Homebrew Question running memloader on v1 ipatched sx core switch

[Rebeca]

I ran incognito on a v1 ipatched switch without a nand backup and bricked it. I had given up fixing it for now until I realized that I could run most payloads on it, including Hekate and memloader. Problem is, whenever I try to mount emmc via usb my PC gives a "Unknown USB device (device descriptor request failed)". I have tried uninstalling on the device manager multiple times, but it doesn't work. I know the problem is not my PC or cable since I have an unpatched switch and I'm able to mount it easily. Is there any way to get memloader to run? I can't seem to be able to downgrade/restore my nand without it.

 

[andrew93752]

Do you have the Zadig Driver installed?

 

[Rebeca]

I do

 

[DragarX]

Don't quote me on this but I'm pretty sure this won't work due to the tegra usb exploit being patched and therefore not allowing any communication with your switch through rcm over usb.

 

[HenryMin]

Ipatched unit uses xusb, so memloader may not work. Did you try hekate UMS?

 

[DragarX]

I'd suggest try this payload with the files placed on your sd. Should allow you to copy the files from sd to nand using only your switch.

https://github.com/suchmememanyskill/TegraExplorer

 

[Rebeca]

Ipatched unit uses xusb, so memloader may not work. Did you try hekate UMS?

Yes, I get timed out or disconnected every time.

--------------------- MERGED ---------------------------

I'd suggest try this payload with the files placed on your sd. Should allow you to copy the files from sd to nand using only your switch.

https://github.com/suchmememanyskill/TegraExplorer

TegraExplorer does run fine. I'm trying to follow the manual downgrade guide though, but I assume that's not possible for me now, right?

 

[HenryMin]

https://suchmememanyskill.github.io/guides/unbrick/#mmc-rebuild

I think you should read this guide, and it doesn't require to use memloader/UMS.
Choidujour downgrade guide is outdated.

 

[Rebeca]

https://suchmememanyskill.github.io/guides/unbrick/#mmc-rebuild

I think you should read this guide, and it doesn't require to use memloader/UMS.
Choidujour downgrade guide is outdated.

Will the system restore script activate autorcm? The guide says that following it will activate autorcm?

I'm getting errcode 13, dsc No Fat when dumping firmware on TegraExplorer.

Tried running EmmcHaccGen with my other switch's firmware dump (they were both on 10.2) and got "Unable to create NCA class. Is your keyset file valid?"

On another note, lockpick_rcm only managed to get 81 keys. It showed "unable to derive package2 key" and "missing fs keys. skipping es/ssl keys".

 

[HenryMin]

Will the system restore script activate autorcm? The guide says that following it will activate autorcm?

I'm getting errcode 13, dsc No Fat when dumping firmware on TegraExplorer.

Tried running EmmcHaccGen with my other switch's firmware dump (they were both on 10.2) and got "Unable to create NCA class. Is your keyset file valid?"

On another note, lockpick_rcm only managed to get 81 keys. It showed "unable to derive package2 key" and "missing fs keys. skipping es/ssl keys".

You don't need to dump firmware, just get it from other source
AFAIK you can disable autorcm using NXNandManager, so open BOOT0.bin (generated by emmchaccgen or Choidujour), and disable autorcm, then falsh it using the tegraexplorer script.

 

[Rebeca]

You don't need to dump firmware, just get it from other source
AFAIK you can disable autorcm using NXNandManager, so open BOOT0.bin (generated by emmchaccgen or Choidujour), and disable autorcm, then falsh it using the tegraexplorer script.

Ok. Can't get EmmcHaccGen to work with my prod.keys though. They are fine, I've tested them on NxNandManager, but I get "Error: Unable to decrypt NCA header. The file is not an NCA file or the header key is incorrect." on EmmcHaccGen for some reason.

Update: Managed to get EmmcHaccGen to work by using the latest release of Lockpick RCM, performed system restore via Tegra Explorer, still stuck on the Nintendo Switch Joycon screen.

