Hacking [RCM Payload] Hekate - CTCaer mod

[connectconnect]

The eMMC is already fast. 280MB/s sustained and 400MB/s bursts are not enough?
It could be better but probably not at these size (32GB).
Also it is easily upgradable (if you use hekate to boot).

If you replace the eMMC module,
how do you recreate the content in the new eMMC?
I have a switch with problems in my eMMC, indeed trying to get the BIS Keys it can't access the required keys in the eMMC,
I wonder if I buy a replacement eMMC module how I would be able to create the structure again because restoring a backup from another switch won't work, will it?

 

[CTCaer]

If you replace the eMMC module,
how do you recreate the content in the new eMMC?
I have a switch with problems in my eMMC, indeed trying to get the BIS Keys it can't access the required keys in the eMMC,
I wonder if I buy a replacement eMMC module how I would be able to create the structure again because restoring a backup from another switch won't work, will it?

Well if you don't have a backup and especially prod, you can't restore it to a replacement eMMC.

 

[Canna]

You have to restore an abnormal number of times.
Normally eMMC life performance is around 2000-5000 writes per cell. I don't know exactly though. Manufactures tend to keep these figures a secret or using strange year expectancy calculations.

Depends on NAND chip type (the actual storage chip inside the eMMC), quality (binning) and manufacturers algorithms.
Samsung are the best currently. So the above number should be higher (still not sure though).

On the other hand, replacements are quite cheap. Around 10 dollars. And you can just restore the backup to a new one.

In the end, it's not a good idea to play often with a full write all the time. And a user must always keep this in mind.

Excuse me sir.
When you mention you can simply replace the emmc Chip/Board/package..
Is there any identification the switch pulls from the chip to say this is not the real one Like a serial match etc..
Or is this in the Prod info..? and long as i copy the original emmc to the new one i should be fine ?
also can we access a bootloader to restore a image to emmc if the emmc board inserted is blank or new ?

 

[CTCaer]

Excuse me sir.
When you mention you can simply replace the emmc Chip/Board/package..
Is there any identification the switch pulls from the chip to say this is not the real one Like a serial match etc..
Or is this in the Prod info..? and long as i copy the original emmc to the new one i should be fine ?
also can we access a bootloader to restore a image to emmc if the emmc board inserted is blank or new ?

They already collect these through error reporting.
http://switchbrew.org/index.php?title=Error_Report_services search for nand.
NANDCID (serial and other id) and NANDTotalSize/NANDFreeSpace are the most important.

So best way is to have the error services disabled.

On the other hand these can be spoofed and use a let's say 64GB eMMC. You then restore your backup. Memload it to PC and resize USER partition.

 

[Canna]

They already collect these through error reporting.
http://switchbrew.org/index.php?title=Error_Report_services search for nand.
NANDCID (serial and other id) and NANDTotalSize/NANDFreeSpace are the most important.

So best way is to have the error services disabled.

On the other hand these can be spoofed and use a let's say 64GB eMMC. You then restore your backup. Memload it to PC and resize USER partition.

Im not sure i follow, im not as smart as you sir..

Why can i not replace the emmc with another same size ?
How do i spoof? or spoof a larger ? thank you

 

[CTCaer]

Im not sure i follow, im not as smart as you sir..

Why can i not replace the emmc with another same size ?
How do i spoof? or spoof a larger ? thank you

I didn't say you cannot. I also even said how to do it.

Spoofing of serial numbers needs patching of FS.kip

 

[mariogamer]

They already collect these through error reporting.
http://switchbrew.org/index.php?title=Error_Report_services search for nand.
NANDCID (serial and other id) and NANDTotalSize/NANDFreeSpace are the most important.

So best way is to have the error services disabled.

On the other hand these can be spoofed and use a let's say 64GB eMMC. You then restore your backup. Memload it to PC and resize USER partition.

Is it safe to actually disable the error report service? It would seem supspicious, no?

 

[Canna]

I didn't say you cannot. I also even said how to do it.

Spoofing of serial numbers needs patching of FS.kip

And this is to spoof emmc id ?

