Fusee-Monitor Switch: Difference between revisions
More actions
Created page with "{{Infobox Switch Homebrews |title=Fusee-Monitor |image=fuseemonitorswitch.png |description=(AUTOMATIC UDEV DETECTION) work-in-progress launcher for one of the Tegra X1 bootROM exploits |author=Jestemkioskiem |lastupdated=2018/12/17 |type=Exploits |version=2018 |license=GPL-2.0 |download=https://dlhb.gamebrew.org/switchhomebrews/fuseemonitorswitch.7z |website=https://old.reddit.com/r/SwitchHacks/comments/a6s2ak/fuseemonitor_an_automatic_payload_injector/ |source=https://g..." |
No edit summary |
||
| (2 intermediate revisions by one other user not shown) | |||
| Line 19: | Line 19: | ||
|image_alt=Fusee-Monitor | |image_alt=Fusee-Monitor | ||
}} | }} | ||
Fusée Gelée comprises the Fusée Launcher and Fusée Monitor. | |||
The Fusée Launcher is a proof-of-concept arbitrary code loader for a variety of Tegra processors, which takes advantage of CVE-2018-6242 ("Fusée Gelée") to gain arbitrary code execution and load small payloads over USB. | |||
Fusée Monitor uses the original Fusée Launcher together with the `pyudev` library to monitor USB devices on a Linux machine and automatically inject the files into the Switch when it is found. | |||
== | == Installation == | ||
The main launcher is "monitor-launcher.py". Only Linux is natively supported (due to udev being Linux exclusive), with the primary idea behind this software being devices like Raspberry Pi running the script constantly, injecting the payload in a matter of seconds by just plugging in your device. | |||
== | Invoke the launcher with the desired payload as an argument, e.g. <code>sudo python ./fusee-monitor.py payload.bin</code>. Connect a Nintendo Switch in recovery mode via USB. The injection will happen as soon as it is detected. | ||
* | To use this script automatically on each boot, use <code>sudo crontab -e</code> and add <code>@reboot PYTHONPATH=/_yourglobalpath_/python3.6/site-packages _yourglobalpath_/python3 /_yourglobalpath_/fusee-launcher-master/fusee-monitor.py /_yourglobalpath_/fusee-primary.bin</code> to the end of the file. Make sure all of your paths are global in order for crontab to run them. Make sure you ran crontab as sudo, otherwise the script will fail. | ||
Linux systems currently require either that the Tegra device be connected to an XHCI controller (used with blue USB 3 ports) or that the user has patched their EHCI driver. | |||
== Credits == | |||
Fusée Gelée (CVE-2018-6242) was discovered and implemented by Kate Temkin (@ktemkin); its launcher is developed and maintained by Mikaela Szekely (@Qyriad) and Kate Temkin (@ktemkin). | |||
Credit goes to: | |||
* Qyriad -- maintainership and expansion of the code | |||
* SciresM, motezazer -- guidance and support | |||
* hedgeberg, andeor -- dumping the Jetson bootROM | |||
* TuxSH -- help with a first pass of bootROM RE | |||
* the ReSwitched team | |||
Love / greetings to: | |||
* Levi / lasersquid | |||
* Aurora Wright | |||
* f916253 | |||
* MassExplosion213 | |||
CVE-2018-6242 was also independently discovered by fail0verflow member shuffle2 as the "shofEL2" vulnerability. | |||
jestemkioskiem - provided the pyudev functionality | |||
== External links == | == External links == | ||
* | * GitHub - https://github.com/Jestemkioskiem/fusee-monitor | ||
* Reddit - https://old.reddit.com/r/SwitchHacks/comments/a6s2ak/fuseemonitor_an_automatic_payload_injector/ | |||
Latest revision as of 05:01, 19 June 2026
| Fusee-Monitor | |
|---|---|
| General | |
| Author | Jestemkioskiem |
| Type | Exploits |
| Version | 2018 |
| License | GPL-2.0 |
| Last Updated | 2018/12/17 |
| Links | |
| Download | |
| Website | |
| Source | |
Fusée Gelée comprises the Fusée Launcher and Fusée Monitor.
The Fusée Launcher is a proof-of-concept arbitrary code loader for a variety of Tegra processors, which takes advantage of CVE-2018-6242 ("Fusée Gelée") to gain arbitrary code execution and load small payloads over USB.
Fusée Monitor uses the original Fusée Launcher together with the `pyudev` library to monitor USB devices on a Linux machine and automatically inject the files into the Switch when it is found.
Installation
The main launcher is "monitor-launcher.py". Only Linux is natively supported (due to udev being Linux exclusive), with the primary idea behind this software being devices like Raspberry Pi running the script constantly, injecting the payload in a matter of seconds by just plugging in your device.
Invoke the launcher with the desired payload as an argument, e.g. sudo python ./fusee-monitor.py payload.bin. Connect a Nintendo Switch in recovery mode via USB. The injection will happen as soon as it is detected.
To use this script automatically on each boot, use sudo crontab -e and add @reboot PYTHONPATH=/_yourglobalpath_/python3.6/site-packages _yourglobalpath_/python3 /_yourglobalpath_/fusee-launcher-master/fusee-monitor.py /_yourglobalpath_/fusee-primary.bin to the end of the file. Make sure all of your paths are global in order for crontab to run them. Make sure you ran crontab as sudo, otherwise the script will fail.
Linux systems currently require either that the Tegra device be connected to an XHCI controller (used with blue USB 3 ports) or that the user has patched their EHCI driver.
Credits
Fusée Gelée (CVE-2018-6242) was discovered and implemented by Kate Temkin (@ktemkin); its launcher is developed and maintained by Mikaela Szekely (@Qyriad) and Kate Temkin (@ktemkin).
Credit goes to:
- Qyriad -- maintainership and expansion of the code
- SciresM, motezazer -- guidance and support
- hedgeberg, andeor -- dumping the Jetson bootROM
- TuxSH -- help with a first pass of bootROM RE
- the ReSwitched team
Love / greetings to:
- Levi / lasersquid
- Aurora Wright
- f916253
- MassExplosion213
CVE-2018-6242 was also independently discovered by fail0verflow member shuffle2 as the "shofEL2" vulnerability.
jestemkioskiem - provided the pyudev functionality