 

[DragarX]

Ok. Can't get EmmcHaccGen to work with my prod.keys though. They are fine, I've tested them on NxNandManager, but I get "Error: Unable to decrypt NCA header. The file is not an NCA file or the header key is incorrect." on EmmcHaccGen for some reason.

Update: Managed to get EmmcHaccGen to work by using the latest release of Lockpick RCM, performed system restore via Tegra Explorer, still stuck on the Nintendo Switch Joycon screen.

Do you not have a working joycon or rail? This guide should help if that's the case.
https://gbatemp.net/threads/how-to-skip-the-connect-joycons-system-init-screen.559745/

also you may not have seen this, but if these caps are damaged it will cause you to be stuck on that screen too
https://ibb.co/qRrrm97

 

[Rebeca]

Do you not have a working joycon or rail? This guide should help if that's the case.
https://gbatemp.net/threads/how-to-skip-the-connect-joycons-system-init-screen.559745/

also you may not have seen this, but if these caps are damaged it will cause you to be stuck on that screen too
https://ibb.co/qRrrm97

I'm sorry, I mispoke. By joycon screen I meant the nintendo switch logo screen. My bad.

 

[DragarX]

I'm sorry, I mispoke. By joycon screen I meant the nintendo switch logo screen. My bad.

No worries. Are you trying to boot official or custom firmware now?

 

[Rebeca]

No worries. Are you trying to boot official or custom firmware now?

I've tried both. Neither Atmosphere nor SX OS boots. Official firmware is also stuck on the logo screen.

 

[DragarX]

I've tried both. Neither Atmosphere nor SX OS boots. Official firmware is also stuck on the logo screen.

did you run the system wipe script after injecting your new firmware?

 

[Rebeca]

did you run the system wipe script after injecting your new firmware?

Ah. That might be the problem. When I try to run the system wipe script I get "Mounting SYSMMC... System failed to mount!". I've tried formatting the SD Card in both ExFat and Fat32, tried injecting Tegra Explorer from both the SX OS menu and Hekate. This one script won't run. When I try to acess Emmc on Tegra Explorer I also get an error, "err code: 13 dsc: NO FAT".

 

[DragarX]

Ah. That might be the problem. When I try to run the system wipe script I get "Mounting SYSMMC... System failed to mount!". I've tried formatting the SD Card in both ExFat and Fat32, tried injecting Tegra Explorer from both the SX OS menu and Hekate. This one script won't run. When I try to acess Emmc on Tegra Explorer I also get an error, "err code: 13 dsc: NO FAT".

That would seem to indicate that the keys you have are incorrect. Either the dump was incorrect or maybe your keys are corrupt.

 

[Rebeca]

That would seem to indicate that the keys you have are incorrect. Either the dump was incorrect or maybe your keys are corrupt.

I was running into this error before even performing the system restore. Nonetheless, is there any way to check the integrity of my keys?
Edit: I was looking at my Prodinfo in HxD and I realized that Incognito did work and at offset 0x0250 where my system's serial number should be it shows XAW00000000000. Now, if my switch was unpatched I'm fairly certain this wouldn't stop it from booting, but as it is, could this be the cause of the brick?

 

[DragarX]

I was running into this error before even performing the system restore. Nonetheless, is there any way to check the integrity of my keys?
Edit: I was looking at my Prodinfo in HxD and I realized that Incognito did work and at offset 0x0250 where my system's serial number should be it shows XAW00000000000. Now, if my switch was unpatched I'm fairly certain this wouldn't stop it from booting, but as it is, could this be the cause of the brick?

That's what incognito is meant to do so that shouldn't cause a brick. You could manually input your actual serial and see if that helps, but I can't see it fixing anything.

I'm not sure how you can verify your keys. If your keys are incorrect though, you will not be able to restore or repair a backup.