Hacking Question for v1 RCM Loader chip installer

AmeliaFox · Feb 4, 2026

As per the title.

I am currently writing esp32-s3 code for a better modchip/rcm loader than what's currently available. The software is now nearly complete with just this last bit to add.

When the chip boots it can have a GPIO pin go to gnd or go high depeneding on the following way to install:

1: GPIO has a 10k resistor fitted and connects to the RCM strap, When the chip starts it puts the GPIO to gnd and after 1 second the GPIO goes into floating mode again so no voltage or gnd.

Alternative

2: GPIO has an N-Channel MOSFET (2N7000, AO3400, etc.) wired like this:
ESP32 RCM_PIN ------------> G (Gate)
|
D (Drain) ----> Switch Strap Point
|
S (Source) ----> GND

When the switch boots the GPIO goes high and RCM strapping pin gets grounded for 1 second, then gets set LOW so the mosfet turns off and the RCM point goes back to normal.

ESP32-3S has lots of pins so I can program both methods into the chip, but I am not an installer, for the installers which method would you prefer?

Basically it will be a 5 wire install as there will be no need to add a payload toggle wire/button as this is all done from a web interface, same for firmware updates or accessing flash to upload new payloads.

mcPickleRick · Feb 24, 2026

great work on this project, i havent had a chance to order the esp32-s3 with the amoled screen yet to test this out but looking forward to doing so. if there is no difference in reliability/safety, the first option would be an easier install

AmeliaFox · Feb 24, 2026

mcPickleRick said:
great work on this project, i havent had a chance to order the esp32-s3 with the amoled screen yet to test this out but looking forward to doing so. if there is no difference in reliability/safety, the first option would be an easier install

You don't need to buy an esp32-s3 with an amoled screen.

Tell me if you are doing an internal install (modchip) or if you want to just make a dongle, and also if you already have an esp32-s3 (with PSRam).

mcPickleRick · Feb 24, 2026

id like to do both, have a couple usb dongles for injection and also test the internal install on separate switch. i dont currently have an esp32-s3 but did find them on waveshare (amoled one has 16mb flash, internal board has 8mb flash, both have 8mb psram)

AmeliaFox · Feb 24, 2026

mcPickleRick said:
id like to do both, have a couple usb dongles for injection and also test the internal install on separate switch. i dont currently have an esp32-s3 but did find them on waveshare (amoled one has 16mb flash, internal board has 8mb flash, both have 8mb psram)

That's good, the internal board I'm making software for is this one:

https://thepihut.com/products/esp32...NXsO2oI6vNLUgHV5nDITKmRbkcHsZVb4aAhNdEALw_wcB

It's only got 4mb flash but that's enough for a few payloads and OTA partiton, it's got 2mb psram. I've completed the code for it, but I'm waiting for a breakout board for it to make it easier to solder into the switch. It's coming from china so might take a few weeks.

I've also got this:
https://www.waveshare.com/esp32-s3-...2kT4XkrTNivIbrwRtLg9Yh-eoIWQM_QtXWTHMdqtDOHKl

It's a great little dongle, I been testing/making lot's of code on it, it works great as a dongle though, both for the Switch and a PS4 (exfat hax and server). The touch screen on it is amazing. I've been writing code for all the different chips on it, but for a Switch RCM dongle it's fantastic, easy to update and very small. I put my own battery in it, 302530 200 mah battery as I had a few of these already and it fits inside the case perfectly. If you buy one of these make sure to check the polarity of the battery before plugging into the board (you can see the + and - on the battery connector)

mcPickleRick · Feb 25, 2026

how does the internal chip work? is it similar to an autorcm but with autopayload injection? i found the same internal board on waveshare, they have the 4mb flash/2mb psram ($4.99) or 8mb flash/8mb psram (6.99). is there any benefit in getting the 'beefier' one?

