Tutorial  Updated

Switch Unbricking Guide - ProdInfo Fix (PikaFix)

This is an advanced tutorial.Follow this guide at your own risk. I am not responsible if you mess up your switch even more. This Tutorial has only been tested on a RCM Switch. This has not been tested on switch lite, oled or redbox mariko units with chips

The idea of this tutorial is to fix PikaBrick ergo PikaFix, however it can be used for any broken Prodinfo bricks.
This fix *** WILL NOT*** allow you to go online.
The provided files have already had Incognito pre-applied to them.
**METHOD 1 IS THE EASIEST**
Methods 2 and 3 will wipe your previous user partition.
Methods 2 and 3 are now deprecated



Requirements

To follow this tutorial you will need a few things:
ALL METHODS

Your bricked consoles biskeys - Obtain with lockpick_rcm
Your bricked RMC vulnerable switch
A computer/laptop
HacDiskMount or NXNandManager
Hekate Nyx
Atmosphere

Method 1
Prodinfo_Gen
Donor Prodinfo File (or use your own donor)

Methods 2 and 3 - DEPRECATED
PikaFix Pack from xbins or the mirror links (Mirror 1, Mirror 2, Mirror 3)
xbins file location - /SWITCH/PC based software/Utilities/pikabricker repair pack
My custom exosphere.bin file
NXNandManager (Method 2)
Etcher
TegraExplorer

This tutorial has three methods. Method 1 is recommended as Methods 2 and 3 are no longer updated.
Please follow your preferred method and following the appropriate booting section of the guide. I have written this guide as I was following the provided steps.

Before You Start


A few things before you start
  • Make a rawnand and boot0/1 backup, just in case, please? It's how you got into this mess in the first place.
  • Please read the guide carefully and if you have any questions ask them in the thread...

Repair Method 1DEPRECATED


  1. Repair Method 1: ProdInfo_Gen + HacDiskMount OR NXNANDMANAGER

    • Place the donor_prodinfo.bin on your microSD card in the switch folder (SD:/switch/donor_prodinfo.bin)
    • Put your switch in RCM
    • Inject prodinfo_gen.bin
    • Choose 'Build PRODINFO file from donor
    • Reboot to RCM
    • Inject the latest hekate (make sure you have all the hekate files on your microSD card)
    • Press Tools
    • Press USB Tools
    • Press SD Card
    • On your pc copy "generated_prodinfo_from_donor.bin" in the switch folder your desktop
    • Eject your microSD Card
    • Turn 'Read Only' to off
    • Press eMMC RAW GPP
    • On your PC open your Nand Manager of choice, either HacDiskMount or NXNandManager, I'll be using the latter
    • Configure your keys from the prod.keys you got from your bricked console
    • Open physical drive and choose your switch's emmc
    • Highlight prodinfo
    • press restore
    • choose the bin you copied to your dekstop
    • resave your keyset
    • Close
    • boot atmosphere

  2. Method 2Method 3


    1. Nand Repair Method 2: NXNandManger + HacDiskMount


      • Extract the contents of the PikaFix Pack archive to your desktop
      • Place the sept folder and hekate bootloader folder and the contents of the "to sd" folder in the PikaFix archive onto the root of your microSD card
      • Inject lockpick_rcm and run it to generate your prod.keys file
      • Place your switch into RCM and inject the hekate bin file
      • Navigate to Tools > USB Tools
      • Select "SD Card"
      • Open your mounted SD card and copy your prod.keys files from your sd card to your desktop
      • Eject your microsd card in windows
      • select "eMMC RAW GPP" (sysNand) - Set read only to off
      • Open NXNand Manager
      • Press Ctrl+D or press File > Open Drive
      • Choose your nand
      • Press Ctrl+K or Click Options > Configure Keyset
      • Choose your prod.keys you copied to your desktop
      • Press Save
      • You will notice it will say Bad Crypto and Keyset Needed, this is normal.
      1. Click Prodinfo then click the following Icon View attachment 235857
      2. Choose Prodinfo.bin from the files you extracted
      3. Press yes on the restore prompt
      4. Close the transfer box
      • Repeat Steps 1 - 4 for the ProdInfoF, Safe and System Partitions
      • Do the same restore process for the BPKG2 partitions
      • Close NXNandManager
      • Run HacDiskMount as an Administrator
      • Open your mounted drive
      • Double click on system, install the driver and mount the partition to a drive letter
      • Navigate to the save folder and delete everything EXCEPT 8000000000000120
      • Unmount the drive
      • Close HacDiskMount and open Etcher
      • Unmount "eMMC RAW GPP" and Mount "BOOT 0" - you may need to unplug the switch from the usb and replug it to continue
        DO NOT CLICK FORMAT - Just close the popup box(s)
      • Choose the boot0.bin file from the Nand files on your desktop
      • Choose your mounted boot0 drive
      • Flash it
      • Repeat for Boot1
      • Reboot to RCM
      • Launch tegra explorer.bin
      • Navigate to the "_FWGEN" folder and run the systemRestore.te script and follow the on screen prompts
      • Reboot back to RCM and relaunch tegra explorer
      • Navigate back to the "_FWGEN" folder and this time run the systemwipe.te script and follow the on screen instructions
      • Reboot back to rcm
      • Proceed to boot section of guide

