Hacking SWITCH NOOB PARADISE - Ask questions here

[binkinator]

(what I got online is that I can use Daybreak for emunand)

But say I use sysnand for online; I'd need to update using Nintendo's default updater for sysnand right?
and as long as I do that by using hekate when booting, the fuses are safe right?

(going online with ofw-hekate is also safe right? compared to genuine boot which burns fuses)

The only thing fuses do is prevent you from downgrading. You will never need to downgrade your Sysnand and can keep it update at all times if you’d like.

Hekate bypasses the fuse checking part so upgrade/downgrade for CFW on emunand is not impacted in any way. You can downgrade FW to 10.0, upgrade to 13.0 and then back to 9.0 with no issues using Daybreak on Atmosphere/Hekate on emunand.

bottom line: we don’t need to worry about fuses.

 

[Allen-R]

The only thing fuses do is prevent you from downgrading. You will never need to downgrade your Sysnand and can keep it update at all times if you’d like.

Hekate bypasses the fuse checking part so upgrade/downgrade for CFW on emunand is not impacted in any way. You can downgrade FW to 10.0, upgrade to 13.0 and then back to 9.0 with no issues using Daybreak on Atmosphere/Hekate on emunand.

bottom line: we don’t need to worry about fuses.

I guess I was just thinking about that extremely-small chance of a software hack that could maybe be discovered for lower firmwares in the future. (then again, my last firmware is pretty late on 10.1.0 but maybe...)

 

[Xehanort42]

Greetings! I haven't done anything since the 3ds hacking days. My questions are the following 2:

1) I have an OLED switch (can't install CFW there). If I get an older suitable used model, if the person has done the patches, can I revert and still install CFW?

2) Secondly, regarding pokemon legends: arceus. Is there a "safe" way to catch hacked mons and trade it over to my other switch? I'm asking since most CFW guides I've read claim you shouldn't connect to the servers, but I can do so locally?

Thanks in advance!

 

[Hayato213]

Greetings! I haven't done anything since the 3ds hacking days. My questions are the following 2:

1) I have an OLED switch (can't install CFW there). If I get an older suitable used model, if the person has done the patches, can I revert and still install CFW?

2) Secondly, regarding pokemon legends: arceus. Is there a "safe" way to catch hacked mons and trade it over to my other switch? I'm asking since most CFW guides I've read claim you shouldn't connect to the servers, but I can do so locally?

Thanks in advance!

CFW ain't permanent, so you just need a compatiable CFW unit and CFW files, as for pokemon goes you can trade over pokemon you edit via pkhex by trading locally.

 

[Allen-R]

Wait, I backed-up my nand and boot0/boot1 using SXOS, but should I also do that using Hekate?
(note: I still haven't installed/used any CFW and only opened SX boot menu thing to back up the and, also I'm using those [redacted] Core chips)

 

[binkinator]

Greetings! I haven't done anything since the 3ds hacking days. My questions are the following 2:

1) I have an OLED switch (can't install CFW there). If I get an older suitable used model, if the person has done the patches, can I revert and still install CFW?

2) Secondly, regarding pokemon legends: arceus. Is there a "safe" way to catch hacked mons and trade it over to my other switch? I'm asking since most CFW guides I've read claim you shouldn't connect to the servers, but I can do so locally?

Thanks in advance!

1a) OLED (V3) can be hacked to support CFW using a HWFLY chip (SX clone)
1b) V1 Switches have hardware bug and are forever hackable. V2 switches can be hacked same way as V3 above.
1c) Users can’t ”patch” the hacks mentioned above. Not dependent upon FW version. Just add CFW at boot and then don’t turn off (use sleep mode.).

2) Safe is relative. In general, save files can be moved across from emunand to sysnand using JKSV. Using those save files Online, even with an otherwise clean switch, will always be risky. We have no way of knowing what Ninty is looking for and even if we did today…we don’t know what they will be looking for tomorrow.

Edit: Just saw @Hayato213 ’s note about phhex. Not familiar with it so I could be off base on #2.

 

[binkinator]

Wait, I backed-up my nand and boot0/boot1 using SXOS, but should I also do that using Hekate?
(note: I still haven't installed/used any CFW and only opened SX boot menu thing to back up the and, also I'm using those [redacted] Core chips)

Hekate is more standard and will be longer running thatn SXOS…you don’t want to be forced to keep SXOS around just for backups. Plus…you can never have enough backups!

 

[blaisedinsd]

Hi. I have been trying to figure out how to restore my prod info with incognito. My understanding is this is built in to tinfoil now? I put prod info.bin and prodkeys files in the Switch folder. When I look in tinfoil it say I have like a dirty backup? What does that mean? Not safe to restore?

Also I am wondering in my case, trying to move CFW to emunand and restore my Sysnand OFW to use NSO and not get banned, if restoring prod info with incognito is a waste of time anyway. Am I going to want to restore my nand backup I made when I first exploited it and that will restore prod info anyway right ? If I just restore with incognito there is no way to really clean my console to go back online and not get banned?

 

[Allen-R]

Hekate is more standard and will be longer running thatn SXOS…you don’t want to be forced to keep SXOS around just for backups. Plus…you can never have enough backups!

