Hacking [RCM Payload] Hekate - CTCaer mod

  • Thread starter Thread starter CTCaer
  • Start date Start date
  • Views Views 1,194,023
  • Replies Replies 3,331
  • Likes Likes 128
I'm trying to dump my fuses and tsec_keys, but I wanted to double check something because I'm scared of bricking my Switch.

Starting on 6.0.0, I loaded up ReiNX for my Switch's first dive into homebrew. I have installed my own game's backups and enabled AutoRCM through ReiNX. I read that I can only dump my fuses and tsec_keys with Hekate, not ReiNX, and I wanted to make sure that I would do this process correctly before continuing. Please let me know if this is correct, I would really appreciate it :)

Power off Switch (AutoRCM still enabled), remove sd card, install Hekate v4.2, insert sd card and use Tegra to inject the Hekate .bin file.
In Hekate, I click "AtmoHB" and then I assume that takes me to my Switch's home screen. From there, I go to System Settings.
In there, for fuses, I go to Console Info, Print fuse info, then tap/release the power button once. After that, I go back to Console info, then go to Print Tsec keys, then tap/release the power button once.
After that, I shut down the Switch, then use Tegra to inject ReiNX again.

Are my steps safe? Can I leave AutoRCM enabled through ReiNX through this entire process?
that’s not it at all. hekate is a boot loader. its menu features are accessed before loading the os. the console info... print fuse info and tsec info steps all happen before you enter the os. you can power down afterwards from the hekate menu and load back into reinx if you want.
 
@CTCaer
If my battery runs completely dry, even with HOS power off - will a modchip + hekate still enable me to charge my battery?
Or do I still have to unplug my battery and charge it with another Switch?
What? You never need to unplug the battery and charge it to another switch.
Who starts these rumors.

Just plug it to switch's power brick and wait 20m-hours depending if you have autorcm enabled.

I'm trying to dump my fuses and tsec_keys, but I wanted to double check something because I'm scared of bricking my Switch.

Starting on 6.0.0, I loaded up ReiNX for my Switch's first dive into homebrew. I have installed my own game's backups and enabled AutoRCM through ReiNX. I read that I can only dump my fuses and tsec_keys with Hekate, not ReiNX, and I wanted to make sure that I would do this process correctly before continuing. Please let me know if this is correct, I would really appreciate it :)

Power off Switch (AutoRCM still enabled), remove sd card, install Hekate v4.2, insert sd card and use Tegra to inject the Hekate .bin file.
In Hekate, I click "AtmoHB" and then I assume that takes me to my Switch's home screen. From there, I go to System Settings.
In there, for fuses, I go to Console Info, Print fuse info, then tap/release the power button once. After that, I go back to Console info, then go to Print Tsec keys, then tap/release the power button once.
After that, I shut down the Switch, then use Tegra to inject ReiNX again.

Are my steps safe? Can I leave AutoRCM enabled through ReiNX through this entire process?
Your steps are incorrect.
Inject hekate and have a sd card inserted.
Console info -> Print TSEC keys-> Press POWER button.
That's it. Either boot your other payload via hekate or Restart (RCM) and inject it.

Thank you for this wonderful tool! Easy to use! I do have a question that probably been answered somewhere... Sorry... Do/Should I backup SYS and USER, or is FULL emmc and boot0/1 enough for restoring if needed?
What's the benefit of doing a backup of all the options?
Big Thanks!!
For FULL backup as is, use BOOT0/1 and raw GPP.

The other modes dump the partitions independently and are for devs mostly.
 
What? You never need to unplug the battery and charge it to another switch.
Who starts these rumors.

Just plug it to switch's power brick and wait 20m-hours depending if you have autorcm enabled.

I'm referring to this thread here:

https://gbatemp.net/threads/important-psa-autorcm-battery-warning.505192/

So the scenario I was thinking of is:

- Switch with modchip + hekate
- Battery completely dry - like 0.0% charge
- Plug in power brick
- Switch powers on -> RCM -> no further charging
 
That thread can die in peace.
The was never a battery desync problem.

Anyway, yeah, you just need to charge it with the original power brick and have patience.

Oh ok, I always under the assumption that there is no charging in RCM mode.
 
I've been using hekate for a while now but I want to restore my nand.

If I put the rawnand.bin file in /backup/<id>/restore/, hekate doesn't boot. I get the logo and then black screen. If I remove the backup, everything works normally. I can boot to the OS, use homebrew, play games, etc. I've tried it with two different microsd cards.

