Hacking Bought used switch, advice needed

[Kafluke]

Wait, you mean I can RCM jig with tinfoil just by folding foil over the bottom of my joycon? (As in, just fold and insert or is there a way you need to fold so it lines up better?)

--------------------- MERGED ---------------------------

I usually stray away from methods like that because of issues in the past I've seen countless times of someone damaging the joycon pins and not able to charge, or update the joycon firmware or something.

Just search for "foil RCM switch" on YouTube. I understand your reluctance but if you do it right there is very little risk. It's a clean and easy way to get into RCM. I wouldnt recommend it as a permanent solution but it's enough for you to enable autoRCM.

 

[stitchxd]

Just search for "foil RCM switch" on YouTube. I understand your reluctance but if you do it right there is very little risk. It's a clean and easy way to get into RCM. I wouldnt recommend it as a permanent solution but it's enough for you to enable autoRCM.

woah that's crazy! The only real risk I see is making the fold too "big" or using cheap foil that breaks very easy. Otherwise it looks viable for sure, even if only to enable AutoRCM.

 

[Madridi]

@stitchxd

Used the tinfoil method and tegrarcmgui.

No RCM device detected
RCM Device detected
Preset "PAYLOAD_FILE" set to : E:\hekate_ctcaer_4.10.1.bin
Invoking TegraRcmSmash.exe with args : "E:\hekate_ctcaer_4.10.1.bin"
TegraRcmSmash (32bit) 1.2.1-3 by rajkosto
Opened USB device path \\?\usb#vid_0955&pid_7321#6&fd8bc8d&0&3#{aa0dbd45-3117-f331-5c49-76bf65225042}
RCM Device with id 000602030000000C4257446401101062 initialized successfully!
Uploading payload (mezzo size: 92, user size: 121599, total size: 187815, total padded size: 188416)...
Switched to high buffer
Smashing the stack!
Smashed the stack with a 0x0000 byte SETUP request!
Payload successfully injected

Does this mean this switch is patched (and therefore, no cfw possible atm)?

 

[stitchxd]

@stitchxd

Used the tinfoil method and tegrarcmgui.

No RCM device detected
RCM Device detected
Preset "PAYLOAD_FILE" set to : E:\hekate_ctcaer_4.10.1.bin
Invoking TegraRcmSmash.exe with args : "E:\hekate_ctcaer_4.10.1.bin"
TegraRcmSmash (32bit) 1.2.1-3 by rajkosto
Opened USB device path \\?\usb#vid_0955&pid_7321#6&fd8bc8d&0&3#{aa0dbd45-3117-f331-5c49-76bf65225042}
RCM Device with id 000602030000000C4257446401101062 initialized successfully!
Uploading payload (mezzo size: 92, user size: 121599, total size: 187815, total padded size: 188416)...
Switched to high buffer
Smashing the stack!
Smashed the stack with a 0x0000 byte SETUP request!
Payload successfully injected

Does this mean this switch is patched (and therefore, no cfw possible atm)?

No, in fact it pushed the payload, so the switch is unpatched and ready for CFW!

RE: RCM Device with id 000602030000000C4257446401101062 initialized successfully!
RE: Payload successfully injected

Good luck!

 

[Draxzelex]

@stitchxd

Used the tinfoil method and tegrarcmgui.

No RCM device detected
RCM Device detected
Preset "PAYLOAD_FILE" set to : E:\hekate_ctcaer_4.10.1.bin
Invoking TegraRcmSmash.exe with args : "E:\hekate_ctcaer_4.10.1.bin"
TegraRcmSmash (32bit) 1.2.1-3 by rajkosto
Opened USB device path \\?\usb#vid_0955&pid_7321#6&fd8bc8d&0&3#{aa0dbd45-3117-f331-5c49-76bf65225042}
RCM Device with id 000602030000000C4257446401101062 initialized successfully!
Uploading payload (mezzo size: 92, user size: 121599, total size: 187815, total padded size: 188416)...
Switched to high buffer
Smashing the stack!
Smashed the stack with a 0x0000 byte SETUP request!
Payload successfully injected

Does this mean this switch is patched (and therefore, no cfw possible atm)?

