First usermode exploit and more: Nintendo Switch 2 had a busy (hacking) week for its launch

The Nintendo Switch 2 officially released this week, and if you’re one of the few lucky owners of the device, you might have seen that the console has also been busy on the hacking front. Mig Switch have seen some of their Switch 2 compatibility claims being debunked by testers, a factory firmware was spotted in the wild, and, more importantly, it seems a usermode exploit is already running on the device.

Nintendo apparently shipped some devices with a Factory/Debug Firmware

Some screenshots have been circulating of Switch 2 consoles being shipped with a Debug Firmware, showcasing some QA functionality you’re not supposed to see (instead of the games you’d like to see, btw). Allegedly, some of these devices are already in the hands of hackers for further analysis.

On the screenshots, we can see details of the alleged Debug Firmware, with options to test the hardware as well as battery charge levels, run software tests, or force reboot/shutdown the device.

This could of course be an elaborate prank: please note that I haven’t been able to verify this and GBATemp (the original source) appears to be down at the time of writing.

Mig Switch suggest that their piracy device works on the Switch 2. Testers debunk the claim

Mig Switch have been releasing some confusing marketing material and ads for their piracy cartridge, implying that the controversial device already works on the Switch 2.

Multiple testers have come out of the woods to debunk the claim, and show through multiple screenshots that using a Mig Switch on a Nintendo Switch2 actually doesn’t work. Specifically, the games will display but won’t launch, instead showing an error message when you try to run them.

Switch2 don’t support Migswitch pic.twitter.com/p0rKdEpy7J

— Arizonakk. (@liqihah1) June 4, 2025

This isn’t to say that Mig Switch don’t have an ace up their sleeve, but for now, it doesn’t appear that the device works out of the box on Switch 2. Nevertheless, Mig Switch team explicitly state on their official website that their device is compatible with Switch 2.

Despite multiple issues, in particular with significant delays on delivery for most buyers, Mig Switch have delivered on their claims (for the Switch 1) until now, so they might be up to something. But so far all testers have stated the device fails to run pirated (Switch 1) games on Switch 2.

First Usermode exploit running on the Switch 2, Day 1

Security researcher David Buchanan (aka retr0id) claims he has a ROP chain exploit running on the Nintendo Switch 2, emphasizing that this is not a “native exploit” but “usermode” instead.

Retr0id is known among other things for his work on DeCENC, RootMyTV, or, closer to home, his NXLoader tool for the Switch. He also recently published a proof of concept to gain root access on a laptop via a cigarette lighter.

Personal take: usermode generally *is* native code in my book, it’s just not access to all the libraries that a full kernel exploit would allow. By comparison, I’d say that running PSP exploits on the PS Vita wasn’t “native” because we were only running PSP exploits within the PSP emulator on the Vita. Then again, what do I know. Nothing.

It is actually very possible that the hacker achieved some usermode exploit within the Switch 1 retro compatibility layer.

As “proof” that his exploit is real, retr0id has mentioned the name of a Switch 2 lib “nnCompatTrampoline”, knowledge which he implies one only could access via a hack.

NnCompatTrampoline is a lib used in the Switch 1 emulation/compatibility layer of the Switch 2. (details here .Obviously this wiki page was created *after* Retr0id’s announce)