Hacking Bought used switch, advice needed

[Madridi]

Hi guys,

First off, let me say that, while I generally follow switch news, please treat me as a noob when it comes to this console. I know the high level stuff, but I never bothered with any details since I didn’t have a switch that I could hack at the time.

So, here is the situation. I bought a used switch:
- It has been updated to the latest firmware (8.0.1), which means it has been online before.
- The serial number is right after the safe firmware cutoff. It’s right at the beginning of the “possibly patched” range. FW: XAJ70046631XXX
- This system is now formatted through system settings using the “reinitialize console” button in settings.
- where I’m from, hacking stuff is not a thing. I am probably one of the very few in the whole country that knows anything about console hacking. So, as far as I know, the usage of this system was legit all the way.

So let’s start with the obvious, the first step should be testing whether this console is hackable first, right? I also know that since this nand is now clean, I should make a backup of it before doing anything?

I think I know all of the above is done with hekate, but remember, treat me as a noob. I don’t know what that is or how to run it or even try any of the stuff above. Also, since the console has been online before, Did reinitialize wipe anything in terms of telemetry reports or what am I looking at right now.

So I guess the question is, where to start, and how?

Thanks

 

[LapCheong]

Right of the start enter 90DNS in the wifi setting.
Check whether your device is hackable by pushing biskeydump/hekate
If it is okay proceed to all backup, boot0/1 and sys nand

Very good guide to start with https://guide.sdsetup.com/

 

[stitchxd]

the first step should be testing whether this console is hackable first, right? I also know that since this nand is now clean, I should make a backup of it before doing anything?

If you have Amazon available, you can get an RCM jig for less than $10 USD. If it boots into RCM with it you are GOLDEN for hacking.

That is where I would start. IDK If this will ship to you, I think it is worldwide, this device (https://www.amazon.com/gp/product/B07J9JJRRG/) is what I use daily and can personally vouche for it.

Once you can confirm RCM works, you will need:

- A CFW of choice (Popular ones are Atmosphere and SXOS. One is open source, the other is a paid "product" respectively.)
- An SD Card (if you plan to play emulators, and have a collection of *owned* ROMs I recommend at least 256GB, if you plan to emulate and use..... downloaded NX games, I would try to get a 500GB SD Card or more (NX games can get big.))
- SDCard MUST be formatted as FAT32. People use exFAT here but exFAT is easily corrutable with homebrew. (To note, 9/10 devs will NOT help you if you use exFAT formatted SDCard and it ends up losing your data. It's just not stable on the switch right now.)
- A way to inject the payload (USB-C cable, android app, or RCM Payload injector device)
- Some time.

Once you figure the above out, I recommend following a tutorial. Running Atmosphere is as simple as putting the files on the SDCard, and putting the switch in RCM then injecting the payload.


Recommended homebrew:

- RetroArch (Emulators!)
- NXMTP (Make your computer see the switch as a storage device via USB)
- EdiZon (Save Editor / Backup tool)
- FTPD for Switch (Transfer files to switch via network.)
- GCDumptool so you can avoid legal issues with illegal game dumps (If you plan on playing pirated games DO NOT GO ONLINE WITH ANY OF THEM INSTALLED!!)
- NX-Shell (File manager for Switch)
- NXTheme (Theme installer)
- Not a homebrew, but a good tool is setting your DNS in switch's network settings to use 90DNS servers will help with a lot of the below warnings too.

Once you boot CFW, if you want to avoid getting banned do not go online while in CFW.


***ALSO NOTE: once you boot cfw there will always be a small chance of ban, even if you boot to OFW (in some cases, not always? I have been online with mine for 8 months now, no issues - but I also have no pirated NSP's or NSP forwarders installed.) If you plan on being offline this wont matter, but avoid going online with it at least while in cfw.

 

[Madridi]

Right of the start enter 90DNS in the wifi setting.
Check whether your device is hackable by pushing biskeydump/hekate
If it is okay proceed to all backup, boot0/1 and sys nand

Very good guide to start with https://guide.sdsetup.com/

Thanks, but I need more info than this. I have listed several concerns/situations in the OP.
I am taking this as a learning process as I go by.

If you have Amazon available, you can get an RCM jig for less than $10 USD. If it boots into RCM with it you are GOLDEN for hacking.

That is where I would start. IDK If this will ship to you, I think it is worldwide, this device (https://www.amazon.com/gp/product/B07J9JJRRG/) is what I use daily and can personally vouche for it.

