Hacking Bricked Switch with 1.0.0 update installed by mistake

daVid0n

Member
Newcomer
Joined
Jul 8, 2020
Messages
20
Trophies
0
Age
60
XP
74
Country
Australia
USER is another partition in HacDiskMount, he's not talking about another folder in SYSTEM partition.

I also tried these and dozens of more steps (see other thread on gbatemp: "how to install run any switch firmware unofficially without burning any fuses"), but still no success for my switch. I am always being stuck with flashing atmosphere logo and then blackscreen with backlight turned on after sending fusee-primary.bin payload - so no chance to boot into HOS nor recoverymode or whatsoever.
I realized, that deactivating autoRCM via hekate changed the behavior of flashing atmosphere to remaining atmosphere logo, but then still blackscreen+backlight - will give it some more tries.

Alerappo, did you also (accidentially) downgrade to 1.0.0-7pre-release firmware via ChoiDuJourNX? If so, what was your last sysNAND firmware before?

"6. Then we go to the USER folder and delete everything in the folders."
Did you empty the entire USER partition, or just the content of the folders? What about the subfolders in "Contents" folder, did you already erase them or just their content?

And what about PRF2SAFE.RCV files in SYSTEM and USER partition - did you keep or erase them?

And after injecting fusee-primary.bin payload your switch directly booted back to HOS entering recovery mode for the user settings and ran through without giving any errors?

If that was all true, I can just say: my honest congratulations!
Thank you for your support!
 

dj_d2

Member
Newcomer
Joined
Jul 6, 2020
Messages
13
Trophies
0
Age
34
XP
115
Country
Spain
i did the steps but im doing something wrong cuz is not working, is not loading and throws NXBOOT
USER is another partition in HacDiskMount, he's not talking about another folder in SYSTEM partition.

I also tried these and dozens of more steps (see other thread on gbatemp: "how to install run any switch firmware unofficially without burning any fuses"), but still no success for my switch. I am always being stuck with flashing atmosphere logo and then blackscreen with backlight turned on after sending fusee-primary.bin payload - so no chance to boot into HOS nor recoverymode or whatsoever.
I realized, that deactivating autoRCM via hekate changed the behavior of flashing atmosphere to remaining atmosphere logo, but then still blackscreen+backlight - will give it some more tries.

Alerappo, did you also (accidentially) downgrade to 1.0.0-7pre-release firmware via ChoiDuJourNX? If so, what was your last sysNAND firmware before?

"6. Then we go to the USER folder and delete everything in the folders."
Did you empty the entire USER partition, or just the content of the folders? What about the subfolders in "Contents" folder, did you already erase them or just their content?

And what about PRF2SAFE.RCV files in SYSTEM and USER partition - did you keep or erase them?

And after injecting fusee-primary.bin payload your switch directly booted back to HOS entering recovery mode for the user settings and ran through without giving any errors?

If that was all true, I can just say: my honest congratulations!
Thank you for your support!

i don't have any file to delete on the USER partition, neither have the PRF2SAFE.RCV files... now i just see the nintendo logo and then Fatal error: NXBOOT Key derivation failed
 

daVid0n

Member
Newcomer
Joined
Jul 8, 2020
Messages
20
Trophies
0
Age
60
XP
74
Country
Australia
you might have to show hidden files to see PRF2SAFE.RCV files on the partitions. see the other thread I referred to in my previous post or look at the image attached.

Can't help you with the rest, so I prefer not giving confusing hints here, sry
 

Attachments

  • 2018-06-15_04-17-07_4GwHOHr1k.png
    34.1 KB · Views: 158
Last edited by daVid0n,

Alerappo

Member
Newcomer
Joined
Jul 4, 2020
Messages
18
Trophies
0
Age
38
XP
87
Country
Italy
USER is another partition in HacDiskMount, he's not talking about another folder in SYSTEM partition.

I also tried these and dozens of more steps (see other thread on gbatemp: "how to install run any switch firmware unofficially without burning any fuses"), but still no success for my switch. I am always being stuck with flashing atmosphere logo and then blackscreen with backlight turned on after sending fusee-primary.bin payload - so no chance to boot into HOS nor recoverymode or whatsoever.
I realized, that deactivating autoRCM via hekate changed the behavior of flashing atmosphere to remaining atmosphere logo, but then still blackscreen+backlight - will give it some more tries.

