How real is the possibility of a softmod exploit?

[ldeveraux]

I got a switch 2 at launch and haven't played anything on it. Having played nearly everything exclusive on the switch 1 for free, I have no interest in buying any Switch 2 games as Nintendo's stuff tends be a 7/10 at best these days. I'm giving it a year, if there isn't any hard or soft mod of MIGS2 by then i'm just going to resell it. Save for the slim possibility the S2 actually gets some killer apps.

You're missing out on Bonanza because you want to be a contrarian.

 

[RyanTheArchivist]

I got a switch 2 at launch and haven't played anything on it. Having played nearly everything exclusive on the switch 1 for free, I have no interest in buying any Switch 2 games as Nintendo's stuff tends be a 7/10 at best these days. I'm giving it a year, if there isn't any hard or soft mod of MIGS2 by then i'm just going to resell it. Save for the slim possibility the S2 actually gets some killer apps.

I'll be 100% honest with you. Nothing exists in the current build of HOS. If we get a software exploit it will be in an update due to some flaw in their programming.

 

[Ygolonac]

You're missing out on Bonanza because you want to be a contrarian.

I don't know why you people get drunk on hype and offended so easily. I didn't think odyssey was very good, so I doubt I would be very impressed with Bonanza. It's a game designed for young children. If I could pirate it, I'd probably play it until I got bored but it's not a game I would personally buy. I respect Nintendo for actually having exclusives but they don't exactly put out system sellers and generational masterpieces anymore, least of all for men in their 30s who have been playing games all their life. If the switch 2 gets a killer app, it will probably me made by Capcom or from software or something in all honesty.

I honestly have a bad habit of soft or hardmodding consoles "just because I can" spending money when I don't actually have much if any games I really want to play. My favorite thing about the switch was just browsing the huge library of indie games I never heard of on tinfoil. The switch has an impressive library and some surprising ports.

Post automatically merged: Aug 17, 2025

I'll be 100% honest with you. Nothing exists in the current build of HOS. If we get a software exploit it will be in an update due to some flaw in their programming.

Unfortunate, Kudos to Nintendo for getting my money if it's never exploited, although i'm willing to hardmod it too. I'll just hang on to it as a dust collector in case something pops up. I don't really need the money for anything.

 

[The Real Jdbye]

I'm not talking about "now" or even in the Switch 2's lifespan, I'm talking about the general probability of the console ever getting a softmod exploit.

As the Switch 2 uses the same HorizonOS as the original Switch uses, we can rule out the possibility of any exploits in features that were present on the Switch 1. The new features include the ability to stream games via the new Download Play feature, the entire Gamechat thingy, and the emulator/compatibility layer/whatever the Switch 2 uses to play Switch 1 games.

Game-based exploits are also ruled out due to the sandboxing that HorizonOS uses.

With there only being barely any new possible entrypoints + the fact that Nintendo can sniff out MiG Switch users on Switch 2 and permanently ban the consoles associated, I honestly don't give it much hope. After all, absolutely nothing has been discovered on Switch 1 besides Fuseé-Geleé (nVIDIA's fault) and some exploits runnable only on really old images of HorizonOS.

Nothing is 100% secure, everything gets hacked eventually. You don't have to look further than the Xbox 360 for evidence of that.
We can't rule anything out. Yes, it's more likely that there will be exploits in new code because it's less tested. But we don't know anything for certain.
We also don't know what less obvious changes there might be under the hood, until we have access to unencrypted dumps of the Switch 2 HOS. It's really difficult to make any sort of educated guesses without being able to look at the code, beyond just "maybe possible, probably difficult".
AFAIK, entrypoints are not the issue. We've got ROP on the Switch 2 - that's an entrypoint. Getting from there to arbitrary code execution is the hard part (and why ROP by itself is not useful). Entrypoints on the Xbox 360 were known about since the console's inception but for most of the console's life span there wasn't a useful application due to the security of the console not being cracked beyond very early kernel versions.
The hard part, same as on the Switch 1, is probably going to be breaking through the sandbox. Because regardless of what new vulnerabilities may or may not have been introduced on the Switch 2, we still won't be able to gain full access without breaking through the sandbox. Every part of HOS is designed with the least amount of access possible, so no matter which entrypoint you use or how you get there, the sandbox is the final barrier that needs to be broken.

