Hacking Question How to update Atm emuMMC and sysNAND?

ThePirat

Member
OP
Newcomer
Joined
Jun 20, 2019
Messages
11
Trophies
0
Age
54
XP
135
Country
United States
To avoid a bit of confusion for others that reach this thread in the future, I feel it's important to point out that upgrading sysMMC either by official methods or via ChoiDujourNX, neither way actually burns any of fuses on the console...

BOOTING stock firmware is what burns the fuses. This is an important distinction, though it doesn't really seem like it at first. The reason being that while the N can determine the latest OS you should be on from update downloads, compared to what you are on, just by comparing their own logs, they don't (as far as anybody is aware) actually check for a fuse mismatch on the local console via the stock firmware at this point.

So, the big difference is that if you were to officially upgrade your stock sysMMC, but then ONLY continue to boot it via RCM with a mod chip or the like via the "stock" mode, you can have an "unmodified" system which matches exactly what Ninty expects you to be running from their remote logging. So long as you never boot Homebrew or load any CFW extensions, there shouldn't ever be anything unauthorized written to the debug logging to ever be reported.

Unless they release a new update to the consoles which actually does a local fuse comparison between what you have and what your firmware expects, and then reports that back to them instead of just using it to determine if you're bootable, and of course doing all that without the Atmosphere guys catching on and producing a new module which fakes the switch's fuse data to hide it when they support booting that updated version, you're effectively safe to run it as-is without burning fuses on your "stock" firmware.
Thanks mate to pointed it out!

To have fuses-UNburned will allow us to do a sysNAND downgrade, eventually?
 
Last edited by ThePirat,

ksanislo

Well-Known Member
Member
Joined
Feb 23, 2016
Messages
386
Trophies
0
Location
Seattle, WA
XP
502
Country
United States
Thanks mate to pointed it out!

To have fuses-UNburned will allow us to do a sysNAND downgrade, eventually?
Yes, that’s the general idea. You’ll always be able to use ChoiDujoirNX to switch back to whatever version you started saving fuses at.

I’m not too sure of the real practical application of it though, as I’m not sure how much use the older firmwares will truly be in the future, but anybody who saved their fuses at 4.1.0 and lower for example can switch from using a paper clip to reach RCM to that new software only dejavu/pegascape hack that just came out, and there’s always the chance of a better software only exploit in the future still too. I’m sure it will be dramatically more important for those who own patched RCM switches in the future.
 

Arusia

New Member
Newbie
Joined
Jun 26, 2019
Messages
1
Trophies
0
Age
40
XP
58
Country
United States
So is there any way to boot an emuMMC without flagging something in the error log? So that I could boot a "clean" emunand for online play via 4.1 Pegascape?
 

ksanislo

Well-Known Member
Member
Joined
Feb 23, 2016
Messages
386
Trophies
0
Location
Seattle, WA
XP
502
Country
United States
So is there any way to boot an emuMMC without flagging something in the error log? So that I could boot a "clean" emunand for online play via 4.1 Pegascape?

Theoretically, you could boot your emuMMC with "stock=1" via CTCaer's Hekate mod, and it should be nearly as good as booting a stock sysMMC the same way. It's not a perfectly unmodified console, so there are still ways that it could be identified, but all the logged data should look completely normal.

Also, I'm not aware of Nintendo doing any special checks to try to identify someone doing such a thing at this point, and the leads in the modding community should be able to identify that sort of thing pretty quick if they decide to start.
 
  • Like
Reactions: JotaBarba

spammy

Member
Newcomer
Joined
May 14, 2009
Messages
16
Trophies
0
XP
143
Country
United States
Unless they release a new update to the consoles which actually does a local fuse comparison between what you have and what your firmware expects, and then reports that back to them instead of just using it to determine if you're bootable, and of course doing all that without the Atmosphere guys catching on and producing a new module which fakes the switch's fuse data to hide it when they support booting that updated version, you're effectively safe to run it as-is without burning fuses on your "stock" firmware.

Thanks for the comprehensive comment. Just to check my understanding though: any "fake fuse" module would require CFW to use, right? So doesn't using that to boot a "clean" sysnand OFW seem a little self defeating?
 

