Hacking [RCM Payload] Hekate - CTCaer mod

[1LastRide]

What file size these backups have?

rawnand.bin = 31,268,536,320 bytes

I dumped BOOT and an extra copy of SYS as well, but i haven't been trying to access those via HacDiskMount

 

[CTCaer]

The filesize is correct.
That's what I'm getting:

[06:14:20:146294] [info] Trying to read partition table from -snip-/raw4-20180627/Backup/Restore/rawnand - Copy.bin
[06:14:20:150584] [info] Loaded primary GPT, checking secondary from offset 31268535808
[06:14:20:150880] [info] Secondary GPT is okay
[06:14:20:151003] [info] Using primary GPT as backup GPT is identical

What have run until now (payloads, modules, kips, homebrew, etc)?


EDIT:
Actually, just open the backup in a hexeditor and go to 31268535808 (decimal), take a screenshot and attach it here.

 

[APartOfMe]

Can you explain more about the battery desync fix found here? How'd you get this to work?

 

[CTCaer]

Can you explain more about the battery desync fix found here? How'd you get this to work?

I explained it in another thread, but well..

It forces the battery charger to disconnect the main battery supply pin (BATFET) from the system.
It's not actually virtual or software disconnect as we call it. It's a hardware disconnect caused by software.

This forces the fuel gauge to reset and also the well programmed HOS to wipe its battery fuel gauge cache.
Basically it thinks that a new battery was inserted.

 

[1LastRide]

What have run until now (payloads, modules, kips, homebrew, etc)?
EDIT:
Actually, just open the backup in a hexeditor and go to 31268535808 (decimal), take a screenshot and attach it here.

Thanks for posting your HacTool results. That's interesting. It could legitimately be a problem with my switch. I'm not sure what a good partition table should look like.
If it is a problem, this is a fun problem, at least, and it's not effecting my switch horizon OS at all.

As for what I've run, only two payloads: the CTCaer/Hekate 2.3 payload through RCM + tegraRCMSmash.
and the biskeydump payload through RCM + tegraRCMSmash
No kips, hbmenus, or modules.

I'm just playing around getting a good NAND backup and getting familiar with things so I can start to contribute.

hex editor shows all 00 at that decimal offset of rawnand.bin

 

[CTCaer]

Thanks for posting your HacTool results. That's interesting. It could legitimately be a problem with my switch. I'm not sure what a good partition table should look like.
If it is a problem, this is a fun problem, at least, and it's not effecting my switch horizon OS at all.

As for what I've run, only two payloads: the CTCaer/Hekate 2.3 payload through RCM + tegraRCMSmash.
and the biskeydump payload through RCM + tegraRCMSmash
No kips, hbmenus, or modules.

I'm just playing around getting a good NAND backup and getting familiar with things so I can start to contribute.

hex editor shows all 00 at that decimal offset of rawnand.bin

Yeah, you are missing the secondary (backup) partition table. That's strange.
Just to make sure I'll make a payload to test.

 

[huma_dawii]

Is my nand dump good?

 

[1LastRide]

Is my nand dump good? View attachment 133612

Likely, David. It is. Those are the INFO messages I want.

 

[CTCaer]

Thanks for posting your HacTool results. That's interesting. It could legitimately be a problem with my switch. I'm not sure what a good partition table should look like.
If it is a problem, this is a fun problem, at least, and it's not effecting my switch horizon OS at all.

As for what I've run, only two payloads: the CTCaer/Hekate 2.3 payload through RCM + tegraRCMSmash.
and the biskeydump payload through RCM + tegraRCMSmash
No kips, hbmenus, or modules.

I'm just playing around getting a good NAND backup and getting familiar with things so I can start to contribute.

hex editor shows all 00 at that decimal offset of rawnand.bin

Try the attached payload. Run the first option and tell me what you see.

Is my nand dump good? View attachment 133612

It should be OK.

 

[1LastRide]

Try the attached payload. Run the first option and tell me what you see.

Thanks for this. I'm seeing the partition from the payload.
I'm starting to think my 256 GB card might not be writing properly.

 

[CTCaer]

Thanks for this. I'm seeing the partition from the payload.
I'm starting to think my 256 GB card might not be writing properly.

And this is with the latest commits from my repo, correct?

If yes, your card is legit? Have you tried H2testw on it (all available space)?

 

[veggietales4ever]

how long does the rawnand backup process normally take?

 

[Soluble]

how long does the rawnand backup process normally take?