So simply using a new emmc chip/board of the same size and brand.
Cant be used without the fs.kip being patched ?
How would one patch the fs.kip

Thank you for your reply much appreciated

 

[CTCaer]

Is it safe to actually disable the error report service? It would seem supspicious, no?

Well, in the end the can create whatever ban heuristics they decide..
It's always cat and mouse, these stuff.

Just let it run when you go online. As long as it's clean.
I live in europe, so this does not reach me a lot..

And this is to spoof emmc id ?

So simply using a new emmc chip/board of the same size and brand.
Cant be used without the fs.kip being patched ?
How would one patch the fs.kip

Thank you for your reply much appreciated

it can be used. Whatever one you get.
It's to avoid detection. Nintendo knows which eMMC id your console has.

 

[Canna]

Well, in the end the can create whatever ban heuristics they decide..
It's always cat and mouse, these stuff.

Just let it run when you go online. As long as it's clean.
I live in europe, so this does not reach me a lot..


it can be used. Whatever one you get.
It's to avoid detection. Nintendo knows which eMMC id your console has.

Do i need to make a special fs.kip ? If so do you recommend a method for me ?

Thank you for your help

 

[qaz015393]

I can't seem to boot into cfw. I tried the one from HERE and then tried it with the V3.2 payload with it as well and still get black screen on my 2.0.0 Switch. Can I please get some help to get it booting into cfw because I need to finish making my backup and need the key files from the system.

 

[BaamAlex]

I can't seem to boot into cfw. I tried the one from HERE and then tried it with the V3.2 payload with it as well and still get black screen on my 2.0.0 Switch. Can I please get some help to get it booting into cfw because I need to finish making my backup and need the key files from the system.

Update the console?

 

[Pockets69]

So quick question here, I am trying to boot a 3.0.0 CFW using hekate bootloader, but i haven't had any luck :/

I am using hekate-3.2-CTCaer-mod and i am using tomGER SDFIles.zip 7.3.1, whenver i do launch CFW i get a black screen, after a while like 30secs i get the nintendo switch logo, and a black (backlit) screen, nothing happens.

Can you guys help me troubleshoot this?

This must be something very obvious, but i don't get what is going on :/

 

[qaz015393]

Update the console?

Yeah I was trying to update my 2.0.0 system (without burning the fuses) and needed to do a proper backup of everything.

So quick question here, I am trying to boot a 3.0.0 CFW using hekate bootloader, but i haven't had any luck :/

I am using hekate-3.2-CTCaer-mod and i am using tomGER SDFIles.zip 7.3.1, whenver i do launch CFW i get a black screen, after a while like 30secs i get the nintendo switch logo, and a black (backlit) screen, nothing happens.

Can you guys help me troubleshoot this?

This must be something very obvious, but i don't get what is going on :/

I'm in the same boat as you. This happens to me too and I even used v7. 3.2 and same thing. Its funny, I asked them on the issue section of the github but the thread was closed without any real help besides use the latest release - which does nothing. Hope we can get some help getting it to work

 

[XaneTenshi]

I can't seem to boot into cfw. I tried the one from HERE and then tried it with the V3.2 payload with it as well and still get black screen on my 2.0.0 Switch. Can I please get some help to get it booting into cfw because I need to finish making my backup and need the key files from the system.

So while I don't really have an answer to your problem right now, I'd like to clear up a few things so that maybe someone else have a better chance of helping you.

You are saying that you need help to get into CFW to backup the rest of your system, but that's not really how this works. You are supposed to backup your Nand, Boot files, BIS Keys etc. before you enter CFW, not after.

Which leads me to the question: Are you having trouble getting the Custom Bootloader (Hekate) to work, as in, do you get stuck on a black screen when you send the Payload or...

Are you actually unable to boot into CFW from within Hekate?

 

[Pockets69]

@qaz015393 I found the answer to my problem, may help solve yours, the issue was that the cfw wasn't booting, I could boot into hekate but could not launch the CFW.

