Switch Hacking 101: How to launch the Homebrew menu on all FW

Discussion in 'Switch - Tutorials' started by jjbredesen, May 15, 2018.

  1. jjbredesen
    OP

    jjbredesen WarezNX Owner

    Member
    13
    GBAtemp Patron
    jjbredesen is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    Feb 16, 2018
    Norway
    Hyrule
    Welcome to Switch hacking 101!

    The goal of this thread is to prepare users for CFW / HB in a safe manner, to avoid bricks and bans and keep all the information end users should need in one place with simple and easy to understand language.

    The scene changes constantly, as new updates are released by Nintendo, and new tools by the scene what you can do and not can change every day, make sure to check back here often.



    So, you want to hack your Switch? Then let’s get started.

    In this guide you will learn how to boot Atmosphere, custom Nintendo Switch firmware developed by the Reswitched team. It will let you use Homebrew apps, and install mods to your games, among many other features. This guide will however not cover using Homebrew apps themselves, for that please refer to the documentation of each app. Usually the "readme" file on Github will provide most of the information you need.


    Introduction to Firmware and blocking updates:

    First, figure out what Firmware you are on, to do this on your Switch go to settings and scroll down to system.

    [​IMG]

    Under system update you will see “Current system version: x.x.x” this is the Firmware you are currently on.


    It is important that you make a note of this, as it can impact what hacks are available to you.


    You will regardless of firmware want to block updates, why?

    On newer Firmware Nintendo can patch certain loopholes that let us run Homebrew, for you to get the best experience staying on lower Firmware is always better. In addition if the current newest firmware for Switch was released recently, necessary updates might not have been made for different apps to work. It is therefor important that you stay updated to the state of this, and never update before a valid source tells you.

    Blocking updates is easy, follow this guide: https://switch.hacks.guide/blocking-updates

    Come back when you are done.

    Now lets have a look at the current state of Homebrew, for each Firmware version:

    1.0.0

    2.x.x

    3.0.0-3.0.1

    3.0.2

    4.x.x

    6.0.0-6.0.1

    6.1.0-6.2.0

    7.0.0+

    The Homebrew launcher.

    Now that you know what FW you have we can start to look at how you can hack your Switch.

    Before we get into what you can do, you will need to access the Homebrew Launcher. The Homebrew launcher is a “home menu” for homebrew apps.

    [​IMG]


    Method 1: Fusee Gelee, getting into the Homebrew launcher (ALL FW)

    If you purchased a Switch in late July 2018 or later, it is possible you have a unit that has this exploit patched.
    To check if you can use this exploit, please input your Switch serial number (found on the
    bottom left) into this website: http://ismyswitchpatched.com/
    [​IMG]



    This method works on all Nintendo Switch firmware, however as mentioned earlier the latest firmware at the time of you reading this might not yet be supported. Check the firmware section above before proceeding.

    It is however important to note that this exploit can NOT be patched, only mitigated by Nintendo, so if you have a older Switch, this will work.



    >See the other methods in this guide for softmods on lower FW.


    The exploit we will be using is known as Fusee Gelee, discovered by the Reswitched team.

    Before you continue you will need the following items:

    - micro sd card (32GB minimum, but you will want a 64GB or larger card in the future)

    - A computer

    - A screwdriver / paperclip / needle or something else small made of metal

    - USB A to USB C cable, this would be the same cable as your phone charger (Android) or the Switch Pro controller charger

    [​IMG]





    This is where the fun begins. As always modifying your console can damage it, so make sure to follow this guide in detail. I am not responsible if you damage your Switch.



    To begin, you will need to download a few things on your computer:

    >TegraRcmSmash by @rajkosto with GUI by @eliboa

    Download: https://github.com/eliboa/TegraRcmGUI/releases/tag/1.3.0

    This program will allow you to execute payloads on the Switch, payloads are special .bin files that contain different hacks.

    Download the .zip and extract it to a folder on your Desktop.

    [​IMG]



    Now that we can run payloads, we will need a payload that let’s us boot into custom firmware. In this case we will be using a payload called Hekate by nwert. It is a custom bootloader for Switch with several different functions.

    You will also need the SD card files that contain the different resources needed by Homebrew and custom firmware.

    >Download the sd files:

    https://github.com/tumGER/SDFilesSwitch/releases

    >Then download this .bin file:

    https://github.com/CTCaer/hekate/releases/

    You will have 2 files.

    A .zip file and a .bin file.

    Insert your micro sd card in your computer. Now open the .zip (sdfiles) and extract the content to the root of your sd card.

    Keep the .bin on your desktop for now.


    Homebrew Appstore:

    In the SD files you downloaded on the last step, the Homebrew appstore is included. It will let you easily download and install Homebrew apps directly on your Switch.

    [​IMG]



    RCM mode

    To run payloads in Switch we need to boot it into a special recovery mode.

