Behind the scenes with the hackers who unlocked the Nintendo Switch

Enlarge (credit: Aurich Lawson)

For end users, Monday's public disclosure of the Fusi(C)e Geli(C)e exploit will make it relatively simple to run arbitrary code on the Nintendo Switch and other Nvidia Tegra X1-based hardware. For Kate Temkin and the hackers at Team ReSwitched, though, discovering and publicizing the exploit was full of technical and ethical difficulties.

ReSwitched's work on the Switch began last year, Temkin tells Ars, with an engineer going by the handle Hedgeberg working on "voltage glitching, a technique where we very, very briefly momentarily deprived the processor of power in order to make it misbehave. On Tegra X1 processors, if you precisely time that power 'glitch,' you can actually bypass the point where the system 'locks' the bootROM-effectively bypassing the mechanism that keeps the bootROM code secret."

By October, the team had used this method to extract a copy of that secretive bootROM, and by January, Temkin says she was spending weeks reverse-engineering and documenting that code. That process "involves comparing views of machine code we'd extracted to Nvidia's technical documentation and gradually inferring what the code was intended to do," Temkin said.

Read 16 remaining paragraphs | Comments