JotaBarba

Member
Newcomer
Joined
Aug 16, 2019
Messages
17
Trophies
0
Age
48
XP
265
Country
Spain
Theoretically, you could boot your emuMMC with "stock=1" via CTCaer's Hekate mod, and it should be nearly as good as booting a stock sysMMC the same way. It's not a perfectly unmodified console, so there are still ways that it could be identified, but all the logged data should look completely normal.

Also, I'm not aware of Nintendo doing any special checks to try to identify someone doing such a thing at this point, and the leads in the modding community should be able to identify that sort of thing pretty quick if they decide to start.
So, in a config with two emummc, one with atmosphere and the other cas close to ofw as possible, it will be necessary to edit hekate_ipl.ini to chcange between them (due to stock=1 flag)?
 

Danttebayo

Well-Known Member
Newcomer
Joined
Sep 15, 2015
Messages
58
Trophies
0
Age
38
XP
445
Country
United States
Resurrecting a slightly older thread instead of starting a new one because there is some good info in here.

@masagrator , you mention that a person running a clean sysNAND must update through Nintendo (makes sense) thus burning fuses to be able to play online. I've seen all sorts of conflicting information and I'm trying to find as correct an answer as anyone outside of Nintendo can give. Is it possible for someone with a clean sysNAND to:

1) run Atmosphere (but no other homebrew) only once to perform an official update (currently to 10.0.0) via Nintendo
2) since Atmosphere is running, AutoRCM won't be disabled so Hekate can be loaded at boot
3) run sysNAND via Hekate without Atmosphere for 'clean' online gaming up until the point where Nintendo releases a new firmware?

Would that even work? As you can guess I'm trying to have it all - have a 'clean' official NAND for playing online and using eShop, keep fuses unburnt, and have an emuMMC for Retroarch - but it seems like one can't have all 3 of those things at this point.

My current setup is a bit different but I'd be willing to change to anything that would work. I currently have a dirty sysNAND and 2 emuMMCs (one for homebrew, the other restored from a clean backup). The one emuMMC for homebrew works great of course but Hekate currently can't boot an emuMMC without Atmosphere so even though the other is currently 'clean', it would never be able to run without Atmosphere. Just wanted to see if there were any other options that currently existed. Thanks.
 

kassio69

Well-Known Member
Newcomer
Joined
Nov 20, 2011
Messages
80
Trophies
1
XP
1,136
Country
Brazil
@Danttebayo Sorry to get into the conversation without being called, but as I want to help you i'll give my opinion:

you mention that a person running a clean sysNAND must update through Nintendo (makes sense) thus burning fuses to be able to play online.

If you update your real sysnand through Nintendo servers:
Fuses: burnt
Online: ok.
DejaVu (no dongle/payload): ruined.
CFW: ok (if you have an unpatched switch).

If you update your emulated clean NAND backup (clean emuMMC) through Nintendo servers:
Fuses: intact
Online: ok (on your clean emuMMC)
DejaVu (no dongle/payload): ok (if firmware <4.0.1).
CFW: ok (on your dirty emuMMC)

Did you check the video I posted yesterday?



Is it possible for someone with a clean sysNAND to:
1) run Atmosphere (but no other homebrew) only once to perform an official update (currently to 10.0.0) via Nintendo? 2) since Atmosphere is running, AutoRCM won't be disabled so Hekate can be loaded at boot

You don't need Atmosphere running BEFORE or DURING the update, but I'm pretty sure that the update process turns autoRCM off.
So in the next restart (and in all of them from now on) you must reactivate it and use a payload (Hekate, fusee-primary) to initiate the system and protect your fuses.

3) run sysNAND via Hekate without Atmosphere for 'clean' online gaming up until the point where Nintendo releases a new firmware?

Theoretically it is possible, as already said in this thread, using the line "stock = 1" in hekate_ipl.ini.
The problem is that this option and the emuMMC do not get along, and apparently it is not yet feasible.

