Resource and Video Tutorial Updated!
Before We Start:
What is Custom Firmware?
Custom Firmware (“CFW”) enables you to use more advanced things that userland homebrew can’t easily do. For instance, running homebrew applications. Currently, all Nintendo Switches sold before July 2018 can run custom firmware. Switches sold after this point may only be exploitable if they are on firmware 4.1.0. This guide will include checking if your system is vulnerable.
What do I need to know before starting?
- Windows PC
- USB A to USB C cable
- 64GB or more SD card
Finding your serial number
This number can be found on the bottom of your Switch adjacent to the USB-C port, or in the Settings applet at System -> Serial Information.
Determining if your Switch is vulnerable
If your serial number is on this list as potentially patched, follow the guide and see if your system works.
For the best choice, this guide will only guide you through setting up EmuNand, if you want to use SysNand, this guide is not for you
Pros of using emuNAND over sysNAND CFW:
Installing game cartridge dumps without dirtying sysNAND, allowing sysNAND to be used online without ban risk.
Power off the Switch and use one of the methods listed below to short the pins on the right joycon rail. Hold Volume Up and press the Power button.
If your Switch displays the Nintendo logo and boots normally or immediately shuts down, you didn't successfully enter RCM and should try again. Otherwise, if your console did not turn on normally, and the screen remained black with no backlight, your Switch is in RCM.
Sending a Payload
What you need
- The latest release of TegraRcmGUI
- The latest release of Hekate (either from hekate_ctcaer or Kosmos)
- The latest release of TegraExplorer
How to inject a payload
- Install and run TegraRcmGUI.
- Navigate to the Settings tab, then press Install Driver and follow the on-screen instructions.
- Connect your Switch in RCM to your PC using the USB cable.
- Navigate to the Payload tab of TegraRcmGUI.
- Your Switch should be shown as detected in the bottom left corner.
- Press the file button next to Inject payload, and navigate to and select your payload .bin file.payload文件
- Click Inject payload to launch the payload you selected.
Partitioning the SD Card
Before we start, if you are using a microSD card already as a storage device for your games, you will want to back up your Nintendo folder that is on the root of your microSD card to a safe place on your computer. This folder contains your downloaded games and game updates.
- Inject the TegraExplorer payload with your 64GB (or larger) SD card inserted into your Switch.
- If you forgot how to do this, re-read the sending payload section of the guide.
- Navigate to SD Format and press the power button to enter the SD format menu.
- Navigate to Format for EmuMMC setup and press the power button to confirm.
- Read the warning, and press power after 10 seconds to format your SD card.
- Note: This will delete all data on your SD card. Make sure you backed up your Nintendo folder!
- Press any button to return to the main menu.
- Navigate to Exit and press the power button to enter the Exit menu.
- Navigate to Reboot to RCM and press the power button to reboot to RCM. It's now safe to eject your sd card for the next part of the guide.
If your console's screen remains black after you've sent Hekate, it's possible your payload was corrupted, or that your console is patched. If your payload injector program shows that 0 bytes were sent, then it is definitely patched, so you'll be unable to proceed with the rest of the guide.
- Go to https://www.sdsetup.com
- Select Nintendo Switch
- Select the “Kosmos Defaults” package
- If you think you know what you are doing, you can choose whatever CFW and options you wish.
- Select “Download your ZIP”
- This can take a while depending on your Internet speed and latency. Be patient.
- Extract the ZIP file from SDSetup to a folder on your PC.
- The ‘sd’ folder contains all of the files that should go on your SD card. Copy all of the contents of this folder to the root of your SD card.
- After copying the SD card files to your SD card, insert it back into your Switch.
<center>Your sd card should look like this</center>
Backing up your NAND and BIS keys
- In Hekate, select ‘Tools > Backup eMMC > eMMC BOOT0 & BOOT1’
- When finished, close this tab and select ‘eMMC RAW GPP’
- It will cost about 32GB storage. Once finished remove your SD card (you don’t need to shutdown Hekate) and copy the ‘backup’ folder off of your SD card and put it in a safe location on your PC. Delete the ‘backup’ folder on your SD card and put SD card back
- Close the Backup menu, go back to the Home tab and tap ‘Reboot > RCM’
- Send the “Lockpick_RCM.bin” payload provided in the SDSetup download to your Switch (if you do not have this payload, you can obtain it from GitHub.
- Choose to backup your key in sysnand
- Lockpick_RCM should now inform you that your keys have been saved to /switch/prod.keys on the SD card.
- Press any button to return to the main menu.
- Navigate to 'Power off' with the volume buttons and select it with the power button.
- Insert your SD card into your PC.
- Copy prod.keys from the switch folder on your SD card to a safe location on your PC (it is suggested to copy it to the same place that you copied your NAND backup to).
Making the emuMMC
- Enter RCM and inject the Hekate payload
- Use the touch screen to navigate to emuMMC
- Tap on Create emuMMC, then select SD Partition
- Tap on Continue. It will start making the emummc now. After it's done return to the emuMMC menu using the Close buttons
- Tap on Change emuMMC, then SD RAW 1
- Go back to the main menu
- Power on your Switch into RCM, and inject the Hekate payload
- Navigate to Launch using the touch screen
- Find CFW EmuMMC and launch it
Once you successfully boot into the system, under system update, you should look like picture below.