Tutorial  Updated

A definitive way to test if your Switch is patched or not (purchases after 07-2018)

This tutorial uses TegraRCM command line to send payloads to RCM enabled Switch.
Command line is used since it offers a more detailed explanation on what is going on.
So it is a definitive way to confirm if your Switch is patched or not without further questions.
This tutorial does not make any modification to your Switch console.

Requirement:
No Micro SD Card is required.
1. Any way of entering Recovery Mode. Please read here, https://gbatemp.net/threads/the-ultimate-list-of-mods-to-enter-rcm.502145/
2. biskeydump.bin payload(please get the latest version, as of 30th July 2019, the latest version is V9), can be downloaded from https://switchtools.sshnuke.net/
3. TegraRcm GUI, can be downloaded from https://github.com/eliboa/TegraRcmGUI/releases
4. USB C to USB A cable
5. A PC with USB port (Sorry I don't have Mac so I could not cover this area)

Step-by-Step (in total 7 steps):
1. put in your RCM Jig on the right joy con rail. Press and hold Vol+ then press the power button.
You should see a black/blank screen after you press the power button.
If you see a Nintendo logo, you can power off your console and try to adjust your RCM Jig position.

2. To install APX driver
2.1 Launch TegraRcm GUI, go to Settings tab, click on "Install Driver" button.
2-1-1.jpg

Confirm the driver installation.
2-1-2.jpg

2.2 For those having problems installing APX driver :
Install and launch Zadig. Plug your Switch in RCM mode, then select Options > List All Devices.
Select the APX device and check which driver is installed for this specific device. If libusbK is not the current driver, install it.
zadig.png
(This step is copied from https://gbatemp.net/threads/tegrarcmgui-simple-gui-for-tegrarcmsmash.503510/)

3. Plug in USB cable from your PC to Switch(in RCM).
Open TegraRcm GUI and you should see this window with "RCM OK".
3.jpg

Alternatively, you can use Device Manager to confirm if the APX device is recognized.
3-2.jpg

Now you can close the TegraRcm GUI application.

4. Copy biskeydump.bin to the TegraRcm GUI folder.
4-1.jpg

5. Open a command line and go to the TegraRcm GUI folder.
4.jpg

6. Run this on the command line
Code: 
TegraRcmSmash.exe -w biskeydump.bin BOOT:0x0

7. Check the result
7.1 Switch accepts and executes payload, which mean your Switch is not patched.
Please refer to 0X7000
working.png

You will also see QR code on your Switch screen.

7.2 Switch accepts but does not executes payload, which means your Switch is patched.
Please refer to 0X0000
not-working.png
 
Last edited by gnilwob, , Reason: update biskeydump version
  • Like
Reactions: Blythe93, KholodOK, JenAtkinson and 43 others
Click to expand...
S

Shadow147

Active Member
Newcomer
Level 2
Joined
Oct 1, 2018
Messages
37
Trophies
0
Age
34
XP
134
Country
China
Yeah I can't seem to find one at the moment either.

Perhaps I'll grab a flash drive to create a bootable Windows in order to check.

Thanks for all the help!!
 
BionicGecko

BionicGecko

Well-Known Member
Member
Level 4
Joined
Jun 22, 2018
Messages
103
Trophies
0
Age
48
XP
529
Country
Czech Republic
I use this on my mac to send payloads to my switch:

https://gbatemp.net/threads/tool-fusee-gelee-launcher-for-macos.502075/

It's maybe not as intuitive as the Windows app as it requires fiddling with python but it works fine. I don't know how it reacts to patched switches though. But if you manage to send a payload with it then you'll know your switch is hackable.
 
  • Like
Reactions: Deleted member 470568
D

Dovla

Member
Newcomer
Level 3
Joined
Apr 14, 2009
Messages
5
Trophies
0
XP
290
Country
Croatia
So my switch is definitely patched...is there any homebrew software I can use now or is it completely hopeless? I'm on 4.1 and the Serial number is XAJ700443XXXXX ...I'd settle for anything right now
 
BionicGecko

BionicGecko

Well-Known Member
Member
Level 4
Joined
Jun 22, 2018
Messages
103
Trophies
0
Age
48
XP
529
Country
Czech Republic
Dovla said:
So my switch is definitely patched...is there any homebrew software I can use now or is it completely hopeless? I'm on 4.1 and the Serial number is XAJ700443XXXXX ...I'd settle for anything right now
Click to expand...