    2. Nand Repair Method 3: HacDiskMount


      • Extract the contents of the PikaFix Pack archive to your desktop
      • Place the sept folder and hekate bootloader folder and the contents of the "to sd" folder in the PikaFix archive onto the root of your microSD card
      • Inject lockpick_rcm and run it to generate your prod.keys file
      • Place your switch into RCM and inject the hekate bin file
      • Navigate to Tools > USB Tools
      • Select "SD Card"
      • Open your mounted SD card and copy your prod.keys files from your sd card to your desktop
      • Eject your microsd card in windows
      • select "eMMC RAW GPP" (sysNand) - Set read only to off
      • Run HacDiskMount as an Administrator
      • Open your eMMC from physical drives
      • Open your prod.keys
      1. Double click Prodinfo
      2. Enter your biskeys
      3. Test them
      4. Save them
      5. Restore Prodinfo from the Prodinfo.bin file in Nand files on your desktop from the PikaFix files you extracted
      • Repeat steps 1-5 for ProdInfoF, Safe, and System Partitions
      • Double click on each of the BCPKG2 files and restore them from the provided files
      • Double click on system, install the driver and mount the partition to a drive letter
      • Navigate to the save folder and delete everything EXCEPT 8000000000000120
      • Unmount the drive
      • Close HacDiskMount and open Etcher
      • Unmount "eMMC RAW GPP" and Mount "BOOT 0" - you may need to unplug the switch from the usb and replug it to continue
        DO NOT CLICK FORMAT - Just close the popup box(s)
      • Choose the boot0.bin file from the Nand files on your desktop
      • Choose your mounted boot0 drive
      • Flash it
      • Repeat for Boot1
      • Reboot to RCM
      • Launch tegra explorer.bin
      • Navigate to the "_FWGEN" folder and run the systemRestore.te script and follow the on screen prompts
      • Reboot back to RCM and relaunch tegra explorer
      • Navigate back to the "_FWGEN" folder and this time run the systemwipe.te script and follow the on screen instructions
      • Reboot back to rcm
      • Proceed to boot section of guide



Booting Method 1

Download latest atmosphere and launch fusee.bin

Booting method 2 and 3


    • Remount the microSD Card with hekate
    • Copy my modified exosphere.bin to your atmosphere folder on your microSD card
    • For launching with Hekate add the following line to your hekate_ipl.ini
    'secmon=atmosphere/exosphere.bin'​

    [config]​
    autoboot=0​
    autoboot_list=0​
    bootwait=3​
    verification=2​
    backlight=100​
    autohosoff=1​
    autonogc=1​
    {-- Custom Firmwares --}​
    [HekAtmosphere]​
    fss0=atmosphere/package3​
    kip1patch=nosigchk​
    atmosphere=1​
    secmon=atmosphere/exosphere.bin​

    • For launching with Fusee-primary add the following lines to atmosphere/config/BCT.ini (UPDATE FOR NEW RELEASE)

      [stage2]
      exosphere = atmosphere/exosphere.bin
    BCT0​
    [stage1]​
    stage2_path = atmosphere/fusee-secondary.bin​
    stage2_mtc_path = atmosphere/fusee-mtc.bin​
    stage2_addr = 0xF0000000​
    stage2_entrypoint = 0xF0000000​
    [stage2]​
    exosphere = atmosphere/exosphere.bin​


