Hacking SWITCH NOOB PARADISE - Ask questions here

[zerohealinzz]

Its no good. We don't have the proper tools to convert a .NCA into a .NSP which is what is properly supported. You will need to use one of the CDNSP downloads to grab it from Nintendo and have that tool convert the downloaded .NCA files into .NSP. To prevent yourself from getting banned using one of those programs, utilize one of the Switch certificates floating around the Internet that others are using with these tools. Those certificates as well as info on where to look will sadly not be provided on this site.

Yeah i use the CDN, but that gives me the nca instead of nsp, while with another backup game it gives a proper nsp.

I will check into it again,thanks for the quick reply!

@Skittyusedcovet thanks you as well

 

[NANASHI89]

I have a certificate.

Yes, I'm aware that I will be banned, but what eshop downloaders for PC are there?

 

[Draxzelex]

I have a certificate.

Yes, I'm aware that I will be banned, but what eshop downloaders for PC are there?

Too many to count off the top of my head (and too tedious to link them all here). Just google CDN/CDNSP GBATemp and you'll find them. Also, you can use one of the public certificates floating around instead of yours because banned certificates are still allowed to make requests to the CDN service.

 

[zerohealinzz]

After reading https://gbatemp.net/threads/3-0-0-u...ses-the-black-scre.511697/page-3#post-8155687

I wanted to recheck if i had my nand backup lol. Now to my suprise its only 2 GB in size, now i want to make sure if this is correct, or if i should backup it again!

 

[Melhisedek]

I have updated with rajkosto way without burning any fuses. Now at the end it says I should use special hekate-ipl.ini regarding "kip1=FS_510_nogc.kip1"

Now I would love to try some Layeredfs games and I understand I should use latest sdfiles hekate-ipl to be able to enter layeredfs. But will it somehow mess up with my updated firmware? Or should I add "kip1=FS_510_nogc.kip1" to LayeredFS entry in hekate-ipl.ini?

 

[WallsAreLiquid]

1. Is something lost with the very first boot of a new console? Or it's just the same as booting after any factory reset? Does Nintendo test consoles with quality control, powering them on? Is it a good idea to make a NAND backup before even the first OFW launch?
2. Where does exactly fix for Fusée Gelée (no payload injection via RCM) located hardware-wise? I understand this subject is still under research, but is it on a motherboard or some other board? If yes, can one get an exploitable motherboard and install it to some unexploitable unit?

 

[BR6]

must be answered many times,
but search doesnt really give any clear results.
i have created a xci dump of my own cart Zelda BOTW v1 with cert.
my switch is on 3.02with exFat. How do I launch my XCI file?
I do not have Switch OSX only the normal RCM and sdfiles.

 

[ReDEyeDz]

Is there a way to check if a new switch has new revision? May be specific bundles are more safe or serial numbers?

 

[x360hey]

yes or no question: Can I load the Pokken XCI to update my 1.0 switch to 3.0? (not worried about fuses or anything)

Also, is there a difference at this point being on 1.0, 3.0 or 4.1?

The only thing that is preventing me from updating is the possibility of being to no longer have to inject payloads every time the switch restarts.

Edit: Thanks in advance

 

[longxa762]

How do you restore your backup with hekate? Do you just put your rawnand.bin in the sd card then choose restore?

 

[Draxzelex]

After reading https://gbatemp.net/threads/3-0-0-u...ses-the-black-scre.511697/page-3#post-8155687

I wanted to recheck if i had my nand backup lol. Now to my suprise its only 2 GB in size, now i want to make sure if this is correct, or if i should backup it again!

The actual NAND required for a backup is pretty small. The entire NAND is 29.1 GB and is space leftover for installed titles and whatnot.

I have updated with rajkosto way without burning any fuses. Now at the end it says I should use special hekate-ipl.ini regarding "kip1=FS_510_nogc.kip1"

Now I would love to try some Layeredfs games and I understand I should use latest sdfiles hekate-ipl to be able to enter layeredfs. But will it somehow mess up with my updated firmware? Or should I add "kip1=FS_510_nogc.kip1" to LayeredFS entry in hekate-ipl.ini?

It should not interfere

1. Is something lost with the very first boot of a new console? Or it's just the same as booting after any factory reset? Does Nintendo test consoles with quality control, powering them on? Is it a good idea to make a NAND backup before even the first OFW launch?
2. Where does exactly fix for Fusée Gelée (no payload injection via RCM) located hardware-wise? I understand this subject is still under research, but is it on a motherboard or some other board? If yes, can one get an exploitable motherboard and install it to some unexploitable unit?