 

[rcpd]

Nothing is 100% secure, everything gets hacked eventually. You don't have to look further than the Xbox 360 for evidence of that.
We can't rule anything out. Yes, it's more likely that there will be exploits in new code because it's less tested. But we don't know anything for certain.
We also don't know what less obvious changes there might be under the hood, until we have access to unencrypted dumps of the Switch 2 HOS. It's really difficult to make any sort of educated guesses without being able to look at the code, beyond just "maybe possible, probably difficult".
AFAIK, entrypoints are not the issue. We've got ROP on the Switch 2 - that's an entrypoint. Getting from there to arbitrary code execution is the hard part (and why ROP by itself is not useful). Entrypoints on the Xbox 360 were known about since the console's inception but for most of the console's life span there wasn't a useful application due to the security of the console not being cracked beyond very early kernel versions.
The hard part, same as on the Switch 1, is probably going to be breaking through the sandbox. Because regardless of what new vulnerabilities may or may not have been introduced on the Switch 2, we still won't be able to gain full access without breaking through the sandbox. Every part of HOS is designed with the least amount of access possible, so no matter which entrypoint you use or how you get there, the sandbox is the final barrier that needs to be broken.

I think you're right. Developer Mode on the Xbox One is setup exactly the same way. You're limited on the amount of RAM you can use, the OS used, what partition is available to use, and a bunch of telemetry data sent to Microsoft. Its sandboxed hard. Its not an exploit and can't ever be used as an exploit. It can't even really be considered an entry point, but it did do exactly what Microsoft hoped. It got people out of the idea of looking for exploits and letting them setup custom software for the Xbox One.

 

[zxr750j]

I rate chances of a softmod at 0%, that being the chance of me pirating games between now and 100 days. I will be right in 100 days! If not I'll donate $10 to gbatemp, if you don't agree, say so and donate $10 when I'm wrong...

 

[lordelan]

Will it ever happen?
This album cover says it all.

 

[Ondrashek06]

I think you're right. Developer Mode on the Xbox One is setup exactly the same way. You're limited on the amount of RAM you can use, the OS used, what partition is available to use, and a bunch of telemetry data sent to Microsoft. Its sandboxed hard. Its not an exploit and can't ever be used as an exploit. It can't even really be considered an entry point, but it did do exactly what Microsoft hoped. It got people out of the idea of looking for exploits and letting them setup custom software for the Xbox One.

If Microsoft wanted people to stop looking for exploits, they wouldn't have made developer mode a paid feature AND also wouldn't have removed free dev mode access to GitHub student accounts.

 

[tech3475]

If Microsoft wanted people to stop looking for exploits, they wouldn't have made developer mode a paid feature AND also wouldn't have removed free dev mode access to GitHub student accounts.

Strictly speaking, Dev Mode along with the dev accounts should have been deactivated for 99% of users, as you're supposed to be to 'active' on the store per the TOS last I checked.

This is why I see dev mode as a 'wink' from MS, especially after the mass deactivations a few years back which they reverted.

They also seem to have scaled back allot of student stuff, I remember getting Windows server licenses from them.

 

[ldeveraux]

I don't know why you people get drunk on hype and offended so easily. I didn't think odyssey was very good, so I doubt I would be very impressed with Bonanza. It's a game designed for young children. If I could pirate it, I'd probably play it until I got bored but it's not a game I would personally buy. I respect Nintendo for actually having exclusives but they don't exactly put out system sellers and generational masterpieces anymore, least of all for men in their 30s who have been playing games all their life. If the switch 2 gets a killer app, it will probably me made by Capcom or from software or something in all honesty.

I honestly have a bad habit of soft or hardmodding consoles "just because I can" spending money when I don't actually have much if any games I really want to play. My favorite thing about the switch was just browsing the huge library of indie games I never heard of on tinfoil. The switch has an impressive library and some surprising ports.