Feels like 3 days, but maybe 45-60mins?

 

[veggietales4ever]

mine is so insanely slow, hours. i'm also using a FAT32 SD. every % is around 5-10 minutes

 

[Kioku]

how long does the rawnand backup process normally take?

Took me about 20ish minutes.

 

[Raikkonen94]

Feels like 3 days, but maybe 45-60mins?

Same here. I did it once with a FAT32 microSD and later with a exFAT formatted card. The backup seemed to a bit quicker with the latter, but that's just my feeling.

 

[1LastRide]

And this is with the latest commits from my repo, correct?

If yes, your card is legit? Have you tried H2testw on it (all available space)?

At work and will run H2testw on the card when I get home.
I compiled your latest commits last night (had to comment out a ment_options sections to get it to compile) and running it without any ini file / configuration options.
I formatted my SD card last night before I went to bed. I will try a fresh NAND dump and see what happens when I get home.

 

[1LastRide]

I used Horizon 5.1.0 to format the SD card again.
I ran the latest version of IPL that I compiled last night to dump boot and full nand. Took just short of an hour to do the dump.

Validation failed immediately.


The file size for Backup/rawnand.bin written is still right.


Perhaps it's extended writing to the SD card that's causing an issue, and it's just writing 00's.

I downloaded h2testw 1.4 from heise.de and am currently running a full write/verify of the 256GB SD card. This is going to take about 7 hours.
I'm bottlenecked by an old USB 1.0 miniSD adapter at about 10 MByte/s
With a fresh Windows exFat format of the SD Card at 256kb allocation (same as Horizon formats, I believe), H2testw is still saying it can only write/verify 255934/299936 Mbytes.
So I wonder if there's a 2MByte partition table for exFat.

Anyway, If the SD card comes back good, my next step is to do a Horizon system reset, format the SD card in horizon, and then try to dump the nand again.

*EDIT* the SD Card test did NOT come back good. It's most likely a 32 GB card sold to me as a 256 GB Sandisk SDXC. Frustrating, but I think I can solve that problem outside here and try again later. The SD Card had a nintendo album and some game updates living on it, so most likely could not fit the nand backup in the memory that was good, which I'm guessing is why all the secondary partition was read from the SD card file as all 00's. Oh, the irony of trying to hack my console with a hacked SD card.

 

[tottti1914]

hi
so if i don't have much space what is the most important backup i should do (Dump eMMC BOOT+Dump eMMC SYS) enough to be able to restore my system if something happen
thanks

 

[CTCaer]

I used Horizon 5.1.0 to format the SD card again.
I ran the latest version of IPL that I compiled last night to dump boot and full nand. Took just short of an hour to do the dump.

Validation failed immediately.
View attachment 133720

The file size for Backup/rawnand.bin written is still right.
View attachment 133723

Perhaps it's extended writing to the SD card that's causing an issue, and it's just writing 00's.

I downloaded h2testw 1.4 from heise.de and am currently running a full write/verify of the 256GB SD card. This is going to take about 7 hours.
I'm bottlenecked by an old USB 1.0 miniSD adapter at about 10 MByte/s
With a fresh Windows exFat format of the SD Card at 256kb allocation (same as Horizon formats, I believe), H2testw is still saying it can only write/verify 255934/299936 Mbytes.
So I wonder if there's a 2MByte partition table for exFat.

Anyway, If the SD card comes back good, my next step is to do a Horizon system reset, format the SD card in horizon, and then try to dump the nand again.

*EDIT* the SD Card test did NOT come back good. It's most likely a 32 GB card sold to me as a 256 GB Sandisk SDXC. Frustrating, but I think I can solve that problem outside here and try again later. The SD Card had a nintendo album and some game updates living on it, so most likely could not fit the nand backup in the memory that was good, which I'm guessing is why all the secondary partition was read from the SD card file as all 00's. Oh, the irony of trying to hack my console with a hacked SD card.

That's unfortunate :/
I hope that you can return it and get your money back. Send me a screenshot of Print sdcard info and maybe I can tell you if they also faked the vendor details.
And yes, a fake sd card that can reply for addresses out of its real max, it normally replies with 00s or it starts sending the data from the start.

hi
so if i don't have much space what is the most important backup i should do (Dump eMMC BOOT+Dump eMMC SYS) enough to be able to restore my system if something happen
thanks

Do BOOT0/1 and raw first. And then do a SYS one.