Hacking Suggestion Need BOOT0/1 repair pack!

[MMangia]

I need this boot repair pack
www.gbatemp.net/threads/would-it-be-legal-for-me-to-post-blank-boot0-1-for-repair-purposes.533830/
I can't find it anywhere, is it possible to have some help? My switch won't go past the Nintendo logo and I'm trying to fix it

 

[Draxzelex]

I need this boot repair pack
www.gbatemp.net/threads/would-it-be-legal-for-me-to-post-blank-boot0-1-for-repair-purposes.533830/
I can't find it anywhere, is it possible to have some help? My switch won't go past the Nintendo logo and I'm trying to fix it

Xbins.

 

[Sidisit]

Xbins.

Hello Draxzelex,

I can't find the files on Xbins could you please help me?
Thank you in advance.

 

[KingPieter]

Yeah same, can't find it either. I would need a BOOT0.bin/BOOT1.bin + the 9.1.0 software for restoring my broken Switch. I can't generate it myself because I lost my biskeys and Choidujour on PC can only generate firmwares up to 6.0.1...

 

[Draxzelex]

Hello Draxzelex,

I can't find the files on Xbins could you please help me?
Thank you in advance.

Quoting the thread you posted, they are under "/SWITCH/CFW/_CFW Tools/Boot Repair Package". I should also mention that Xbins doesn't directly host the files. They are an FTP server.

Yeah same, can't find it either. I would need a BOOT0.bin/BOOT1.bin + the 9.1.0 software for restoring my broken Switch. I can't generate it myself because I lost my biskeys and Choidujour on PC can only generate firmwares up to 6.0.1...

If you lost your BIS keys then you are out of luck as those are console-unique and cannot be regenerated.

 

[KingPieter]

Quoting the thread you posted, they are under "/SWITCH/CFW/_CFW Tools/Boot Repair Package". I should also mention that Xbins doesn't directly host the files. They are an FTP server.
If you lost your BIS keys then you are out of luck as those are console-unique and cannot be regenerated.

Oh wait I see, you need your BIS keys to licence the software, I've those and hackdiskmount says the entropy is ok. I meant my masterkeys, which I need to generate the 9.1.0 software BOOT.bin files. My console is only able to output keys up to masterkey 05, which is way to low to generate those files.

 

[Draxzelex]

Oh wait I see, you need your BIS keys to licence the software, I've those and hackdiskmount says the entropy is ok. I meant my masterkeys, which I need to generate the 9.1.0 software BOOT.bin files. My console is only able to output keys up to masterkey 05, which is way to low to generate those files.

So simply find a firmware that can be generated with masterkey 05 and use that instead of 9.1

 

[Sidisit]

Hey Draxzelex,

So what you are saying if I have my BIS keys (which I do) you will be able to generate new Boot0 and Boot1 files?
I tried something with Python and hactool but didn'tget it to work to generate a file with the correct keys in it.
I have the original nand.

Can you help me on my way?

 

[Draxzelex]

Hey Draxzelex,

So what you are saying if I have my BIS keys (which I do) you will be able to generate new Boot0 and Boot1 files?
I tried something with Python and hactool but didn'tget it to work to generate a file with the correct keys in it.
I have the original nand.

Can you help me on my way?

No, the BIS keys are only used in conjunction with hacdiskmount. You need the other Switch keys as well as ChoiDujour to generate BOOT0 and BOOT1.

 

[Sidisit]

No, the BIS keys are only used in conjunction with hacdiskmount. You need the other Switch keys as well as ChoiDujour to generate BOOT0 and BOOT1.

I've visited Xbins and got the repair pack.
So how do I get the "other Switch Keys"?
Is there a manual to help me with that?

 

[Draxzelex]

I've visited Xbins and got the repair pack.
So how do I get the "other Switch Keys"?
Is there a manual to help me with that?

That is a part of this guide. I've never used the repair pack so I don't know how it works or what it needs.

 

[urherenow]

What am I missing here? Does lockpickRCM not work for you? And how in the world do so many people mess up boot0 and boot1? What exactly did you do to accomplish that?

 

[Sidisit]

What am I missing here? Does lockpickRCM not work for you? And how in the world do so many people mess up boot0 and boot1? What exactly did you do to accomplish that?

Unfortunately following a tutorial with lots of comments on it saying it still works up to somewhere in april and guiding me to clear my system and user files through hackdismount. When someone is desperate to solve an issue as I was then somethimes you do stupid things and thinking I had my boot files because I have my nand backup and did a lockpick. The only files I got are my nand (split into parts rawnand.bin.00 till .14), kfuses.bin, tsec_keys.bin and biskeydump.

I tried to aquire the keys.txt through hactool but I got the next message in cmd:
C:\Users\Thuis\Desktop\hactool>python keys.py 1111SBK key from biskey111111 111111Tsec keys from biskey1111111
Using BOOT0.bin to get keys from package1...
Could not find keyblob_mac_key_source! Please check the integrity of the data used in the current stage!