Once you can confirm RCM works, you will need:

- A CFW of choice (Popular ones are Atmosphere and SXOS. One is open source, the other is a paid "product" respectively.)
- An SD Card (if you plan to play emulators, and have a collection of *owned* ROMs I recommend at least 256GB, if you plan to emulate and use..... downloaded NX games, I would try to get a 500GB SD Card or more (NX games can get big.))
- SDCard MUST be formatted as FAT32. People use exFAT here but exFAT is easily corrutable with homebrew.
- A way to inject the payload (USB-C cable, android app, or RCM Payload injector device)
- Some time.

Once you figure the above out, I recommend following a tutorial. Running Atmosphere is as simple as putting the files on the SDCard, and putting the switch in RCM then injecting the payload.


Recommended homebrew:

- RetroArch (Emulators!)
- NXMTP (Make your computer see the switch as a storage device via USB)
- EdiZon (Save Editor / Backup tool)
- FTPD for Switch (Transfer files to switch via network.)
- GCDumptool so you can avoid legal issues with illegal game dumps (If you plan on playing pirated games DO NOT GO ONLINE WITH ANY OF THEM INSTALLED!!)
- NX-Shell (File manager for Switch)
- NXTheme (Theme installer)
- Not a homebrew, but a good tool is setting your DNS in switch's network settings to use 90DNS servers will help with a lot of the below warnings too.

Once you boot CFW, if you want to avoid getting banned do not go online while in CFW.


***ALSO NOTE: once you boot cfw there will always be a small chance of ban, even if you boot to OFW (in some cases, not always? I have been online with mine for 8 months now, no issues - but I also have no pirated NSP's or NSP forwarders installed.) If you plan on being offline this wont matter, but avoid going online with it at least while in cfw.

Thanks for the lengthy post. I understand most of that, but are you saying I can’t do anything without a jig? Not even a simple test of whether it’s hackable or not?

As for a way to inject payload, I don’t have any sort of injector device, but my phone is a Samsung note 9. So if it’s android we’re looking for, this is a high end phone. But which app are we talking about?

We’ll get to the other stuff later, since more questions will follow as I go by.

Thanks again.

 

[stitchxd]

I understand most of that, but are you saying I can’t do anything without a jig? Not even a simple test of whether it’s hackable or not?

As for a way to inject payload, I don’t have any sort of injector device, but my phone is a Samsung note 9. So if it’s android we’re looking for, this is a high end phone. But which app are we talking about?

We’ll get to the other stuff later, since more questions will follow as I go by.

RCM jig is the only real way to test if it works. They are cheap, if you cannot afford it however, you can (at VERY high RISK of breaking the system!!!) use a paper clip to get the job done. (AGAIN, SUPER HIGH RISK, WOULD NOT RECOMMEND!!!!)

As for the injector, you can use any Windows or Linux computer or Android device with a proper USB-C cable (PC's need a USB-A to USB-C cable, android will need that cable as well as a USB-C OTG Converter)

Here is one app that can inject from Android -> Switch while in RCM mode: https://play.google.com/store/apps/details?id=com.thirdeclarity.rcmloader

For Windows: https://github.com/eliboa/TegraRcmGUI/releases

 

[Madridi]

RCM jig is the only real way to test if it works. They are cheap, if you cannot afford it however, you can (at VERY high RISK of breaking the system!!!) use a paper clip to get the job done. (AGAIN, SUPER HIGH RISK, WOULD NOT RECOMMEND!!!!)

As for the injector, you can use any Windows or Linux computer or Android device with a proper USB-C cable (PC's need a USB-A to USB-C cable, android will need that cable as well as a USB-C OTG Converter)

Here is one app that can inject from Android -> Switch while in RCM mode: https://play.google.com/store/apps/details?id=com.thirdeclarity.rcmloader

For Windows: https://github.com/eliboa/TegraRcmGUI/releases

Money is not the issue. Time is. Wherever I will order from, it will take 3 weeks on average to get to me.

I was just reading about the paper clip method. Is it really that risky? I mean, I just need it to contact, right? Can’t be that hard.

Thanks for the links. I’ll check them out when it’s time for that. I have a usb-c to usb-c cable that came with my iPad that I can use with my phone, since my phone charges using usb-c as well.