Alerappo, did you also (accidentially) downgrade to 1.0.0-7pre-release firmware via ChoiDuJourNX? If so, what was your last sysNAND firmware before?

"6. Then we go to the USER folder and delete everything in the folders."
Did you empty the entire USER partition, or just the content of the folders? What about the subfolders in "Contents" folder, did you already erase them or just their content?

And what about PRF2SAFE.RCV files in SYSTEM and USER partition - did you keep or erase them?

And after injecting fusee-primary.bin payload your switch directly booted back to HOS entering recovery mode for the user settings and ran through without giving any errors?

If that was all true, I can just say: my honest congratulations!
Thank you for your support!
I was stuck after the accidental downgrade from firmware 9.2 to firmware 1.0.0 (not pre release), immediately after the brick I dumped the nand and the described procedure works only if the switch is in the exact state it was in after the downgrade, when I tried to do the upgrade with choidoujur from pc nothing worked (i tried all firmware version always stuck in logo) and I couldn't boot, for this reason I specified that it is important that if you made a backup of the nand to firmware 1.0.0 do the restore before deleting the folder files and try to boot.

Important to make sure to use atmosphere's 0.10.4 version and run it via fuse-primary.bin, don't use hekate for me it didn't work.

--------------------- MERGED ---------------------------

was stuck after the accidental downgrade from firmware 9.2 to firmware 1.0.0 (not pre release), immediately after the brick I dumped the nand and the described procedure works only if the switch is in the exact state it was in after the downgrade, when I tried to do the upgrade with choidoujur from pc nothing worked (i tried all firware version always stuck in logo) and I couldn't boote, for this reason I specified that it is important that if you made a backup of the nand to firmware 1.0.0 do the restore before deleting the folder files and try to boot
i did the steps but im doing something wrong cuz is not working, is not loading and throws NXBOOT


i don't have any file to delete on the USER partition, neither have the PRF2SAFE.RCV files... now i just see the nintendo logo and then Fatal error: NXBOOT Key derivation failed
Do you have nand backup to firmware 1.0? if so, do a restore of the nand.
After restoring the backup, access the nand and on the system partition, inside the save folder you must delete the files except the one that ends with 120, inside the user folder you can delete everything.
 
Last edited by Alerappo,

daVid0n

Member
Newcomer
Joined
Jul 8, 2020
Messages
20
Trophies
0
Age
60
XP
74
Country
Australia
is there a reason why you point at atmosphere version 0.10.4 specifically?

And what about the PRF2SAFE.RCV files?

I am still stuck, maybe the pre-release is still different, I don't know.
At least I got the backup to always return to the last state and try again.
 

Alerappo

Member
Newcomer
Joined
Jul 4, 2020
Messages
18
Trophies
0
Age
38
XP
87
Country
Italy
is there a reason why you point at atmosphere version 0.10.4 specifically?

And what about the PRF2SAFE.RCV files?

I am still stuck, maybe the pre-release is still different, I don't know.
At least I got the backup to always return to the last state and try again.
Yes for compatibility with firmware 1.0, but I don't know if with pre-relase it works, on 1.0 the version 0.13.0 did not start the cfw but only the stock, I have deleted the file PRF2SAFE.RCV only on the user partition
 
  • Like
Reactions: daVid0n

daVid0n

Member
Newcomer
Joined
Jul 8, 2020
Messages
20
Trophies
0
Age
60
XP
74
Country
Australia
well thx, but still not working for me :/
on USER partition you did erase all the contents in the folders, meaning you have just:

Album
Contents
save
saveMeta
temp

which are alle empty then, except Contents which has the subfolders
placehld
registered

which you also emptied, or did you also delete those two folders?
 

Alerappo

Member
Newcomer
Joined
Jul 4, 2020
Messages
18
Trophies
0
Age
38
XP
87
Country
Italy
well thx, but still not working for me :/
on USER partition you did erase all the contents in the folders, meaning you have just:

Album
Contents
save
saveMeta
temp

which are alle empty then, except Contents which has the subfolders
placehld
registered

which you also emptied, or did you also delete those two folders?