I tried different Boot0 files. Those are both in the repair package for 6.2.0.
What kind of boot do I need to get the correct keys.txt to use with choidujour to downgrade the switch to 4.1.0 (the original nand was)?

Hope you can help me.
thank you in advance.

 

[urherenow]

Unfortunately following a tutorial with lots of comments on it saying it still works up to somewhere in april and guiding me to clear my system and user files through hackdismount. When someone is desperate to solve an issue as I was then somethimes you do stupid things and thinking I had my boot files because I have my nand backup and did a lockpick. The only files I got are my nand (split into parts rawnand.bin.00 till .14), kfuses.bin, tsec_keys.bin and biskeydump.

I tried to aquire the keys.txt through hactool but I got the next message in cmd:
C:\Users\Thuis\Desktop\hactool>python keys.py 1111SBK key from biskey111111 111111Tsec keys from biskey1111111
Using BOOT0.bin to get keys from package1...
Could not find keyblob_mac_key_source! Please check the integrity of the data used in the current stage!

I tried different Boot0 files. Those are both in the repair package for 6.2.0.
What kind of boot do I need to get the correct keys.txt to use with choidujour to downgrade the switch to 4.1.0 (the original nand was)?

Hope you can help me.
thank you in advance.

I'm still confused. Did you mount boot0 and/or boot1 directly from your switch? like, using memdump, or something? And delete things directly out of your nand? hactool has NOTHING to do with getting a keys.txt, and neither does hacdiskmount. You need keys.txt to use them in the first place. Is your system ipatched, or can you use RCM? If so, you get all of your keys simply by injecting Lockpick_RCM with tegrasmashGUI or however you inject your loaders. biskeydump will also get you what you need for mounting nand dumps. If your console had FW7 or above, you need sept on your SD from Atmosphere.

Also, you need to combine your nand dump to mount it (assuming you can get your keys dumped). In windows, it's as simple as using cmd.exe and doing: copy /b file1+file2+file3 new_file (using all of the parts, of course. not including the boot0 and boot1 (iirc).

Now... if you've taken whatever "fix pack" boot0/boot1 files you grabbed and have tried to flash them to your switch, then yes, you probably bricked your switch by wiping out the real ones.

 

[Sidisit]

I'm still confused. Did you mount boot0 and/or boot1 directly from your switch? like, using memdump, or something? And delete things directly out of your nand? hactool has NOTHING to do with getting a keys.txt, and neither does hacdiskmount. You need keys.txt to use them in the first place. Is your system ipatched, or can you use RCM? If so, you get all of your keys simply by injecting Lockpick_RCM with tegrasmashGUI or however you inject your loaders. biskeydump will also get you what you need for mounting nand dumps. If your console had FW7 or above, you need sept on your SD from Atmosphere.

Also, you need to combine your nand dump to mount it (assuming you can get your keys dumped). In windows, it's as simple as using cmd.exe and doing: copy /b file1+file2+file3 new_file (using all of the parts, of course. not including the boot0 and boot1 (iirc).

Now... if you've taken whatever "fix pack" boot0/boot1 files you grabbed and have tried to flash them to your switch, then yes, you probably bricked your switch by wiping out the real ones.

Forget what i said about the keys.txt. I found my prod.keys and made an backup which I called keys.txt.
Now I'm trying to run Choidujour but it's failing.
When you run choi the application tries to reach a site with a json file. This file is unreachable so my best guess is it is offline. Really hope it will get back up otherwise I can't create the needed Boot0 and Boot1 files to continue.

Do you know a different methode to aquire the correct boot files?

 

[urherenow]

Forget what i said about the keys.txt. I found my prod.keys and made an backup which I called keys.txt.
Now I'm trying to run Choidujour but it's failing.
When you run choi the application tries to reach a site with a json file. This file is unreachable so my best guess is it is offline. Really hope it will get back up otherwise I can't create the needed Boot0 and Boot1 files to continue.

Do you know a different methode to aquire the correct boot files?

not off the top of my head. I'm still trying to figure out what was done in the first place. What happens when you use a fresh sd card, formatted to fat32, place the latest Atmosphere, then the latest hekate, and inject the hekate.bin. Does the menu load for you? (nyx, not HOS). If it does, what does it say when you try to dump boot0/boot1 with it? And what happens when you inject Lockpick_RCM? (if nyx loads, which it SHOULD, even with a bricked nand, you can launch lockpick_RCM from the payloads menu, as long as you also placed it in the bootloader/payloads folder)

Have you tried using choidujour with --nossl?

and by the way... when you messed it up, were you doing something with this guide: https://gbatemp.net/threads/how-to-...nofficially-without-burning-any-fuses.507461/ ?
Dang... step 1 in the biggest, boldest letters I've seen here...

EDIT: ok, now I see your problem. I don't know what to say about that. The site owner would have to fix this. Perhaps you don't need any patches, so I'd say grab the python script, and remove them.
https://github.com/rajkosto/ChoiDujour/blob/master/ChoiDujour.py
line 71: wanted_patches = ' '
around line 645-696... remove?