Edit: I was specifically looking at this link
https://gbatemp.net/threads/paperclip-rcm-jig.502087/

 

[Kafluke]

@Madridi my old friend. Theres a reason I havent been active in the Wii u scene in ages. I got you. PM me

--------------------- MERGED ---------------------------

I'll give you all the knowledge you need

 

[stitchxd]

Money is not the issue. Time is. Wherever I will order from, it will take 3 weeks on average to get to me.

I was just reading about the paper clip method. Is it really that risky? I mean, I just need it to contact, right? Can’t be that hard.

Thanks for the links. I’ll check them out when it’s time for that. I have a usb-c to usb-c cable that came with my iPad that I can use with my phone, since my phone charges using usb-c as well.

Edit: I was specifically looking at this link
https://gbatemp.net/threads/paperclip-rcm-jig.502087/

Good luck with the paper clip method, it is risk as you can damage the joycon pins, is there anyway you can 3d print where you are?

 

[Madridi]

@Madridi my old friend. Theres a reason I havent been active in the Wii u scene in ages. I got you. PM me

--------------------- MERGED ---------------------------

I'll give you all the knowledge you need

Thanks, I’ll do so once I figure out all this jig stuff since I apparently can’t proceed without it

Good luck with the paper clip method, it is risk as you can damage the joycon pins, is there anyway you can 3d print where you are?

I do not unfortunately. I really only would like to at least verify it right now before anything. There is no point continuing this discussion with any info if the switch turns out to be patched.

For the record I have several switches that are not patched. I just haven’t gotten into the cfw game yet, not until atmosphere’s 1.0 is released. I have 2 day-1 switches. One is on on 2.0, the other is still on 1.0 in the box. I have an unopened Mario odyssey bundle which I believe is 3.0.0 .. I also have another safe one on 3.0.2 (I’ll probably use this one with atmo’s 1.0) .. and 2 other switches. A patched one on 7.0.1, and this one that I am currently discussing.

The plan is that I will be giving my sister one cause she has been asking for one. If this one turns out to be hackable, I’ll give her the 7.0.1 one and keep this one after a transfer. If this is also patched, I’ll just give her this one.

 

[stitchxd]

Thanks, I’ll do so once I figure out all this jig stuff since I apparently can’t proceed without it

I do not unfortunately. I really only would like to at least verify it right now before anything. There is no point continuing this discussion with any info if the switch turns out to be patched.

For the record I have several switches that are not patched. I just haven’t gotten into the cfw game yet, not until atmosphere’s 1.0 is released. I have 2 day-1 switches. One is on on 2.0, the other is still on 1.0 in the box. I have an unopened Mario odyssey bundle which I believe is 3.0.0 .. I also have another safe one on 3.0.2 (I’ll probably use this one with atmo’s 1.0) .. and 2 other switches. A patched one on 7.0.1, and this one that I am currently discussing.

The plan is that I will be giving my sister one cause she has been asking for one. If this one turns out to be hackable, I’ll give her the 7.0.1 one and keep this one after a transfer. If this is also patched, I’ll just give her this one.

FYI - No reason to really stay on 7.0 or below if you are just looking for CFW with homebrew. Atmosphere supports the latest OFW and hackable switches cannot be software patched.

 

[Madridi]

FYI - No reason to really stay on 7.0 or below if you are just looking for CFW with homebrew. Atmosphere supports the latest OFW and hackable switches cannot be software patched.

For patched switches I understand going above 7.x will shatter any hope of having dejavu running, as it’s current state is still possible with some workaround, but no one got around to that yet. So that’s why that’s on there.

As for none patched switches. Besides the obvious reason for the 1.0 to remain on that version, I am not planning to touch my Sysnand. I see no reason to update and potentionally losing on a different hack (since upgrade burn fuses, one way street). Everything I will do will be on emunand, which is why I am waiting for atmosphere’s 1.0

According to SciresM on Twitter, atmosphere’s emunand solution is kinda guaranteed to not get a ban.

 

[stitchxd]

For patched switches I understand going above 7.x will shatter any hope of having dejavu running, as it’s current state is still possible with some workaround, but no one got around to that yet. So that’s why that’s on there.

As for none patched switches. Besides the obvious reason for the 1.0 to remain on that version, I am not planning to touch my Sysnand. I see no reason to update and potentionally losing on a different hack (since upgrade burn fuses, one way street). Everything I will do will be on emunand, which is why I am waiting for atmosphere’s 1.0

According to SciresM on Twitter, atmosphere’s emunand solution is kinda guaranteed to not get a ban.

