You can now play your own NES ROMs on Nintendo Switch Online thanks to a new hack
One of the main selling points of Nintendo’s new Switch Online service, which went live yesterday, is the library of NES titles available to subscribers. Currently, there are 20 classic NES games available with the promise of more to come. But what if you don’t want to wait on Nintendo to add more games? Thanks to a new hack, you can add your own ROMs to the Switch Online library.
Less than 24 hours after the Switch Online service launched, modder KapuccinoHeck released a video showing that custom ROMs could be loaded into the online NES library. The hacker called the process “incredibly basic,” probably because (in typical Nintendo fashion) Nintendo is using an existing NES emulator and existing ROM files. KapuccinoHeck discovered that all the game files on Switch Online are run of the mill .nes files that can be found on the plethora of ROM sites across the internet. The NES emulator used by Switch Online also seems to be a slightly modified version of an existing emulator.
This wouldn’t be the first time Nintendo has used ROM files of their own games for their virtual consoles. In January 2017, the retro gaming community heavily criticized the company when it was discovered that the copy of Super Mario Bros. sold through the Wii’s Virtual Console was actually a ROM and not an official cartridge dump.
On the Switch, it looks like modders can upload common .nes files to add games to Switch Online. Keep in mind that the process requires a modded or jailbroken Switch, which still requires a complex and somewhat risky procedure. On top of that, there’s a good chance that Nintendo will ban your account should it detect custom ROMs. KapuccinoHeck advises against loading ROMs into Switch Online because Nintendo does random checks at frequent intervals when the service is running.
Still, it’s ironic that Nintendo, the company that recently sued several ROM sites into oblivion for piracy, may be using some of these “pirated” ROMs themselves. It’s even more ironic that this process left an easily exploitable vulnerability in their own paid service.