Hacking Speculations about Switch 2 hacking

[SecureBoot]

Digital Foundry mentions a memory leak happens always when playing cyberpunk 2077 at 56 minutes

Nintendo Switch 2 - DF Hardware Review - A Satisfying Upgrade... But Display Issues Are Problematic​

Wonder if that can be used for something

Its a switch 2 game, not emulated.
I think you can sync modified save files via cross play from PC

Something there?

A memory leak just means you're not freeing up memory after it's done being used. It's not like a overflow. Even if there was some buffer/stack overflow, games are sandboxed so it would probably be useless

 

[Antonio Carlos Parente]

here are my speculations:

I have one s1 oled and one s2 with mig v2.
When I was doing some tests with s2 and mig and s2 games with s1 games: zelda
I realized that on the fw 20.1.1 nintendo added the keys to open any s2 card. If you want to make mig to work on s2 games you need to investigate this fw.
Other thing is the s2 card is only one an s1 card that have this key… because of that a dump from s2 card will be possible from any hacked s1.
Other point of fail is the webbrowser that you can start using the dns trick.

 

[Twistedslugger]

Not gonna happen

It happened the MIG card (I think that’s what it was called) now works with the switch 2 and I believe it shouldn’t take long for homebrewers to open the boot menu

 

[masagrator]

@Szoguner93, this is not 2000s. Forget about so naive approach to exploiting game consoles. Thank you.

 

[bth]

It happened the MIG card (I think that’s what it was called) now works with the switch 2 and I believe it shouldn’t take long for homebrewers to open the boot menu

That's a funny, but delusional at current stage.

The mig switch's switch 2 compatibility right now is exclusively switch1 crypto.

there's still no dumps of any switch 2 cartridge, and zero keys in circulation for switch 2 crypto. the mig itself embeds a lotus root key which specifically is for switch 1.

 

[masagrator]

It happened the MIG card (I think that’s what it was called) now works with the switch 2 and I believe it shouldn’t take long for homebrewers to open the boot menu

Mig Card doesn't allow booting unsigned code, that's why it works ONLY with unmodified cartridge dumps (and only Switch 1 because of crypto stuff).

Post automatically merged: Jun 23, 2025

I realized that on the fw 20.1.1 nintendo added the keys to open any s2 card

They didn't They just added partition on Switch 2 cartridges that can be read with Switch 1 keys that is used to recognize Switch 2 cartridge without accessing Switch 2 data.

 

[Twistedslugger]

Mig Card doesn't allow booting unsigned code, that's why it works ONLY with unmodified cartridge dumps (and only Switch 1 because of crypto stuff).

Post automatically merged: Jun 23, 2025

They didn't They just added partition on Switch 2 cartridges that can be read with Switch 1 keys that is used to recognize Switch 2 cartridge without accessing Switch 2 data.

That is still a weak point, I mean we used tweezers to hack the Wii for crying out loud

 

[RyanTheArchivist]

That is still a weak point, I mean we used tweezers to hack the Wii for crying out loud

Yes and that was basically the first system Nintendo really tried to secure. Not shocking that it was an easy one to crack.

 

[drewd]

here are my speculations:

I have one s1 oled and one s2 with mig v2.
When I was doing some tests with s2 and mig and s2 games with s1 games: zelda
I realized that on the fw 20.1.1 nintendo added the keys to open any s2 card. If you want to make mig to work on s2 games you need to investigate this fw.
Other thing is the s2 card is only one an s1 card that have this key… because of that a dump from s2 card will be possible from any hacked s1.
Other point of fail is the webbrowser that you can start using the dns trick.

Switch 1 cannot dump a Switch 2 game. When a game is inserted into either console, there is an init sequence, which is different on switch 1 and switch 2. When the switch 1 init sequence is used on a cross-gen cart (for example, totk sw2 cart), the cart pretends to be a normal switch 1 cart, so you still can't dump the switch 2 data from a switch 1.