1. The first boot of the console burns the fuses based on the pre-loaded firmware the unit comes with. This is the only thing lost upon initialization of a brand new Switch. Everything else is not known by me. Factory rests, on the other hand, mimic a Switch booting for the first time. I say mimic because it doesn't actually wipe all traces of the console being used, mostly as a way to deter hackers from avoiding bans. Lastly, a NAND backup made before the console is booted up is probably the cleanest backup we can acquire outside of taking apart the console before it boots up for the first time.
2. I just want to preface this that this is not a noob question so I will answer to the best of my ability. Fusée Gelée is an exploit of the bootrom and the bootrom is a part of the SoC, Erista, or T210. While the bootrom itself is read-only, there are space for patches to be applied at the factory should Nvidia or Nintendo want to modify it without replacing the SoC. I do not know where exactly this SoC is located, but the patched units seem to have utilized these patches to fix the exploit. Therefore, if you were to remove/replace the SoC with an unpatched/vulnerable SoC, then the console would be exploitable again. Watch the following video from about 11:00 for some further details:
   Spoiler

must be answered many times,
but search doesnt really give any clear results.
i have created a xci dump of my own cart Zelda BOTW v1 with cert.
my switch is on 3.02with exFat. How do I launch my XCI file?
I do not have Switch OSX only the normal RCM and sdfiles.

You cannot play backups without SX OS or using LayeredFS on firmwares 4.1 and above

Is there a way to check if a new switch has new revision? May be specific bundles are more safe or serial numbers?

So far, serial numbers are the only indicator we have

yes or no question: Can I load the Pokken XCI to update my 1.0 switch to 3.0? (not worried about fuses or anything)

Also, is there a difference at this point being on 1.0, 3.0 or 4.1?

The only thing that is preventing me from updating is the possibility of being to no longer have to inject payloads every time the switch restarts.

Edit: Thanks in advance

1. Apparently, it does not work as it asks for the cartridge in order to update. But if you find a way to make it working, it is definitely worth making a new thread about.
2. 1.0 has access to a public method of loading CFW without a jig and USB cable but it involves using Puyo-Puyo Tetris. 3.0 has access to an unreleased exploit that doesn't involve a jig and USB cable but may be released around the time of Atmosphere's completion. 4.1 also has access to a similar exploit on 3.0 but the release for that one is much farther in the future potentially
3. Nintendo cannot remove your ability to inject payloads through firmware updates since we are exploiting a hardware-based vulnerability. It is in fact an unpatchable exploit on the software side. However, some people may not prefer using a jig and USB cable to load hacks hence the need for lower firmwares.

How do you restore your backup with hekate? Do you just put your rawnand.bin in the sd card then choose restore?

Yes

 

[zerohealinzz]

So

The actual NAND required for a backup is pretty small. The entire NAND is 29.1 GB and is space leftover for installed titles and whatnot.

just to be clear (im still confused) the size of 2 GB is correct in this case? or shall i just backup it again just to be sure?

thanks for the response

 

[IngeniousDefault]

Should I use this tool after using Hekate? https://github.com/Thog/nx-dreport

 

[Draxzelex]

So

just to be clear (im still confused) the size of 2 GB is correct in this case? or shall i just backup it again just to be sure?

thanks for the response

This is where my lack of testing really shows because I know you only need Boot0/Boot1 to actually restore your Switch from a brick, but I don't know how big this partition actually is. What I do know is that the whole eMMC comes up to about 29.1 GB on Windows and this is the part that stores all of your user-installed content (i.e. system updates, DLC, eShop titles). So if you dumped Boot0/Boot1 in any capacity already and its come down to 2 GB, you can recover from a brick.

Should I use this tool after using Hekate? https://github.com/Thog/nx-dreport

This tool is used for clearing error logs generated by homebrew and hacks. It does not clear the usage of hacks in general. Its possible that merely running this tool adds an inherent ban risk, especially if you have no error logs to wipe. Lastly, running this tool on 5.X may not be a good idea as 5.X has the ability to track if error logs were cleared.

 

[IngeniousDefault]

This is where my lack of testing really shows because I know you only need Boot0/Boot1 to actually restore your Switch from a brick, but I don't know how big this partition actually is. What I do know is that the whole eMMC comes up to about 29.1 GB on Windows and this is the part that stores all of your user-installed content (i.e. system updates, DLC, eShop titles). So if you dumped Boot0/Boot1 in any capacity already and its come down to 2 GB, you can recover from a brick.
This tool is used for clearing error logs generated by homebrew and hacks. It does not clear the usage of hacks in general. Its possible that merely running this tool adds an inherent ban risk, especially if you have no error logs to wipe. Lastly, running this tool on 5.X may not be a good idea as 5.X has the ability to track if error logs were cleared.

Thank you. So it‘s better not to use this tool.

 

[asnka]

Hey all,
I'm not getting the SX OS menu to come up...It automatically goes to cfw. So I can't get to OFW.
I boot with the dongle and autoRCM.
I just get a SX OS splash screen and it boots to CFW.

 

[zerohealinzz]

Hey all,
I'm not getting the SX OS menu to come up...It automatically goes to cfw. So I can't get to OFW.
I boot with the dongle and autoRCM.
I just get a SX OS splash screen and it boots to CFW.

hold volume up when u inject the payload/insert dongle

 

[asnka]

hold volume up when u inject the payload/insert dongle

Thanks...I knew it was something simple.

 

[Priyam]

Once I achieve rcm (i.e. black screen) can I remove my jig? Or we have to keep it in place until I send a payload?

 

[zerohealinzz]

Once I achieve rcm (i.e. black screen) can I remove my jig? Or we have to keep it in place until I send a payload?

I always remove my jig (read: Foil) and it works no problem.