    Doing this is relatively simple but can require some time to get working.

    1. Turn off your Switch by holder power and then choosing shutdown.

    2. Remove the joycon

    Now you should find the needle / screwdriver / pin / paperclip.

    On the right joy con rail, at the bottom you will be able to see ten tiny pins used to connect the joy con in handheld mode. To boot into RCM pin 10 needs to be grounded.

    What this means is that pin 10 must connect to pin 9, 7 or 1 OR a screw on the rail. To do this you can bend a paperclip like the picture below or look at other methods people have used in the following thread: https://gbatemp.net/threads/the-ultimate-list-of-mods-to-enter-rcm.502145/

    [​IMG]


    Once you feel like you have grounded pin 10 we can move on.


    Place the pin / needle etc. in the rail grounding pin 10. Now turn on your switch while holding volume +.

    If you have successfully grounded pin 10 nothing should happen, the screen should not even turn on, if this is the case you have successfully booted into RCM mode.

    If your Switch boots normally, try to adjust the metal and try again until this works.

    Once successful connect the Switch to your computer using the USB C to USB A cable. Windows should make a sound saying a APX device is connected.

    Installing the drivers:

    As I mentioned above we will need drivers to use Switch with our computer.


    [​IMG]

    In TegraRcmSmashGUI go to settings, and install the driver.


    Congrats, you are now ready to run payloads on Switch!

    If you see RCM O.K it means your PC has detected your Switch!


    Making a backup:

    Before doing anything else on Switch, it is important that you make a backup of your system memory. This will allow you to restore it if you make any mistakes in the future.

    Now that drivers are installed and your Switch is in RCM mode, you can open TegraRCMSmash GUI.

    In the program select the payload.bin file you downloaded earlier and click “inject payload” button.

    Your Switch screen should now turn on with a small menu like the picture below:


    [​IMG]

    You can use the volume buttons to navigate the menu and the power button to select things.

    Now go to tools…

    [​IMG]

    Now select Dump Emmc Rawnand.

    This will take some time, but once you are done you will have a backup for your entire NAND on the SD card. Copy the backup from the SD card to your computer for safe keeping.

    Booting Hekate and using the Homebrew menu.

    Now that you have a backup you are safe to use any homebrew you want! Not all apps are updated for all FW, but they are being worked on.

    If you have turned off your Switch and placed your backup on the PC, you need to boot back into RCM. (bridge pin 10, and hold down volume + while booting) connect your Switch back to the PC and run the payload again from TegraRCMSmash.

    [​IMG]

    This time, chose launch and then CFW


    Your Switch will now boot into the OS!

    When you open the Album the homebrew menu should launch instead!

    You are now free to download any homebrew apps you want from the Appstore.

    Note: You will need to run the payload every time you want to replace the Album with the homebrew launcher.

    Not all Homebrew works on 4.x and 5.x, you can find a list of working homebrew here, this information could however be outdated when you read this, so you can always try them on the appstore: https://gbatemp.net/threads/a-list-of-all-the-homebrew-that-currently-works-with-5-0-2.503515/

    Getting into Hekate "on the go"

    By now you hopefully understand the basics of how to run a payload on your Switch, and should be able to repeat the steps above without any issues.

    If that is the case, and you own a Android phone you can also use the app NXloader to run payloads from your phone, instead of TegraRCM Smash, you can download the app here: https://github.com/DavidBuchanan314/NXLoader/releases

    Download the .apk file from github and install it on your android device. Copy the payload.bin file from your PC to the phone.

    If you have a USB C to USB C cable you can now also run the payload from your phone!


    Softmod guide for 1.0.0-3.0.0


    If you want to use the HB menu on 1.0.0-2.3.0 follow this guide (advanced): https://switch.hacks.guide/homebrew-launcher-(pegaswitch)

    If you want to use the HB Menu on 3.0.0 follow this guide (easy): https://switch.hacks.guide/homebrew-launcher-(installer)
     
    Last edited by jjbredesen, Feb 4, 2019
  2. jjbredesen
    OP

    jjbredesen WarezNX Owner

    Member
    13
    GBAtemp Patron
    jjbredesen is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    Feb 16, 2018
    Norway
    Hyrule
    - Reserved for updates and to answer common issues users report-

    Issue 1: My Switch turns on normal when i plug it into my PC!


    Answer: If that is the case you have not booted into RCM, make sure pin 10 is grounded and try again.

    Issue 2: I followed all the steps, but my Switch does nothing when I inject the payload!

    Answer: Make sure you have the right drivers, and do not use a USB hub, make sure it is connected to a port on your actual computer.

    Issue 3: Homebrew App "x" does not work, why?

    Answer: Most apps do not work yet on higher FW, they were designed for 3.0.0, and thus need to be updated by the developers, keep checking for new updates on the HB App store :)

    Issue 4: The homebrew app store is stuck on a loading screen.