There is an exploit called Deja Vu which should theoretically work on 4.1, but it was never publicly released, so at the moment there is nothing you can do. I think the exploit was supposed to be made public with the first release of Atmosphere; you may get lucky when it's officially released.
 
GaaraPrime

GaaraPrime

Well-Known Member
Member
Level 8
Joined
Apr 11, 2007
Messages
796
Trophies
1
XP
1,380
Country
India
Thank you so much for this. This helped me confirm my Nintendo Switch's status. My serial number lied in this...

XAJ70043X not safe to buy, probably patched
But your guide helped me confirm it. Now, I have 100% confirmation that my Switch is UNPATCHED and HACKABLE! :yayswitch::hrth::grog:
 
H

Hauk

New Member
Newbie
Level 1
Joined
Nov 14, 2018
Messages
2
Trophies
0
Age
31
XP
109
Country
United States
Just bought a brand new never opened switch, was purchased recently as a gift to the original owner who got 2 and decided to sell one. Checked the serial number XAW10083 - Promptly freaked out as it says its a possible no-go on this thread... Well did the test and VOILA 0x7000 result. GOT A NON-PATCHED 4.1.0 switch, so happy. So if you're in the danger zone but bellow XAW10085, give it a shot before writing it off, you might get lucky! Unless where you bought it doesn't accept returns after opening of course.
 
D

dextor10478

New Member
Newbie
Level 1
Joined
Aug 14, 2009
Messages
1
Trophies
0
XP
7
Country
India
Bought my Switch today in Black Friday sale...I wish I had read these details earlier...The unit is patched and as part of setup i had to update it to 6.2.0 firmware. Is there any hope at all or should I consider returning it?
 
Draxzelex

Draxzelex

Well-Known Member
Member
Level 23
Joined
Aug 6, 2017
Messages
19,021
Trophies
2
Age
29
Location
New York City
XP
13,424
Country
United States
dextor10478 said:
Bought my Switch today in Black Friday sale...I wish I had read these details earlier...The unit is patched and as part of setup i had to update it to 6.2.0 firmware. Is there any hope at all or should I consider returning it?
Click to expand...
You should return it as not only is the unit patched but you're on a firmware that has not been publicly cracked.
 
  • Like
Reactions: dextor10478 and gnilwob
lsv

lsv

New Member
Newbie
Level 1
Joined
Nov 28, 2018
Messages
2
Trophies
0
Age
35
XP
55
Country
Belgium
Trying to check it here.
I successfully booted in RCM mode and my switch is recongized b tegraRcm.

But when i try to run

TegraRcmSmash.exe -w biskeydump.bin BOOT:0x0

it get stuck on this:

C:\Program Files (x86)\TegraRcmGUI>TegraRcmSmash.exe -w biskeydump.bin BOOT:0x0
TegraRcmSmash (32bit) 1.2.0-2 by rajkosto
Opened USB device path \\?\usb#vid_0955&pid_7321#6&1d8bd4d2&0&2#{aa0dbd45-3117-f331-5c49-76bf65225042}
RCM Device with id 8003FF0F00000020C475446401101062 initialized successfully!
Uploading payload (mezzo size: 92, user size: 76328, total size: 142544, total padded size: 143360)...

And never moves. Should the upload take ages? Is there something wrong?



Thanks :)

edit: by the way, unit serial is XAJ10032.
 
0nethe

0nethe

Well-Known Member
Member
Level 4
Joined
Jul 30, 2013
Messages
180
Trophies
0
Age
38
XP
449
Country
Mali
lsv said:
Trying to check it here.
I successfully booted in RCM mode and my switch is recongized b tegraRcm.

