PSA: THIS IS NOT A GUIDE ON HOW TO MODIFY YOUR NINTENDO SWITCH! THIS IS SIMPLY AN IN-DEPTH GLOSSARY OF SWITCH MODDING TERMS COMBINED WITH MY OWN THOUGHTS AND OPINIONS. IF YOU WOULD LIKE TO KNOW HOW TO MOD YOUR SWITCH, I WOULD HIGHLY RECOMMEND nh-server.github.io.
G’day GBATemp users!
I was looking into getting a Switch about 4 months ago, but I just decided to get one now on account of being broke previously XD, I had a PS Vita and am quite familiar with Henkaku and the whole homebrew scene (thanks Silica!). So I decided to do some research on the Switch homebrew scene and my mind just committed a fricking BSOD.
I’m not gonna lie, this is messy.
So I decided before I will first talk about the rivalries in the scene as this is important.
There are 2 teams: good and evil, yin and yang, Team Xecuter and everyone else.
Team Xecuter (known as SX or “those dickheads”) I like to consider the Gateway 3DScart of the Switch scene, they only care about piracy and money. Their whole business is to allow people to pirate games and content. Much like Gateway, they are anti-homebrew and take gigantic measures in order to prevent homebrew from being run. What’s worse is they charge $25 USD in order to use their shitty software! Terrible, although they have made significant strides in Switch modding in general as I will talk about later.
Everyone else (known as genuinely good people who want to see a community grow) The website that you are probably reading this on (GBATemp) are full of these people, these are the homebrew developers, the exploit finders, the theme creators, and the men and women helping each other out! Now, yes, granted, piracy is a split issue on any platform, whether it be PC/Console, and yes, piracy is supported on the community-made software. But that’s not the point, the point is awesome people make this stuff and we need to help them as much as we can. Without people like Kate Temkin, the fail0verflow group, lantus, crc32 (just to name a few) and the thousands of other devs making great strides with the Switch, we’d be doomed. So, thanks guys and gals! =)
Ok, now you all probably want to know “what is ShofEL2?”, “what is Atmosphere?”, “what do I need to know?” I will now answer all of that to the best of my ability!
There are A LOT of Switch terminology out there, I mean A LOT. So here is a few.
Atmosphere: The CFW developed by the Atmosphere-NX organization on GitHub.
CFW: Short for custom firmware. Custom firmware permits you to completely modify how your Switch works.
Deja Vu: An unreleased exploit chain for the Nintendo Switch. The completely unpatched version of this chain will grant access to TrustZone, which effectively means being able to enter CFW. The TrustZone part of this exploit was patched in firmware version 5.0.0 and up, but normal homebrew access can still be gained up to firmware version 6.0.1.
fusee-gelee/ShofEL2: Two names for two different implementations of the same exploit. This is an exploit that grants full bootrom access to the Nintendo Switch from the Tegra X1s RCM and permits us to run CFW. This exploit requires an external device and a tiny hardware modification. fusee-gelee is developed by an ex-ReSwitched developer, while ShofEL2 is developed by the failoverfl0w team.
RCM: A shorthand for "Recovery Mode". When talking about hacking the Switch, this commonly refers to the Recovery Mode in the Tegra X1 chip that is included in the Nintendo Switch. Can be entered by holding down the Tegra X1 home button. This button is not the same as the home button on the joycons but instead the VOL+ button on the Switch.
Tegra X1: A chip made by Nvidia that is used in the Nintendo Switch.
TrustZone: The highest security level on the Switch.
So now you have all the most basic info and terminology about Switch modding, if that’s all you needed, there ya go. But if you want to know exactly what is the process is for modding the Switch...
There are 2 ways of modding the switch, deja vu, and the most common one, RCM.
Deja Vu is mainly about exploiting a highly outdated version of WebKit, which is the standard for pretty much all browsers. This was discovered by qwertyuiopz (remember him? PS4 and iOS legend? Awesome dood) and on earlier versions, allowed TrustZone level access which could basically do anything (Caffeine). However, on later versions, while Nintendo didn’t completely patch this, they did only allow for a lower level of authorization (Nereba). Until Nintendo pulled their woolly heads in and patched it completely.