No, in fact it pushed the payload, so the switch is unpatched and ready for CFW!

RE: RCM Device with id 000602030000000C4257446401101062 initialized successfully!
RE: Payload successfully injected

Good luck!

No it is patched because it was smashed with 0x0000 byte stack meaning the payload did nothing.

 

[Madridi]

No, in fact it pushed the payload, so the switch is unpatched and ready for CFW!

RE: RCM Device with id 000602030000000C4257446401101062 initialized successfully!
RE: Payload successfully injected

Good luck!

I'm confused..

Please check point 7.1 and 7.2 in this thread:
https://gbatemp.net/threads/a-defin...atched-or-not-purchases-after-07-2018.512018/

While this is a different method, isnt it essentially the same result? This lead me to believe that the switch is patched?

Oh and, after injecting payload, the screen stayed black. Is that what is supposed to happen?

--------------------- MERGED ---------------------------

No it is patched because it was smashed with 0x0000 byte stack meaning the payload did nothing.

Ah damn, so my suspicions were correct. So this is confirmed to be patched right? I can use it normally?

How do I exit back to normal now? Just hold Power button for 10s, remove the joycon, remove tinfoil, then use it as normal?

 

[Draxzelex]

Ah damn, so my suspicions were correct. So this is confirmed to be patched right? I can use it normally?

How do I exit back to normal now? Just hold Power button for 10s, remove the joycon, remove tinfoil, then use it as normal?

Yeah do exactly as you said. If you really want to hack the Switch, buy an unpatched one after checking the serial number. If you cannot buy another console, keep your firmware as low as possible unless its on 8.X in which case you may really need to invest in another console.

 

[Madridi]

Yeah do exactly as you said. If you really want to hack the Switch, buy an unpatched one after checking the serial number. If you cannot buy another console, keep your firmware as low as possible unless its on 8.X in which case you may really need to invest in another console.

Thanks but I already have several other switches, including a 1.0. I just havent gotten into the cfw scene yet
https://gbatemp.net/threads/bought-used-switch-advice-needed.538465/#post-8635588

So now, I have 2 patched switches. One on 7.0.1, and one on 8.0.1
The 7.0.1 have 2 users on it (Me, and my sister). I am going to give this 8.0.1 to my sister.

Is it possible to transfer 1 user only from the older switch to the newer switch, keeping in mind that one of them is NOT on the latest fw?

 

[stitchxd]

Thanks but I already have several other switches, including a 1.0. I just havent gotten into the cfw scene yet
https://gbatemp.net/threads/bought-used-switch-advice-needed.538465/#post-8635588

So now, I have 2 patched switches. One on 7.0.1, and one on 8.0.1
The 7.0.1 have 2 users on it (Me, and my sister). I am going to give this 8.0.1 to my sister.

Is it possible to transfer 1 user only from the older switch to the newer switch, keeping in mind that one of them is NOT on the latest fw?

My apologies! I read the comment wrong.

 

[Draxzelex]

Thanks but I already have several other switches, including a 1.0. I just havent gotten into the cfw scene yet
https://gbatemp.net/threads/bought-used-switch-advice-needed.538465/#post-8635588

So now, I have 2 patched switches. One on 7.0.1, and one on 8.0.1
The 7.0.1 have 2 users on it (Me, and my sister). I am going to give this 8.0.1 to my sister.

Is it possible to transfer 1 user only from the older switch to the newer switch, keeping in mind that one of them is NOT on the latest fw?

Uh...not quite sure actually. I guess there is no harm in trying; if it works, it works and if it doesn't...well hopefully there isn't any hidden system update messages.

 

[stitchxd]

No it is patched because it was smashed with 0x0000 byte stack meaning the payload did nothing.

Yea, I read the comment wrong, definitely patched.

 

[ch4chi]

Hi, apologies I dont mean to highjack your thread, but I'm on a very similar path as you and any help from those that have already commented would be much appreciated.

