Hacking Question Atmosphere "LayeredFS"

[Don Jon]

Someone with a 4.1.0 Switch, who wants to play guinea pig ? ^^
I did port the kernel patch from 5.1.0 to 4.1.0 and made my own patcher.

Only things you need is BCPKG2-1-Normal-Main.bin, BOOT0.bin, TSEC & SBK Key from a nand dump.

Written in pure C#, no hactool.exe needed, comes with source code.
https://www.dropbox.com/s/c7lm9ad1y8na3gt/SwitchToolbox v1.0.0.0.7z?dl=0
- copy BCPKG2-1-Normal-Main.bin & BOOT0.bin into "Data" dir
- run KeyDumper.exe
- enter SBK, TSEC and optional SD SEED (you can also edit the Settings.ini)
- the program should generate a keys.txt and decrypt all needed files
- now run KernelPatcher.exe, it will use the decrypted Kernel.bin and generate a kernel-patched.bin

- KeyDumper.exe supports FW 1.0.0-5.1.0
- KernelPatcher.exe currently only supports FW 4.1.0 & FW 5.1.0
- i plan to add more tools to my SwitchToolbox, like sd card decrypter, maybe i should make my own topic for this ?

im on 4.0.1 so am guessing it will not work?

--------------------- MERGED ---------------------------

I just did it but it's telling me



is it normal? as kernel-patched.bin is generated.

probably
just swap that new keybin with the stuff at GAME CHAT NETWORK DISCORD and test...

 

[thaikhoa]

im on 4.0.1 so am guessing it will not work?

--------------------- MERGED ---------------------------


probably
just swap that new keybin with the stuff at GAME CHAT NETWORK DISCORD and test...

It is still the same issue.

 

[Don Jon]

It is still the same issue.

so it didnt work?

 

[thaikhoa]

so it didnt work?

It works with switchblade perfectly

I'm testing layeredfs.

 

[Dvdxploitr]

there is no reason to stay on lower firmware...maybe these things are supporting highest firmware for a reason? yes, you have a CHANCE at a coldboot before people on higher firmwares, but that's it....latest firmware can play all games, access eShop, play games online....UPDATE! Nintendo CANNOT patch RCM on current hardware....all you're doing is holding yourself back by not updating...what are you going to do when a game comes out that you REALLY want to play?

 

[Don Jon]

if there is a nintendo update, is it possible to update to 5.1 later on
liike is there an archive or something?

 

[thaikhoa]

so it didnt work?

Again, patched Horizon loaded but none game will load layeredfs and legit ones.

 

[Falo]

I just did it but it's telling me
is it normal? as kernel-patched.bin is generated.

Normal, i forget to change the string after i added support... ^^

                case "E6C0B7E32FF94451ECD59579E346B1DA2ED928C6F2314F95D8C7D5BD15D5E25A":
                    Console.WriteLine("Kernel FW 4.1.0 detected!, currently not supported...");

So it doesn't work ?
Maybe the kernel patch is not enough, the actual code for layeredfs is in fs_mitm.kip.

 

[salamandrusker]

Would it be possible for this to work in 3.0.0?

 

[Falo]

Would it be possible for this to work in 3.0.0?

I can port the kernel patch to all fw, but i first need to know that it works on 4.0.0-4.1.0 before i do that. (It's a lot of reversing work)

 

[anonymoose]

I can port the kernel patch to all fw, but i first need to know that it works on 4.0.0-4.1.0 before i do that. (It's a lot of reversing work)

On 4.1.0 here.
It boots into HorizonOS, but when I tried to launch demos with titles injected it became stuck at the loading screen.

 

[MonMonz]

I can port the kernel patch to all fw, but i first need to know that it works on 4.0.0-4.1.0 before i do that. (It's a lot of reversing work)

Cool..guys lets lend our guy here a little help
Anyone with 4.x can test for him?
Am unfortunately have 2.1 only

 

[han xin]

Again, patched Horizon loaded but none game will load layeredfs and legit ones.