  • Unmount your microSD card, and proceed to launch with your now working switch
Credits
SciresM and the ReSwitched team for Atmosphere
PabloZaiden for their deviceid exosphere builder
Rajkosto for HacDiskMount
Eliboa for NXNandManager
SuchMemeManySkill for eMMC Hacc Gen and TegraExplorer
CTCaer for Hekate
Shchmue for Lockpick_RCM
ScandalUK for Incognito_RCM
Anyone else who helped out on these projects
Linuxares for help with Method 2

Finally I would like to have a massive thanks to
Anonymous who donated their nand to me for experimenting with and saying it can be used publicly for this fix
 
Last edited by Adran_Marit,

dlh

Member
Newcomer
Joined
Apr 17, 2021
Messages
18
Trophies
0
Age
64
XP
203
Country
United States
Give me a bit, or try one of the other methods

Whenever you can get to it is fine, Adran. I appreciate any help from the experienced folks here!

I went back to the beginning, even downloaded a new copy of Pikafix archive, and used Method 1 this time as well as everything I've learned from Simplemememanyskills guide as well as the guide in this post.

Every step worked fine, all results and messages were as expected, no errors. Used the patches.ini file mentioned in a previous post and copied the .ini contents from the Boot section of this guide.

And unfortunately still no boot. I see the Hekate ipl flash screen then black screen. No Nintendo flash screen, just a black screen. I even let it sit here while typing this up, about 5 minutes so far, and then tapped the power switch - it was on but still black - had to hold the power switch for 10 seconds then tapped it and it auto-rcm'd and loaded hekate from my dongle again.

Any ideas or direction would be much appreciated. All i know about the switch is it had an SXOS dongle on it when i bought it but no SD card, and the seller had used pictures of it booted into SXOS as part of the sale.
Thanks in advance!
Dave
 

dlh

Member
Newcomer
Joined
Apr 17, 2021
Messages
18
Trophies
0
Age
64
XP
203
Country
United States
Whenever you can get to it is fine, Adran. I appreciate any help from the experienced folks here!

I went back to the beginning, even downloaded a new copy of Pikafix archive, and used Method 1 this time as well as everything I've learned from Simplemememanyskills guide as well as the guide in this post.

Every step worked fine, all results and messages were as expected, no errors. Used the patches.ini file mentioned in a previous post and copied the .ini contents from the Boot section of this guide.

And unfortunately still no boot. I see the Hekate ipl flash screen then black screen. No Nintendo flash screen, just a black screen. I even let it sit here while typing this up, about 5 minutes so far, and then tapped the power switch - it was on but still black - had to hold the power switch for 10 seconds then tapped it and it auto-rcm'd and loaded hekate from my dongle again.

Any ideas or direction would be much appreciated. All i know about the switch is it had an SXOS dongle on it when i bought it but no SD card, and the seller had used pictures of it booted into SXOS as part of the sale.
Thanks in advance!
Dave

Some Progress: it occurred to me that now the NAND was writing without issues (which stopped the original guide and convinced me to buy a new EMMC card) so maybe Such Meme, Many Skill's guide (Switch Unbrick Guide, MMC Rebuild section) and indeed it executed without issues. This guide uses Sysrestore and Syswipe Tegra scripts and a NAND from EMMCHaccGen using my keys.

And now i can boot through Atmosphere to the Switch logo screen! But then it stalls there...

So what issues cause the boot to stall at the Switch logo, versus before when i only got to the Nintendo flash screen?

I'll keep researching and trying things but wanted to update with progress!
thanks in advance for any suggestions offered!
Dave
 

dlh

Member
Newcomer
Joined
Apr 17, 2021
Messages
18
Trophies
0
Age
64
XP
203
Country
United States
One more clue - every time it hangs on the Switch Logo screen, it takes longer to get it to power off and then it is out of AutoRCM - i have to use the jig and volume up to boot back to Hekate from my dongle. BUT Hekate reports it is still in AutoRCM!

