Hardware Switch boots directly into RCM

[Testo]

Hey It's me again,

I bought another broken Switch on eBay these days and I'm trying to face the problem/s. So the console was in the mail today and like the seller described it doesn't turn on. I checked the Serial number on two websites, both claim it's unpatched. So I hooked it up to my Notebook to check if it's charging, it draws continous 0.45A which, in my opinion, is fine on a standard 5V outlet, whats more interesting is that immediately TegraRCMGUI popped up and said RCM OK!. So my next thoughts were "okay seems to be on auto rcm" but after trying to inject a payload it began to become strange, " Smashed the stack with a 0x0000 byte SETUP request!". Well isn't that a behaviour when the console is patched? I tried different PayLoads (BisKeyDump,Hekate...) but everytime it's the same 0x0000. So okay maybe this console is patched or even another mainboard inside that shell... But I'm curios whats triggering the RCM straight on boot, there is no JoyCon connected.

So my first question on this journey is: What can cause instant RCM on boot?

 

[bombob]

Hey It's me again,

I bought another broken Switch on eBay these days and I'm trying to face the problem/s. So the console was in the mail today and like the seller described it doesn't turn on. I checked the Serial number on two websites, both claim it's unpatched. So I hooked it up to my Notebook to check if it's charging, it draws continous 0.45A which, in my opinion, is fine on a standard 5V outlet, whats more interesting is that immediately TegraRCMGUI popped up and said RCM OK!. So my next thoughts were "okay seems to be on auto rcm" but after trying to inject a payload it began to become strange, " Smashed the stack with a 0x0000 byte SETUP request!". Well isn't that a behaviour when the console is patched? I tried different PayLoads (BisKeyDump,Hekate...) but everytime it's the same 0x0000. So okay maybe this console is patched or even another mainboard inside that shell... But I'm curios whats triggering the RCM straight on boot, there is no JoyCon connected.

So my first question on this journey is: What can cause instant RCM on boot?

Wrong emmc module

Sent from my SM-N960U using Tapatalk

 

[Testo]

That would be worst case, hopefully it's something fixable

 

[Goku1992A]

Hey It's me again,

I bought another broken Switch on eBay these days and I'm trying to face the problem/s. So the console was in the mail today and like the seller described it doesn't turn on. I checked the Serial number on two websites, both claim it's unpatched. So I hooked it up to my Notebook to check if it's charging, it draws continous 0.45A which, in my opinion, is fine on a standard 5V outlet, whats more interesting is that immediately TegraRCMGUI popped up and said RCM OK!. So my next thoughts were "okay seems to be on auto rcm" but after trying to inject a payload it began to become strange, " Smashed the stack with a 0x0000 byte SETUP request!". Well isn't that a behaviour when the console is patched? I tried different PayLoads (BisKeyDump,Hekate...) but everytime it's the same 0x0000. So okay maybe this console is patched or even another mainboard inside that shell... But I'm curios whats triggering the RCM straight on boot, there is no JoyCon connected.

So my first question on this journey is: What can cause instant RCM on boot?

They probally have it on AutoRCM. My buddy son updated his switch and he had to take that off for him to go into the regular home menu

 

[Testo]

They probally have it on AutoRCM. My buddy son updated his switch and he had to take that off for him to go into the regular home menu

But if it's just AutoRCM it should accept Payloads from TegraRCM

 

[grcd]

Following this out of curiosity. Doesn't sound like 'just AutoRCM' to me sadly.

Either a botched repair (swapped mobo? changed EMMC?) or something similar.

 

[Goku1992A]

But if it's just AutoRCM it should accept Payloads from TegraRCM

Did you turnoff auto RCM in Hekakte ? Then you took out the SD card ? That what I had to do for my buddie this morning. Maybe the switch has a dirty nand that has updated firmware if not then he fried his switch.

 

[Testo]

Well well well, sounds like I should have stopped after my third repaired switch. I'll keep you posted

--------------------- MERGED ---------------------------

Did you turnoff auto RCM in Hekakte ? Then you took out the SD card ? That what I had to do for my buddie this morning. Maybe the switch has a dirty nand that has updated firmware if not then he fried his switch.

