Home » 2DS » Apple’s browser Webkit exploit|That’s where to start hack Nintendo Switch
Buy Best R4 Card For 3DS(XL)/2DS/DSi/DS

Apple’s browser Webkit exploit|That’s where to start hack Nintendo Switch

Nintendo Switch is hacked, here you can see the proof with Image and Video. This latest home gaming console/portable hybrid has been released just for around 10 days, but now it is somehow hacked by Iphone’s old browser exploit Webkit. The screenshot in Tweet given by Qwertyoruiop, the hacker who is known for Jailbreaks of multiple iOS versions, and who also contributed to the PS4 1.76 Jailbreak. The video of Youtube comes from Developer LiveOverflow, who proves Qwertyoruiop’s hacking concept and make us a video to show and explain how the exploit works.

Where to start hack Nintendo Switch?

Switch hack

The anwers is Browser. It is often the main avenue of attack for hacking hardware, let alone, the not-so-well hidden Nintendo Switch browser shipped with a bunch of old vulnerabilities that hackers were able to leverage. So, currently, we seem likely have the first exploit for hacking Nintendo Switch, that is WebKit exploit, which is originated on Apple’s devices and now can be used on Nintendo Switch.

The WebKit browser exploit for Switch, firstly mentioned by qwertyoruiop, a well-known iOS and PS4 hacker. He tweaked an old iOS WebKit exploit, removed the iOS-specific code and took advantage of a vulnerability contained within the hidden Switch browser to show just how easy it will be to hack the console. Later on last Sunday, another hacker – LiveOverflow – confirmed that the exploit works and a proof of concept was publicly released. You can check the both the image and video here.

Why is the Switch be hacked so easily and quickly?

Simple, the reason lies in that Switch uses an old version of Apple’s WebKit engine on Web Browser functionality, which was the same version that came with iOS 9.3. This particular version already has a known vulnerability that allowed the Pegasus(was a highly sophisticated exploit that installed itself within an iOS device through a link sent via a text message)malware to run rampant on iPhones. Apple patched that exploit in iOS 9.3.5 but, for unknown reason, Nintendo still chosed the older one for its latest gaming console.

So in fact, Qwertyoruiop and LiveOverflow, they do not develop new thing to hack Switch, all they have done was making the iOS 9.3 webkit exploit compatible with the Nintendo Switch. It is an easy and simple start for hacking.

What its benefits to Switch end users?

For the time being, no real benefits to Switch end users.You can’t play pirated games or run unsigned code(homebrews) on the Switch. In the mean time, it is only a userland exploit, but for hacking any device, what we need is the full access to “Kernel”. The browser Webkit exploit, may regarded to be a good begaining for cracking Switch, hackers can get a better understanding of the console’s internals,and potentially find privilege escalation vulnerabilities (kernel exploits) soon than expected.

Will Nintendo patch Switch exploit soon?

Based on the hot online discussion, Nintendo will soon notice it. For the response, it is very likely that the company will release a new firmware or implement the required patches to bring the Webkit browser applet up to its latest version, eliminating this well-known exploit. It is the regular work of Nintendo, as it does for its 3DS consoles. The 3ds homebrew exploits are patched every time by an updated new firmware. However, the 3ds flash card and R4 3ds are alwaying working after 3ds udpates.

Download Nintendo Switch Webkit exploit

You can test the exploit on your Nintendo Switch by getting the files from LiveOverflow’s github, and host it locally on your server. Using DNSwitch or a proxy (following LiveOverflow’s video below), you should be able to point the Switch’s browser to the file in order to test. If you run into issues confirming the exploit, this thread on GBATemp has some troubleshooting steps, in particular:

If I set up my server with his exact files freshly unzipped from his github master (not just poc1.html but also his index.html which redirects to it), then I am able to get to the end of the PoC reliably.

Comments are closed.

Scroll To Top