Not sure if this means anything or will help solve the (hopefully final) step in the unbricking process but thought i should share.
FYI
Dave
 

Adran_Marit

Walküre's Hacker
OP
Member
Joined
Oct 3, 2015
Messages
3,781
Trophies
1
Location
42*South
XP
4,538
Country
Australia
Okay so if it's the actual nintendo switch boot shen that's normally a sign of a broken prodinfo.

Is this using the flashed prodinfo provided in the guide? Is this using the custom exosphere?

Also I need to update the exosphere to be parallel with the latest release so that might be it? what version of atmosphere are you using?
 

dlh

Member
Newcomer
Joined
Apr 17, 2021
Messages
18
Trophies
0
Age
64
XP
203
Country
United States
Okay so if it's the actual nintendo switch boot shen that's normally a sign of a broken prodinfo.

Is this using the flashed prodinfo provided in the guide? Is this using the custom exosphere?

Also I need to update the exosphere to be parallel with the latest release so that might be it? what version of atmosphere are you using?

Good morning
This is using the prodinfo (and everything else) from emmchaccgen. I tried booting with your modified exosphere and the ini files that go with it and get black screen, no logos at all. But with the other SD card (same configuration as my other hacked switch, Hekate 5.5.5 and Atmosphere 18.1) it boots to the Switch logo. AND with no SD card and autoRCM turned off it boots normally and freezes at the same point - the Switch logo screen.

Last night i did some googling and opened it up to apply mechanical pressure to the wifi chip, nothing changed.

If you could update your exosphere i would greatly appreciate it! Or suggest what versions of NAND, Hekate, and Atmosphere i should use to be compatible and i'll redo the process.
Thanks Adran!
Dave

--------------------- MERGED ---------------------------

Adran, a few more thoughts and questions as i think about it being down to just Prodinfo:

Would a donor prodinfo from w working switch help? I have access to other hacked switches running 11.0.1/Hekate 5.5.4/Atmosphere 18.1 and even one (an accidental upgrade) running 12.0;0/Hekate 5.5.5/Atmosphere 19.1. I could dump prodinfo from any of those using their keys and then restore using the bricked machine keys. Or run a whole NAND through EMCCHaccGen if needed.

Would restoring the donor prodinfo from your PikaFix archive help?

Would restoring the donor prodinfo from your archive and then running the same version you used of Hekate and Atmosphere (and your custom exosphere) help?

Once we get this thing to boot, is there a way to do a restoration or an update that would let it return to normal or will it always need CFW and special care?

I know you are the expert, just trying to help and to hone my own skills by learning through this process.
thanks Adran!
Dave
 

Adran_Marit

Walküre's Hacker
OP
Member
Joined
Oct 3, 2015
Messages
3,781
Trophies
1
Location
42*South
XP
4,538
Country
Australia
Good morning
This is using the prodinfo (and everything else) from emmchaccgen. I tried booting with your modified exosphere and the ini files that go with it and get black screen, no logos at all. But with the other SD card (same configuration as my other hacked switch, Hekate 5.5.5 and Atmosphere 18.1) it boots to the Switch logo. AND with no SD card and autoRCM turned off it boots normally and freezes at the same point - the Switch logo screen.

Last night i did some googling and opened it up to apply mechanical pressure to the wifi chip, nothing changed.

If you could update your exosphere i would greatly appreciate it! Or suggest what versions of NAND, Hekate, and Atmosphere i should use to be compatible and i'll redo the process.
Thanks Adran!
Dave

--------------------- MERGED ---------------------------

Adran, a few more thoughts and questions as i think about it being down to just Prodinfo:

Would a donor prodinfo from w working switch help? I have access to other hacked switches running 11.0.1/Hekate 5.5.4/Atmosphere 18.1 and even one (an accidental upgrade) running 12.0;0/Hekate 5.5.5/Atmosphere 19.1. I could dump prodinfo from any of those using their keys and then restore using the bricked machine keys. Or run a whole NAND through EMCCHaccGen if needed.

Would restoring the donor prodinfo from your PikaFix archive help?

Would restoring the donor prodinfo from your archive and then running the same version you used of Hekate and Atmosphere (and your custom exosphere) help?

Once we get this thing to boot, is there a way to do a restoration or an update that would let it return to normal or will it always need CFW and special care?