AutoRCM to avoid buring fuses, and you can downgrade with a different payload / homebrew afaik. but good luck bud!!

 

[daproblematik]

@Madridi Personally I've used a cable to short the pin 10 with the middle right joycon screw in order to boot in RCM. It's very safe as long as you dont touch pin 4.

It may require a few tries to get the contact right. Once you get it, you can push Hekate (if Hekate loads, your console is vulnerable) and backup your NAND.

Finally, you can enable Auto boot and Auto rcm to avoid doing the pin 10 short and keep your console on sleep mode.

If it shutdowns, you only need to push the payload because of Auto RCM (self explanative).

Since I can't post links, search for the thread : The ultimate list of mods to enter RCM and check the "Use a cable" section.

Good luck.

 

[Madridi]

AutoRCM to avoid buring fuses, and you can downgrade with a different payload / homebrew afaik. but good luck bud!!

That I know as well, But I see posts popping up here and there where autorcm was removed, whether by accident or not. So I prefer not to go there in any case. I like keeping my sysnand clean while doing all my experiments on emunand. I do the same for 3ds (against popular method. Playing with sysnand is just not my thing, if we have an emunand to play with)

Thanks for the help. I'll report back once I am able to at least verify the status of this console

--------------------- MERGED ---------------------------

@Madridi Personally I've used a cable to short the pin 10 with the middle right joycon screw in order to boot in RCM. It's very safe as long as you dont touch pin 4.

It may require a few tries to get the contact right. Once you get it, you can push Hekate (if Hekate loads, your console is vulnerable) and backup your NAND.

Finally, you can enable Auto boot and Auto rcm to avoid doing the pin 10 short and keep your console on sleep mode.

If it shutdowns, you only need to push the payload because of Auto RCM (self explanative).

Since I can't post links, search for the thread : The ultimate list of mods to enter RCM and check the "Use a cable" section.

Good luck.

Thanks for the input. I see several methods mentioned. Jig, paperclip, tinfoil, wire, joycon mod.
On the long run, obviously I'm going with a jig. Right now though, I'm leaning towards paperclip or tinfoil. I'm not sure where I would get a wire, and joycon mod is a definite no for me.

Oh well, it's 6.20am. I guess I'll pick this up tomorrow.

 

[daproblematik]

That I know as well, But I see posts popping up here and there where autorcm was removed, whether by accident or not. So I prefer not to go there in any case. I like keeping my sysnand clean while doing all my experiments on emunand. I do the same for 3ds (against popular method. Playing with sysnand is just not my thing, if we have an emunand to play with)

Thanks for the help. I'll report back once I am able to at least verify the status of this console

--------------------- MERGED ---------------------------


Thanks for the input. I see several methods mentioned. Jig, paperclip, tinfoil, wire, joycon mod.
On the long run, obviously I'm going with a jig. Right now though, I'm leaning towards paperclip or tinfoil. I'm not sure where I would get a wire, and joycon mod is a definite no for me.

Oh well, it's 6.20am. I guess I'll pick this up tomorrow.

I wouldn't advise the paperclip, it will damage your pins in the long run. Tinfoil or cable is better if you have nothing else.

However, I thought personally that finding a random cable from an old device, cut it, and simply connect it to your right joycon screw to the pin 10 was the easiest method for me.

I'm very bad with hardware so if I managed to pull it, you sure can.

 

[stephrk398]

That I know as well, But I see posts popping up here and there where autorcm was removed, whether by accident or not. So I prefer not to go there in any case. I like keeping my sysnand clean while doing all my experiments on emunand. I do the same for 3ds (against popular method. Playing with sysnand is just not my thing, if we have an emunand to play with)

Thanks for the help. I'll report back once I am able to at least verify the status of this console

--------------------- MERGED ---------------------------


Thanks for the input. I see several methods mentioned. Jig, paperclip, tinfoil, wire, joycon mod.
On the long run, obviously I'm going with a jig. Right now though, I'm leaning towards paperclip or tinfoil. I'm not sure where I would get a wire, and joycon mod is a definite no for me.

Oh well, it's 6.20am. I guess I'll pick this up tomorrow.

Sweet dreams sugar fairy.

 

[Kubas_inko]

Tinfoil as rcm jig is the worst idea ever, as it is light and can easily move out of place. Paper clip, in this case, is the best jig for now (what do you guys think that the cheap jigs use?)
To lazy to read all the stuff here so:
1. Test whether or not you can push a payload (PC, android, iOS).
3. If so, do a backup right now.
2. I would advise using autorcm as it is the best thing for ams right now (because ams will shutdown properly and can reboot to cfw) and you will never ever need a jig again.
4. Use DNS or airplane mode (or just simply dont connect to wifi) to stay safe.

