What hackers know of the Nintendo Switch so far
BY WOLOLO · MARCH 9, 2017
There’s been a lot of speculation about the possibilities to hack the Nintendo Switch already. With the device in the hands of hackers for just a small week, it’s unlikely that any group has made any significant progress so far (but hey, nothing’s impossible, we did hack the PSP emulator on the PS Vita on day 1).
Nevertheless, it’s obvious that some people are already digging in the guts of the device to look for hardware and software flaws.
The Nintendo switch has a browser, it’s (not very well) hidden
Nintendo announced the Switch would not ship with a browser. In practice, it’s required for any modern device to have a browser, if only to access some Wifi endpoints that required to “sign in” on an html-based form. It turns out, this browser exists on the Nintendo Switch, and has already been hijacked to access a few sites, and even to watch videos on youtube or Plex.
As to what that browser is, it appears to be a webkit-based (not a tough guess, pretty much all browsers are webkit-based nowadays) piece of software, likely Access Netfront NX. (Which wouldn’t be a surprise. Access is a Japanese company that’s been providing the Netfront browser to a bunch of embedded devices in the past). From the hacking perspective, a webkit-based browser means that webkit vulnerabilities could be leveraged to hack the Nintendo Switch.
The Nintendo Switch OS might be a new iteration of the 3DS OS, and/or might be reusing some components of the FreeBSD Kernel
Hacker Marcan (who, for someone who says he does not intend to hack the Switch, has already looked a lot into its internals has stated that the Switch OS might be based on FreeBSD, due to some of the licensing text on the Switch mentioning FreeBSD. If the Switch was based on FreeBSD, it would be the second console this generation to use FreeBSD, after the PS4. The benefits, from a hacking standpoint, would be that hacks for one of the devices would be likely to be adapted for the other one.
Conversely, it is also possible that the Switch only reuses parts of FreeBSD and is not based on it. Hacker Plutoo has mentioned that from his early investigations, the Switch OS seems to be very similar to the 3DS OS, with similar syscalls. He mentions however that it is most likely a rewrite (in other words, don’t expect 3DS hacks to work on the Nintendo Switch)
Nintendo Switch hack when?
That’s really the gist of it. Although I’m sure hackers are already looking into the console’s internals, not much is known about it at this point. Console manufacturers have been ramping up their skills on security over the past decade, and although Nintendo might not be at Sony or Microsoft levels in terms of security, it’s sure they’ve been learning from their past experience.
As always, the question is probably not “if” but “when” security vulnerabilities will be discovered for the Nintendo Switch.
Nintendo Switch Hack: Proof of Concept of the Nintendo Switch Webkit exploit published
Developer LiveOverflow has published a Proof of Concept file to confirm the iOS 9.3 webkit exploit is working on the Nintendo Switch. The exploit had been announced earlier by qwertyoruiop, the hacker behind the iOS 9.3 Jailbreak which used the same vulnerability as its starting point (CVE-2016-4657).
Nintendo Switch webkit exploit confirmed with PoC
Along with the Proof of Concept, LiveOverflow has published a detailed explanation on how the exploit works (video below), as well as a summary on how to launch the Nintendo Switch browser (a feature that most Switch owners still ignore exists – check out DNSwitch for details)
With LiveOverflow’s work, Nintendo Switch owners can now confirm that their console is vulnerable to the webkit exploit. This is the first exploit released for the console, only a few days after the Switch was released to the public. It is still unclear why the Switch shipped with known exploits unpatched in its browser.
Nintendo Switch hack – What next?
What’s been released is just a proof of concept: it confirms that the browser is vulnerable to the attack. To the end user, this brings pretty much nothing at this point. For hackers, however, this is an entry point to start analyzing the internals of the Nintendo Switch OS: it is now possible to start looking at the RAM and understand a bit more about the device’s firmware. Typically this kind of exploit then leads to the possibility to dump a few libraries, which is then followed by a hunt for a privilege escalation vulnerability (basically, a kernel exploit), which would give full access to the device.
Nintendo switch Webkit exploit – Download and test
You can test the exploit on your Nintendo Switch by getting the files from LiveOverflow’s github, and host it locally on your server. Using DNSwitch or a proxy (following LiveOverflow’s video below), you should be able to point the Switch’s browser to the file in order to test.
If you run into issues confirming the exploit, this thread on GBATemp has some troubleshooting steps, in particular:
i will buy a switch next week, i got the wii but didn't go for the wiiu... was bored a bit last 2 years wrt console gaming. was the wiiu ever hacked by the way?
i will buy a switch next week, i got the wii but didn't go for the wiiu... was bored a bit last 2 years wrt console gaming. was the wiiu ever hacked by the way?
Hackers are now claiming to have gotten access to the Nintendo Switch kernel, a critical part of the operating system. If true, this paves the way for homebrew games and pirated games to run on the system.
That’s according to a vulnerability researcher who announced the news on Twitter.
Code:
derrek @derrekr6
we got the kernel.@qlutoo @ylws8#NintendoSwitch #Haxx
8:47 PM - 9 Jul 2017
Getting access to the operating system kernel is the first step in unlocking the whole system and making it possible to run custom software (such as homebrew apps or pirated games).
The homebrew community is still far from having full access to the system, but it looks like they’ve made the first step.
And this isn’t something that’s exclusive to the Switch: every console is target for hackers to unlock and exploit, and eventually, every console is unlocked.
Nintendo has been always been big on security of their systems, and especially when it comes to piracy prevention. The company has offered bounties to Switch hackers who find vulnerabilities in the system, but it’s unknown what results this has had so far.
As exploits are found, Nintendo can stay ahead of the hackers by releasing firmware updates to patch those exploits. We’ll have to wait and see how this plays out over the next months or even years.
Release Notes:
Well Time to do a Switch Release
The First of its Kind so we better include some information
This is a Dump from the Cart done on a Switch Console. Included is the exeFS and the romFS(in .istorage)
We have chosen this because raw cart format is unique. So we removed the uniqueness and this is what we are left with, mine to your hearts content and maybe learn something
I guess it's a good sign, but I can't help but think back to the Wii U bullshit a year or two ago. Not at all excited with what is to come for the Switch scene.
Good news, smhax is probably one of the biggest vulnerabilities discovered so far on the Nintendo Switch, and will probably pave the way for homebrews on the device in the months to come. Bad news, Nintendo fixed it last month with the latest firmware update, Switch 3.0.1.
Signature/Avatar nuking: none (can be changed in your profile)
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