I know you are the expert, just trying to help and to hone my own skills by learning through this process.
thanks Adran!
Dave

Okay so there is a tool called prodinfo gen online, rename the prodinfo from the pikafix archive to donor_prodinfo.bin and place it in your sd card /switch folder, inject prodinfo gen, choose from donor, flash the new prodinfo and try the latest atmopshere release
 
  • Like
Reactions: hell_night

dlh

Member
Newcomer
Joined
Apr 17, 2021
Messages
18
Trophies
0
Age
64
XP
203
Country
United States
Okay so there is a tool called prodinfo gen online, rename the prodinfo from the pikafix archive to donor_prodinfo.bin and place it in your sd card /switch folder, inject prodinfo gen, choose from donor, flash the new prodinfo and try the latest atmopshere release

SUCCESS!
Did as you suggest above, followed the instructions on CaramelDunes github, and it BOOTS!
Plugged in a game card, it read fine and ACNH started normally for a new island.

Knowing it was prodinfo and not being sure if the other issues were outside prodinfo, i then restored prodinfo from the original backup i made right after receiving the switch, and it froze on the Switch logo. Restored the generated from donor file and it boots fine again.

I see the serial reports as all XAW1 and all zeroes - so I'm pretty sure i can't link an account or access any online services or updates. I see on that same github reference to generating a machine specific exosphere file that will spoof the serial - would that let me go online or link a Nintendo account?

THANK YOU so much for all your help, as well as all the contributors whose tools have made this possible!
Dave
 
  • Like
Reactions: Adran_Marit

Adran_Marit

Walküre's Hacker
OP
Member
Joined
Oct 3, 2015
Messages
3,781
Trophies
1
Location
42*South
XP
4,538
Country
Australia
SUCCESS!
Did as you suggest above, followed the instructions on CaramelDunes github, and it BOOTS!
Plugged in a game card, it read fine and ACNH started normally for a new island.

Knowing it was prodinfo and not being sure if the other issues were outside prodinfo, i then restored prodinfo from the original backup i made right after receiving the switch, and it froze on the Switch logo. Restored the generated from donor file and it boots fine again.

I see the serial reports as all XAW1 and all zeroes - so I'm pretty sure i can't link an account or access any online services or updates. I see on that same github reference to generating a machine specific exosphere file that will spoof the serial - would that let me go online or link a Nintendo account?

THANK YOU so much for all your help, as well as all the contributors whose tools have made this possible!
Dave

Not AFAIK, the machine-specific exosphere stuff, corresponds to a certain prod info. T
he donated prodinfo used was already incognitoed, so all updated need to be manually done
since we don't have nintendo signing stuff, we cannot generate a new certificate file which is what would allow online stuff
 

Charli

Well-Known Member
Member
GBAtemp Patron
Joined
Feb 16, 2011
Messages
105
Trophies
2
XP
1,402
Country
Germany
Hey there! I bricked my switch somewhere around a year ago and finally decided to try and fix it. But I don't know what prodinfo is and if my problem is a broken prodinfo (partition?) or sth else

I had been using Atmosphère on firmware 6.1.0. One day I connected my Switch to the Internet by accident and it downloaded an OS update. I was too lazy to delete the downloaded update and one day I clicked install by mistake.. :\

Since then I can't boot the CFW anymore. Hekate only shows "Failed to launch Firmware." when I try :(
What is actually broken and will the steps in the first post help me to resolve my problem?

I still have complete backups from before I updated from 4.1.0 to 6.1.0 and on the micro-sd there also seems to be an automatic prodinfo backup from Atmosphere.

Thanks for helping dummies like me that bricked their Switch x)
 
Last edited by Charli,

Adran_Marit

Walküre's Hacker
OP
Member
Joined
Oct 3, 2015
Messages
3,781
Trophies
1
Location
42*South
XP
4,538
Country
Australia
Hey there! I bricked my switch somewhere around a year ago and finally decided to try and fix it. But I don't know what prodinfo is and if my problem is a broken prodinfo (partition?) or sth else

I had been using Atmosphère on firmware 6.1.0. One day I connected my Switch to the Internet by accident and it downloaded an OS update. I was too lazy to delete the downloaded update and one day I clicked install by mistake.. :\

Since then I can't boot the CFW anymore. Hekate only shows "Failed to launch Firmware." when I try :(
What is actually broken and will the steps in the first post help me to resolve my problem?