My zalo: 0961260662, can you share me some exp about layeredfs, autorcm and trick to not be ban

Sent from my Mi MIX 2 using Tapatalk

 

[NemRe]

On 4.1.0 here.
It boots into HorizonOS, but when I tried to launch demos with titles injected it became stuck at the loading screen.

Same (4.1.0)+kernel-patched.bin... I try Pokken Tournament Demo (Donor Title) and Kirby, doesn't pass the logo screen.

 

[Falo]

On 4.1.0 here.
It boots into HorizonOS, but when I tried to launch demos with titles injected it became stuck at the loading screen.

A freeze like that is almost normal with the current layeredfs, try to reboot after testing 1 title.
For example, i injected Mario+Rabbits into Fortnite and it works perfectly, but only if this is the first title that is booted, if i start homebrew or any other title first, i just get a blackscreen.

BTW:
- does booting HorizonOS work when you remove the kernel-patched.bin (with enabled fs_mitm.kip) ?
- are unmodified games working ?

I just need to know if my kernel-patched.bin is working, no matter if backups are working or not.

 

[NemRe]

Other games (unmodified) it seems not work... It blocks on the Logo screen or black screen.

 

[anonymoose]

A freeze like that is almost normal with the current layeredfs, try to reboot after testing 1 title.
For example, i injected Mario+Rabbits into Fortnite and it works perfectly, but only if this is the first title that is booted, if i start homebrew or any other title first, i just get a blackscreen.

So I tried Mario+Rabbits into Rayman Legends Demo, Owlboy into Octopath Traveler Demo and 1-2-Switch into Voez Demo (just crashed) and all were stuck at the boot screen.

BTW:
- does booting HorizonOS work when you remove the kernel-patched.bin (with enabled fs_mitm.kip) ?

Yes, it booted without the patched kernel.bin. Most things were the same as booting with the kernel.bin (being stuck at the loading screen mostly), except that Fast RMX directly showed a black screen.

- are unmodified games working ?

Launching unmodified Skyrim (Cartridge) I was stuck at the boot screen again and Fast RMX seemingly skipped the boot screen and resulted in a black screen (It also gave an error when I closed it), EtG and other eShop games showed the same behaviour as Fast RMX (but without the error).

EDIT: BTW don't know if it matters, but when I was testing I was loading the other files (fs_mitm.kip, loader.kip, sm.kip) from the LayeredFS pack, with only the kernel.bin changed.

 

[Falo]

Please try again:
https://www.dropbox.com/s/dxa4tnzv8uvt9ur/SwitchToolbox v1.0.0.1.7z?dl=0

changed both patches,
send had a mistake, "LDR X10, [X28,X10]", X28 is correct
and recv is now more like the 5.1.0 patch, using X13 like that was wrong, it now uses the correct value from LDR X13, [SP,#0x70] and X10 is now the temp variable.

 

[thaikhoa]

Please try again:
https://www.dropbox.com/s/dxa4tnzv8uvt9ur/SwitchToolbox v1.0.0.1.7z?dl=0

changed both patches,
send had a mistake, "LDR X10, [X28,X10]", X28 is correct
and recv is now more like the 5.1.0 patch, using X13 like that was wrong, it now uses the correct value from LDR X13, [SP,#0x70] and X10 is now the temp variable.

[4.1]
The patch process is good.
Legit game loads good
Layeredfs game won't load (stuck on black loading screen)
Hbm loads but frozen

 

[NemRe]

With the new version the games unmodified it seems now work; all the demos and games that I have tried have loaded correctly!

Games modified (LayeredFS) still not work (e.g. 1#Sonic Forces into Pac-Man Vs = Show Error 2001-0123 ; 2# Kirby Star Allies into Pokken Tournament Demo = Logo screen crash)