But when i try to run

TegraRcmSmash.exe -w biskeydump.bin BOOT:0x0

it get stuck on this:

C:\Program Files (x86)\TegraRcmGUI>TegraRcmSmash.exe -w biskeydump.bin BOOT:0x0
TegraRcmSmash (32bit) 1.2.0-2 by rajkosto
Opened USB device path \\?\usb#vid_0955&pid_7321#6&1d8bd4d2&0&2#{aa0dbd45-3117-f331-5c49-76bf65225042}
RCM Device with id 8003FF0F00000020C475446401101062 initialized successfully!
Uploading payload (mezzo size: 92, user size: 76328, total size: 142544, total padded size: 143360)...

And never moves. Should the upload take ages? Is there something wrong?



Thanks :)

edit: by the way, unit serial is XAJ10032.
Click to expand...

I have the same exact problem now.
I got a console (4.1.0) on blackfriday a few days ago, run the command and I got x00000 hence patched and it did not boot with my SX PRO dongle. I returned the console like just how it was.
Today I bought one (4.1.0 as well) in Walmart ( box say serial number is XAW400057xxxxx) thinking I may get an unpatched one. As soon as I open box at home, there were scratches on screen and back (was supposed to be new) and the number on the console does not match (XAW400018xxxxx on console). Thought I would keep if I could run my dongle but did not work and the test with the payload on cmd is stuck at uploading payload just like described in the quote. Which may also be the reason SX Pro is not loading. Isn't XAW400018xxxxx supposed to be unpatched or it is the 4.1.0 firmware blocking it even on an unpatched system?

Edit:
Mine worked after I switch the cable to USB3 port on PC, I just recalled I was having trouble with the pc recognizing the first console on UBS2.0. Now I got the x7000 with QR code and smiley on the screen right away I launched the ms command. I wonder if I should still return it though since it is not new with scratch and was already setup. Or maybe just use it for some time to see if no other problem shows up, I will keep.
 
Last edited by 0nethe, , Reason: Fixed
lsv

lsv

New Member
Newbie
Level 1
Joined
Nov 28, 2018
Messages
2
Trophies
0
Age
35
XP
55
Country
Belgium
I finally succeeded to inject the payload, but the result was 0x0000. No luck :)

But i got lucky, one of my coworker who bought the switch the same day I did had an unpatched switch and accepted to give me her switch.
 
  • Like
Reactions: RichKK
Madotsuki

Madotsuki

Member
Newcomer
Level 2
Joined
Jan 4, 2016
Messages
23
Trophies
0
Age
32
XP
140
Country
United States
dextor10478 said:
Bought my Switch today in Black Friday sale...I wish I had read these details earlier...The unit is patched and as part of setup i had to update it to 6.2.0 firmware. Is there any hope at all or should I consider returning it?
Click to expand...

You shouldn't have to update as part of setup. Just don't connect to the internet, it'll have no way of even knowing there's an update to jump to. Leave Wifi completely off on the next unit you get after returning, do NOT put the wifi on during setup. You can do that after you've backed up and installed CFW if you want (but don't expect to play games online for long).
 
  • Like
Reactions: dextor10478
S

SpiderPig2810

Member
Newcomer
Level 1
Joined
Dec 4, 2018
Messages
12
Trophies
0
Age
46
XP
98
Country
Germany
Hi,
i am new to this. I have a switch with a serial number which is unsure if it is patched or not. I ordered a SX Pro but did not receive it by now. I updated the Switch to 6.2 during the install process. I know...stupid...but i didn't know this site. I hope there will be an update für SX OS (already for released for Atmosphere).

My question is....When the package with the Jig arrives, will i be able to test if my switch is patched or is it impossible to test because of FW 6.2?

Thank you for your answers
 
Draxzelex

Draxzelex

Well-Known Member
Member
Level 23
Joined
Aug 6, 2017
Messages
19,021
Trophies
2
Age
29
Location
New York City
XP
13,424
Country
United States
SpiderPig2810 said:
Hi,
i am new to this. I have a switch with a serial number which is unsure if it is patched or not. I ordered a SX Pro but did not receive it by now. I updated the Switch to 6.2 during the install process. I know...stupid...but i didn't know this site. I hope there will be an update für SX OS (already for released for Atmosphere).

My question is....When the package with the Jig arrives, will i be able to test if my switch is patched or is it impossible to test because of FW 6.2?

Thank you for your answers
Click to expand...
You'll be able to test if its patched or not regardless of the firmware.
 