I have deleted everything from the user partition including folders

--------------------- MERGED ---------------------------

I have deleted everything from the user partition including folders
many choidoujur problems are caused by the keys.txt file used, if you use lockpick your file should be fine to restore version 1.0.0, you could try it and see if you can boot your switch, just make sure to use --noexfat when building the firmware and use a fat32 formatted card, good luck my friend
 
Last edited by Alerappo,
  • Like
Reactions: daVid0n

daVid0n

Member
Newcomer
Joined
Jul 8, 2020
Messages
20
Trophies
0
Age
60
XP
74
Country
Australia
yeah, I already thought about trying to flash with 1.0.0 release-version once more, and I will give it another try, but honestly I don't see why it should behave any different from all the other firmwares I have manually installed via ChoiDuJour. Already tried with 6.0.0, 6.0.1 and 6.1.0 several times.
My keys are fine, I had also a very experienced guy doing a built with 6.1.0 on his own with my keys and I flashed it - still stuck on flashing atmosphere logo.
I think I might have to talk to the atmosphere guys and ask them for any helpful information about this 1.0.0-7 pre-release version. There might be sth. still different, I don't know.
 

Alerappo

Member
Newcomer
Joined
Jul 4, 2020
Messages
18
Trophies
0
Age
38
XP
87
Country
Italy
yeah, I already thought about trying to flash with 1.0.0 release-version once more, and I will give it another try, but honestly I don't see why it should behave any different from all the other firmwares I have manually installed via ChoiDuJour. Already tried with 6.0.0, 6.0.1 and 6.1.0 several times.
My keys are fine, I had also a very experienced guy doing a built with 6.1.0 on his own with my keys and I flashed it - still stuck on flashing atmosphere logo.
I think I might have to talk to the atmosphere guys and ask them for any helpful information about this 1.0.0-7 pre-release version. There might be sth. still different, I don't know.


There is another thing you can try, download auto xbins (look for it on google the antivirus may report it but it is safe), start it and wait for the connection to be established (it may take a few minutes) when you see the folders go to / SWITCH / CFW / _CFW Tools / Unbrick Your Switch Pack /, download the 7z file, unzip it and follow the instructions contained in the Brief_instructions.txt file. It is a firmware 6.2 pre-built with a boot0 / 1 restorer, I hope it can work
 
  • Like
Reactions: daVid0n

daVid0n

Member
Newcomer
Joined
Jul 8, 2020
Messages
20
Trophies
0
Age
60
XP
74
Country
Australia
extremely interesting Alerappo, thank you very much for these incredible hints!!! I was like: a 6.2.0 what the heck? awesome!!

I did all the steps successfully - now the console is able to boot atmosphere, then nintendo logo appears for three seconds, but then still just a blackscreen. I will give it some more tries soon - at least I am one step further now - this is really getting more and more interesting :D

Keep you updated, if I'd succeed any time. nice post, though, mate!
 
  • Like
Reactions: Alerappo and dj_d2

dj_d2

Member
Newcomer
Joined
Jul 6, 2020
Messages
13
Trophies
0
Age
34
XP
115
Country
Spain
extremely interesting Alerappo, thank you very much for these incredible hints!!! I was like: a 6.2.0 what the heck? awesome!!

I did all the steps successfully - now the console is able to boot atmosphere, then nintendo logo appears for three seconds, but then still just a blackscreen. I will give it some more tries soon - at least I am one step further now - this is really getting more and more interesting :D

Keep you updated, if I'd succeed any time. nice post, though, mate!
Try it because mine is working now!!! good job!
 

Alerappo

Member
Newcomer
Joined
Jul 4, 2020
Messages
18
Trophies
0
Age
38
XP
87
Country
Italy
extremely interesting Alerappo, thank you very much for these incredible hints!!! I was like: a 6.2.0 what the heck? awesome!!

I did all the steps successfully - now the console is able to boot atmosphere, then nintendo logo appears for three seconds, but then still just a blackscreen. I will give it some more tries soon - at least I am one step further now - this is really getting more and more interesting :D

Keep you updated, if I'd succeed any time. nice post, though, mate!
I'm glad to hear that, keep trying I'm sure you will be able to solve, try also to restore the nand and repeat the procedure, but before copying the archive folders to the system and user partitions, delete all the files and folders you have inside the partitions of your switch (PRF2SAFE.RCV too)

--------------------- MERGED ---------------------------

Try it because mine is working now!!! good job!
Awesome, good job my friend
 
Last edited by Alerappo,
  • Like
Reactions: daVid0n

daVid0n

Member
Newcomer
Joined
Jul 8, 2020
Messages
20
Trophies
0
Age
60
XP
74
Country
Australia
did a few more NAND restores and with this method now I am always getting until atmopshere logo (all folders cleared from every data before copying the 6.2.0 files, also PRF2SAFE.RCV files in SAFE, SYSTEM and USER was killed), then nintendo logo for 3 seconds, but then I am still stuck with blackscreen :/.
also tried the BOOT_REPAIR_PACKAGE found in xbins, but when flashing those "keyblob_killer" boot partitions, it won't boot at all ("key verification error"). Not sure what I am doing there, so I returned to the described boot loaders.
But there is still something missing I guess - feels like just one last tiny step :D
Won't give up, but without ideas for the moment, once again.