AmeliaFox · Feb 26, 2026

mcPickleRick said:
how does the internal chip work? is it similar to an autorcm but with autopayload injection? i found the same internal board on waveshare, they have the 4mb flash/2mb psram ($4.99) or 8mb flash/8mb psram (6.99). is there any benefit in getting the 'beefier' one?

With the 8mb flash version you can store more payloads, I would buy that over the 4mb version if buying again, when i bought one they only had the 4mb version.

If you are planning on buying that chip I will be releasing a custom firmware for it soon, which is finished now, I'm just waiting for a breakout board to arrive to make it easier to solder the d+/d- points and can be plugged into the ribbon cable.

mcPickleRick · Feb 27, 2026

ordered a couple of the 8mb version (1 with the ribbon cable and usb board). how does the breakout board above help vs this:

AmeliaFox · Feb 27, 2026

Once programmed you can remove the usbc board, plug in the breakout board and use the solder points on that if doing an internal instal. It makes it far easier to install, I would have thought that would be common sense, why would you even ask? It makes me wonder if you need to get someone else to mod your switch. Maybe you will be better just using the dongle as that will be just a case of attaching a usb cable.

mcPickleRick · Feb 27, 2026

theres no mention as to why you want to use the breakout board other than it would be easier to solder the d+/d- with no explanation as to the purpose of doing that. ive done many installs including oled kamikaze, so i wont have any issues installing this. just curious as to the purpose of the breakout board. is it for some paththrough functionality from switch usbc to modchip?

AmeliaFox · Feb 27, 2026

mcPickleRick said:
theres no mention as to why you want to use the breakout board other than it would be easier to solder the d+/d- with no explanation as to the purpose of doing that. ive done many installs including oled kamikaze, so i wont have any issues installing this. just curious as to the purpose of the breakout board. is it for some paththrough functionality from switch usbc to modchip?

ESP32-S3 use GPIO 19/20 (off the top of my head) for usb communication, there's no points on the board to solder onto unless you remove the ribbon connector, and even then those points are tiny and difficult to solder to. It's far easier to get the breakout board and that way you don't damage the board either. I ordered 10 of these board for about £4 (not that I need that many), but for the ease of soldering and time saved, it's worth it. You'll be able just solder to the breakout board and if not using any rcm stuff there's no need to even solder the the board at all - making it easy to replace if it ever needs to be as Voltage/gnd/d+ and d- are all easy points to solder on the breakout board.

I'm trying to make this as easy as possible, for installing updating etc. Do you have your board yet? The firmware for it is done but I recommend getting these breakout boards just to make life easier for yourself for installing. I've completed the code for it but I might need to adjust some rcm code, RCM GPIO pin is set in the config page and basically just puts the gpio to gnd for about a second when the chip first boots and then puts it back to floating before injection. This might need changed though as I have not tested an install yet, but via usb cable it's working fine so I see no issues, only rcm stuff needs tested but I'll wait till the breakout boards arrive. If you want to test the firmware when your board arrives let me know and I'll post it so you can test.

mcPickleRick · Feb 27, 2026

i dont have the boards yet, waveshare is usually fairly quick (couple weeks). i completely understand how the breakout board would make those points alot easier to work with. what im struggling to understand is (and sorry if im being a bit slow here) where are you connecting the breakout board to and why? are you connecting to the V,gnd,d+,d- on the switch motherboard so that you can use its usbc port to do something with the esp32 board (install/update)?

Post automatically merged: Feb 27, 2026

i think i found this answer, but correct me if im wrong...basically a newer version of this but with more features:

source:

Tutorial Thread 'Internal modchip - SAMD21 (Trinket M0, Gemma M0, ItsyBitsy M0 Express) Guide, Files & Support'

Jun 20, 2018

Notice: I am not receiving notifications for this thread. I didn`t realise people were still posting in it.

Please please accept my apologies if I haven`t replied to tags etc... I have no idea what is happening. I`m subscribed to this thread but I am not receiving notifications. Please inbox me if possible. Or tag me in another thread.

