The switch hacking scene has sprouted a lot of useful tools and documentation, but those can be fairly hard to find due to being posted left and right without a central repository to list it all. But no more! This awesome list will attempt to be a complete list of all the useful things that the switch hacking community created.
If you see something missing, feel free to leave a comment here so I can add it in.
- SwitchBrew Wiki - A wiki with a lot of information, from SVC docs to file format descriptions.
- SwIPC - (Almost) complete documentation for the switch’s IPC services.
- SwIPC diff - Switch IPC changes for major versions between 1.0.0 and 7.0.0
- Jamais Vu - A warmboot code execution exploit.
- Nintendo Switch RSA-PKCS#1 Public Key Recovery - A short writeup of a fun (but ultimately pretty useless) attack resulting in the recovery of some otherwise unobtainable RSA public keys.
- The eShop and CDN explained: Switch Edition - Everything you need to know about the eShop is explained in this writeup!
- Anti-piracy measures on the Nintendo Switch - A followup to the above writeup explaining the measures Nintendo uses to prevent piracy.
- Fusee-Gelee - A coldboot vulnerability that allows full, unauthenticated arbcode execution from an early bootROM context via RCM mode on Tegra embedded processors.
- transfermeme - Nintendo Switch nvservices Info Leak.
- The Switch - A Memoir - Full writeup of the nvhax chain.
- Kernel Writeup - A write-up of how @SciresM initially achieved kernel code execution on the Nintendo Switch.
- Reverse Engineering Sysmodules - A quick start guide for the specifics on reverse engineering a sysmodule on the Nintendo Switch.
- Switch SD Dumping 101 - How to dump digital games from your sd card.
- Dump Gamecard Guide - How to dump games physical games.
- How to install/run ANY Switch firmware (without burning fuses)
- libtransistor - A C/C++ toolchain based on clang.
- libnx - A C/C++ toolchain based on devkitPro/gcc.
- Megaton-Hammer - A Rust toolchain (surely the best :lenny:)
- PyNX - A Python port, based on libnx.
- LovePotion - A Lua port, based on libnx.
- RyujiNX - An innovative emulator written in C# (using dotnetcore, supports Windows/Mac/Linux)
- Yuzu - An emulator written in C++
- Mephisto - A simple emulator written to assist debugging and reverse engineering.
- hactool - A tool to view informataion about, decrypt, and extract common file formats.
- HacDiskMount - Allows to open Switch eMMC RawNand dumps and mount them as a drive letter in Windows
- switchfs - FUSE scripts for Nintendo Switch files, similar to HacDiskMount but cross-platform.
- SwIPC - IPC code and documentation generator. Auto-generated from swipc-gen.
- ilia - An IPC Logger for the switch, so you can spy on all the IPC calls.
- Atmosphere - A WIP customized firmware for the Switch.
- Hekate - CTCaer’s mod - A complete NX bootloader reimplementation. Functionally equivalent to Atmosphere’s Fusee.
Reverse Engineering Corner
- Loaders - IDA Loaders for NRO/NSO/KIP1
- Ghidra Switch Loaders - A loader for Ghidra supporting a variety of Nintendo Switch file formats.
- Kernel Loader - IDA Loader for Kernels 5.x
- NX-010Editor - 010Editor templates for various switch formats.
- hthh’s switch-reversing - Various Switch reversing scripts.
- Loader 1.0.0 IDC - An IDC for the Loader sysmodule on 1.0.0
- tz_5x.idc - An IDC for the Secure Monitor on 5.0.0
- tz 6x.idc - An IDC for the Secure Monitor on 6.0.0
- tz_620.idc - An IDC for the Secure Monitor on 6.2.0
- tz_700.idc - An IDC for the Secure Monitor on 7.0.0
- tz_800.idc - An IDC for the Secure Monitor on 8.0.0
- package1_4.0.0.idc - An IDC for the pk1ldr on 4.0.0
- bootrom.idc - An IDC for the Tegra X1 BootROM
- Kernel_1.0.0.idc - An IDC for the Kernel 1.0.0.
- FRIEND - An IDA Plugin that (among other things) names system registers.
- hnight7 - An IDA plugin that fixes system register names in hexray view.
- Diaphora - A Free and Open Source diffing tool. Use this to match functions with their named equivalent from an SDK binary.
- idb2pat - Similar to diaphora, idb2pat.py generates IDA Pro FLAIR patterns from existing IDB files, which help IDA Pro recognize common functions in compiled programs and automatically rename them for the reverse engineer