Will try again with keeping the PRF2SAFE.RCV file in SAFE partition, as you didn't mention killing this one.
It is the only file stored in the SAFE partition of my NAND backup, though. Let's see
 
Last edited by daVid0n,

dj_d2

Member
Newcomer
Joined
Jul 6, 2020
Messages
13
Trophies
0
Age
34
XP
115
Country
Spain
did a few more NAND restores and with this method now I am always getting until atmopshere logo (all folders cleared from every data before copying the 6.2.0 files, also PRF2SAFE.RCV files in SAFE, SYSTEM and USER was killed), then nintendo logo for 3 seconds, but then I am still stuck with blackscreen :/.
also tried the BOOT_REPAIR_PACKAGE found in xbins, but when flashing those "keyblob_killer" boot partitions, it won't boot at all ("key verification error"). Not sure what I am doing there, so I returned to the described boot loaders.
But there is still something missing I guess - feels like just one last tiny step :D
Won't give up, but without ideas for the moment, once again.

Will try again with keeping the PRF2SAFE.RCV file in SAFE partition, as you didn't mention killing this one.
It is the only file stored in the SAFE partition of my NAND backup, though. Let's see
how many efuses you have burned?
 

daVid0n

Member
Newcomer
Joined
Jul 8, 2020
Messages
20
Trophies
0
Age
60
XP
74
Country
Australia
I am not sure, but I guess 11 - last OFW was 9.x.x, so this amount of fuses would make sense, at least.
I guess I would need a NAND fw from 9.x.x too?
What was yours before / how many fuses do you have burnt?

Is there a way to create a NAND with ChoiDuJourNX on a working switch and extract these files to use them for the bricked switch?
 
Last edited by daVid0n,

dj_d2

Member
Newcomer
Joined
Jul 6, 2020
Messages
13
Trophies
0
Age
34
XP
115
Country
Spain
my switch haved
I am not sure, but I guess 11 - last OFW was 9.x.x, so this amount of fuses would make sense, at least.
I guess I would need a NAND fw from 9.x.x too?
What was yours before / how many fuses do you have burnt?

Is there a way to create a NAND with ChoiDuJourNX on a working switch and extract these files to use them for the bricked switch?
yep, you need the firmware to launch the OFW, and from there, you can update... i have 13 fuses burnt, so i needed the firmware 10.0.0 to 10.0.4 to make it work.
 

daVid0n

Member
Newcomer
Joined
Jul 8, 2020
Messages
20
Trophies
0
Age
60
XP
74
Country
Australia
you mean updating to 10.x using ChoiNX?
I just have the 6.2.0 firmware-files from Alerappos post and by flashing that, mine still won't boot. So I thought, I might have to flash a 9.x or 10.x via HacDiskMount, but I have no idea how to get my hands on those offline firmware files..
 

Alerappo

Member
Newcomer
Joined
Jul 4, 2020
Messages
18
Trophies
0
Age
38
XP
87
Country
Italy
you mean updating to 10.x using ChoiNX?
I just have the 6.2.0 firmware-files from Alerappos post and by flashing that, mine still won't boot. So I thought, I might have to flash a 9.x or 10.x via HacDiskMount, but I have no idea how to get my hands on those offline firmware files..

You can try to upgrade to 8.10 with this modded version of choidoujour
https://github.com/D3fau4/ChoiDujour/releases
Good luck
 

daVid0n

Member
Newcomer
Joined
Jul 8, 2020
Messages
20
Trophies
0
Age
60
XP
74
Country
Australia
hekate -> Console Info -> HW & Fuses says:

Burnt Fuses (0DM 7/6): 11 - 0

So I guess the answer would be 11 fuses burnt.
And where do you get these firmware files from? How could I generate them?
Thank you in advance, though
 

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
    LeoTCK @ LeoTCK: yes for nearly a month i was officially a wanted fugitive, until yesterday when it ended