I think you are not correctly understanding whats the point, I can't turn off AutoRCM in Hekate cause the switch won't accept the Hekate payload (or any other) from TegraRCM

 

[Goku1992A]

Well well well, sounds like I should have stopped after my third repaired switch. I'll keep you posted

--------------------- MERGED ---------------------------


I think you are not correctly understanding whats the point, I can't turn off AutoRCM in Hekate cause the switch won't accept the Hekate payload (or any other) from TegraRCM

Okay I understand but do you think the repair shop is going to fix it because it's modded ? They may turn you away but you can try

 

[Testo]

Okay I understand but do you think the repair shop is going to fix it because it's modded ? They may turn you away but you can try

Are you serious, no one ever talked about a repair shop. Do you even read what I'm writing?

 

[Goku1992A]

Are you serious, no one ever talked about a repair shop. Do you even read what I'm writing?

Thought you said shop sorry.

 

[Testo]

Also RCM itself isn't a 100% indicator for modding, it's just the point where modding starts. The RCM mode itself is some kind of recovery provided by Nvidia. I have to open the console to (hopefully) understand whats going on. Let's pray it's something easy, stupid and fixable. But the first signs aren't very satisfying...

 

[Goku1992A]

Well maybe like someone said before maybe someone had the bright Idea to upgrade thier emmc module and they botched it. I'm not 100% sure if you can buy another one and replace it (that could be a pain of itself)

Hopefully you can fix it

 

[bombob]

Well maybe like someone said before maybe someone had the bright Idea to upgrade thier emmc module and they botched it. I'm not 100% sure if you can buy another one and replace it (that could be a pain of itself)

Hopefully you can fix it

Unless you have a known good backup with a PRODINFO you cant fix emmc

 

[Testo]

Well maybe like someone said before maybe someone had the bright Idea to upgrade thier emmc module and they botched it. I'm not 100% sure if you can buy another one and replace it (that could be a pain of itself)

Hopefully you can fix it

The problem is, every emmc is married to the console, so if theres not the original emmc inside or it's broken, this switch can only be used for parts. I'm gonna open up the console the next days and check whats going on there. At the moment I can only be sure that it's charging correctly and it's pretty sure patched

 

[Goku1992A]

The problem is, every emmc is married to the console, so if theres not the original emmc inside or it's broken, this switch can only be used for parts. I'm gonna open up the console the next days and check whats going on there. At the moment I can only be sure that it's charging correctly and it's pretty sure patched

Oh damn I'm sorry I hope you didn't pay alot for it. Worst come to worse if you cant fix it just resell it again for partial of your money back.

Unless you have a known good backup with a PRODINFO you cant fix emmc

Okay I learned something new thats why I never touched igcognito because it altered your PRODINFO and I heard if you lose that you are screwed.

 

[bombob]

The problem is, every emmc is married to the console, so if theres not the original emmc inside or it's broken, this switch can only be used for parts. I'm gonna open up the console the next days and check whats going on there. At the moment I can only be sure that it's charging correctly and it's pretty sure patched

you can use another emmc in a switch.The emmc is just a memory chip. But the contents of that chip is linked to a specific console. If you have a good backup, you can write it to a module coming from another console and it will work.

 

[Testo]

Oh damn I'm sorry I hope you didn't pay alot for it. Worst come to worse if you cant fix it just resell it again for partial of your money back.



Okay I learned something new thats why I never touched igcognito because it altered your PRODINFO and I heard if you lose that you are screwed.

I didn't pay a fortune but I also got cheaper ones before. But thats the risk you take when you're in electronics repair

 

[Testo]

Okay, this switch is unfixable. The pre owner pretended he didn't know if the console was opened up before... Long story short, no original thermal paste, the mainboard is for sure a patched one and last but not least the EMMC popped very easy of and has a slightly different color than the mainboard. So the best I could do is sell or use it for parts.

 

[bombob]

Yeah

Sent from my SM-N960U using Tapatalk