    Answer: Make sure you are connected to the internet, wifi can be a bit unstable in Hekate :)

    ---
     
    Last edited by jjbredesen, May 16, 2018
  3. satan89

    satan89 GBAtemp Fan

    Member
    4
    Jan 30, 2014
    India
    Limbo
    Good guide, thank you.

    Noob question - does Hekate mess up the console's battery calibration?
     
    jjbredesen likes this.
  4. jjbredesen
    OP

    jjbredesen WarezNX Owner

    Member
    13
    GBAtemp Patron
    jjbredesen is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    Feb 16, 2018
    Norway
    Hyrule
    There have been reports from some users, but it seems rare. Fixing it is as easy as holding down power for 15 seconds to discharge the capacitors.
     
    Irastris and satan89 like this.
  5. Galaxysm

    Galaxysm Member

    Newcomer
    1
    Feb 28, 2018
    United States
    Thanks a lot for this! Now i can make a backup. :)
     
  6. peteruk

    peteruk GBAtemp Addict

    Member
    12
    Jun 26, 2015
    thank you for this, really helpful

    there's so many threads on so many things scattered through out the section and now it's all in one place, good job
     
  7. jjbredesen
    OP

    jjbredesen WarezNX Owner

    Member
    13
    GBAtemp Patron
    jjbredesen is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    Feb 16, 2018
    Norway
    Hyrule
    Thank you, glad I could help :)
     
    Treeko and peteruk like this.
  8. Dayr

    Dayr Newbie

    Newcomer
    1
    May 23, 2007
    What about 3.0.2? Currently none of them works, but the first one will "soon", right?
    I guess we could update with a game, but why risk it? :P
     
  9. eliboa

    eliboa GBAtemp Regular

    Member
    5
    Jan 13, 2016
    France
    Good guide, well explained and simple :yay:
    Btw TegraRcmGUI 1.3 is out, you should probably update the link ;)
    Edit : 1.3 includes APX driver so you don't have to install Zadig anymore.
     
    Last edited by eliboa, May 15, 2018
  10. jjbredesen
    OP

    jjbredesen WarezNX Owner

    Member
    13
    GBAtemp Patron
    jjbredesen is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    Feb 16, 2018
    Norway
    Hyrule
    Yep! Once Atmosphere is out or someone "Ports" Hekate to 3.0.2 it will work :)

    Thanks, have updated OP :)
     
    Last edited by jjbredesen, May 15, 2018
  11. Kafluke

    Kafluke GBAtemp Psycho!

    Member
    12
    May 6, 2006
    United States
    Great guide
     
    peteruk likes this.
  12. choco_crafteur

    choco_crafteur Newbie

    Newcomer
    1
    May 2, 2018
    France
    hi !
    first, thanks for this very great guide :)

    here's my problem :
    i've only a 16 gb, so i've only make a backup of the sys and the boot part, is that problematic ?
     
  13. Akuseru06

    Akuseru06 Developer

    Member
    3
    Jan 8, 2018
    Romania
    The guy who told is hekate is dangerous and not for user end is now telling us how to install and use it...
     
  14. jjbredesen
    OP

    jjbredesen WarezNX Owner

    Member
    13
    GBAtemp Patron
    jjbredesen is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    Feb 16, 2018
    Norway
    Hyrule
    That should work fine! System and boot is what you would want to restore if something brakes.
     
    choco_crafteur likes this.
  15. choco_crafteur

    choco_crafteur Newbie

    Newcomer
    1
    May 2, 2018
    France
    ok, thanks :)
     
  16. jjbredesen
    OP

    jjbredesen WarezNX Owner

    Member
    13
    GBAtemp Patron
    jjbredesen is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    Feb 16, 2018
    Norway
    Hyrule
    Well... now that we know Nintendo also has the same "wrong" config, we can assume that it does not damage the SoC. Regardless as a lot of people are trying to run it, and failing or even bricking there Switches I thought it would be smart to have a safe guide for users to follow.
     
  17. KTroopA

    KTroopA GBAtemp Advanced Fan

    Member
    5
    Mar 15, 2007
    Ahh so clear just what the doctor ordered. now we are looking at switch hacking in HD. thank you for this :)

    look forward to updates as they unfold.

    [​IMG]
     
  18. WDragon

    WDragon Advanced Member

    Newcomer
    4
    Sep 19, 2003
    Canada
    ****Unknow*****
    You rock dude! Continue the good work ;)
     
  19. NiftyBeard

    NiftyBeard Newbie

    Newcomer
    1
    May 10, 2018
    United States
    Sweet, hopefully we can get this pinned on the discord.
     
  20. jjbredesen
    OP

    jjbredesen WarezNX Owner

    Member
    13
    GBAtemp Patron
    jjbredesen is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    Feb 16, 2018
    Norway
    Hyrule
    Sure, try to suggest it :)
     
    linuxaresisagaysob likes this.
Loading...