Resource and Video Tutorial Updated!

Before We Start:

Disclaimer:This is only for advanced user only, EVERY time you modify your system, there is always the potential for an UNRECOVERABLE brick even though is very rare. I assume no responsibility if anything happened to your console

What is Custom Firmware?

Custom Firmware (“CFW”) enables you to use more advanced things that userland homebrew can’t easily do. For instance, running homebrew applications. Currently, all Nintendo Switches sold before July 2018 can run custom firmware. Switches sold after this point may only be exploitable if they are on firmware 4.1.0. This guide will include checking if your system is vulnerable.

What do I need to know before starting?

  1. Switch
  2. Windows PC
  3. USB A to USB C cable
  4. 64GB or more SD card

Although a Mac, Android or IOS device will also do, it’s not in the scope of this guide. Let me know if you want this part.

Getting Started

Finding your serial number

This number can be found on the bottom of your Switch adjacent to the USB-C port, or in the Settings applet at System -> Serial Information.

Determining if your Switch is vulnerable

Nintendo serial number

If your serial number is on this list as potentially patched, follow the guide and see if your system works.

RCM

For the best choice, this guide will only guide you through setting up EmuNand, if you want to use SysNand, this guide is not for you

Pros of using emuNAND over sysNAND CFW:

Installing game cartridge dumps without dirtying sysNAND, allowing sysNAND to be used online without ban risk.

Entering RCM

Power off the Switch and use one of the methods listed below to short the pins on the right joycon rail. Hold Volume Up and press the Power button.

For beginners, I only recommend you use a RCM jig. If you want to use other methods to short the pins on the right joycon rail, do as you wish.

title=

title=

title=

If your Switch displays the Nintendo logo and boots normally or immediately shuts down, you didn't successfully enter RCM and should try again. Otherwise, if your console did not turn on normally, and the screen remained black with no backlight, your Switch is in RCM.

Sending a Payload

What you need

  • The latest release of TegraRcmGUI
  • The latest release of Hekate (either from hekate_ctcaer or Kosmos)
  • The latest release of TegraExplorer

How to inject a payload

  1. Install and run TegraRcmGUI.
  2. Navigate to the Settings tab, then press Install Driver and follow the on-screen instructions.
  3. Connect your Switch in RCM to your PC using the USB cable.
  4. Navigate to the Payload tab of TegraRcmGUI.
  5. Your Switch should be shown as detected in the bottom left corner.
  6. Press the file button next to Inject payload, and navigate to and select your payload .bin file.payload文件
  7. Click Inject payload to launch the payload you selected.

Partitioning the SD Card

Before we start, if you are using a microSD card already as a storage device for your games, you will want to back up your Nintendo folder that is on the root of your microSD card to a safe place on your computer. This folder contains your downloaded games and game updates.

  1. Inject the TegraExplorer payload with your 64GB (or larger) SD card inserted into your Switch.
  2. If you forgot how to do this, re-read the sending payload section of the guide.
  3. Navigate to SD Format and press the power button to enter the SD format menu.
  4. Navigate to Format for EmuMMC setup and press the power button to confirm.
  5. Read the warning, and press power after 10 seconds to format your SD card.
  6. Note: This will delete all data on your SD card. Make sure you backed up your Nintendo folder!
  7. Press any button to return to the main menu.
  8. Navigate to Exit and press the power button to enter the Exit menu.
  9. Navigate to Reboot to RCM and press the power button to reboot to RCM. It\'s now safe to eject your sd card for the next part of the guide.

If you get the issue that Windows says the SD card is unreadable and wants to format it, do not format! This is likely your emuMMC partition.

If your console's screen remains black after you've sent Hekate, it's possible your payload was corrupted, or that your console is patched. If your payload injector program shows that 0 bytes were sent, then it is definitely patched, so you'll be unable to proceed with the rest of the guide.

SD Preparation

  1. Go to https://www.sdsetup.com
  2. Select Nintendo Switch
  3. Select the “Kosmos Defaults” package
  4. If you think you know what you are doing, you can choose whatever CFW and options you wish.
  5. Select “Download your ZIP”
  6. This can take a while depending on your Internet speed and latency. Be patient.
  7. Extract the ZIP file from SDSetup to a folder on your PC.
  8. The ‘sd’ folder contains all of the files that should go on your SD card. Copy all of the contents of this folder to the root of your SD card.
  9. After copying the SD card files to your SD card, insert it back into your Switch.

Your sd card should look like this

Safety Precautions

If you think you know what you are doing, you can skip if you want.

Backing up your NAND and BIS keys

By backing up your NAND (the Switch’s internal memory), you will later be able to restore it in the event that anything goes wrong, essentially rewinding it back to a previous state.
  1. In Hekate, select ‘Tools > Backup eMMC > eMMC BOOT0 & BOOT1’
  2. When finished, close this tab and select ‘eMMC RAW GPP’
  3. It will cost about 32GB storage. Once finished remove your SD card (you don’t need to shutdown Hekate) and copy the ‘backup’ folder off of your SD card and put it in a safe location on your PC. Delete the ‘backup’ folder on your SD card and put SD card back
  4. Close the Backup menu, go back to the Home tab and tap ‘Reboot > RCM’
  5. Send the “Lockpick_RCM.bin” payload provided in the SDSetup download to your Switch (if you do not have this payload, you can obtain it from GitHub.
  6. Choose to backup your key in sysnand
  7. Lockpick_RCM should now inform you that your keys have been saved to /switch/prod.keys on the SD card.
  8. Press any button to return to the main menu.
  9. Navigate to \'Power off\' with the volume buttons and select it with the power button.
  10. Insert your SD card into your PC.
  11. Copy prod.keys from the switch folder on your SD card to a safe location on your PC (it is suggested to copy it to the same place that you copied your NAND backup to).

Making the emuMMC

Before you start, boot your switch normally, and delete all the wifi networks. You can add them back to your sysnand after completing this guide, NEVER connect to the internet when you are in CFW unless you know how to use incognito CFW or 90DNS.
  1. Enter RCM and inject the Hekate payload
  2. Use the touch screen to navigate to emuMMC
  3. Tap on Create emuMMC, then select SD Partition
  4. Tap on Continue. It will start making the emummc now. After it\'s done return to the emuMMC menu using the Close buttons
  5. Tap on Change emuMMC, then SD RAW 1
  6. Go back to the main menu

Launching CFW

You should keep your emuMMC(emunand) offline (or with 90dns) at all times. Not doing this will likely result in a ban
  1. Power on your Switch into RCM, and inject the Hekate payload
  2. Navigate to Launch using the touch screen
  3. Find CFW EmuMMC and launch it

If you want to boot into stock rom, just select stock-sysnand, NEVER select CFW-sysNand, it will “dirty” your original Nand system.

Once you successfully boot into the system, under system update, you should look like picture below.

Resource

Video Tutorial

Youtube

Last modification:October 2, 2020
© Allow specification reprint
If you like my post, you can donate to buy me a cup of coffee.