I'm using the SD files package and always boot to hekate. Any idea how to fix it?

I've created the backup with an old version of hekate (don't remember which), but I don't suppose that's the problem.
 
I've been using hekate for a while now but I want to restore my nand.

If I put the rawnand.bin file in /backup/<id>/restore/, hekate doesn't boot. I get the logo and then black screen. If I remove the backup, everything works normally. I can boot to the OS, use homebrew, play games, etc. I've tried it with two different microsd cards.

I'm using the SD files package and always boot to hekate. Any idea how to fix it?

I've created the backup with an old version of hekate (don't remember which), but I don't suppose that's the problem.
hekate uses these folders, only when entering a backup/restore option.
So the problem you are seeing is probably corruption.

It's a good thing to mount it on a windows PC and do a repair.
 
hekate uses these folders, only when entering a backup/restore option.
So the problem you are seeing is probably corruption.

It's a good thing to mount it on a windows PC and do a repair.

I've managed to fix it, finally.

First, I checked the card but there was no error in it. Tried it with chkdsk on Windows and fsck on linux. I then removed the following options from /bootloader/hekate_ipl.ini:

autoboot=0
bootwait=5
customlogo=1
verification=2

And it started to work. I was able to restore my backup without an issue. Maybe these options are conflicting somehow?
 
I've managed to fix it, finally.

First, I checked the card but there was no error in it. Tried it with chkdsk on Windows and fsck on linux. I then removed the following options from /bootloader/hekate_ipl.ini:

autoboot=0
bootwait=5
customlogo=1
verification=2

And it started to work. I was able to restore my backup without an issue. Maybe these options are conflicting somehow?
Wait a minute. When it doesn't work you see a breathing backlight and hekate's logo?

(Btw, these have nothing to do with backup/restore. Only verification, but only when the the backup/restore starts)
 
Wait a minute. When it doesn't work you see a breathing backlight and hekate's logo?

(Btw, these have nothing to do with backup/restore. Only verification, but only when the the backup/restore starts)

Yep, I can see the logo then black screen with these options + the rawnand.bin. I get no option and pressing the power button starts Horizon without hbl support.

Not sure if it's important but autoRCM is disabled in my switch. I've never enabled it.
 
Yep, I can see the logo then black screen with these options + the rawnand.bin. I get no option and pressing the power button starts Horizon without hbl support.

Not sure if it's important but autoRCM is disabled in my switch. I've never enabled it.
That's the auto HOS power off.
To enter after a shut down, you just have to press VOL UP and PWR while you have your jig inserted.

After that, you can disable this in Options -> Auto HOS power off.
 
I made a clean backup of the NAND 2 month ago, I took it in an external HD and now I would like to restore it. If something goes wrong ( the backup should be right but...)have I any emergency procedure for avoid the brick?
 
I made a clean backup of the NAND 2 month ago, I took it in an external HD and now I would like to restore it. If something goes wrong ( the backup should be right but...)have I any emergency procedure for avoid the brick?
Yeah. Create a new full backup with your current data, before restoring the old one. Especially if you want to go back to this later.
 
  • Like
Reactions: Caster06
Yeah. Create a new full backup with your current data, before restoring the old one. Especially if you want to go back to this later.
But I must have both the backup in the sd or I'll be able to power off the console , change the files in the sd and restart the process?
 
But I must have both the backup in the sd or I'll be able to power off the console , change the files in the sd and restart the process?
The files from the backing process and the files for restore, go to separate folders.

You can have both. But you can only restore what you have in restore folder. So in order to go back to your new backup, you have to delete or move the backup from the restore folder and move the new backup to the restore folder.
 
The files from the backing process and the files for restore, go to separate folders.

You can have both. But you can only restore what you have in restore folder. So in order to go back to your new backup, you have to delete or move the backup from the restore folder and move the new backup to the restore folder.
So I have to extract the sd, menage the files and try a new restore process, right?
 
When backing up, the files are saved into /backup/<eMMC S/N>/
When you want to restore, the files for restoring go here /backup/<eMMC S/N>/restore/

Simple as that.
 
  • Like
Reactions: Caster06
@CTCaer is it possible to determine the firmware of the Gamecart installed?
For example, i updated without burning fuses but forgot to put the "NOGC" file in ReiNX... so want to know what firmware its on as i don't have any carts.
 

Site & Scene News

Popular threads in this forum