Hacking Discussion Bricking your Switch on purpose or: How AutoRCM works

[mnemonicpunk]

You can uninstall the change at any time.

Provided that
- it works (I hope they tested it thoroughly)
- you still have access to "SX OS"

It is worth mentioning though that a full NAND backup *should* be able to revert the changes as well if their method isn't too obscure.

 

[smilodon]

With a9lh you were able to revert to stock using a NAND backup, with AutoRCM you can't.

You can already restore a nand backup in RCM dude.

 

[tinkle]

Provided that
- it works (I hope they tested it thoroughly)
- you still have access to "SX OS"

It is worth mentioning though that a full NAND backup *should* be able to revert the changes as well if their method isn't too obscure.

Look, it's clear you're sucking up to the reswitched crew like a white knight here, trying to undermine the product from TX. But like. Why? Just let people use what they want to use.

 

[mnemonicpunk]

Look, it's clear you're sucking up to the reswitched crew like a white knight here, trying to undermine the product from TX.

Nope.

 

[cpasjuste]

Provided that
- it works (I hope they tested it thoroughly)
- you still have access to "SX OS"

It is worth mentioning though that a full NAND backup *should* be able to revert the changes as well if their method isn't too obscure.

Mate, your talking about TX devs... It has been fully tested and will work fine, believe me. You shouldn't assume they comes from nowhere. Again, they have (very) talented devs/hackers.

 

[mariogamer]

Lol.... was pretty sure it was something like that..... since there is a limited number of ways to get into rcm. But I'm still surprised fhey call it autorcm...

Just to say, you still can boot with hekate (stock) if the boot0 partition is damaged in a certain way.

 

[mnemonicpunk]

Mate, your talking about TX devs... It has been fully tested and will work fine, believe me. You shouldn't assume they comes from nowhere. Again, they have (very) talented devs/hackers.

I'm more of the skeptic type in general. I do hope you are right, though.

Lol.... was pretty sure it was something like that..... since there is a limited number of ways to get into rcm. But I'm still surprised fhey call it autorcm...

Just to say, you still can boot with hekate (stock) if the boot0 partition is damaged in a certain way.

Yes, every payload we currently boot with the jig method can still be booted if boot0 is corrupted unless it somehow relies on the data inside.

 

[masterspike52]

As long as the AutoRCM is installed on your system you can not switch back to the original firmware. It will simply refuse to boot.

The people over at ReSwitched have considered the possibility of doing this weeks ago and discarded it so far because they were worried they would fuck up someones Switch permanently. And those are the people writing AMS, the fusee gelee launcher, TegraRCMSmah, libnx and so on.

The main question is this: Did Team Xecuter implement it in an entirely safe and removable way? The honest answer is: I don't know.

the autorcm function is there for convenience under the assumption the user is going to use the dongle anyways, like what's been said already it can be turned off, the reason the devs of atmosphere and whatnot aren't going to do it is because unlike tx the devs of atmosphere don't have the tools (dongle) to apply a software to force it to happen because like tx they'd have to charge for it and they don't believe in paid for things that everyone should have access too

 

[jakkal]

And a9x on the 3ds originally made your 3ds unable to boot without an SD card with specific files on it. What's the difference again?

The difference is the SD card

Lol
I dunno if you're being serious. I'll be setting up the auto RCM mode but comparing it to the 3ds a9lh is ignorant

 

[210modz]

Sorry to break your dream but there is some high level devs/hackers in TX, I mean more talented than reswitched members an such.

I have no clue why people just don't seem to grasp that.

 

[mariogamer]

btw, does (if anyone know) which part of the bct needs to be corrupted for rcm to activate (I don't know if it's the whole bct or only the signed part)

the autorcm function is there for convenience under the assumption the user is going to use the dongle anyways, like what's been said already it can be turned off, the reason the devs of atmosphere and whatnot aren't going to do it is because unlike tx the devs of atmosphere don't have the tools (dongle) to apply a software to force it to happen because like tx they'd have to charge for it and they don't believe in paid for things that everyone should have access too

dongle are actually being made...

And also......THE CFW ISN'T EVEN COMPLETE. SciresM isn't even encouraging fhe use of it now.