Turns out i was using my sdxc formatted as exfat and my firmware didn't support it, while hekate does and i used it to backup my nand and my keys, when it came to boot the cfw since i had not installed the exfat patch, the cfw would not boot.

I fixed by formatting the sdxc as fat32, and then launching the cfw, it booted right away, i actually used choidujournx to update to the latest firmware, but somehow my gamecart stopped working which makes no sense :/

I was careful and added the nogc kip1patch, and the gamecart problem is only revealed when you downgrade not when you upgrade, so I don't know what might have happened

Hopefully this post helps you out, good luck

EDIT: found why my gamecart controller doesn't work, if you update past 4.0.0 and use the nogc kip1patch so it doesn't update the gamecart controller you also won't be able to play gamecarts on newer firmwares, only on old ones.
Makes sense but it's a shame, I really wanted to update to play mario kart since i bought an updated gamecart that only works on a newer firmware :/

 

[qaz015393]

@qaz015393 I found the answer to my problem, may help solve yours, the issue was that the cfw wasn't booting, I could boot into hekate but could not launch the CFW.

Turns out i was using my sdxc formatted as exfat and my firmware didn't support it, while hekate does and i used it to backup my nand and my keys, when it came to boot the cfw since i had not installed the exfat patch, the cfw would not boot.

I fixed by formatting the sdxc as fat32, and then launching the cfw, it booted right away, i actually used choidujournx to update to the latest firmware, but somehow my gamecart stopped working which makes no sense :/

I was careful and added the nogc kip1patch, and the gamecart problem is only revealed when you downgrade not when you upgrade, so I don't know what might have happened

Hopefully this post helps you out, good luck

EDIT: found why my gamecart controller doesn't work, if you update past 4.0.0 and use the nogc kip1patch so it doesn't update the gamecart controller you also won't be able to play gamecarts on newer firmwares, only on old ones.
Makes sense but it's a shame, I really wanted to update to play mario kart since i bought an updated gamecart that only works on a newer firmware :/

Yes that helped big thanks man.

So while I don't really have an answer to your problem right now, I'd like to clear up a few things so that maybe someone else have a better chance of helping you.

You are saying that you need help to get into CFW to backup the rest of your system, but that's not really how this works. You are supposed to backup your Nand, Boot files, BIS Keys etc. before you enter CFW, not after.

Which leads me to the question: Are you having trouble getting the Custom Bootloader (Hekate) to work, as in, do you get stuck on a black screen when you send the Payload or...

Are you actually unable to boot into CFW from within Hekate?

I was using exfat which doesn't support my fw but when i used my fat 32 memory car, I was able to boot into Hekate cfw from within the Hekate.

 

[cherup]

I bought a switch which does not start properly. RCM, SD card working fine.
Maintenance mode does not work so I decided to rewrite the partitions using the following
method:

https://gbatemp.net/threads/how-to-...nofficially-without-burning-any-fuses.507461/

In the first step a made a backup of BOOT0/1

Then I was trying to flash BOOT0, which ends in an error. After that I cannot mount the discs with memloader any longer.

Trying to restore the B00T0/1 partitions with hetake ends up with ERROR 4.

I guess the internal emmc is damaged ?? Any ideas what to do ?
Would it be possible to buy a new emmc storage and simple restore a new system into it with the biskeys ?

 

[Quicksilver88]

The eMMC is already fast. 280MB/s sustained and 400MB/s bursts are not enough?
It could be better but probably not at these size (32GB).
Also it is easily upgradable (if you use hekate to boot).

No complaints with speed, I just meant I wished we could easily update the EEMC capacity. I assume the chips are on the board? A lift and replace shouldn't be that hard so if we could get say 128gb or more with a bigger EEMC that would be a dream.

 

[CTCaer]

No complaints with speed, I just meant I wished we could easily update the EEMC capacity. I assume the chips are on the board? A lift and replace shouldn't be that hard so if we could get say 128gb or more with a bigger EEMC that would be a dream.

It's super easy, because for some reason, this device is the only one that uses a separate pcb for eMMC, that connects with a "lego" connector..