How to Jailbreak Nintendo Switch on Mac OSX

How to Jailbreak Nintendo Switch on Mac OSX

⛔️ Jailbreaking your Nintendo Switch brings many benefits and absolutely some disadvantages. With that being said, please be advised that jailbreaking your console may get you banned if you play online with a Custom Firmware (CFW). And as always, please proceed at your own risk, InterestingSoup is not responsible if you brick your device at anytime during or after this tutorial.

🛑✋🏽 Before we begin we need to ensure your Nintendo Switch is compatible with this jailbreak. Please compare your serial number to the chart below and if your serial number falls under unpatched you are A OK to move on with this tutorial.

Unpatched Switch Serial Numbers

Glad you made it this far, it seems your device is compatible! That means its vulnerable to the fusee-gelee exploit. �

What you need:  

🟠 A USB Type C to A/Micro USB/USB Type C cable/adapter
🟠 Micro SD Card: at least 4GB in size, however 64GB or higher is recommended
🟠 fusee-launcher (payload sending application for Mac & Linux)
Alternative Options: Windows Android
🟠 Files to download: Test Payload, Atmosphere [Hekate] (scroll at bottom and click "Download your Zip")

🟢 Let's Begin
Enter RCM mode

First, we need to access your Nintendo Switch's built-in recovery mode (RCM) and to do this we need to press the Power Button + Volume Up Button + a third Button (which is not on the JoyCon) together. To mimic the 3rd button we need to ground 2 wires on the right joycon rail. You can buy tools online to do this but we were able to accomplish it using aluminum foil. We followed this youtube tutorial. Screenshots of the video below:

You basically roll up a tiny piece of aluminum foil and fold it in half. Half touching pins 9 & 10 and the other half folded outside. To make it easy for you when inserting the joycon you may use some scotch tape to hold down the outer piece.

Once your joycons are slid in, connect your switch to your Mac, press Volume Up Button + Power Button for 7 seconds. If your Switch screen remains "off" that means you have successfully entered RCM mode. ✅


Send Test Payload

Let's test and see if we are truly in RCM mode and can successfully execute a test file before we actually send over the main file to jailbreak the Nintendo Switch.

Downloading the Test Payload is one click but setting up the payload sending application for Mac requires some steps. Do not get discouraged from using Github and CLI, we will guide you through all the commands.

Setting up fusee-launcher:

  1. Go to fusee-launcher > click 'Code' drop down > select GitHub CLI > copy the URL: https://github.com/Qyriad/fusee-launcher.git
  2. Now on your Mac, open Terminal app, enter these commands one-by-one:
    pwd to see which directory your in so you know where your cloning the repo.
    git clone https://github.com/Qyriad/fusee-launcher.git this downloads (clones) fusee-launcher to the directory your currently in.
    cd fusee-launcher this changes the directory to fusee-launcher
    pwd again, just to verify your in the right directory.

    Your directory should now be fusee-launcher. Once confirmed we can move onto the next commands.
    pip install requirements.txt this installs the packages you need to run fusee-launcher.
    open . this opens your current directory in a finder window

    Now that you have the folder open, take your downloaded Test Payload, extract it, and move fusee-test.bin to the directory that just opened.

    This is what it all should look like:
Terminal window with all commands and finder window with fusee-test extracted

Sending Payload

Here is the moment of truth! With your Nintendo Switch in RCM mode, connect a USB-C cable to your switch and the other end to your Mac.

Open Terminal and run this command to send fusee-test.bin to your Switch.

sudo python3 ./fusee-launcher.py ./fusee-test.bin sends test payload to switch and outputs whether or not your switch is hackable. Which, if your serial aligned with the chart in the beginning of this tutorial, it should be!

If all goes well, you should get an output like this:

SENDING TEST PAYLOAD WAS A SUCCESS 

And your switch should display something like this:  

TEST PAYLOAD EXECUTED ON SWITCH 

Sending Main Payload (this is it! 🤗)

Before we begin, let's put your Switch back into RCM Mode by pressing any Volume button on the switch as described on the switch's screen.

Setting Up MicroSD Card

Take your downloaded Atmosphere [Hekate] and extract the contents of it. Take whatever is in sd directory and copy it over to your Nintendo Switch's MicroSD.

(LEFT) Contents of Atmosphere [Hekate] and MicroSD (RIGHT)

Copy over the contents of payload to fusee-launcher (the same directory you copied the fusee-test.bin to)

(LEFT) Contents of Atmosphere [Hekate] and fuee-launcher directory (RIGHT)

Backing up NAND and BisKeys

⚠️ It's extremely important you follow this step, you'll need these files to recover your Switch incase something goes wrong.

Ensure your Switch is in RCM mode and plugged into your computer before continuing.

On your Mac, in terminal run this command
sudo python3 ./fusee-launcher.py ./hekate_ctcaer_5.5.8.bin

You should see this on your terminal and Switch:

Hekate Loaded on Nintendo Switch
  1. "In Hekate, select ‘Tools > Backup eMMC > eMMC BOOT0 & BOOT1’
  2. When finished, remove your SD card (you don’t need to shutdown Hekate), insert it into your PC, and copy the ‘backup’ folder to a safe location on your PC. Afterwards, delete the ‘backup’ folder on your SD card.
  3. Insert your SD card back into your Switch

In Hekate, select ‘Tools > Backup eMMC > eMMC RAW GPP’

  • If your SD card has less than ~32GB free space, Hekate will provide additional instructions every few minutes about pulling files off of your SD card so it can continue.
  1. If you weren’t required to copy files during the backup process, once again copy the ‘backup’ folder off of your SD card and put it in a safe location on your PC. Delete the ‘backup’ folder on your SD card.
  2. Close the Backup menu, go back to the Home tab and tap ‘Reboot > RCM’"
    Copied from Source

On your Mac, in terminal run this command
sudo python3 ./fusee-launcher.py ./Lockpick_RCM.bin

You should see this on your terminal and Switch:

LockPick_RCM loaded on Switch
  1. "Select Dump from SysNAND and press Power to confirm; press again Power when finished to go back to the Lockpick menu
  2. Select Reboot (RCM) from the menu once finished.
  3. Insert your SD card into your PC.
  4. Copy the /switch/prod.keys file to a safe location."
    Copied from Source

    Please view the source above for more ways to ensure your safe like blocking all connections to Nintendo's server by modifying some DNS settings.

Launching Atmosphere

Ensure your switch is in RCM mode and plugged into your computer before continuing.

On your Mac, in terminal run this command
sudo python3 ./fusee-launcher.py ./hekate_ctcaer_5.5.8.bin

Your Nintendo Switch should now boot into Hekate!

Hekate Loaded on Switch

Tap ‘Launch > CFW (sysMMC)’

Hekate will now boot Atmosphere. You can verify you are in Atmosphere by trying to load the Homebrew Menu (see below) or checking if the system version string in System Settings contains (AMS x.x.x).

Congratulations 🎉, you have officially "jailbroke" your Nintendo Switch and are running Atmosphere CFW! Your now enabled to play backups, run emulators, and even install Android!

Be sure to subscribe to our blog, up next we will discuss how to install Android on your Switch to take full advantage of this jailbreak.