As many know, nVidia had an "oopise" with 10-years worth of SoCs which suffered from an unpatchable, critical bootloader flaw that allowed arbitrary code to be run in recovery mode (RCM) at boot, forfeiting any security on the system. This flaw affected the entire Tegra line and its predecessors going back 10 years. (As many have failed to properly delineate, RCM is not the actual flaw. It is just a standard recovery mode for fixing broken Switches.)
This flaw was found in the Switch by fail0veflow and reported last year. This flaw led to a boom in homebrew progress and development, but of course this allowed for malware piracy groups to create and market piracy mod-chips to load payloads at boot in RCM and hjack the system. And roughly 18million switches are vulnerable to that flaw. (This has resulted in large ban waves for pirates, some bricked switches from stupid people bridging the wrong pins and frying their motherboards, to DRMed piracy dongles with stolen community code and brickcode in them... because why not? To all sorts of other nonsense and bullshit, such as hacking. And of course, a lot of emulator work and good old-fashioned homebrew.)
To the surprise of no one, Nintendo (and nVidia) have rolled out an updated hardware that is fixed from this arbitrary write-flaw through a system known as iPatches. These are fuses with specific bits of code that fix flaws in the boot processes and other hardware level operations. These cannot be applied after leaving the factory (as the fuse allowing them to be written or edited is blown).
What does this mean?
Well it means that the bootflaw is no longer a viable path and so now it becomes a question of software exploits in the kernel/system and updating once again starts to close exploits. (So if you bought that dongle, its useless if you run out of old Switches.) Now you have to face Nintendo's rather secure kernel but because these units were actually made some time ago they still (some) come with 4.0.1 which still has a software flaw, known at Deja Vu in the community (again, thanks to nVidia… because why stop at a hardware flaw when your entire GPU driver stack can be compromised). This flaw was largely patched as of 5.0.0 and is being held for the eventual Mariko Switch (which isn't out yet, and this change isn't said revision). It is unlikely that this flaw will be released until Mariko or until a firmware patch completely closes it as it is our only path currently known into reaching TrustZone and bypassing Nintendo's rather tight security.
This iPatch fix likely occurred many months ago but we're only now seeing it at retail. Because it ships with 4.0.1 and not 5.x, you can date the time of manufacture to very early this year, so Nintendo was on top of the flaw after its submission by f0f.
Long Story Short: If you want a homebrew-able Switch, buy one now and do not update to 5.x.
If you send in for repair, you'll get a replaced SoC.
This flaw was found in the Switch by fail0veflow and reported last year. This flaw led to a boom in homebrew progress and development, but of course this allowed for malware piracy groups to create and market piracy mod-chips to load payloads at boot in RCM and hjack the system. And roughly 18million switches are vulnerable to that flaw. (This has resulted in large ban waves for pirates, some bricked switches from stupid people bridging the wrong pins and frying their motherboards, to DRMed piracy dongles with stolen community code and brickcode in them... because why not? To all sorts of other nonsense and bullshit, such as hacking. And of course, a lot of emulator work and good old-fashioned homebrew.)
To the surprise of no one, Nintendo (and nVidia) have rolled out an updated hardware that is fixed from this arbitrary write-flaw through a system known as iPatches. These are fuses with specific bits of code that fix flaws in the boot processes and other hardware level operations. These cannot be applied after leaving the factory (as the fuse allowing them to be written or edited is blown).
What does this mean?
Well it means that the bootflaw is no longer a viable path and so now it becomes a question of software exploits in the kernel/system and updating once again starts to close exploits. (So if you bought that dongle, its useless if you run out of old Switches.) Now you have to face Nintendo's rather secure kernel but because these units were actually made some time ago they still (some) come with 4.0.1 which still has a software flaw, known at Deja Vu in the community (again, thanks to nVidia… because why stop at a hardware flaw when your entire GPU driver stack can be compromised). This flaw was largely patched as of 5.0.0 and is being held for the eventual Mariko Switch (which isn't out yet, and this change isn't said revision). It is unlikely that this flaw will be released until Mariko or until a firmware patch completely closes it as it is our only path currently known into reaching TrustZone and bypassing Nintendo's rather tight security.
This iPatch fix likely occurred many months ago but we're only now seeing it at retail. Because it ships with 4.0.1 and not 5.x, you can date the time of manufacture to very early this year, so Nintendo was on top of the flaw after its submission by f0f.
Long Story Short: If you want a homebrew-able Switch, buy one now and do not update to 5.x.
If you send in for repair, you'll get a replaced SoC.
Last edited:
