Hacking Speculations about Switch 2 hacking

[lucifier_in_deskys]

I am not someone with the level of technical expertise for understanding how to hack the switch2 but could this be a avenue worth investigating

The DamAGEcard sd express vulnerability?

(Would post link but not allowed)

makes you wonder if switch 2 is vulnerable to this it sounds like alot of devices using micro express is

 

[hatredg0d]

I am not someone with the level of technical expertise for understanding how to hack the switch2 but could this be a avenue worth investigating

The DamAGEcard sd express vulnerability?

(Would post link but not allowed)

DMA attacks are an interesting thought... I never realize how scary those two words are when you put them together.

Anyways, the switch has hardware protections against these types of attacks. IOMMU, which helps protect against malicious DMA attacks.

https://www.reddit.com/r/SwitchPirates/comments/1l5q542/nintendo_switch_information_security/

Memory is protected by an IOMMU that prevents DMA access from devices, and memory pages can be marked as non-executable.

 

[MiniMartimus]

Ah ok looks like probably not a way to find a way in

Had a thought though as there are switch2 devkits would they be able to be used to find a exploit as well or if they could would it be so hard to get a hold of a devkit not even a viable option?

 

[hatredg0d]

Ah ok looks like probably not a way to find a way in

Had a thought though as there are switch2 devkits would they be able to be used to find a exploit as well or if they could would it be so hard to get a hold of a devkit not even a viable option?

Its always possible someone could find bugs in the IOMMU. Even if it did get you in, it just gets you to the next wall.
You don't need one exploit, you need a chain of exploits. Dev kits are going to be more locked down in many ways.

I think our best bet is Nintendo continues their tradition of very early boot vulnerabilities kinda bypassing all the hard stuff.. Haha, a guy can dream.

 

[l7777]

I am not someone with the level of technical expertise for understanding how to hack the switch2 but could this be a avenue worth investigating

The DamAGEcard sd express vulnerability?

(Would post link but not allowed)

Rest assured that those with the expertise are aware of any potential attack vectors you will find on the public internet and likely others that you have not heard of yet. If there is a way in, it will not be widely published.

 

[Kayde6]

Quick question for anyone messing with Switch 2 (or did stuff on the OG Switch).
what kinda stuff should someone look into if they wanna actually contribute? Got a CS background, just tryna figure out where to start digging in
thx!

 

[bth]

Quick question for anyone messing with Switch 2 (or did stuff on the OG Switch).
what kinda stuff should someone look into if they wanna actually contribute? Got a CS background, just tryna figure out where to start digging in
thx!

the tl:dr is, a raw rip of virtually any switch 2 cartridge to obtain the new nca sets, and identifying which of them contains the exfat/fat32 firmware, and identifying which keys they reused, in attempt to see if we can derive the entire keyset (assuming they reused too many keys), would be the other part which isn't using

unless your setup looks more similar to this: (source: ),



you aren't going to be particularly useful at this current moment.

 

[NitroShell]

So far we know the Switch 2 is directly based on Switch hardware and is even backwards compatible with the previous gen.

No it's not... It's a completely new chip, the only reason it's backwards compatible is through a translation layer, and even that is shoddy.

 

[schneiderHH]

Im gonna say this... everything is posibble.. geohot was a great thing that happen in the past. It drove me to hacking activity. im sure someone will sure do it again and im interested to see how group of talent can beat group of corporation. When the switch was hinted can be hack to me to an interesting route.... YO smart as hacker out there reading... make it fun fo us again.

 

[Kai_98]

deleted post

 

[Kai_98]

deleted post

 

[l7777]

People should learn the difference between making a piece of software misbehave and making the host operating system misbehave. One is expected and doesn't do much. The other is more significant. There is little point is posting every game that can be made to do something unintended.

 

[TankedThomas]

I wasn't aware of this exploit until recently, but one potential entry point for the Switch 2 may exist in Tears Of The Kingdom within the Autobuild sharing feature:



There are multiple sources online that report this as a legit exploit where you can summon in unintended assets into the game. So I strongly suspect there could be an exploit in here somewhere...

That's cool, but Switch games are effectively sandboxed so I'd be surprised if this was usable. There have been virtual machine escape vulnerabilities like the recent CVE-2025-30712 with VirtualBox, but I expect it's probably much harder to do something even remotely similar on Horizon OS, though I'm no expert on it.

 

[Ajrledi]

Someone recommended I post this here:
I've done a small amount of research, so im not sure if it's really possible with the switch version of games. I saw this exploit for the ps4 that allowed for lua execution using the artemis engine some games are built on. GitHub - shahrilnet/remote_lua_loader

Since switch 1 games are compatible with the switch two I was thinking it could be possible to see results on two systems at once. I would've explored this path further if it weren't for the fact that my knowledge with lua is very limited.

I managed to get the save files onto my modded switch one along with a "legit" copy Hamidashi Creative.

All it managed to do was make the screen black after what looked like trying to load to the main menu. although it's not much, it gives me hope that my banned switch two won't be a paper weight forever.

Forgive me if my information is outdated or just obsolete.

 

[masagrator]

Someone recommended I post this here:

Please read thread before posting anything. It was times and times again explained that any game vulnerability is pointless for hacking OS without finding a way to escape sandbox. Finding exploit in a game is useful only if you want to extract something from that game itself (which was already used to extract informations about Switch 2 backwards compatibility on low level:
https://switchbrew.org/wiki/(Switch_2)_Compatibility_Mode (and info about some Switch 2 exclusive commands was extracted from that))

Nothing can be done with malicious save on its own in terms of compromising OS.

So advice to every other person posting here: Stop posting ideas about utilizing modified game saves. No matter what you think, it won't work. This is not Pre-PS4 era, this OS is not utilizing Linux/BSD, so any idea based on some old exploit from other platforms can be thrown out of window.

People who are more knowledgable than us are very sceptical about any software approach and already are doing research from hardware level - and this will cost money not only for specialized tools, but also will result in smoking unknown amount of Switches (and already one of those people confirmed one Switch 2 died).

 

[peteruk]

and already one of them confirmed one Switch 2 died

Rest in peace sweet prince, your sacrifice will not be forgotten

 

[PureFallen]

I wasn't aware of this exploit until recently, but one potential entry point for the Switch 2 may exist in Tears Of The Kingdom within the Autobuild sharing feature:



There are multiple sources online that report this as a legit exploit where you can summon in unintended assets into the game. So I strongly suspect there could be an exploit in here somewhere...

After what happened with Cubic Ninja on 3DS, I am CERTAIN Nintendo considered the possibility of Totk's QR Codes being used as an attack vector and probably took care of it.
That and.. we almost certainly are sandboxed multiple layers deep, are we?

 

[buttslaya617z]

Can anybody recommend people to follow who are involved with researching Switch 2 hacks? I've forgotten who all the people are from the Switch 1 days lol.

 

[PureFallen]

Can anybody recommend people to follow who are involved with researching Switch 2 hacks? I've forgotten who all the people are from the Switch 1 days lol.

Aside from retr0id no one worth mentioning from what I am aware.
Please refrain from spamming him though. Research takes it's time, he already getting spammed a lot and he also lost a console recently when researching.

 

[Szoguner93]

Digital Foundry mentions a memory leak happens always when playing cyberpunk 2077 at 56 minutes

Nintendo Switch 2 - DF Hardware Review - A Satisfying Upgrade... But Display Issues Are Problematic​

Wonder if that can be used for something

Its a switch 2 game, not emulated.
I think you can sync modified save files via cross play from PC

Something there?