Switch V2 Hardmodding
May 1st 2024 21:00Some time ago I decided to mod my Nintendo Switch for the funsies.
First step of that process is to determine if your console is able to be exploited without a hardware modchip installed. This is the case for "V1" switches, manufactured before August 2018. With those, you could enter the Nvidia Tegra SoC's recovery mode, and push any payload you want using the Fusée Gelée vulnerability. "V2" consoles however arent susceptible, as Nintendo opted for a newer Tegra chip in those systems. So only hardmodding with an RP2040 microcontroller is possible.
As luck would have it, my Switch is a V2.
This is what a modchip might look like if you get one all nice and dressed up on a ready-made PCB. As you will see, the cables on the right will contact capacitors around the SoC. Soldering this requires quite a bit of practice, so you should be well expirenced with soldering before attempting it.
With the switch all disassembled and the heatsink removed you can see the scale of these parts. There are six solder points: two capacitors with two pads each, and then two ground pads, that also act as a structural anchor to the RF shield. And after flashing the appropriate firmware onto the microcontroller, its time to solder.
All soldered up, my awful solder joints hanging on by a thread, but conductive enough for the glitching to work. Time to clean everything up, apply new thermal paste and screw it all back together.
Nice and neat, ready to do the software bits. The modchip will inject any payload after successfully glitching the *****U with well timed voltage fluctuations.
In my case that would be a bootloader called Hekate, which allows you to do all sorts of things, most excitingly partition your SD card and install an entirely separate version of the switch's operating system. Complete with stripped console serial numbers and a telemetry blocking host file. So you can do whatever you like without Nintendo sticking their grubby little fingers in your business.