Next is RCM (ReCovery Mode, fusee-gelee, ShofEL2), this is accessed by bridging pin 10 with a ground pin (1, 2 or 7) on the right JoyCon rail, which allows the Nvidia Tegra X1 GPU to have custom payloads uploaded via USB. Most people use a ‘jig’ to access RCM mode, a little piece of plastic which slides down in the right JoyCon rail having a conductive surface (paperclip, 30 gauge copper wire) bridging pin 10 with ground. Once in RCM, the Switch can have a payload uploaded to it, which then calls a CFW from the SD card.
What is a bootloader and CFW and what variations are there?
A bootloader (also known as a payload) is a bin file that essentially tells the Switch to boot from specific files on the SD card, rather than the default Nintendo payloads. Each payload boots to a certain CFW, now what is a CFW you ask?
A CFW (Custom FirmWare) is a software that allows homebrew to be loaded. Consider a CFW as an Operating System, except with different background features, boot logo, and the exact same UI. There are mainly 3 CFW’s in the Switch scene. Atmosphere, ReiNX and SXOS.
Atmosphere is boss. Open source, developed by an awesome and quite wide community, flexible, open to homebrew and piracy, tons of support. My most recommended and the NH Server Guide walks you through how to install this too.
ReiNX is meh. It gets the job done, small-ish community, allows homebrew and piracy also but from my experience is quite unstable, closed source and steals code from Atmosphere. Don’t like them, don’t support them.
SXOS is absolute shit. Made by Team Xecuter, extremely buggy, unfortunately large community, Chinese owned, only supports piracy, homebrew is not allowed, support is shit and it costs money to use it. Absolutely terrible, worse then a pile of dog doo-doo, I will pay you to NOT use it.
I guess I should mention AtlasNX Kosmos aswell, Kosmos is Atmosphere with a bunch of extra apps, plugins etc built in, while decent and useful, the apps are quite outdated and the team has stopped updating it. As long as you don’t mind using outdated app’s and not that much support for it, Kosmos is decent, I guess.
Now remember when I was saying earlier that Team Xecuter is terrible, that’s not ALL true, they have recently made a massive feat in the Switch scene, but first, I need to explain the difference between unpatched and Mariko units.
Unpatched units are those with specific serial numbers, these are vulnerable to RCM, whose Tegra X1’s are oblivious to payload changes. But those with other serial numbers are called patched/Mariko/T214 units. These units have an updated Tegra X1 model referred to as the ‘T210b01’. This model blocks payload updates via USB, basically making them unhackable. FYI all Switch Lite’s have the T210b01, also making them unhackable.
Anyway, back to Team Xecuter, as of writing this, Team Xecuter has announced a modchip that allows homebrew to run on patched/Mariko/T214 units and Switch Lite’s too, we do not know a whole lot about this, other than it is not like RCM (as it can not be loaded through USB) or deja vu (not a WebKit exploit), for all patched/Mariko/T214 units, this is called the SX Core, while for the Switch Lite it is called the SX Lite. Both of these are installed via soldering to the motherboard thus taking apart your Switch thus not recommended for beginners (yet I bet you can pay console modding services to install this for you :/). The latest news about this news so far is that Nintendo has sued several modchip providers for having the Core and Lite’s available for preorder (if this was an independent developer who found this out, I would be pissed, but since this is Team Xecuter, they kinda deserve it). Tbh, this is the only good thing Team Xecuter has done for the community. Anyway, fingers crossed it would be released soon.
WORST. 5. HOURS. EVER.
My fingers are hurting as I wrap this up, I’ll update this when I feel like it, contact me on Discord at C.Bonnie#6224. One last thing before I finish, if you found this at all helpful and feel like making a donation, don’t. I don’t accept donations, but however please donate the money too Diabetes Youth NZ, I am a Type 1 Diabetic myself and they have provided me with amazing help and support, please help them out by sparing a few dollars, donate to them, I’ll consider it a donation to me.
