I last posted “Don’t get your hopes up for Nintendo Switch 2 homebrew” when the console was revealed in January 2025. In this post I hope to give better explanations as to why that is.

Updated July 5, 2025 to address the userland exploit, and how games are sandboxed. Updated September 27, 2025 to include an additional post from SciresM.

No software vulnerabilities

The Nintendo Switch has no software vulnerabilities for modern versions. The last time there was a software-based exploit one was Caffeine, available up to version 4.1.0, released December 2017.¹ There is also the RCM bug, usable on Switch 1 units produced up to around June 2018, which requires no hardware modifications to use.

SciresM, the lead developer of Atmosphère, in addition to multiple other experienced hackers, have thoroughly examined and re-implemented the microkernel of the Switch OS (also known as Horizon), and believe that it contains no exploitable bugs. In tweets from November 2020:

I’ve re-implemented their secure monitor as open source software twice. It has no bugs. I’ve re-implemented their kernel as open source software. It has no exploitable bugs. Software hax isn’t happening unless NV made bootrom mistake (unlikely imo).

xbox one has successfully gone an entire generation without software compromise vulnerabilities.² Nintendo’s secure monitor has 300 functions. Its kernel has ~800. These are tiny binaries, small enough that it’s possible to get them right. I’m less confident in NV’s code, but.

In a post on GBAtemp from August 2025:

I invite everyone actually competent to do research, please, more fresh eyes are always welcome. That said, the kernel has been thoroughly audited by myself, hexkyz, plutoo, and at least five others who I’ve sent my fully labeled IDB (reverse engineering database) to, and none of us have found anything at all. It’s very small (~600 functions, takes about eight hours to fully review), and the odds seem overwhelmingly likely that nothing will ever be found.

I sent Comex all of my reversing data in the hopes he finds it useful; if he finds a kernel bug, I would be thrilled. It is not impossible that I (and many others) have all missed something that he as another talented dev might find. But, I do think people should temper their expectations and mostly expect it to not happen.

It is known already that the Switch 2 OS is based on Horizon, due to Switch 2-specific code being accidentally left in recent Switch 1 updates. So it is going to carry over the already very secure kernel.

What about game exploits for userland access then? Unfortunately this is also a non-starter due to address space layout randomization (ASLR). The usual kinds of exploits such as buffer overflows would not be useful. This is also true for Switch 1 and why no game exploits have appeared on it. Even if a game exploit is used, sandboxing means games (and homebrew that run under them) are restricted in what resources can be accessed, such as the SD card.

Hardware mods will be more difficult, if not impossible

All Switch 1 models can get a modchip installed to run custom firmware. But it is unlikely this will be as easy on Switch 2. We know for a fact that it uses the Nvidia Tegra T239 SoC, which contains new features to guard against physical attacks, including anti-glitching mechanisms.

This keynote by Nvidia goes into further details about the security.

More stuff

As a reminder, Nintendo will not brick your console for modding it.

SciresM stated on a livestream that they will not be developing a custom firmware for Switch 2 in the event it does get a hack enabling full system access.

Switch 2 does not require a day one firmware update to use it to play Switch 2 games, but it is for Switch 1 backwards compatibility and microSD Express support. I need to make this point clear because there’s been misinformation going around claiming “Switch 2 is totally unusable without day one update!”. (Though this point is moot anyway, as softmods are unlikely to ever happen.)

In my opinion, if you want to play all the games you ever want on a portable device, there have been a slew of handheld gaming PCs introduced since Switch 1, such as the Steam Deck or Lenovo Legion Go (that one even has split controllers just like Joy-Cons!), which would be better investments than waiting for a Switch 2 hack that may never materialize.

Update: What about that userland game exploit?

On launch day, David Buchanan (also known as retr0id) posted a video where a Switch 1 game running on Switch 2 was exploited to show a graphical demo. The save exploit was transferred over from a Switch 1.

As mentioned earlier however, due to sandboxing, userland exploits do not provide useful access to console features, such as the SD card.

Notes

1. Caffeine is not technically 100% software. It depends on a hardware bug only available on Erista units. Atmosphère uses this to enable the “reboot to payload” feature. It is not present on Mariko units (Switch Lite, OLED, and 2019 original model refresh), meaning even if Nintendo did not fix Caffeine in software, it would be unusable on newer units and Switch 2. But none of this matters because Nintendo did fix it in March 2018. ↩︎
2. Okay technically the Xbox One / Xbox Series did get a kernel exploit years later, known as Collateral Damage. I do not follow Xbox modding scenes so I’m not aware of its capabilities, but I know that it’s a consequence of the OS being based on Windows, since the exploit has its origins in Windows. Whether or not you want to use this to claim “So Switch 2 may have softmods!” is up to you, despite the situation being entirely different. ↩︎