Hardware Switch black Screen bricked? whitout Nand backup
- Thread starter ThiagoDaruma
- Start date
- Views 7,845
- Replies 39
- Likes 1
well, in 6.2 it showed the blue screen. you didn't even have the nintendo logo.
but I can try again.
but I can try again.
This does look like a software issue.Tho I cant put my finger on the issue
Sent from my SM-N960U using Tapatalk
Sent from my SM-N960U using Tapatalk
YEESS !! I got it! the problem really was in Prod.keys.
I took the prod.keys from my functional switch and compared it to the prod.keys from the bricked switch that I had managed to extract after injecting the keyblob in Boot0.
I tried to copy everything from one prod.keys to the other, replacing only the keys, but even so the switch does not leave the black screen, that's when I saw a video talking about a process that I had not seen in any tutorial.
It was necessary to run EmmcHaccgen and extract the downloaded software with the prodkeys that contained my TSEC keys. then it was what I hadn't seen anywhere, use Hactoolnet.exe to save the keys in the 8000000000000120 firmware file.
after all this process I did the manual update by hacdiskMount, I booted through the atmosphere and now my console is alive in firmware 9.2.0.
thanks really to everyone who helped me and stopped a little to give me that attention.
Thank you!
follows some images
I took the prod.keys from my functional switch and compared it to the prod.keys from the bricked switch that I had managed to extract after injecting the keyblob in Boot0.
I tried to copy everything from one prod.keys to the other, replacing only the keys, but even so the switch does not leave the black screen, that's when I saw a video talking about a process that I had not seen in any tutorial.
It was necessary to run EmmcHaccgen and extract the downloaded software with the prodkeys that contained my TSEC keys. then it was what I hadn't seen anywhere, use Hactoolnet.exe to save the keys in the 8000000000000120 firmware file.
after all this process I did the manual update by hacdiskMount, I booted through the atmosphere and now my console is alive in firmware 9.2.0.
thanks really to everyone who helped me and stopped a little to give me that attention.
Thank you!
follows some images
Attachments
unfortunately the console is banned. = /
I don't know if it was already banned or if it was banned when I connected it on the internet (I didn't use atmosphere, I boot the original sysnand
I think it was modded and the emmc got coreupted.probably why it was banned
Sent from my SM-N960U using Tapatalk
Sent from my SM-N960U using Tapatalk
all,
I am facing similar situation with thiago. when I run lockpickrcm to get prod.keys, there are keyblobs 0-5 errors.
I want to fix that, but I am stucked.
I have some questions :
1. how do you get encrypted_keyblob_0 - 5 ?
I run linkle keygen -k prod.keys, the output does not contain encrypted_keyblob 0 - 5, only these:
*Snip!*
2. which boot0.bin file is to be edited, the original file from the extracted file from the firmware (file size 1.5MB) or boot0.bin from sysnand dump (file size 4MB)
Thanks
I am facing similar situation with thiago. when I run lockpickrcm to get prod.keys, there are keyblobs 0-5 errors.
I want to fix that, but I am stucked.
I have some questions :
1. how do you get encrypted_keyblob_0 - 5 ?
I run linkle keygen -k prod.keys, the output does not contain encrypted_keyblob 0 - 5, only these:
*Snip!*
2. which boot0.bin file is to be edited, the original file from the extracted file from the firmware (file size 1.5MB) or boot0.bin from sysnand dump (file size 4MB)
Thanks
Last edited by Foxi4,
, Reason: Please don't post keys on the site
A while ago I described in private to another user everything I did. I will copy and place the file for you here.
I hope this helps you
my problem was in the prod.keys file.
first I restored my keyblobs at boot0 (I believe you have already done so),
then I dumped the prod.keys again using Lockpick_RCM.
I downloaded a Prod.keys from 9.2.0 on the internet (it comes clean, and functional)
I opened both prod.keys files with the notepad and started to copy my keys to the file I downloaded, copying the missing information from one to the other.