Its amazing that people are still checking all of this out. I thank you for all of the help and support I have received in this thread over this year.

Cheers...

AmeliaFox · Feb 27, 2026

mcPickleRick said:
i dont have the boards yet, waveshare is usually fairly quick (couple weeks). i completely understand how the breakout board would make those points alot easier to work with. what im struggling to understand is (and sorry if im being a bit slow here) where are you connecting the breakout board to and why? are you connecting to the V,gnd,d+,d- on the switch motherboard so that you can use its usbc port to do something with the esp32 board (install/update)?

Post automatically merged: Feb 27, 2026

i think i found this answer, but correct me if im wrong...basically a newer version of this but with more features:
View attachment 559369

source:

Tutorial Thread 'Internal modchip - SAMD21 (Trinket M0, Gemma M0, ItsyBitsy M0 Express) Guide, Files & Support'

Jun 20, 2018

Notice: I am not receiving notifications for this thread. I didn`t realise people were still posting in it.

Please please accept my apologies if I haven`t replied to tags etc... I have no idea what is happening. I`m subscribed to this thread but I am not receiving notifications. Please inbox me if possible. Or tag me in another thread.

Its amazing that people are still checking all of this out. I thank you for all of the help and support I have received in this thread over this year.

Cheers...

mattytrog

Replies: 4,088

Forum: Nintendo Switch

Yes, it's basically an advanced version of that but with wifi and way more features.

I will post install pictures when I do it, but it will basically be V+ (5volts point),, GND, D+, D-, RCM Strap).

I can't remeber for RCM GPIO if it needs to be GND before the chip boots and then set to float once booted, or set to floating and then GND for a small time before payload injection, i'll find out when I install and then do a guide.

mcPickleRick · Feb 28, 2026

looking forward to it! not sure why it didnt click for me right away, when you mentioned modchip, my mind immediately went to something like picofly because i hadnt installed anything in the unpatched switches but it eventually clicked

AmeliaFox · Feb 28, 2026

mcPickleRick said:
looking forward to it! not sure why it didnt click for me right away, when you mentioned modchip, my mind immediately went to something like picofly because i hadnt installed anything in the unpatched switches but it eventually clicked

It's really good, I'll be posting the full code soon but I want to sort out the RCM first, if you have a chip already and just want to test injection code and have some way to enter apx mode (jig or autorcm), you can temp use this code for now, then update the firmware once I post the full version:

Post in thread 'V1 Unpatched Switch ESP32-S3 payload injector'

Feb 28, 2026

Jayro said:
Truly incredible work you've done here!

Attached is a version that loads the payload from an embedded array instead of needing to use a ffat/spiffs partiton. There's also a tool included to convert payloads into an array header file so it should be easy for those that want to do it this way. It's been tested on esp32-s3, it should also work with esp32-s2 (but I didn't test on that yet as I don't have time).

In the last post on that page you can compile with Arduino IDE and the latest eps32 boards. Hekate Payload is embedded in the firmware for testing.

AmeliaFox · Mar 31, 2026

See here for source code: https://gbatemp.net/threads/v1-unpatched-switch-esp32-s3-payload-injector.679333/post-10838884

Hacking Question for v1 RCM Loader chip installer

Well-Known Member

Member

Well-Known Member

Member

Well-Known Member

Member

Well-Known Member

Member

Well-Known Member

Member

Well-Known Member

Member

Tutorial Thread 'Internal modchip - SAMD21 (Trinket M0, Gemma M0, ItsyBitsy M0 Express) Guide, Files & Support'

Well-Known Member

Tutorial Thread 'Internal modchip - SAMD21 (Trinket M0, Gemma M0, ItsyBitsy M0 Express) Guide, Files & Support'

Member

Well-Known Member

Well-Known Member

Similar threads

Popular threads in this forum