Hardware Un/patched Switch ?

[dotmehdi]

Hello everyone, while seeking for new Switches to hack, I've found a model that surprised me :

- When checking his S/N on ismyswitchpatched and other website, I found out that it had no chances to be unpatched,
- Still, I tried to run a payload just in case : it worked !
- The Switch is also able to run Hekate and CFWs
- SX OS runs perfectly up until the latest version
- AMS has been running perfectly up until version 0.12.0, the more recent versions leave me with a black scree

The problem is that I can't update the Switch to 10.x since AMS doesn't run on it anymore, and I feel like this problem is related to the NAND decryption of the console : I've been dumping the BIS keys of the console with both Hekate and NxNand, and still I cannot decrypt my NAND backups in any way. I also had a problem while trying to use Incognito_RCM, the payload was never able to work on it and I had to use the nro version of Incognito.

Is it possible that this model is a hybrid that is vulnerable to the RCM exploit but has a different way of encryption for its NAND ?

If needed, I can give you more informations about this very unique model

Thank you all for reading

 

[Sneethan]

Try daybreak. I believe its built into atmosphere. Search it on yt or something

 

[dotmehdi]

Try daybreak. I believe its built into atmosphere. Search it on yt or something

Daybreak is useful when it comes to update HorizonOS. Sadly, in my case, I cannot update Atmosphère, not HOS. Plus, AMS 14 is needed to use this tool, and as I said, I can't go upper than AMS 12.

If I update to 10.1 and launch SXOS, it boots instantly, but AMS will give me a black screen after showing me the bootlogo.

 

[Lacius]

Daybreak is useful when it comes to update HorizonOS. Sadly, in my case, I cannot update Atmosphère, not HOS. Plus, AMS 14 is needed to use this tool, and as I said, I can't go upper than AMS 12.

If I update to 10.1 and launch SXOS, it boots instantly, but AMS will give me a black screen after showing me the bootlogo.

Are you deleting the atmosphere and sept folders on your SD card before transferring over the new versions? Are you booting the system using the latest fusee-primary?

 

[dotmehdi]

Are you deleting the atmosphere and sept folders on your SD card before transferring over the new versions? Are you booting the system using the latest fusee-primary?

I have followed a specific protocol to see what is the latest compatible version with this Switch : format to FAT32 > install Hekate & AMS > Boot.

I'm not a dev or an engineer, but I feel like AMS fails to decrypt the content of the NAND maybe... I don't know

As I said before, the Switch is referred as patched, still it's vulnerable to the RCM exploit and can boot any payload this way

 

[Deleted User]

I have followed a specific protocol to see what is the latest compatible version with this Switch : format to FAT32 > install Hekate & AMS > Boot.

I'm not a dev or an engineer, but I feel like AMS fails to decrypt the content of the NAND maybe... I don't know

As I said before, the Switch is referred as patched, still it's vulnerable to the RCM exploit and can boot any payload this way

Both work on 10.1.0

Grab new atmos
Grab new atmos patches

WIll boot - Atmos logo lags a bit but boots

TX SX grab

Boot.dat
Payload.bin if needed

If black screen then try fat 32 card to make sure

 

[dotmehdi]

Both work on 10.1.0

Grab new atmos
Grab new atmos patches

WIll boot - Atmos logo lags a bit but boots

TX SX grab

Boot.dat
Payload.bin if needed

If black screen then try fat 32 card to make sure

It's not about sigpatches, the Switch just doesn't boot at all. It get to the bootlogo and then just crashes and gives me a black screen. I never use exFAT on my cards, only FAT32.

With SX, I just have to put boot.dat and it boots perfectly.

I've tried booting created emuNANDs also, but it doesn't work at all.

Also, I can't get to decrypt the raw backup with the dumped keys.

 

[Deleted User]

It's not about sigpatches, the Switch just doesn't boot at all. It get to the bootlogo and then just crashes and gives me a black screen. I never use exFAT on my cards, only FAT32.

With SX, I just have to put boot.dat and it boots perfectly.

I've tried booting created emuNANDs also, but it doesn't work at all.

Also, I can't get to decrypt the raw backup with the dumped keys.

Make sure card is fresh
Try another card

 

[Lacius]

It's not about sigpatches, the Switch just doesn't boot at all. It get to the bootlogo and then just crashes and gives me a black screen. I never use exFAT on my cards, only FAT32.

With SX, I just have to put boot.dat and it boots perfectly.

I've tried booting created emuNANDs also, but it doesn't work at all.

Also, I can't get to decrypt the raw backup with the dumped keys.

Follow these troubleshooting steps:

1. Make sure the SD card is FAT32.
2. Remove all CFW files/folders from your SD card (that would be folders like /sept/ and /atmosphere/)
3. Download the latest Atmosphere
4. Download the latest fusee-primary (next to Atmosphere)
5. Put Atmosphere onto your SD card
6. Put the SD into your Switch
7. Enter RCM
8. Launch Atmosphere using fusee-primary

What happens? If it doesn't work, try a different SD card. If it still doesn't work, you might want to contact SciresM. This all reminds me of what happened in this thread:
https://gbatemp.net/threads/my-switch-is-a-2019-v6-2-0-xaj4008278-unpatched-unit.546996/

https://github.com/Atmosphere-NX/Atmosphere/commit/600d68bd1aa6f13b47b1482e48110b2e3c2684ed

 

[dotmehdi]

Thank you guys for your help, but I really don't beleive that it's an SD Card or installation issue. I'll try to contact SciresM and I'll update this topic if I get an answer from him

 

[LapCheong]

sd card might be corrupted. Done alot of switches installation in the past. Make sure you try hekate partition, for some reason my sd card keep corrupting. Genuine samsung sd card

 

[SheriffBuck]

Hello everyone, while seeking for new Switches to hack, I've found a model that surprised me :

- When checking his S/N on ismyswitchpatched and other website, I found out that it had no chances to be unpatched,
- Still, I tried to run a payload just in case : it worked !
- The Switch is also able to run Hekate and CFWs
- SX OS runs perfectly up until the latest version
- AMS has been running perfectly up until version 0.12.0, the more recent versions leave me with a black scree

The problem is that I can't update the Switch to 10.x since AMS doesn't run on it anymore, and I feel like this problem is related to the NAND decryption of the console : I've been dumping the BIS keys of the console with both Hekate and NxNand, and still I cannot decrypt my NAND backups in any way. I also had a problem while trying to use Incognito_RCM, the payload was never able to work on it and I had to use the nro version of Incognito.

Is it possible that this model is a hybrid that is vulnerable to the RCM exploit but has a different way of encryption for its NAND ?

If needed, I can give you more informations about this very unique model

Thank you all for reading

Does the SN reported in software match the physical serial on the case? May have had a board swap in the past....

Sent from my SM-G975F using Tapatalk