The 80% chance that someone develops a bootloader exploit is my favorite part of owning COTS Nvidia hardware. Doubly-so on locked-down platforms like the Nintendo Switch that really do benefit from having a homebrew store.

It will be interesting to see if the Switch 2 ever gets a mod chip, because NVIDIA has a completely reengineered boot chain that should be impenetrable. Combine that with an OS that already is impenetrable (no useful exploits in half a decade), we might be waiting an Xbox One-level amount of time.

https://gbatemp.net/threads/switch-2-data-gathering-for-poss...

> we might be waiting an Xbox One-level amount of time.

You never know! People said that about the Switch at launch, and then someone softmodded it with a paperclip and USB-C.

Sounds interesting, got a link?

Most likely referring to CVE-2018-6242 aka "Fusée Gelée"

The paperclip was just the easiest way of triggering RCM, which is a standard feature on Tegra. The vulnerability lay in that they didn't bounds check certain types of USB requests properly.

Yup, here's some footage of what it looks like: https://youtu.be/20SYS0_s7QI?t=377

I'm surprised that there are modern Tegra devices shipping with identical SBK across their production line.

I would have thought they'd do some mixing based on serial number or chip id as a baseline.

Or at least that's what the hash of their SBK implies.

I do enjoy seeing the boot chain on Tegra get broken yet again though.