systems unable to play any future games that require higher system firmware versions to use.
There are various uses for running unsigned programs and code through this exploit, including simply booting custom firmware, playing illegal backups of games, and even booting entirely different operating systems, like the Android operating system (OS). While playing illegal backups of games is certainly an example of a morally questionable application of this exploit, there are also plenty of handy and completely legal reasons as well, including backing up Switch games’ internal save data onto a secure digital (SD) card [13] — something that was and is still impossible to do on the original stock system firmware. Similar to the process of jailbreaking, it is arguable that the multiple potential benefits that hacking your Switch can bring is not outweighed by the negative risks nor illegal applications that also come with it — making the question of whether it is wrong to hack your Switch a difficult one to answer.
The Dark Ethical Side of Switch Hacking
Once customized firmware like Atmosphère [17], which utilized the Fusée Gelée exploit to boot up a new custom-made firmware on startup, was released to the public, more and more hackers and end-users were free to start experimenting with the new freedom they had on the Switch platform. The act of simply hacking a user’s Switch and even installing custom firmware is not illegal on its own — it is very similar to the federal court’s ruling on the legality of jailbreaking an iPhone, where there is “no basis for copyright law to assist Apple in protecting its restrictive business model [14].” Even so, the exploit opens up a whole slew of questionable actions that hackers and users alike could partake in: one of them being the capability of running copies of pirated games on the system.
Hackers can use certain tools to play illegally obtained backups of games without paying for them, and more crafty hackers can even obtain access to unreleased titles from Nintendo’s own online digital game distribution storefront [12]. In doing so, the user denies the developers of the game the profit gained from selling that copy — an act of copyright infringement. The implications of this are much more serious that one might expect: Nintendo is an Eastern company that operates under stricter copyright laws; rather than copyright infringement be largely a civil manner like in the United States [9], individuals may be criminally prosecuted for any sort of violation of intellectual ownership, such as the act of simply just hosting songs online. While the disparity between the two largest international markets of Nintendo makes it difficult for them to pursue punishment, it definitely does not stop them from doing their best to crack down, as they have in the past with illegal game-sharing websites, modding and hacking forums, and soundtrack compilations featuring music from Nintendo’s games.
Almost just as serious are the offenses that hackers can partake in by modifying Switch game data itself. Users are able to inject code into games to cheat, which, while not immediately harmful to other players, would prevent them and other players from experiencing the way the game was meant to be played, especially if hackers decided to cheat during online play, which disrupts the balance of the game and potentially ruins other players’ experiences [4]. This can take form in many ways, but the most egregious example occurred in June 2018 when it was discovered that hackers were now able to upload custom images for their profiles. This seems harmless in practice; after all, users could now choose pictures of their favorite fictional characters as their profile picture, instead of being restricted to a list of safe and preselected pictures by Nintendo. However, this tool turned out to cause a lot of trouble when normal everyday Switch users discovered that hackers could upload pornographic imagery as their profile picture and have it displayed in-game — even in games aimed at young audiences, such as “Super Mario Odyssey”, which has an ESRB rating of E10+ (for everyone ages 10 and up) [5].
As one might imagine, this sparked an immense amount of outrage amongst parents and players alike; such uncontrolled cheating and game manipulation can reduce a game’s playerbase, decrease sales, and ultimately tarnish the company’s reputation in the long run. This negatively affects not just Nintendo, but also third-party companies that develop their games for the Switch as well. Nintendo immediately cracked down on these hackers, issuing superbans on those that they caught hacking their Switch and violating their rules. However, while these hackers might have deserved getting such a strict ban, other hackers who caused little to no trouble at all oftentimes received the same strict punishment, leaving some wondering why Nintendo is attacking all hackers alike, regardless of their intention.
Despite all these ethical issues, running custom firmware through the exploit has provided many users the means to address problems that were previously unsolvable on Switch stock firmware. One such example is the case of transferring and backing up save data of Switch games, which was especially concerning for those worried if an accident befell their save data somehow, like if their Switch console dies of hardware failure one day, for example. In the past and even now, Switch users did not have any method to manually move or copy save data on their console to an external storage device, which meant that there would be no way to back up their save data in case of data loss. With no option to even back up their save data, users were worried about losing hundreds of hours in lost playtime, something that arguably should most definitely be preventable.
However, by running custom firmware, users were now able to bypass this software limitation and transfer save data onto an SD card, allowing it to be easily moved around and backed up safely. Though Nintendo has since added a cloud saving feature to back up data, it is still not possible to backup save data with physical external storage on the original stock firmware.
Banning Without Prejudice
Sadly, Nintendo slaps a blanket ban on any and all hacked systems that it detects, regardless of whether they had any malicious intent or not. This mindset of getting rid of any potential threats before they even become a threat means that Nintendo can effectively curtail its consumers’ right-to-repair and stop them from taking matters into their own hands, even if they had no malicious intent at all in mind. This was most prominently seen in July 2018, wherein the Switch multiplayer game “Splatoon 2”, the top four names in the online leaderboard for competitive play spelled out “Please add anti cheat”. This was soon attributed to a hacker who wanted to call attention to Nintendo about how easy it was to hack their games. Nintendo responded to this by removing the hacker’s message and banning them, without discussing the addition of any anti-cheat measures to the game.
Fusée Gelée was a very unique and powerful exploit that took advantage of an oversight in the development of one of Nvidia’s Tegra SoC chips, which opened the floodgates for many unintended uses for the Switch, all of varying ethicality. Due to the debated negligence of Nvidia, Nintendo’s product and its reputation were compromised. Though the Fusée Gelée exploit and the Atmosphére custom firmware could both be used ethically, these tools were widely abused for malicious actions such as the aforementioned piracy and cheating. While the action of using hacks is not inherently wrong or illegal by itself, the real issue is the mass amounts of people who do abuse them that ended up prompting Nintendo to continuously update their hardware and software and ban users in order to combat them, resulting in a huge constant headache for everybody involved, attackers and bystanders alike.
Acknowledgments
This work was done without any outside collaboration.
References
[1] Orland, Kyle. “The ‘Unpatchable’ Exploit That Makes Every Current Nintendo Switch Hackable [Updated].” Ars Technica, Ars Technica, 23 Apr. 2018, arstechnica.com/gaming/2018/04/the-unpatchable-exploit-that-makes-every-current-nintendo-switch-hackable/.
[2] Szekely, Mikaela. “Qyriad/Fusee-Launcher.” GitHub, 16 July 2019, github.com/Qyriad/fusee-launcher/blob/master/report/fusee_gelee.md.
[3] Moore-Colyer, Roland. “Nintendo Patches ‘Un-Patchable’ Tegra X1 Exploit to Curb Switch Piracy: TheINQUIRER.” The Inquirer, 30 Jan. 2019, www.theinquirer.net/inquirer/news/3035771/nintendo-patches-un-patchable-switch-nvidia-tegra-x1-flaw.
[4] Frank, Allegra. “Splatoon 2 Hackers Are a Big Problem, and Players Demand Help.” Polygon, 13 July 2018, www.polygon.com/2018/7/13/17562184/splatoon-2-leaderboard-hacking-cheats.
[5] Hernandez, Patricia. “The Nintendo Switch Hacking Scene Is Chaos Right Now.” The Verge, 28 June 2018, www.theverge.com/2018/6/28/17501530/nintendo-switch-hacking-piracy-porn-bans?fbclid=IwAR1tptNfcbuSIeAfU-BU5701SfRWypsq_FTUTo2mPRifFTI88jZe42kx8QE
[6] “What Is Homebrew? — Definition from Techopedia.” Techopedia.com, www.techopedia.com/definition/10649/homebrew.
[7] “Switch System Flaws.” Switch System Flaws — Nintendo Switch Brew, switchbrew.org/wiki/Switch_System_Flaws.
[8] “Cisco Security Threat and Vulnerability Intelligence.” NVIDIA TX1 Boot ROM Vulnerability, 10 Nov. 2014, tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nvidia-tx1-rom.
[9] “I Found Someone Infringing a Copyrighted Work That I Registered. Can the Copyright Office Help Me Stop This?” U.S. Copyright Office — Stopping Copyright Infringement, U.S. Copyright Office, 10 Mar. 2010, www.copyright.gov/help/faq/faq-infringement.html.
[10] “Fuses.” Fuses — Nintendo Switch Brew, switchbrew.org/wiki/Fuses#irom_patch.
[11] “Security Notice: NVIDIA Tegra RCM Vulnerability.” NVIDIA, 24 Apr. 2018, nvidia.custhelp.com/app/answers/detail/a_id/4660.
[12] Cox, Joseph. “Inside the Messy, Dark Side of Nintendo Switch Piracy.” Vice, 13 Nov. 2018, www.vice.com/en_us/article/mbyegx/inside-messy-dark-side-nintendo-switch-hacking-piracy-pirates.
[13] Giordano, Bernardo. “FlagBrew/Checkpoint.” GitHub, 9 Dec. 2019, github.com/FlagBrew/Checkpoint/blob/master/README.md.
[14] Kravets, David. “U.S. Declares IPhone Jailbreaking Legal, Over Apple’s Objections.” Wired, Conde Nast, 4 June 2017, www.wired.com/2010/07/feds-ok-iphone-jailbreaking/.
[15] “Nintendo EULA.” The Simple EULA Project, simpleeulas.weebly.com/nintendo-eula.html.
[16] Kan, Michael. “Nintendo Sues RomUniverse.com for Game Piracy.” PCMAG, 11 Sept. 2019, www.pcmag.com/news/370711/nintendo-sues-romuniverse-com-for-game-piracy.
[17] SciresM. “Atmosphere-NX/Atmosphere.” GitHub, 12 Dec. 2019, github.com/Atmosphere-NX/Atmosphere/blob/master/README.md.
