Restoring your hacked Switch to stock without a NAND backup

So you decided you are done with having a hacked Nintendo Switch, but you broke the first rule of console soft mods: always take a backup. Tsk tsk. Luckily, there is a process you can follow to remove the hacks from your Switch.

This article is a transcription of a YouTube video by Nevercholt Tech that has since been deleted on dubious copyright grounds. So basically, Nintendo being Nintendo. Fuck Nintendo.

Your failure to take a backup does mean that your switch contents are lost if you want to revert back to stock, including your progress in all games. However, you will have a stock Switch at the end of the process, and assuming you were careful with your homebrew usage, your switch will not be banned either. I have done this personally a couple of times and can vouch for its effectiveness.

Table of Contents

This process is inherently dangerous: pay attention!

There are a couple of steps throughout this process where you will permanently and irrevocably brick your Switch if you do the wrong things, so you should pay very close attention. I recommend you do not attempt this process unless you have no other alternative, since we are going to be using some tools that do not have guard rails or ways to save yourself if you make a mistake.

Measure twice, cut once.

Gather your tools

You will require the following:

  • RCM Jig (or suitable paperclip)
  • A USB cable to connect your Switch to your Windows PC
  • A microSD card reader

You will also need the following software from https://switchtools.sshnuke.net/:

  • TegraRcmSmash
  • Memloaderv3
  • biskeydump
  • HacDiskMount
  • Zadig from https://zadig.akeo.ie/ (for the proper USB driver)

Preparation

  1. Take a NAND backup right now. You are not going to make the same mistake twice, right?
  2. If you have installed autoRCM or any other hacks that cause the system to boot up in homebrew mode, remove it now.
  3. Make sure you have got all the software from the previous section downloaded and ready to go.

Retrieve your keys

First we need to get your keys for a later step. This involves using biskeydump with TegraRcmSmash to push code to your switch from your PC.

  1. Insert your RCM jig (not your payload injector – we will not use it here.)
  2. Power the switch on while holding the Volume + key. You will get a black screen and nothing will appear to happen.
  3. Connect your switch to the PC. Windows should notice it was plugged in.
  4. Launch Zadig.
  5. On the top bar, make sure that “APX Device” is selected.
  6. On the right hand box, hit the down arrow until “libusbK (v3.0.7.0) is selected.
  7. Hit “install driver” and wait for completion.
  8. In your tools folder, drag the biskeydump.bin file onto TegraRcmSmash.exe

The switch will then boot to a screen with your keys and a QR code on it. Use a QR code reader app on your phone to scan the code, and email yourself the results. You can also press a key in the biskeydump screen to save the keys onto your SD card, but I like the email copy idea personally since we will be wiping the SD card later.

Blowing out the cobwebs (and hacks)

  1. Connect the MicroSD card to your PC
  2. From the “sample” folder in your memloaderv3, copy the entire contents to the root of your SD card. Reinsert the SD card.
  3. Boot your switch into RCM recovery (jig in, vol+ held)
  4. Drag memloader.bin onto TegraRCMSmash
  5. Your Switch will display a menu. Using the volume keys, navigate to “umms_emmc.ini”, and press the power button once.
  6. Run HacDiskMount as administrator
  7. From the file menu, select “open physical device”
  8. Look for a “Linux UMS disk” and select it.
  9. Open the SYSTEM partition in the new menu by double clicking
  10. From your email or text file back when we got the keys, fill the text boxes with the BIS key 2 crypto and tweak values. Press Test, it should complete successfully.
  11. Select a drive letter not in use currently on your PC (z: or a letter late in the alphabet is safe), press Install, then Mount.
    This will take a moment.
  12. On your PC, navigate to the drive letter you selected.
  13. Open the save folder.
  14. READ THIS BIT CAREFULLY – YOU WILL BRICK YOUR SWITCH IF YOU FOLLOW THE NEXT STEP WRONG!
  15. Select all files in this directory, and UNselect the file that begins with 8 and ends with 120
    (it may also have a blank or nonsensical date in 1969)
  16. Delete all selected files.
    Again, make sure not to delete the 8………120 file. Double and triple check this because you only get one chance.
  17. Go back to hacdiskmount, and hit unmount, then close the window.
  18. Now, select USER
  19. Put in your BIS key 3 (note: 3, not 2 from the previous step), test, and mount.
  20. Navigate to the folder.
  21. Delete EVERYTHING in this directory. All folders, everything. Leave it completely blank.
  22. Unmount and disconnect from the PC.

We’re done with all the tools. If you have an SD card inserted, now would be a great time to either wipe it, or at least copy the files elsewhere and then wipe it. I’m paranoid, and I don’t want Nintendo to see the various homebrew tools and XCIs/NSPs I had in there.

The hard part’s over

  1. Remove your RCM jig.
  2. Power on your switch normally (without holding Vol+)
  3. Continue through the setup process, but skip the part where you enter your network connection.
  4. Continue until you reach the home screen. Navigate to settings, system, format options, and do a full factory reset.

Your Switch is now stock, and safe to use online.

The test

Once the factory reset is complete, your Switch is stock. There are two points at which you can get an error message if your console was banned, those being:

  • Logging into Nintendo Network
  • Using the eShop
  1. Set up the Switch normally, including connection to the internet. If you’ve been hacked for a long time, you probably will need to update your system before logging into Nintendo Network. Don’t worry, this doesn’t mean you’re banned.
  2. Do any update that the system wants (system menu, system, update)
  3. After the reboot, navigate to your user account and link it with Nintendo Network. If the link completes successfully:
  4. Open the eShop and try to download something free like YouTube.

IF STEPS 4 AND 5 COMPLETED SUCCESSFULLY, YOU ARE DONE! YOU HAVE REVERTED TO STOCK SUCCESSFULLY WITHOUT A BAN!!

If, on the other hand, you get an error message (2124-4007, 2124-4508), then your system is, regretfully, banned, and unable to access online services. You might as well reinstall your hacks.

Karu

Devops guy, Docker fanboy, your average everyday opinionated nerd.