follows all the lines I copied and changed to the clean prod.keys that I downloaded:
"bis_kek_source = (add)
bis_key_00 = (add)
bis_key_01 = (add)
bis_key_02 = (add)
bis_key_03 = (add)
bis_key_source_00 = (add)
bis_key_source_01 = (add)
bis_key_source_02 = (add)
device_key = (add)
device_key_4x = (add)
key_area_key_application_09 = (add)
key_area_key_application_0a = (add)
key_area_key_ocean_09 = (add)
key_area_key_ocean_0a = (add)
key_area_key_system_09 = (add)
key_area_key_system_0a = (add)
keyblob_key_00 = (replace)
keyblob_key_01 = (replace)
keyblob_key_02 = (replace)
keyblob_key_03 = (replace)
keyblob_key_04 = (replace)
keyblob_key_05 = (replace)
keyblob_mac_key_00 = (replace)
keyblob_mac_key_01 = (replace)
keyblob_mac_key_02 = (replace)
keyblob_mac_key_03 = (replace)
keyblob_mac_key_04 = (replace)
keyblob_mac_key_05 = (replace)
master_kek_source_09 = (add)
master_kek_source_0a = (add)
master_key_09 = (add)
master_key_0a = (add)
package2_key_09 = (add)
package2_key_0a = (add)
save_mac_key = (replace)
save_mac_sd_card_kek_source = (add)
save_mac_sd_card_key_source = (add)
sd_card_custom_storage_key_source = (add)
secure_boot_key = (replace)
titlekek_09 = (replace)
titlekek_0a = (replace)
tsec_key = (replace)"
that was all I change/add, it is important that these lines are in the correct locations and do not delete the lines that have not been changed.
After finishing i used this new corrected prod.keys file to extract the correct firmware with emmchaccgen (using the command "hactoolnet.exe -t save -k keyfile path_to_8000...").
so far so good.
but something i hadn't done before was the next step.
I copied this new extracted firmware to a folder with the
hactoolnet.exe, opened cmd and run the command:
hactoolnet.exe -t save -k keyfile path_to_8000...
it is important that the platform hardware is "exFAT"
The screen you must see to work is the one I'm leaving attached.
the text (GOOD) must appear in the two circled areas, if any fails, go back to prod.keys to check for any possible errors or differences with the console keys and do the whole process again.
if both appear as (GOOD), just follow the process of injecting the firmware manually with the Balena Etcher and Hacdiskmount.
mine worked again like that, I hope it helps you.
--------------------- MERGED ---------------------------
to get the keyblobs I used the linkle together with the prod.keys file, then I made a backup of Boot0.bin on heckate and added the new keyblobs with HxD
I hope this helps you
my problem was in the prod.keys file.
first I restored my keyblobs at boot0 (I believe you have already done so),
then I dumped the prod.keys again using Lockpick_RCM.
I downloaded a Prod.keys from 9.2.0 on the internet (it comes clean, and functional)
I opened both prod.keys files with the notepad and started to copy my keys to the file I downloaded, copying the missing information from one to the other.
follows all the lines I copied and changed to the clean prod.keys that I downloaded:
"bis_kek_source = (add)
bis_key_00 = (add)
bis_key_01 = (add)
bis_key_02 = (add)
bis_key_03 = (add)
bis_key_source_00 = (add)
bis_key_source_01 = (add)
bis_key_source_02 = (add)
device_key = (add)
device_key_4x = (add)
key_area_key_application_09 = (add)
key_area_key_application_0a = (add)
key_area_key_ocean_09 = (add)
key_area_key_ocean_0a = (add)
key_area_key_system_09 = (add)
key_area_key_system_0a = (add)
keyblob_key_00 = (replace)
keyblob_key_01 = (replace)
keyblob_key_02 = (replace)
keyblob_key_03 = (replace)
keyblob_key_04 = (replace)
keyblob_key_05 = (replace)
keyblob_mac_key_00 = (replace)
keyblob_mac_key_01 = (replace)
keyblob_mac_key_02 = (replace)
keyblob_mac_key_03 = (replace)
keyblob_mac_key_04 = (replace)
keyblob_mac_key_05 = (replace)
master_kek_source_09 = (add)
master_kek_source_0a = (add)
master_key_09 = (add)
master_key_0a = (add)
package2_key_09 = (add)
package2_key_0a = (add)
save_mac_key = (replace)
save_mac_sd_card_kek_source = (add)
save_mac_sd_card_key_source = (add)
sd_card_custom_storage_key_source = (add)
secure_boot_key = (replace)
titlekek_09 = (replace)
titlekek_0a = (replace)
tsec_key = (replace)"
that was all I change/add, it is important that these lines are in the correct locations and do not delete the lines that have not been changed.
After finishing i used this new corrected prod.keys file to extract the correct firmware with emmchaccgen (using the command "hactoolnet.exe -t save -k keyfile path_to_8000...").
so far so good.
but something i hadn't done before was the next step.