 

[PuNKeMoN]

AutoRCM is for people with suicidal tendencies

Suicidal Tendencies is a geat hardcore/thrash band. If you like frenzied moshing, go to one of their shows.

Back on topic though... Seems too risky for me.
I'm not gonna mess around with the boot sector.

 

[rajkosto]

btw, does (if anyone know) which part of the bct needs to be corrupted for rcm to activate (I don't know if it's the whole bct or only the signed part)

write a single 0 byte at offsets 0x0210 , 0x4210 , 0x8210 , 0xC210 of boot0 partition on the eMMC and your switch won't boot normally again unless you write the original byte back (which is always the same for all switches and firmware versions) or do a firmware update

now it'd be nice if this board stopped being full of shills for TX's "revolutionary" not-modchip (just a RCM payload delivery dongle) and a function that was explained/revealed the second the bootrom bug became public ? (as an alternative method on how to enter RCM)

 

[annson24]

*snip*

Back on topic though... Seems too risky for me.
I'm not gonna mess around with the boot sector.

Did you happen to own a 3ds? If so, have you installed a9lh to it?

Sent from my SM-G950F using Tapatalk

 

[Deleted User]

That's my main concern with this as well. As I said before, intentionally corrupting boot0 is no new idea. What worries me somewhat is the fact that it is being advertised like some piece of software you install, not a flaw you intentionally introduce into the normal workings of the system.

Not only that, but your paying for it. That's my main gripe with it. Is your technically paying to brick your console. And not only that, but when you could also do it for the low price of free.99

--------------------- MERGED ---------------------------

Look, it's clear you're sucking up to the reswitched crew like a white knight here, trying to undermine the product from TX. But like. Why? Just let people use what they want to use.

It could be argued that you're sucking up to TX. And TX product has flaws. Main flaw is why pay for something when you could do it yourself for free. Also, I like to point out the xbox 360 scene. In a sense, TX killed the homebrew scene on the 360. We had what? one software based exploit for the 360. And everyone's under the impression that the 360 is unhackable without a hardmod. I personally, I don't like that it's a for profit. . But that's me. I personally rather wait for something to be complete (reswitched cfw) than TX's cfw. It's cool they got cfw working sooner than reswitched. However... can I call the realtime game switcher bs? I'm sorry but I seriously feel like it's marketing bs. Don't get me wrong, I do believe it does work. But why emulate the cart slot. When... we already have the keys to the switch. They could of just fake signed a cart into a digital install. But again, that's just me. Also, I'm yet to see that solder version of their hardmod.

 

[jimmyj]

I still wanna do this lmao

 

[jimmyj]

Please stop trying to hijack this thread and making it about you and/or whether something should be paid or not.

This thread is purely educational in content. Stick to that or kindly leave. Thank you.

So how can we trigger auto rcm?

 

[mnemonicpunk]

So how can we trigger auto rcm?

For end users that is relatively difficult right now. While in theory you can do it by using Linux and corrupting boot0, I wouldn't recommend that for the very same reasons I am wary of the AutoRCM implementation: Do it wrong and you may be stuffed.

Now whether you choose to use AutoRCM, open alternatives or the manual route by Linux commands, make sure you have a complete NAND backup first. There is data on your Switch that can not be recovered if you lose it (namely the PRODINFO).

 

[smf]

TX's big innovation on the switch hacking scene was bricking their users Switches on purpose. Thats novel.

They may have taken the idea from the fusee gelee disclosure. I assume you either didn't read it or didn't understand it.

AutoRCM is for people with suicidal tendencies

It's for people who don't want to hold buttons to get into RCM.

Oh, wow. That puts a WHOLE NEW definition to what Team Xecuter were doing...

Can you explain what this WHOLE NEW definition is?

the reason the devs of atmosphere and whatnot aren't going to do it is because unlike tx the devs of atmosphere don't have the tools (dongle) to apply a software to force it to happen because like tx they'd have to charge for it and they don't believe in paid for things that everyone should have access too

kate hinted how to do it in the fusee gelee disclosure. There are lots of things from fusee gelee that haven't been released due to the embargo. They have only lifted the embargo where other people are releasing first. You do not need a dongle to trigger AutoRCM, just a payload.

 

[MrJason005]

even if you corrupt the signature, do you still have to hold the volume button on every coldboot?