Anyway, hope this helped. Thanks for reading.
~ LunaHuskyy (Charles Bonfante)
G’day GBATemp users!
I was looking into getting a Switch about 4 months ago, but I just decided to get one now on account of being broke previously XD, I had a PS Vita and am quite familiar with Henkaku and the whole homebrew scene (thanks Silica!). So I decided to do some research on the Switch homebrew scene and my mind just committed a fricking BSOD.
I’m not gonna lie, this is messy.
So I decided before I will first talk about the rivalries in the scene as this is important.
There are 2 teams: good and evil, yin and yang, Team Xecuter and everyone else.
Team Xecuter (known as SX or “those dickheads”) I like to consider the Gateway 3DScart of the Switch scene, they only care about piracy and money. Their whole business is to allow people to pirate games and content. Much like Gateway, they are anti-homebrew and take gigantic measures in order to prevent homebrew from being run. What’s worse is they charge $25 USD in order to use their shitty software! Terrible, although they have made significant strides in Switch modding in general as I will talk about later.
Everyone else (known as genuinely good people who want to see a community grow) The website that you are probably reading this on (GBATemp) are full of these people, these are the homebrew developers, the exploit finders, the theme creators, and the men and women helping each other out! Now, yes, granted, piracy is a split issue on any platform, whether it be PC/Console, and yes, piracy is supported on the community-made software. But that’s not the point, the point is awesome people make this stuff and we need to help them as much as we can. Without people like Kate Temkin, the fail0verflow group, lantus, crc32 (just to name a few) and the thousands of other devs making great strides with the Switch, we’d be doomed. So, thanks guys and gals! =)
Ok, now you all probably want to know “what is ShofEL2?”, “what is Atmosphere?”, “what do I need to know?” I will now answer all of that to the best of my ability!
There are A LOT of Switch terminology out there, I mean A LOT. So here is a few.
Atmosphere: The CFW developed by the Atmosphere-NX organization on GitHub.
CFW: Short for custom firmware. Custom firmware permits you to completely modify how your Switch works.
Deja Vu: An unreleased exploit chain for the Nintendo Switch. The completely unpatched version of this chain will grant access to TrustZone, which effectively means being able to enter CFW. The TrustZone part of this exploit was patched in firmware version 5.0.0 and up, but normal homebrew access can still be gained up to firmware version 6.0.1.
fusee-gelee/ShofEL2: Two names for two different implementations of the same exploit. This is an exploit that grants full bootrom access to the Nintendo Switch from the Tegra X1s RCM and permits us to run CFW. This exploit requires an external device and a tiny hardware modification. fusee-gelee is developed by an ex-ReSwitched developer, while ShofEL2 is developed by the failoverfl0w team.
RCM: A shorthand for "Recovery Mode". When talking about hacking the Switch, this commonly refers to the Recovery Mode in the Tegra X1 chip that is included in the Nintendo Switch. Can be entered by holding down the Tegra X1 home button. This button is not the same as the home button on the joycons but instead the VOL+ button on the Switch.
Tegra X1: A chip made by Nvidia that is used in the Nintendo Switch.
TrustZone: The highest security level on the Switch.
So now you have all the most basic info and terminology about Switch modding, if that’s all you needed, there ya go. But if you want to know exactly what is the process is for modding the Switch...
There are 2 ways of modding the switch, deja vu, and the most common one, RCM.
Deja Vu is mainly about exploiting a highly outdated version of WebKit, which is the standard for pretty much all browsers. This was discovered by qwertyuiopz (remember him? PS4 and iOS legend? Awesome dood) and on earlier versions, allowed TrustZone level access which could basically do anything (Caffeine). However, on later versions, while Nintendo didn’t completely patch this, they did only allow for a lower level of authorization (Nereba). Until Nintendo pulled their woolly heads in and patched it completely.