Read this:

https://github.com/CTCaer/hekate/issues/250
https://github.com/m4xw/emuMMC/issues/7

Would that even work? As you can guess I'm trying to have it all - have a 'clean' official NAND for playing online and using eShop, keep fuses unburnt, and have an emuMMC for Retroarch - but it seems like one can't have all 3 of those things at this point. My current setup is a bit different but I'd be willing to change to anything that would work. I currently have a dirty sysNAND and 2 emuMMCs (one for homebrew, the other restored from a clean backup). The one emuMMC for homebrew works great of course but Hekate currently can't boot an emuMMC without Atmosphere so even though the other is currently 'clean', it would never be able to run without Atmosphere. Just wanted to see if there were any other options that currently existed. Thanks.

Watch my video, ask questions and I will try to help you, it is not as difficult as it seems.
 
Last edited by kassio69,
  • Like
Reactions: Danttebayo

alcab

Well-Known Member
Member
Joined
Nov 22, 2005
Messages
189
Trophies
1
Website
Visit site
XP
1,029
Country
I'm sorry. Completely noob in the Switch scene. I have a very simple question and I'd be very grateful if anyone could answer it.
Is it possible to downgrade my EMUNAND from firmware 10.0.0 to 9.2.0 using ChoiDujourNX, without burning fuses?
I made the EMUNAND from a 10.0.0 Sysnand.

Thanks a lot!
 

Danttebayo

Well-Known Member
Newcomer
Joined
Sep 15, 2015
Messages
58
Trophies
0
Age
38
XP
445
Country
United States
Sorry to get into the conversation without being called, but as I want to help you i'll give my opinion:
Hi @kassio69, thanks for joining the conversation; your posts have been a big help for me. I actually have a setup that is exactly as you provided instructions for in another thread (except I'm not lucky enough to have a sysNAND at 1.0.0). A few Linux formatting issues aside (I ended up having to run some other dd commands to get Hekate to recognize the partitions), your instructions worked. And thanks for the video, I hadn't seen it.

Since emuMMC isn't able to run without CFW at this point, my only concern is that CFW being detectable by Nintendo which makes the 'clean' emuMMC not clean but I recognize it's the only option to play online and keep your fuses at the moment. I've just been hesitant to pull the trigger and update my 'clean' emuMMC and use it online but now that Atmosphere and Hekate support 10.0.0 (serious thanks to SciresM and CTCaer among others) I'll go for it.
 

Danttebayo

Well-Known Member
Newcomer
Joined
Sep 15, 2015
Messages
58
Trophies
0
Age
38
XP
445
Country
United States
I'm sorry. Completely noob in the Switch scene. I have a very simple question and I'd be very grateful if anyone could answer it.
Is it possible to downgrade my EMUNAND from firmware 10.0.0 to 9.2.0 using ChoiDujourNX, without burning fuses?
I made the EMUNAND from a 10.0.0 Sysnand.

Thanks a lot!
Hi alcab, when it comes to fuses, anything you do on an emuNAND won't affect them. That being said, if your sysNAND is already on 10.0.0 your burnt fuse count would already match that so I don't think you need to be worried about burning fuses any more. I don't know what the cutoff is but with each new firmware release from Nintendo it becomes increasingly unlikely there will ever be an untethered hack for it.

Out of curiosity, why would you want to downgrade your emuNAND to 9.2.0? With Atmosphere and Hekate supporting 10.0.0 (and KOSMOS soon presumably) what advantage would you be gaining by running an earlier version?
 

alcab

Well-Known Member
Member
Joined
Nov 22, 2005
Messages
189
Trophies
1
Website
Visit site
XP
1,029
Country
Hi alcab, when it comes to fuses, anything you do on an emuNAND won't affect them. That being said, if your sysNAND is already on 10.0.0 your burnt fuse count would already match that so I don't think you need to be worried about burning fuses any more. I don't know what the cutoff is but with each new firmware release from Nintendo it becomes increasingly unlikely there will ever be an untethered hack for it.

Out of curiosity, why would you want to downgrade your emuNAND to 9.2.0? With Atmosphere and Hekate supporting 10.0.0 (and KOSMOS soon presumably) what advantage would you be gaining by running an earlier version?

Thanks for your answer!
I wanted to downgrade because I updated my emunand via hekate by mistake, and wanted to return to my original setup. I'll probably go back to 10.0.0 as soon as official sigpatches are released.
 