W

WadsRUs

Well-Known Member
Member
Level 7
Joined
Jun 12, 2009
Messages
225
Trophies
1
XP
1,015
Country
United Kingdom
I've just tried the command -

TegraRcmSmash.exe -w biskeydump.bin BOOT:0x0

on an XAJ7001627 Switch

It works - I get the yellow smiley face and the QR code - also the list of BIS keys, etc.

However, I don't see a 'smashed the stack' message.

Is that because of some change in TegraRCMSmash or BISKEY since the original post in this thread was written? Does it just not display that message any more?
 

Site & Scene News

Go to forum More news

Popular threads in this forum

Emulation Homebrew  duckstation for Switch

Can you trade in a banned switch for an unbanned one?

Why is Atmosphere so dominant?

Hacking Misc Tutorial  Eiyuden Chronicle Hundred Heroes save editing

Hacking  Weird findings from that DQ trilogy switch port

Migswitch backups without certificate files

Help a noob with if I need to update CFW to 18.0 or not

Emulation Misc  Is a totk memory editor possible? If so why has no one made one yet?

General chit-chat
Help Users
  • No one is chatting at the moment.
  • K3Nv2 @ K3Nv2:
    https://www.newegg.com/p/0D9-002V-0...=snc-social-_-sr-_-0D9-002V-00AA1R-_-05202024
  • SylverReZ @ SylverReZ:
    @mthrnite, Cheetah Girls, the sequel to Action 52's Cheetah Men.
     +2
  • Psionic Roshambo @ Psionic Roshambo:
    Pokemon Black I played that one a lot
  • K3Nv2 @ K3Nv2:
    Honestly never messed with Pokémon on ds much
  • mthrnite @ mthrnite:
    I played pokemon once, was bored, never tried again
  • Psionic Roshambo @ Psionic Roshambo:
    Oh Dragon Quest IX
  • K3Nv2 @ K3Nv2:
    Spent like 5 hours on switch one never touched it again
  • Psionic Roshambo @ Psionic Roshambo:
    Sentinel of the stary skies
  • K3Nv2 @ K3Nv2:
    Ds is 20 years old this year
  • Psionic Roshambo @ Psionic Roshambo:
    So MJ no longer wants to play with it?
  • K3Nv2 @ K3Nv2:
    He put it down when the 3ds came out
  • K3Nv2 @ K3Nv2:
    https://youtube.com/shorts/eTlZ0qcSZf4?si=0vpkdIWplaLMFVqv
  • K3Nv2 @ K3Nv2:
    https://youtu.be/40XQ8L9wsCA?si=GzpPBaHQQLU0plt_ Neat
  • SylverReZ @ SylverReZ:
    @K3Nv2, RIP Felix does great videos on the PS3 yellow-light-of-death.
  • Jayro @ Jayro:
    Eventhough the New 3DS XL is more powerful, I still feel like the DS Lite was a more polished system. It's a real shame that it never got an XL variant keeping the GBA slot. You'd have to go on AliExpress and buy an ML shell to give a DS phat the unofficial "DS Lite" treatment, and that's the best we'll ever get I'm afraid.
     +1
  • Jayro @ Jayro:
    The phat model had amazingly loud speakers tho.
     +1
  • SylverReZ @ SylverReZ:
    @Jayro, I don't see whats so special about the DS ML, its just a DS lite in a phat shell. At least the phat model had louder speakers, whereas the lite has a much better screen.
     +1
  • SylverReZ @ SylverReZ:
    They probably said "Hey, why not we combine the two together and make a 'new' DS to sell".
  • Veho @ Veho:
    It's a DS Lite in a slightly bigger DS Lite shell.
     +1
  • Veho @ Veho:
    It's not a Nintendo / iQue official product, it's a 3rd party custom.
     +1
  • Veho @ Veho:
    Nothing special about it other than it's more comfortable than the Lite
    for people with beefy hands.
     +1
  • Jayro @ Jayro:
    I have yaoi anime hands, very lorge but slender.
  • Jayro @ Jayro:
    I'm Slenderman.
  • Veho @ Veho:
    I have hands.
  • Veho @ Veho:
    king-shark-hand.gif
    +1
    Veho @ Veho: +1