How to Jailbreak Nintendo Switch on Mac OSX

***RAW DUMP OF RECOVERED ARTICLE. LOST DATA DUE TO PREVIOUS HOST***

️ Jailbreaking your Nintendo Switch brings many benefits and absolutely some disadvantages. With that being said, please be advised that jailbreaking your console may get you banned if you play online with a Custom Firmware (CFW). And as always, please proceed at your own risk, InterestingSoup is not responsible if you brick your device at anytime during or after this tutorial.

Before we begin we need to ensure your Nintendo Switch is compatible with this jailbreak. Please compare your serial number to the chart below and if your serial number falls under unpatched you are A OK to move on with this tutorial.

Glad you made it this far, it seems your device is compatible! That means its vulnerable to the fusee-gelee exploit.

What you need:

A USB Type C to A/Micro USB/USB Type C cable/adapter

Micro SD Card: at least 4GB in size, however 64GB or higher is recommended

fusee-launcher (payload sending application for Mac & Linux)
Alternative Options: Windows Android

Files to download: Test Payload, Atmosphere [Hekate] (scroll at bottom and click "Download your Zip")

Let's Begin
Enter RCM mode

First, we need to access your Nintendo Switch's built-in recovery mode (RCM) and to do this we need to press the Power Button + Volume Up Button + a third Button (which is not on the JoyCon) together. To mimic the 3rd button we need to ground 2 wires on the right joycon rail. You can buy tools online to do this but we were able to accomplish it using aluminum foil. We followed this youtube tutorial. Screenshots of the video below:

You basically roll up a tiny piece of aluminum foil and fold it in half. Half touching pins 9 & 10 and the other half folded outside. To make it easy for you when inserting the joycon you may use some scotch tape to hold down the outer piece.

Once your joycons are slid in, connect your switch to your Mac, press Volume Up Button + Power Button for 7 seconds. If your Switch screen remains "off" that means you have successfully entered RCM mode.

Send Test Payload

Let's test and see if we are truly in RCM mode and can successfully execute a test file before we actually send over the main file to jailbreak the Nintendo Switch.

Downloading the Test Payload is one click but setting up the payload sending application for Mac requires some steps. Do not get discouraged from using Github and CLI, we will guide you through all the commands.

Setting up fusee-launcher:

1. Go to fusee-launcher > click 'Code' drop down > select GitHub CLI > copy the URL: https://github.com/Qyriad/fusee-launcher.git
2. Now on your Mac, open Terminal app, enter these commands one-by-one:
   pwd to see which directory your in so you know where your cloning the repo.
   git clone https://github.com/Qyriad/fusee-launcher.git this downloads (clones) fusee-launcher to the directory your currently in.
   cd fusee-launcher this changes the directory to fusee-launcher
   pwd again, just to verify your in the right directory.
   
   Your directory should now be fusee-launcher. Once confirmed we can move onto the next commands.
   pip install requirements.txt this installs the packages you need to run fusee-launcher.
   open . this opens your current directory in a finder window
   
   Now that you have the folder open, take your downloaded Test Payload, extract it, and move fusee-test.bin to the directory that just opened.
   
   This is what it all should look like:

Sending Payload

Here is the moment of truth! With your Nintendo Switch in RCM mode, connect a USB-C cable to your switch and the other end to you Mac.

Open Terminal and run this command to send your fusee-test.bin to the Switch.

sudo python3 ./fusee-launcher.py ./fusee-test.bin sends test payload to switch and outputs whether or not your switch is hackable or not. Which if your serial aligned with the chart in the beginning of this tutorial, you should be "hackable".

If all goes well, you should get an output like this:

And your switch should display something like this:

Sending Main Payload (this is it!)

Finally, the moment we actually "jailbreak" the switch! Before we begin, lets put your Switch back in RCM Mode by pressing any Volume button on the switch as described on the switch's screen.

Setting Up MicroSD Card

Take your downloaded Atmosphere [Hekate] and extract the contents of it. Take whatever is in sd directory and copy it over to your Nintendo Switch's MicroSD.

Copy over the contents of payload to fusee-launcher (the same directory you copied the fusee-test.bin to)

Backing up NAND and BisKeys

It's extremely important you follow this step to recover your switch incase something goes wrong.

Ensure your switch is in RCM mode and plugged into your computer before continuing.

On your Mac, in terminal run this command
sudo python3 ./fusee-launcher.py ./hekate_ctcaer_5.5.8.bin

You should see this on your terminal and switch:

1. "In Hekate, select ‘Tools > Backup eMMC > eMMC BOOT0 & BOOT1’
2. When finished, remove your SD card (you don’t need to shutdown Hekate), insert it into your PC, and copy the ‘backup’ folder to a safe location on your PC. Afterwards, delete the ‘backup’ folder on your SD card.
3. Insert your SD card back into your Switch

In Hekate, select ‘Tools > Backup eMMC > eMMC RAW GPP’

• If your SD card has less than ~32GB free space, Hekate will provide additional instructions every few minutes about pulling files off of your SD card so it can continue.

1. If you weren’t required to copy files during the backup process, once again copy the ‘backup’ folder off of your SD card and put it in a safe location on your PC. Delete the ‘backup’ folder on your SD card.
2. Close the Backup menu, go back to the Home tab and tap ‘Reboot > RCM’"
   Copied from Source

On your Mac, in terminal run this command
sudo python3 ./fusee-launcher.py ./Lockpick_RCM.bin

You should see this on your terminal and switch:

***RAW DUMP OF RECOVERED ARTICLE. LOST DATA DUE TO PREVIOUS HOST***