I have a switch on 7.0.1 and have ran the check in rcm and it is not patched so can be jailbroken. I'm planning on buying the SX OS and injecting it via an android phone app. What do I need to do in the first instance? it's got a clean nand so would like to back it up but unsure how I do it and what I do after that. I just want to make sure I have a clean backup and be able to play downloaded games, have no real desire to play online in the future but want the option of doing so in case it's ever needed with the least chance of getting banned in the process. Thanks in advance

 

[Kafluke]

Hi, apologies I dont mean to highjack your thread, but I'm on a very similar path as you and any help from those that have already commented would be much appreciated.

I have a switch on 7.0.1 and have ran the check in rcm and it is not patched so can be jailbroken. I'm planning on buying the SX OS and injecting it via an android phone app. What do I need to do in the first instance? it's got a clean nand so would like to back it up but unsure how I do it and what I do after that. I just want to make sure I have a clean backup and be able to play downloaded games, have no real desire to play online in the future but want the option of doing so in case it's ever needed with the least chance of getting banned in the process. Thanks in advance

Next steps:


Boot into Hekate
Backup raw nand
Backup boot 0 and boot 1
enable autoRCM
Decide on a CFW to use (I am a day 1 user of SX OS and couldn't be happier with it)
You can use either SX OS, Reinx, or Atmosphere

 

[ch4chi]

Next steps:


Boot into Hekate
Backup raw nand
Backup boot 0 and boot 1
enable autoRCM
Decide on a CFW to use (I am a day 1 user of SX OS and couldn't be happier with it)
You can use either SX OS, Reinx, or Atmosphere

Hi thanks for the reply, I've ordered and been sent the SX OS license so have that ready to go and know how to get into rcm mode.

So would the above steps enable me to start using the os and have a clean copy of the original nand in case I ever needed to restore everything back to the original point of a clean ofw 7.0.1 (which is my existing ofw)?

 

[Kafluke]

Hi thanks for the reply, I've ordered and been sent the SX OS license so have that ready to go and know how to get into rcm mode.

So would the above steps enable me to start using the os and have a clean copy of the original nand in case I ever needed to restore everything back to the original point of a clean ofw 7.0.1 (which is my existing ofw)?

Yes. As long as you backup the nand first thing. Dont even launch SX os yet

 

[Madridi]

Hey guys, just thought I’d keep this thread instead of making a new one.

Is there any reason why I shouldn’t go for this:
https://www.aliexpress.com/item/Hig...2d-4f4a-a488-dc94e4b90218&transAbTest=ae803_3

Any cheaper alternative?

 

[LapCheong]

Hey guys, just thought I’d keep this thread instead of making a new one.

Is there any reason why I shouldn’t go for this:
https://www.aliexpress.com/item/Hig...2d-4f4a-a488-dc94e4b90218&transAbTest=ae803_3

Any cheaper alternative?

The store opened on 16 apr 2019 and the product has 0 feedback. Bad sign to me

This is where i got mine https://nl.aliexpress.com/item/RCMX...iNX-RajNX-voor-NS-Schakelaar/32920823824.html, sign up new account to get $3 off

 

[Madridi]

The store opened on 16 apr 2019 and the product has 0 feedback. Bad sign to me

This is where i got mine https://nl.aliexpress.com/item/RCMX...iNX-RajNX-voor-NS-Schakelaar/32920823824.html, sign up new account to get $3 off

Thanks for the reply. I am fine with the store itself since AliExpress protection is there. I am more concerned about the product itself. Any good?

 

[LapCheong]

Thanks for the reply. I am fine with the store itself since AliExpress protection is there. I am more concerned about the product itself. Any good?

Ya the product i bought from the link i given previously works as expected as xkit website. The jig is good quality 100% rcm rate.

Cant say so much for the seller you are buying since there is no feedback. I mean most of the rcmloader should come from the same supplier, just spent the extra buck and get it from reputable seller

 

[Madridi]

Ya the product i bought from the link i given previously works as expected as xkit website. The jig is good quality 100% rcm rate.

Cant say so much for the seller you are buying since there is no feedback. I mean most of the rcmloader should come from the same supplier, just spent the extra buck and get it from reputable seller

I was referring to my link lol. But I don’t see that product from the seller you linked to anyway. Also, I am not just buying one. Buying multiples with shipping considered will significantly add up to the total.

I understand that probably they are more or less the same. I would still feel better with someone with more experience than myself confirming that I can go ahead with it, or even better, have a cheaper link