 

[Kafluke]

Tinfoil as rcm jig is the worst idea ever, as it is light and can easily move out of place. Paper clip, in this case, is the best jig for now (what do you guys think that the cheap jigs use?)
To lazy to read all the stuff here so:
1. Test whether or not you can push a payload (PC, android, iOS).
3. If so, do a backup right now.
2. I would advise using autorcm as it is the best thing for ams right now (because ams will shutdown properly and can reboot to cfw) and you will never ever need a jig again.
4. Use DNS or airplane mode (or just simply dont connect to wifi) to stay safe.

I used to feel the same as you about using foil. I was even super critical of people who did... until I watched a YouTube video and saw how it was done. I was in a tight spot and forgot my jig at home. All I had was foil and I only needed it to work once (autoRCM). Its not like you just cram it in there. Its carefully folded over the bottom of the joycon. You attach the joycon and then your in RCM. It comes off super easy and doesnt break apart inside. Since then I have modded 3 switches the same way. Easy alternative to the jig.

 

[The Real Jdbye]

If you have Amazon available, you can get an RCM jig for less than $10 USD. If it boots into RCM with it you are GOLDEN for hacking.

That is where I would start. IDK If this will ship to you, I think it is worldwide, this device (https://www.amazon.com/gp/product/B07J9JJRRG/) is what I use daily and can personally vouche for it.

Once you can confirm RCM works, you will need:

- A CFW of choice (Popular ones are Atmosphere and SXOS. One is open source, the other is a paid "product" respectively.)
- An SD Card (if you plan to play emulators, and have a collection of *owned* ROMs I recommend at least 256GB, if you plan to emulate and use..... downloaded NX games, I would try to get a 500GB SD Card or more (NX games can get big.))
- SDCard MUST be formatted as FAT32. People use exFAT here but exFAT is easily corrutable with homebrew. (To note, 9/10 devs will NOT help you if you use exFAT formatted SDCard and it ends up losing your data. It's just not stable on the switch right now.)
- A way to inject the payload (USB-C cable, android app, or RCM Payload injector device)
- Some time.

Once you figure the above out, I recommend following a tutorial. Running Atmosphere is as simple as putting the files on the SDCard, and putting the switch in RCM then injecting the payload.


Recommended homebrew:

- RetroArch (Emulators!)
- NXMTP (Make your computer see the switch as a storage device via USB)
- EdiZon (Save Editor / Backup tool)
- FTPD for Switch (Transfer files to switch via network.)
- GCDumptool so you can avoid legal issues with illegal game dumps (If you plan on playing pirated games DO NOT GO ONLINE WITH ANY OF THEM INSTALLED!!)
- NX-Shell (File manager for Switch)
- NXTheme (Theme installer)
- Not a homebrew, but a good tool is setting your DNS in switch's network settings to use 90DNS servers will help with a lot of the below warnings too.

Once you boot CFW, if you want to avoid getting banned do not go online while in CFW.


***ALSO NOTE: once you boot cfw there will always be a small chance of ban, even if you boot to OFW (in some cases, not always? I have been online with mine for 8 months now, no issues - but I also have no pirated NSP's or NSP forwarders installed.) If you plan on being offline this wont matter, but avoid going online with it at least while in cfw.

For just a few bucks more (mine was $10.69) from AliExpress you can get an RCMLoader One which comes with the same jig, way more worth it.

 

[stitchxd]

I used to feel the same as you about using foil. I was even super critical of people who did... until I watched a YouTube video and saw how it was done. I was in a tight spot and forgot my jig at home. All I had was foil and I only needed it to work once (autoRCM). Its not like you just cram it in there. Its carefully folded over the bottom of the joycon. You attached the joycon and then your in RCM. It comes off super easy and doesnt break apart inside. Since then I have modded 3 switches the same way. Easy alternative to the jig.

Wait, you mean I can RCM jig with tinfoil just by folding foil over the bottom of my joycon? (As in, just fold and insert or is there a way you need to fold so it lines up better?)

--------------------- MERGED ---------------------------

I usually stray away from methods like that because of issues in the past I've seen countless times of someone damaging the joycon pins and not able to charge, or update the joycon firmware or something.