Post automatically merged: Aug 17, 2025

Unfortunate, Kudos to Nintendo for getting my money if it's never exploited, although i'm willing to hardmod it too. I'll just hang on to it as a dust collector in case something pops up. I don't really need the money for anything.

Mate, you want to hate things that are popular, it has nothing to do with whther games are good or not. I don't need your nonsense.

 

[ankerede]

I'm not a programmer but nothing is 100% safe and definitely not forever and eventually their will be a hack. What i would like to throw out there is, the more complex things get, the more likely it is that someone will f*** sth up. And it looks like the switch has quite a complex system.

 

[emmauss]

I'm not a programmer but nothing is 100% safe and definitely not forever and eventually their will be a hack. What i would like to throw out there is, the more complex things get, the more likely it is that someone will f*** sth up. And it looks like the switch has quite a complex system.

Its good that you are not a programmer. Though you should know that the switch 2 isn't complex. Its just got a lot of simple simple systems that interact with each other and have all been tested vigorously to ensure that are secure. Yes, no system made by man is impervious. It will one day be broken. The extent of how it will break is yet to be known, but it won't be anytime soon

 

[Majunior]

I'm not a programmer but nothing is 100% safe and definitely not forever and eventually their will be a hack. What i would like to throw out there is, the more complex things get, the more likely it is that someone will f*** sth up. And it looks like the switch has quite a complex system.

Not really how it works, the N64 is a lot more complex than the switch 2. By complexity I assume you mean the difficulty required to understanding the firmware and architecture that the hardware uses and programming for it.


Nintendo's hacks are always due to lack of testing, not because of their systems being "simple". The original switch 1 exploit for example was for something that was very hard to test for, but it's unlikely they would make a mistake like that again.

 

[Renos44]

Not really how it works, the N64 is a lot more complex than the switch 2. By complexity I assume you mean the difficulty required to understanding the firmware and architecture that the hardware uses and programming for it.


Nintendo's hacks are always due to lack of testing, not because of their systems being "simple". The original switch 1 exploit for example was for something that was very hard to test for, but it's unlikely they would make a mistake like that again.

The switch 1's exoloits wasnt nintendo's fault it was nvidia. Nintendo likely trusted in them to not make an oversight that large. Seeing how none of nintendo's side of things for the switch has an viable exploit had they stuck to their original plan for the switch 1 and made their own SoC its likely the switch 1 never would have been hacked.

 

[thesjaakspoiler]

The switch 1's exoloits wasnt nintendo's fault it was nvidia.

No, it was a programming flaw that allowed you to boot into RCM and kick in the doors of the castle.
Nintendo could even have disabled the RCM mode itself per request to nVidia.

People make mistakes but they also learn from them.

 

[ihaveahax]

No, it was a programming flaw that allowed you to boot into RCM and kick in the doors of the castle.
Nintendo could even have disabled the RCM mode itself per request to nVidia.

People make mistakes but they also learn from them.

RCM is likely what Nintendo uses in repair centers so they can run recovery tools on the console. Similar to how an NTR card can be used to run a payload on 3DS (and is exploited by ntrboot). So disabling it wouldn't be an option.

 

[M7L7NK7]

RCM is likely what Nintendo uses in repair centers so they can run recovery tools on the console.

Well yeah, it is recovery mode

 

[Ondrashek06]

Well yeah, it is recovery mode

...and people also forget that RCM is also a thing on patched units, it just doesn't have the exploit that allows booting unsigned payloads.

Nintendo's payloads are signed, so RCM is still useful in repair centers.

 

[The Real Jdbye]

...and people also forget that RCM is also a thing on patched units, it just doesn't have the exploit that allows booting unsigned payloads.

Nintendo's payloads are signed, so RCM is still useful in repair centers.

IIRC later units have the USB completely disabled in RCM mode, effectively rendering it useless.
RCM is a feature left over by Nvidia, as far as we know Nintendo doesn't use it.

 

[emmauss]

IIRC later units have the USB completely disabled in RCM mode, effectively rendering it useless.
RCM is a feature left over by Nvidia, as far as we know Nintendo doesn't use it.

I don't remember seeing that reported anywhere. Do you have any sources?