Nintendo’s new Switch 2 has been out for only a couple of days as of writing, but modders have wasted no time poking around under the hood. On June 5, developer and security researcher David Buchanan (@retr0_id on Bluesky) shared footage of a successful framebuffer graphics demo running on the console through a userland Return-Oriented Programming (ROP) exploit. For reference, it's a technique that doesn't involve native code execution, but still manages to draw graphics directly to the screen. In this context, "userland" (or "user space") refers to code that runs outside the kernel, meaning it doesn’t have full system privileges or direct hardware access.
The exploit appears to rely on manipulating system libraries to bypass normal restrictions and execute code within a sandboxed environment. In Buchanan’s demo, a small checkerboard pattern is animated in the top-left corner of the gaming handheld’s screen. He clarified that this was only a partial proof-of-concept, further stating that trying to render a full-screen display would likely tank the framerate.
"This has no practical purpose and I can’t prove I’m not just like, playing a YouTube video or something," Buchanan joked. However, fellow devs and modders were also quick to confirm its legitimacy - and to express concern that Nintendo will likely patch this quickly, making it viable only on early production units.
First userland ropchain exploit on the Switch 2
— SwitchTools (@SwitchTools) June 5, 2025
Source: https://t.co/gLAAycocwX pic.twitter.com/pqU1E09VOR
The community reaction was predictably split between excitement and caution. One user commented, "They’re gonna patch it so fast that only Switch 2s from the first week of production can actually do this," while another admitted they were "trying to hold [themselves] back" from jumping into similar tinkering too soon.
June 4 was the launch day for Switch 2, and while it’s still early days for the homebrew scene, this is the first sign of any meaningful access being achieved without hardware mods. That said, this is not yet full-blown homebrew or piracy territory. As Buchanan mentioned, the exploit does not enable native code execution, only ROP-style chaining within userland - a limitation that greatly reduces its risk level in its current state.
Still, this is a noteworthy first step. Historically, Nintendo has responded pretty quick to such breakthroughs in the past, often issuing silent firmware updates to harden their systems. Whether this technique bears bigger fruit or is immediately shut down remains to be seen.
Read about our first impressions of the Switch 2 here.