I still have complete backups from before I updated from 4.1.0 to 6.1.0 and on the micro-sd there also seems to be an automatic prodinfo backup from Atmosphere.

Thanks for helping dummies like me that bricked their Switch x)

An update shouldn't have bricked the switch.

Have you formatted your sd card as fat32 and tried the latest release of atmosphere and hekate?
 
  • Like
Reactions: Charli

Charli

Well-Known Member
Member
GBAtemp Patron
Joined
Feb 16, 2011
Messages
105
Trophies
2
XP
1,402
Country
Germany
An update shouldn't have bricked the switch.

Have you formatted your sd card as fat32 and tried the latest release of atmosphere and hekate?

oh boy, yeah, all I needed was an updated Atmosphere... Now it works again! I don't know why I didn't think of that earlier... ‍*facepalm*

thank you! :)
 
  • Like
Reactions: Adran_Marit

Adran_Marit

Walküre's Hacker
OP
Member
Joined
Oct 3, 2015
Messages
3,781
Trophies
1
Location
42*South
XP
4,538
Country
Australia

ewabc886

Well-Known Member
Newcomer
Joined
Jul 11, 2018
Messages
84
Trophies
0
XP
392
Country
Hong Kong
From the rebuild of NAND I start thinking about the patched Switches
For example, solder a modchip on a patched Switch, then obtain its information like BOOT0 BOOT1 NAND
In theory, can we modify them so that we can boot without modchip installed?
After that 1 modchip can modify any number of patched switch
so the high modchip price no longer affect us
well, in theory
 
Last edited by ewabc886,

linuxares

The inadequate, autocratic beast!
Global Moderator
Joined
Aug 5, 2007
Messages
13,135
Trophies
2
XP
17,847
Country
Sweden
@Adran_Marit


This has a number of benefits, including:
  • This greatly simplifies key derivation logic by making it consistent on all firmwares.
    • Fusee no longer accesses/uses keyblobs at all, so units which have accidentally destroyed/lost keyblobs can boot without them.

From Atmosphere 0.20.0

Hmmmmmmm
 

Adran_Marit

Walküre's Hacker
OP
Member
Joined
Oct 3, 2015
Messages
3,781
Trophies
1
Location
42*South
XP
4,538
Country
Australia
@Adran_Marit


This has a number of benefits, including:
  • This greatly simplifies key derivation logic by making it consistent on all firmwares.
    • Fusee no longer accesses/uses keyblobs at all, so units which have accidentally destroyed/lost keyblobs can boot without them.

From Atmosphere 0.20.0

Hmmmmmmm

That's good for keyblobs, not mismatched prodinfo ;)

also 1.0.0 is close

--------------------- MERGED ---------------------------

From the rebuild of NAND I start thinking about the patched Switches
For example, solder a modchip on a patched Switch, then obtain its information like BOOT0 BOOT1 NAND
In theory, can we modify them so that we can boot without modchip installed?
After that 1 modchip can modify any number of patched switch
so the high modchip price no longer affect us
well, in theory

sadly it doesn't work like that, the chip uses voltage glitching between the emmc and soc and basically forces the payload to be accepted. SciresM and others have said the switch is a very secure system and the only reason we have what we do have is because of nvidia messing up.

long story short, the chip will still be needed because of how the system works
 

zorusgb

Well-Known Member
Newcomer
Joined
Dec 10, 2021
Messages
48
Trophies
0
Age
49
XP
142
Country
Bulgaria
I'm trying to fix my unpatched switch after it just wouldn't wake up one day (never modded before). It looks like dead emmc. So I got a blank emmc and followed all 3 methods and read all the discussions. Everything seem to go well until the very last step (method 3), system wipe through tegra explorer where I get: User failed to mount!
The switch goes to black screen splash screen when I try to launch Atmosphere and have to hold the power down to turn it off.
I noticed that the pikafix pack doesn't contain USER image and the guides mention nothing about that partition. Is this on purpose or am I missing something? The new emmc has a user partition, but that only because I used gptrestore when it was blank.
 

Attachments

  • Capture.PNG
    Capture.PNG
    526 KB · Views: 68

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
  • No one is chatting at the moment.
    K3Nv2 @ K3Nv2: Did you pee in the water