Next is RCM (ReCovery Mode, fusee-gelee, ShofEL2), this is accessed by bridging pin 10 with a ground pin (1, 2 or 7) on the right JoyCon rail, which allows the Nvidia Tegra X1 GPU to have custom payloads uploaded via USB. Most people use a ‘jig’ to access RCM mode, a little piece of plastic which slides down in the right JoyCon rail having a conductive surface (paperclip, 30 gauge copper wire) bridging pin 10 with ground. Once in RCM, the Switch can have a payload uploaded to it, which then calls a CFW from the SD card.
What is a bootloader and CFW and what variations are there?
A bootloader (also known as a payload) is a bin file that essentially tells the Switch to boot from specific files on the SD card, rather than the default Nintendo payloads. Each payload boots to a certain CFW, now what is a CFW you ask?
A CFW (Custom FirmWare) is a software that allows homebrew to be loaded. Consider a CFW as an Operating System, except with different background features, boot logo, and the exact same UI. There are mainly 3 CFW’s in the Switch scene. Atmosphere, ReiNX and SXOS.
Atmosphere is boss. Open source, developed by an awesome and quite wide community, flexible, open to homebrew and piracy, tons of support. My most recommended and the NH Server Guide walks you through how to install this too.
ReiNX is meh. It gets the job done, small-ish community, allows homebrew and piracy also but from my experience is quite unstable, closed source and steals code from Atmosphere. Don’t like them, don’t support them.
SXOS is absolute shit. Made by Team Xecuter, extremely buggy, unfortunately large community, Chinese owned, only supports piracy, homebrew is not allowed, support is shit and it costs money to use it. Absolutely terrible, worse then a pile of dog doo-doo, I will pay you to NOT use it.
I guess I should mention AtlasNX Kosmos aswell, Kosmos is Atmosphere with a bunch of extra apps, plugins etc built in, while decent and useful, the apps are quite outdated and the team has stopped updating it. As long as you don’t mind using outdated app’s and not that much support for it, Kosmos is decent, I guess.
Now remember when I was saying earlier that Team Xecuter is terrible, that’s not ALL true, they have recently made a massive feat in the Switch scene, but first, I need to explain the difference between unpatched and Mariko units.
Unpatched units are those with specific serial numbers, these are vulnerable to RCM, whose Tegra X1’s are oblivious to payload changes. But those with other serial numbers are called patched/Mariko/T214 units. These units have an updated Tegra X1 model referred to as the ‘T210b01’. This model blocks payload updates via USB, basically making them unhackable. FYI all Switch Lite’s have the T210b01, also making them unhackable.
Anyway, back to Team Xecuter, as of writing this, Team Xecuter has announced a modchip that allows homebrew to run on patched/Mariko/T214 units and Switch Lite’s too, we do not know a whole lot about this, other than it is not like RCM (as it can not be loaded through USB) or deja vu (not a WebKit exploit), for all patched/Mariko/T214 units, this is called the SX Core, while for the Switch Lite it is called the SX Lite. Both of these are installed via soldering to the motherboard thus taking apart your Switch thus not recommended for beginners (yet I bet you can pay console modding services to install this for you :/). The latest news about this news so far is that Nintendo has sued several modchip providers for having the Core and Lite’s available for preorder (if this was an independent developer who found this out, I would be pissed, but since this is Team Xecuter, they kinda deserve it). Tbh, this is the only good thing Team Xecuter has done for the community. Anyway, fingers crossed it would be released soon.
WORST. 5. HOURS. EVER.
My fingers are hurting as I wrap this up, I’ll update this when I feel like it, contact me on Discord at C.Bonnie#6224. One last thing before I finish, if you found this at all helpful and feel like making a donation, don’t. I don’t accept donations, but however please donate the money too Diabetes Youth NZ, I am a Type 1 Diabetic myself and they have provided me with amazing help and support, please help them out by sparing a few dollars, donate to them, I’ll consider it a donation to me.
Anyway, hope this helped. Thanks for reading.
~ LunaHuskyy (Charles Bonfante)