DafKA30

Member
Newcomer
Joined
Mar 27, 2020
Messages
16
Trophies
0
XP
95
Country
Germany
Last edited by DafKA30,

Draxzelex

Well-Known Member
Member
Joined
Aug 6, 2017
Messages
18,985
Trophies
2
Age
29
Location
New York City
XP
13,323
Country
United States
Hi @kassio69
I would have 3 questions regarding your video:
1-How are you able to reboot to hekate when going from emuMMC1 to emuMMC2?
2-What does happen if you power off the switch in emuMMC?
3-Do you have autoRCM enabled? And if yes how are you booting to your sysnand the first time then?

Thank you ![/user]
  1. Atmosphere comes built in with reboot to payload which replaces your Restart function
  2. I would assume the console would power off
  3. He may have autoboot enabled
 
  • Like
Reactions: DafKA30

kassio69

Well-Known Member
Newcomer
Joined
Nov 20, 2011
Messages
80
Trophies
1
XP
1,136
Country
Brazil
1-How are you able to reboot to hekate when going from emuMMC1 to emuMMC2?
Replace Atmosphere's original "reboot_payload.bin" with Hekate's latest .bin ("hekate_ctcaer_5.5.0.bin" as I write).
And rename it to "reboot_payload.bin".

2-What does happen if you power off the switch in emuMMC?
It powers off.

3-Do you have autoRCM enabled? And if yes how are you booting to your sysnand the first time then?
AutoRCM is disabled in my case.
1.0.0 Switch boots into the original sysnand, wich I use to start PegaScape.

You can find the complete guide here:
https://gbatemp.net/threads/multipl...restoring-a-clean-nand-for-online-use.562188/
 
Last edited by kassio69,
  • Like
Reactions: DafKA30

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
  • No one is chatting at the moment.
  • Sicklyboy @ Sicklyboy:
    maaaaan that's so awesome but I also don't want to fork over a hundo for it
  • Veho @ Veho:
    The fuuuuu---
  • Veho @ Veho:
    I thought it was an actual xBox at that price.
  • Sicklyboy @ Sicklyboy:
    I wanna grab a 360 Slim and a 360 E one of these days. Missed the boat of getting them at their lowest though, once they were discontinued. Could've got them for cheap back when I was a broke 20 something working at Target, but then again, I was a broke 20 something working at Target
  • Veho @ Veho:
    Being broke is no fun.
  • K3Nv2 @ K3Nv2:
    @Sicklyboy, $150 isn't that bad for a jtag slim on ebay
  • Veho @ Veho:
    I only wish it was actually playable.
  • Veho @ Veho:
    There's a guy on the Tube of You that makes playable mechanical arcade games out of Lego. This could work on the same principle.
  • Veho @ Veho:
    Just a couple of guys taking their manatee out for some fresh air, why you have to molest them?
  • Veho @ Veho:
    Stupid Chinese shop switched their shipping company and this one is slooooooow.
  • LeoTCK @ LeoTCK:
    STOP BUYING CHINESE CRAP THEN
  • LeoTCK @ LeoTCK:
    SUPPORT LOCAL PRODUCTS, MAKE REVOLUTION
  • LeoTCK @ LeoTCK:
    THEY KEEP REMOVING LOCAL SHIt AND REPLACING WItH INFERIOR CHINESE CRAP
  • LeoTCK @ LeoTCK:
    THATS WHY MY PARTNER CANT GET A GOOTWEAR HIS SIZE ANYMORE
  • LeoTCK @ LeoTCK:
    HE HAS BIG FOOT AND BIG DUCK
  • LeoTCK @ LeoTCK:
    d*ck i mean*
  • LeoTCK @ LeoTCK:
    lol
  • Veho @ Veho:
    Mkay.
  • Veho @ Veho:
    I just ordered another package from China just to spite you.
  • SylverReZ @ SylverReZ:
    Leo could not withstand communism.
  • SylverReZ @ SylverReZ:
    Its OUR products to begin with lol.
    SylverReZ @ SylverReZ: Its OUR products to begin with lol.