 

[Twistedslugger]

Switch 1 cannot dump a Switch 2 game. When a game is inserted into either console, there is an init sequence, which is different on switch 1 and switch 2. When the switch 1 init sequence is used on a cross-gen cart (for example, totk sw2 cart), the cart pretends to be a normal switch 1 cart, so you still can't dump the switch 2 data from a switch 1.

That doesn’t mean there isn’t a vulnerability, I feel like with a modified mig cart or one specifically for hacking, and if you were able to reach horizon’s boot menu. You could theoretically run a payload, theoretically (I’m not a professional so correct me if I’m wrong)

 

[SecureBoot]

That doesn’t mean there isn’t a vulnerability, I feel like with a modified mig cart or one specifically for hacking, and if you were able to reach horizon’s boot menu. You could theoretically run a payload, theoretically (I’m not a professional so correct me if I’m wrong)

I don't like to be insulting, but it does come across that you are not a professional. I would suggest doing some research into how exploits work because these suggestions are a bit nonsense. The reason the MIG works at all is be BECAUSE it is replicating an original cartridge so closely. Any minor modifications make it entirely inoperable.

On top of that, and this is something I don't know for sure so someone please correct me if I'm wrong, but I'm willing to bet that the cart reader is one of the last things to get initialized in the boot sequence. I wouldn't be surprised if it was loaded after the Operating System.

In the case of the Wii or Switch, people weren't randomly sticking bits of metal into systems to see what happens. I would recommend modern vintage gamers "Mistakes were Made" series for a pretty high level explanation of what led up to these things becoming viable.

 

[masagrator]

That doesn’t mean there isn’t a vulnerability, I feel like with a modified mig cart or one specifically for hacking, and if you were able to reach horizon’s boot menu. You could theoretically run a payload, theoretically (I’m not a professional so correct me if I’m wrong)

This approach is completely ignorant and you should stop right here.

Cartridge slot has its own firmware that noone cracked. You cannot pass any hack via this cartridge as "lotus firmware" won't allow it to even be mounted. MIG Switch works only because it tries to replicate original cartridge as closely as possible, including properly signed NCAs. You cannot properly sign NCAs without breaking into Nintendo's secret vault protected by their ninjas and stealing private key. That's why only unmodified cartridge dumps work.

 

[Antonio Carlos Parente]

Switch 1 cannot dump a Switch 2 game. When a game is inserted into either console, there is an init sequence, which is different on switch 1 and switch 2. When the switch 1 init sequence is used on a cross-gen cart (for example, totk sw2 cart), the cart pretends to be a normal switch 1 cart, so you still can't dump the switch 2 data from a switch 1.

if that is true, why mig dumper can not ready zelda games?

 

[l7777]

Digital Foundry mentions a memory leak happens always when playing cyberpunk 2077 at 56 minutes

Nintendo Switch 2 - DF Hardware Review - A Satisfying Upgrade... But Display Issues Are Problematic​

Wonder if that can be used for something

Its a switch 2 game, not emulated.
I think you can sync modified save files via cross play from PC

Something there?

No

 

[jesus96]

i expect a mod chip more than software exploit probably in a year or two considering the interest on nintendo consoles due to exclusives and stuff maybe another R4 meanwhile like the mig for switch 1 until CFW comes in

 

[Gbasam64]

My bet would also be on a modchip, but not for a good while.

 

[Twistedslugger]

Why y’all so mad at me

 

[Marc_LFD]

My bet would also be on a modchip, but not for a good while.

Switch 2 will be on a diet for a while I'd say, other than Mario Kart World, DK Bananza, and Metroid Prime 4 there aren't any other exclusives currently to look forward to.

And third party games? Barely any will be full game cartridge.

Switch 2 for physical games... Folks have to rely on NS1 releases.

 

[Sank98]

Hi guys im wondering if this will lead to something.

Post automatically merged: Jul 2, 2025

 

[Ygolonac]

My bet would also be on a modchip, but not for a good while.

Even if they discover any exploit, it's probably best to keep it secret if it can get patched with an Update, or if there could be any issues playing games requiring a higher firmware. Not much point hacking the thing now, wait until the library is built up a bit at least.