 

[Sidisit]

not off the top of my head. I'm still trying to figure out what was done in the first place. What happens when you use a fresh sd card, formatted to fat32, place the latest Atmosphere, then the latest hekate, and inject the hekate.bin. Does the menu load for you? (nyx, not HOS). If it does, what does it say when you try to dump boot0/boot1 with it? And what happens when you inject Lockpick_RCM? (if nyx loads, which it SHOULD, even with a bricked nand, you can launch lockpick_RCM from the payloads menu, as long as you also placed it in the bootloader/payloads folder)

Have you tried using choidujour with --nossl?

Like I said before I deleted data from the "system/save" and "user" folders from when i used memloader to get into my ums_emmc.ini and mounted the device through hackdismount.
I tried to use a fresh sd card with Atmosphere and the menu still boots into hekate with nyx. When I backup boot0 and 1 there is no error and results in having a boot0 and 1 file on my sd card.
I don't need the lockpick because I have the complete lockpick from before the first time I flashed the Switch so that should be te correct one.

So I'm in possession off a RCM Switch, my original stock nand, my original stock lockpick keys. Now I need a way to get boot0 and boot1 to make it all work together again.
Can you help me with that?

 

[urherenow]

Like I said before I deleted data from the "system/save" and "user" folders from when i used memloader to get into my ums_emmc.ini and mounted the device through hackdismount.
I tried to use a fresh sd card with Atmosphere and the menu still boots into hekate with nyx. When I backup boot0 and 1 there is no error and results in having a boot0 and 1 file on my sd card.
I don't need the lockpick because I have the complete lockpick from before the first time I flashed the Switch so that should be te correct one.

So I'm in possession off a RCM Switch, my original stock nand, my original stock lockpick keys. Now I need a way to get boot0 and boot1 to make it all work together again.
Can you help me with that?

sounds like you have everything. What's your issue? If you have no game cart inserted, a fresh sd card with nothing but latest atmosphere and latest hekate, inject the hekate.bin and select launch sysnand cfw. What happens then?

and go back and look at my last reply. I started looking at choidujour, and it's actually just a python script. You should be able to install python, edit the script, and run it with python choidujour.py (your python directory s well as python/scripts may need to be in your system path)


EDIT: Here you go. Use this https://github.com/suchmememanyskill/EmmcHaccGen

 

[Sidisit]

sounds like you have everything. What's your issue? If you have no game cart inserted, a fresh sd card with nothing but latest atmosphere and latest hekate, inject the hekate.bin and select launch sysnand cfw. What happens then?

and go back and look at my last reply. I started looking at choidujour, and it's actually just a python script. You should be able to install python, edit the script, and run it.

Sorry didn't answer the comment about Choidujour. I've tried running it with --nossl but with the same result.

I'm not able to change the script because I don't know how. Never done it before. Python is already installed.

Now copying my nand to the sd and will try to flash it to the switch again with the boot files I just created with hekate.

When I do what you say about fresh sd with atmosphere hekate and launch sysnand cfw from with Hekate AtlasNX Kosmos is trying to start but giving an error message:
Phg2 decryption failed!
Is Sept Updated?
Failed to launch HOS!
Press any key
When I do the switch goed back to Hekate.
My best guess is that the switch is missing the correct boot files.

I already have all fs_patches so I think don't need them from the intenet through choidujour but the app is always trying to reach it.

 

[urherenow]

Sorry didn't answer the comment about Choidujour. I've tried running it with --nossl but with the same result.

I'm not able to change the script because I don't know how. Never done it before. Python is already installed.

Now copying my nand to the sd and will try to flash it to the switch again with the boot files I just created with hekate.

When I do what you say about fresh sd with atmosphere hekate and launch sysnand cfw from with Hekate AtlasNX Kosmos is trying to start but giving an error message:
Phg2 decryption failed!
Is Sept Updated?
Failed to launch HOS!
Press any key
When I do the switch goed back to Hekate.
My best guess is that the switch is missing the correct boot files.

I already have all fs_patches so I think don't need them from the intenet through choidujour but the app is always trying to reach it.

Use this https://github.com/suchmememanyskill/EmmcHaccGen
this takes the FULL lockpick keys (unlike choudijour, which made you delete a bunch to work right)
You have to install .net core 3.1 though https://dotnet.microsoft.com/download/dotnet-core/thank-you/sdk-3.1.202-windows-x64-installer

and it should work with almost any firmware, so you should be able to use whatever version your original backup was, then flash your backup with nyx along with the boot0/1 generated here. You should be able to boot sysnandcfw after that, launch choidujourNX, and upgrade to the latest.

umm... before you go and flash stuff, you might want to try memloader again and replace system/save/8000000000000120
This program actually creates one for you, and this file will absolutely prevent you from booting if it isn't there. I am now fascinated that I haven't heard of it before now. It's superior to choidujour.