Skip to content

RCM

About RCM

RCM (short for ReCovery Mode) is a pre-boot mode for Tegra processors that allows NVIDIA and Nintendo to send the Switch tiny programs for various internal uses. On unpatched consoles, once a payload was sent, then quickly copied into the memory buffer behind the stack, it overflowed the memory buffer into the stack. This leads to a "smashed stack" and unsigned code execution within a bootROM context, giving us access to nearly everything on the console. We use it here to launch Atmosphère.

Before setting up for homebrew, install at least one eShop title to utilize "title takeover", an Atmosphère feature that allows homebrew to use more resources than they would normally have. Try downloading a free game (such as Fallout Shelter), application (such as YouTube), or a game demo (such as 10 Second Run RETURNS). Running the Homebrew Menu via a game cartridge will also work, but it must be inserted every time you want to boot into homebrew. Title takeover does not permanently replace or remove the donor game/application, nor does it become tied to it specifically. Any installation or cartridge used for title takeover can always be used normally if you don't hold any buttons when booting that title.
Once you obtain any bootable title, you are prepared to continue on with the guide.

If you choose the emuMMC path introduced later in the guide, it'll be important to disable the Automatic Save Data Cloud function beforehand, as well as making sure the Switch is set as the primary console.

Continue to Entering RCM

Frequently Asked Questions about this page

  • Q: How does the RCM exploit work on unpatched Nintendo Switch consoles?
    A: For more information, please reference this link. There is also a Medium article about it here.

  • Q: Does RCM work on patched consoles?
    A: Yes. RCM is an intended mode for all Switch consoles. The exploit is the unintended effect that only some consoles can use. Consoles with the Tegra X1+ have a completely new bootROM with no evidence of the exploit, while "patched" V1 systems have an IROM patch to the bootROM applied that effectively removes fusee-gelee as well.