I copied this new extracted firmware to a folder with the
hactoolnet.exe, opened cmd and run the command:
hactoolnet.exe -t save -k keyfile path_to_8000...
it is important that the platform hardware is "exFAT"
The screen you must see to work is the one I'm leaving attached.
the text (GOOD) must appear in the two circled areas, if any fails, go back to prod.keys to check for any possible errors or differences with the console keys and do the whole process again.
if both appear as (GOOD), just follow the process of injecting the firmware manually with the Balena Etcher and Hacdiskmount.
mine worked again like that, I hope it helps you.
--------------------- MERGED ---------------------------
to get the keyblobs I used the linkle together with the prod.keys file, then I made a backup of Boot0.bin on heckate and added the new keyblobs with HxD
Last edited by Foxi4,
, Reason: Replying to edited post
thank you so much for your response Thiago, I think I am still far away from total unbricking my Switch. Let me write down step by step, things I have done and PM you
--------------------- MERGED ---------------------------
today I did lockpickrcm to my friend's healthy switch and got his prod.keys, did linkle keygen -k prod.keys, inside I found the encrypted keyblob, unlike mine.
--------------------- MERGED ---------------------------
today I did lockpickrcm to my friend's healthy switch and got his prod.keys, did linkle keygen -k prod.keys, inside I found the encrypted keyblob, unlike mine.
how do you generate encrypted keyblob ? my prod.keys does not contain that, while my friend's healthy switch does
hi,
I obtained 2 prod.keys from 2 of my friends, their switch are healthy ones, then I compared mine with them, I add some lines that are missing in mine, and I believe I got the right prod.keys now.
I used linkle again, and this time the output is giving me encrypted_keyblobs. I was so happy with it.
Then I move my prod.keys to emmchaccgen folder and run it :
emmcHaccGen.exe --keys c:\emmchaccgen\prod.keys --fw c:\emmchaccgen\fw
I got the files and flash the sysnand boot0 and boot1 using the extracted files.
I run lockpickrcm again, and still getting an error.
I backed up my boot0.bin and boot1.bin, using hetake, then I opened boot0.bin using HxD, at offset 00180000, no entry.
I opened my friends boot0.bin, both of there are some entries in those address. So I guess, that must be the entry that I need to fill in.
I checked my friends encrypted_keyblob and compared it with their boot0.bin entries at 00180000, and they are not the same.
So my question is which number do I need to insert into my boot0.bin ?
Thank you all
--------------------- MERGED ---------------------------
Please teach me how to insert keyblobs.
My switch is working fine, other than having keyblob errors when I run lockpickrcm
I obtained 2 prod.keys from 2 of my friends, their switch are healthy ones, then I compared mine with them, I add some lines that are missing in mine, and I believe I got the right prod.keys now.
I used linkle again, and this time the output is giving me encrypted_keyblobs. I was so happy with it.
Then I move my prod.keys to emmchaccgen folder and run it :
emmcHaccGen.exe --keys c:\emmchaccgen\prod.keys --fw c:\emmchaccgen\fw
I got the files and flash the sysnand boot0 and boot1 using the extracted files.
I run lockpickrcm again, and still getting an error.
I backed up my boot0.bin and boot1.bin, using hetake, then I opened boot0.bin using HxD, at offset 00180000, no entry.
I opened my friends boot0.bin, both of there are some entries in those address. So I guess, that must be the entry that I need to fill in.
I checked my friends encrypted_keyblob and compared it with their boot0.bin entries at 00180000, and they are not the same.
So my question is which number do I need to insert into my boot0.bin ?
Thank you all
--------------------- MERGED ---------------------------
Please teach me how to insert keyblobs.
My switch is working fine, other than having keyblob errors when I run lockpickrcm
Why on earth are you using hactoolnet? All you need is ChoiDujour to unbrick any console as long as PRODINFO is not damaged and/or you have a backup of PRODINFO (although the latter is unlikely if you do not have a backup of any kind).
I'm having this issue as well. I bought a bricked switch off ebay. I've gotten it to boot now to the nintendo switch logo. It's boot0 has no keyblobs and is corrupted and I'm just unsure where I can add the keyblobs or if I even have the correct ones.
How did you inject your keyblobs into boot0? I have all of them but im just not sure what its supposed to look like. Can you PM me and instruct me how you did that?
How did you inject your keyblobs into boot0? I have all of them but im just not sure what its supposed to look like. Can you PM me and instruct me how you did that?
my Switch has burned 13 fuses, so I cannot downgrade to 5.1 which is compatible with choidujour PC. that's we are using emmchaccgen to build the image for our switch.
Similar threads
- No one is chatting at the moment.
