fail0verflow Releases ShofEL2 and Nintendo Switch Linux

Holy Moly readers! If you’re not already aware of the torrent of Switch modding news over the last 24 hours, don’t worry. Just know that there is a lot and we’re here to help you decipher it all. Just as a warning before getting into talking about the deep stuff that fail0verflow released, this is not really intended for the average user. This is a jumping off point that they released to give to all who want to tinker, learn, grow, and create. This will help the scene in due time, but you have to be patient. So without further adieu, let’s look at this beautiful mess!


So How Does this Even Work?:

‘The Tegra X1 (also known as Tegra210) SoC inside the Nintendo Switch contains an exploitable bug that allow taking control over early execution, bypassing all signature checks. This bug is in the RCM mode, which is a USB-based rescue mode intended for initial flashing of Tegra devices and recovery of bricked devices. Normally, RCM mode only allows signed images to be loaded, but thanks to the bug, arbitrary code execution is possible.’

You may remember this picture from way back.

What is RCM?:

The RCM, for the layman, is an abbreviation used for Recovery Mode. To enter recovery mode on the Nintendo Switch, you have to do several different things simultaneously. Firstly, connect the device to a USB-C cord that is plugged into your PC with a method of sending over the exploit at hand. Once that is ready, you’ll press the “Secret” Home button, Power, and Volume Up buttons. Again, unless the following makes sense to you, you’ll probably want to refrain from doing any of this as fail0verflow made it clear that they are not responsible for what happens to your device when trying to execute Linux on it. They stated the following, “If your Switch catches fire or turns into an Ouya, it’s not our fault.” But if it is something you want to try, there is a much more in depth method of doing so further down the page.

So What is the Whole Method In Theory?:

  1. Enter RCM mode
  2. Execute the USB-based exploit

Each can be accomplished in several independent ways. Note that this is what iPhone users would call a “tethered jailbreak”, in that it needs to be performed on every boot via USB.

Since this bug is in the Boot ROM, it cannot be patched without a hardware revision, meaning all Switch units in existence today are vulnerable, forever. Nintendo can only patch Boot ROM bugs during the manufacturing process. Since the vulnerability occurs very early in the boot process, it allows extraction of all device data and secrets, including the Boot ROM itself and all cryptographic keys. It can also be used to unbrick any Tegra device as long as it has not suffered hardware damage or had irreversible changes (e.g. fuses blown). And since this is a boot-time bug that does not require touching the onboard eMMC storage, its use is completely undetectable to existing software. You can dual-boot Linux (via the USB exploit) and the Switch OS (via normal boot) with impunity, forever, as long as you do not try to make changes to the on-board memory (e.g. you can store the Linux filesystem on a second SD card partition or another SD card).

And another picture that was foreshadowing this release.

Entering RCM mode

On the Switch, RCM mode can be entered in multiple ways:

  1. From prior kernel-mode code execution on the system, e.g. using a WebKit exploit and kernel exploit as an entry points
  2. If the eMMC is removed, the Tegra will enter RCM mode on boot
  3. If you hold the Volume Up, Home, and Power buttons on the Switch (not joy-cons) at the same time.

Note that the Joy-Con home button won’t work here. You may be wondering about the secret home button on the Nintendo switch itself. As it turns out, what Tegra calls the Home button is actually connected to Pin 10 (the rearmost pin) on the right-hand side Joy-Con connector. You can just use a simple piece of wire to bridge it to e.g. a screw on the rail (easiest), or pins 10 and 7 (or 1) together (10 and 9 won’t work). You can also 3D print a little jig to do this easily, using the innards of a Micro USB connector (which has the same pin pitch as Joy-Con connectors), or use a disemboweled Joy-Con as a donor for the connector. The latter is also useful, because the Joy-Con rails are UARTs and we use the right-hand joy-con port as the console for coreboot, u-boot, and Linux.

3D Printing the Jig:

This jig, shown above, will let you enter RCM mode without having to sacrifice a Joy-Con or hold a piece of wire. You will need to break up a Micro USB connector to get at the pin contact wafer inside, remove all but pins 1 and 4 (which will contact pins 7 and 10 on the Switch respectively), short them together at the rear, then insert the wafer into the 3D printed jig. Trim it to fit and superglue it in place, then verify that the placement looks good. Here is the .scad for the wiring and here is the .stl for the rendering of the jig.

Executing the USB-based exploit

The USB exploit requires a USB host. The exploit also requires using very long control transfers, which unfortunately some OSes are not happy with. You can either use vanilla Linux on a PC with an xHCI controller (USB 3.0, or any USB port on most recent systems), or a PC with an EHCI (USB 2.0) controller and this kernel patch.

This could conceivably also be executed from an Android phone (at least those with xHCI controllers), although porting the exploit to Android is left as an exercise to the reader. Bonus points for doing it from another Tegra device. Like another Switch.

Stay tuned here on for more reviews and follow us on Twitter @Hackinformer

If you like the author’s work, follow him on Twitter @V1RACY and remember to enter the weekly giveaways!

About V1RACY

Leave a Reply

Your email address will not be published. Required fields are marked *