Toggle sidebar

Hacking Could we substitute BOOT0 with hekate?

  • Thread starter Thread starter kevin_1351
  • Start date Start date
  • Views Views 3,183
  • Replies Replies 13
kevin_1351

kevin_1351

Well-Known Member
Newcomer
Level 4
Joined
Apr 20, 2014
Messages
88
Reaction score
48
Trophies
0
Age
31
Location
Lugano, Switzerland
XP
517
Country
Switzerland
It's my understanding that they way autoRCM works, is by corrupting BOOT0. So why can't we substitute BOOT0 with something else?

This may be a very ignorant question to ask. Sorry.
 
From what I understand (and if it's anything like the 3DS) corrupting boot0 will make the console boot into a "failsafe" mode (RCM in the Switch's case and the other boot sector in the 3DS) as the processor expects that.
Replacing it isn't as easy as you'd think.
It could be signed or the CPU will simply refuse to load the code you're trying to write.

I'm not up to date on Switch hacking but if it was that easy, you'd already see it applied.
 
  • Like
Reactions: focusonme and The9thBit
DinohScene said:
From what I understand (and if it's anything like the 3DS) corrupting boot0 will make the console boot into a "failsafe" mode (RCM in the Switch's case and the other boot sector in the 3DS) as the processor expects that.
Replacing it isn't as easy as you'd think.
It could be signed or the CPU will simply refuse to load the code you're trying to write.

I'm not up to date on Switch hacking but if it was that easy, you'd already see it applied.
Click to expand...

Indeed, I didn't think that it was going to be easy. But we have all relevant keys If I'm not mistaking. Hekate would have to be modified for this purpose of course. But I don't see why it shouldn't work.

Well, I just wanted to know. Thanks
 
  • Like
Reactions: The9thBit
kevin_1351 said:
Indeed, I didn't think that it was going to be easy. But we have all relevant keys If I'm not mistaking. Hekate would have to be modified for this purpose of course. But I don't see why it shouldn't work.

Well, I just wanted to know. Thanks
Click to expand...

Last time I checked, which was yesterday I believe, only 40 out of 80 keys where known.
I'm pretty sure that in the not so distant future, we might see something similar to BootMii or Godmode9 at boot but for now...

Personally, I would welcome it.
A almost brickproof console/handheld is better then no safety net at all.
Tho, nothing beats hardware flashers.
 
  • Like
Reactions: The9thBit
DinohScene said:
Last time I checked, which was yesterday I believe, only 40 out of 80 keys where known.
I'm pretty sure that in the not so distant future, we might see something similar to BootMii or Godmode9 at boot but for now...

Personally, I would welcome it.
A almost brickproof console/handheld is better then no safety net at all.
Tho, nothing beats hardware flashers.
Click to expand...

There was a leak just a few days ago that provided us with many more keys; and besides, it's not about the numbers.
 
kevin_1351 said:
There was a leak just a few days ago that provided us with many more keys; and besides, it's not about the numbers.
Click to expand...

I don't think Nintendo would be as stupid as Sony to hide masterkeys in their firmware.
And with masterkeys I mean that PSP hackers where able to sign homebrew to be ran on OFW haha.
 
DinohScene said:
I don't think Nintendo would be as stupid as Sony to hide masterkeys in their firmware.
And with masterkeys I mean that PSP hackers where able to sign homebrew to be ran on OFW haha.
Click to expand...
But... I have all the masterkeys in a txt, even dev ones...
We decrypt xci's with them...
 
DinohScene said:
I don't think Nintendo would be as stupid as Sony to hide masterkeys in their firmware.
And with masterkeys I mean that PSP hackers where able to sign homebrew to be ran on OFW haha.
Click to expand...
But they have to be somewhere in the switch, thus we can get them.
 
  • Like
Reactions: ShadowSynthesis
Kubas_inko said:
But they have to be somewhere in the switch, thus we can get them.
Click to expand...

Hasn't happened with the 3DS, hasn't happened with the Wii U and I doubt it'll happen with the Switch.
I honestly don't think Nintendo is that stupid.

Sony leaving PSP signing keys inside the PS3 firmware was shear stupidity.
 
  • Like
Reactions: focusonme
DinohScene said:
Hasn't happened with the 3DS, hasn't happened with the Wii U and I doubt it'll happen with the Switch.
I honestly don't think Nintendo is that stupid.

Sony leaving PSP signing keys inside the PS3 firmware was shear stupidity.
Click to expand...
Oh... signing keys. Yea, those are definitely not there.
 
You would need either a bootROM exploit that takes advantage of the launching mechanism for BOOT0, or the ability to forge a valid signature for the substituting package, the latter of which is virtually impossible.

ShadowSynthesis said:
But... I have all the masterkeys in a txt, even dev ones...
We decrypt xci's with them...
Click to expand...
You need Nintendo's own private signing keys, which only they have access to, in order to sign a file for the bootROM to accept it as valid.
What the Switch has in its storage are the public signing keys and private decryption keys, which are used for verifying that a file was signed by a specific sender's private signing key (Nintendo, in this case), and decrypting files encrypted with the public decryption key, ensuring that only the holder (or holders, I guess) of the private decryption key are able to decrypt them.
 
  • Like
Reactions: SleepyPrince, Deletedmember438770, ShadowSynthesis and 2 others
Hekate doesn't corrupt anything, autoRCM does. And autorcm doesn't launch anything or "install" anything, it just corrupts a part of it which triggers a failsafe boot into RCM. It doesn't boot any payload itself, it's just the same as standard RCM and will require a USB host still to work.
So no, you can't just install hekate to boot0, that's not how it works
 

Site & Scene News

Go to forum More news

Popular threads in this forum

Feedback Homebrew  Essential Homebrew

Homebrew Tutorial Translation Project  CS2SX — Write Nintendo Switch Homebrew in C#

Homebrew Homebrew game Project  So... Dan didn't want to reveal his Vulkan, so I made mine.

Homebrew Homebrew game  Lego Star Wars: The Complete Saga · Switch Port

running 20.5 Is it worth upgrading my firmware...?

Homebrew Homebrew game  GTA: Chinatown Wars - Switch port

Hacking Hardware Misc  Yo chat! I'm I cooked?

Homebrew Homebrew game  Final Fantasy IV 3D Remake - Switch port