Front-page Hacking 

fusée gelée -- coldboot proof-of-concept for the Tegra X1

DWOUcCQU8AEMUEb.jpg DWOUZnCVAAAb2jJ.jpg Thank's to @ktemkin and all Reswitched Team[prebreak]1[/prebreak]:wink::wink:

I'm super pleased to tease "fusée gelée", @reswitchedteam's proof-of-concept coldboot execution hack-- with which we join the growing ranks of those with unpatchable Tegra X1 bootrom bugs.
Quick video of it in action on a Switch: https://youtu.be/ik04jn0obag
Click to expand...

 
  • Like
Reactions: Alex1234, Jyssa, I pwned U! and 46 others
Click to expand...
Xzi

Xzi

Time to fly, 621
Member
Level 19
Joined
Dec 26, 2013
Messages
17,736
Trophies
3
Location
The Lands Between
Website
gbatemp.net
XP
8,533
Country
United States
Kilim said:
this probably won't be released, like ever

it's an X1 exploit which affects all devices running it - not just the Nintendo switch, so it's not limited just to this scope

even if that's not a concern according to the reswitched Discord we won't see release anytime soon - so just take this as another "wow cool" thing
Click to expand...
Other X1 devices run Android, which is already wide open for whatever you want to do with it.
 
Clyde_271

Clyde_271

Well-Known Member
Newcomer
Level 8
Joined
May 24, 2017
Messages
52
Trophies
0
Age
27
XP
1,341
Country
Italy
Xzi said:
There are like three teams working on Switch. Now when something gets released from any of them, everybody is gonna jump down your throat in specific. So great job with the shitposts.
Click to expand...
Yes, but it's like it is only one team.
 
V

V-Temp

Well-Known Member
Member
Level 8
Joined
Jul 20, 2017
Messages
1,227
Trophies
0
Age
34
XP
1,342
Country
United States
Xzi said:
Well I agree with that, but that's because they want as many Switch FWs open as possible, not because they're worried about running a Switch exploit on Shield TV.
Click to expand...

This has ramifications far beyond tablets and phones. Its in cars.

Releasing this is borderline negligent, and potentially quite legally perilous.

Don't expect a release from any group... not looking to make a quick buck.
 
  • Like
Reactions: CuriousTommy
Xzi

Xzi

Time to fly, 621
Member
Level 19
Joined
Dec 26, 2013
Messages
17,736
Trophies
3
Location
The Lands Between
Website
gbatemp.net
XP
8,533
Country
United States
V-Temp said:
This has ramifications far beyond tablets and phones. Its in cars.

Releasing this is borderline negligent, and potentially quite legally perilous.

Don't expect a release from any group... not looking to make a quick buck.
Click to expand...
I don't even know how to respond to this. These exploits are made to hack the Switch's custom OS, which is not going to be similar to whatever the TX1 in cars is running. Not to mention if a person is skilled enough, that hardware is already hackable. Along with the on-board computers for just about every car.
 
  • Like
Reactions: Alex1234, AzizR and VinsCool
V

V-Temp

Well-Known Member
Member
Level 8
Joined
Jul 20, 2017
Messages
1,227
Trophies
0
Age
34
XP
1,342
Country
United States
Xzi said:
I don't even know how to respond to this. These exploits are made to hack the Switch's custom OS, which is not going to be similar to whatever the TX1 in cars is running. Not to mention if a person is skilled enough, that hardware is already hackable. Along with the on-board computers for just about every car.
Click to expand...

The coldboot exploit has nothing to do with the Switch's OS, its a complete bypass of the bootchain and as such is applicable to all Tegra X1 or forks of the same bootchain.

Its the Tegra, and this exploit isn't public even in generic Tegra applications because the ramifications of its existence are well understood.

Simply put: this will not be released unless someone completely immoral releases it with a 'leak' and that person will have a lot of shit on their head.
 
Last edited by V-Temp,
  • Like
Reactions: CuriousTommy
Xzi

Xzi

Time to fly, 621
Member
Level 19
Joined
Dec 26, 2013
Messages
17,736
Trophies
3
Location
The Lands Between
Website
gbatemp.net
XP
8,533
Country
United States
V-Temp said:
The coldboot exploit has nothing to do with the Switch's OS, its a complete bypass of the bootchain and as such is applicable to all Tegra X1 or forks of the same bootchain.

Its the Tegra, and this exploit isn't public even in generic Tegra applications because the ramifications of its existence is well understood.
Click to expand...
I see. It's gonna get out one way or another, so it's on Nvidia to fix in the next SoC. Fuck-ups happen, obviously they had that GTX 970 fiasco, and Intel had those massive CPU flaws/exploits as well.

Odds are TX's hardware solution uses the same/similar exploit, and I'd bet on them releasing.

Worst case scenario when this goes wide: Nvidia's stock plummets, I get to buy in cheap. xD
 
Last edited by Xzi,
  • Like
Reactions: weatMod

Site & Scene News

Go to forum More news

Popular threads in this forum

Homebrew Tutorial  Building Pagascape from source to running Self Hosted mode on Windows and MSYS

mig switch not working/updating??

Hacking Misc  Getting the MIG Switch to load an XCI dump without its original Initial Data

Hacking Homebrew Tutorial  Portable PegaScape (Win32)

Fusee.bin with the new Pre-release of Atmoshere 1.7.0

DBI language error

Emulation Homebrew Tutorial  Building SM64 for Nintendo Switch from sm64ex-alo Repository

Homebrew Tutorial  Setup a DevKitPro environment on Windows.

General chit-chat
Help Users
  • No one is chatting at the moment.
    Veho @ Veho: The cybertruck is a death trap.