Uhmm.. finished backing up but went to HW & Fuses and selected CAL0 Info.
It said "CAL0 is corrupt or wrong keys!"

is the backup ok? (or did it also back-up that corrupted part? CAL0 means prodinfo they say)

Note:
- I followed this guide and stopped at the hekate_ipl.ini part.
- I selected SX Core > Cleanup
- Selected Payloads > payload.bin (hekate)
- turned off? (it wasn't responding and there didn't seem to be a backlight and no light indicator at the back)
- held down power button
- took a bit to turn on and return to the menu
- Selected "Cleanup" > Loaded Hekate
- Backed up eMMC (the BOOT and GPP things)
- saw that "CAL0" is apparently corrupted?

 

[binkinator]

Uhmm.. finished backing up but went to HW & Fuses and selected CAL0 Info.
It said "CAL0 is corrupt or wrong keys!"

is the backup ok? (or did it also back-up that corrupted part? CAL0 means prodinfo they say)

Note:
- I followed this guide and stopped at the hekate_ipl.ini part.
- I selected SX Core > Cleanup
- Selected Payloads > payload.bin (hekate)
- turned off? (it wasn't responding and there didn't seem to be a backlight and no light indicator at the back)
- held down power button
- took a bit to turn on and return to the menu
- Selected "Cleanup" > Loaded Hekate
- Backed up eMMC (the BOOT and GPP things)
- saw that "CAL0" is apparently corrupted?

https://rentry.org/BackupRestoreNAND

Try this guy from the same series…

Quick read through the Hekate code and I‘m guessing something didn’t mount properly so it barfed on the “keys” due to blank values.

https://github.com/CTCaer/hekate/blob/master/nyx/nyx_gui/frontend/gui_info.c

line 301

 

[binkinator]

Hi. I have been trying to figure out how to restore my prod info with incognito. My understanding is this is built in to tinfoil now? I put prod info.bin and prodkeys files in the Switch folder. When I look in tinfoil it say I have like a dirty backup? What does that mean? Not safe to restore?

Also I am wondering in my case, trying to move CFW to emunand and restore my Sysnand OFW to use NSO and not get banned, if restoring prod info with incognito is a waste of time anyway. Am I going to want to restore my nand backup I made when I first exploited it and that will restore prod info anyway right ? If I just restore with incognito there is no way to really clean my console to go back online and not get banned?

you should have only run incognito on your emunand. You didn’t run it on your good sysnand did you?

to restore, I’m pretty sure the prodinfo files should be in the root of Your SDCard not /switch/

Your sysnand should still be clean so if you’re trying to fix your emunand you can always use a sysnand backup since emunand is just a copy of that.

should probably take a few minutes to make a sysnand backup now…just to be safe…don’t overwrite your old version. Keep both safe.

If you haven’t done anything To your sysnand and gone online and had telemetry logs delivered to Ninty, then you can do a full restore of sysnand from backup if the above doesn’t work.

 

[Allen-R]

https://rentry.org/BackupRestoreNAND

Try this guy from the same series…

Quick read through the Hekate code and I‘m guessing something didn’t mount properly so it barfed on the “keys” due to blank values.

https://github.com/CTCaer/hekate/blob/master/nyx/nyx_gui/frontend/gui_info.c

line 301

Does this mean it's still ok & not actually corrupted?

Also I've seen somewhere that people won't get past the Nintendo logo if prodinfo (that's CAL0 right?) is corrupted but mine still boots to the original OS when using Cleanup > Genuine Boot.

Does this mean that CAL0 is ok and I'm clear to update and use the switch online without getting banned (if maybe Nintendo checks the CAL0 stuff)?

 

[blaisedinsd]

you should have only run incognito on your emunand. You didn’t run it on your good sysnand did you?

to restore, I’m pretty sure the prodinfo files should be in the root of Your SDCard not /switch/

Your sysnand should still be clean so if you’re trying to fix your emunand you can always use a sysnand backup since emunand is just a copy of that.

should probably take a few minutes to make a sysnand backup now…just to be safe…don’t overwrite your old version. Keep both safe.

If you haven’t done anything To your sysnand and gone online and had telemetry logs delivered to Ninty, then you can do a full restore of sysnand from backup if the above doesn’t work.

Yes I did run incognito on my sysnand. I’m pretty sure I have pirated games on my sysnand as well.

I did do a backup of my current sysnand. It’s working fine for CFW latest atmosphere. I’m going to use that to build my emunand I think.

Then I’m going to restore my oldest pristine backup, wipe factory reset it, then log in to NSO. I guess I have to update FW with Nintendo servers and blow fuses to do this ?

 

[Allen-R]

Update: after hours of figuring this out, CAL0 Info now shows up correctly.
It was a simple change to just using SX Gear's boot.dat instead of the SX 3.1.0 beta.

Does this mean the backup I did with the Hekate-launched-with-beta-SXmight have something wrong with it compared to a backup from this hekate that was immediately launched by SX Gear's boot.dat?

(I'll prolly do another backup with this SX-Gear-launched-hekate just in case)

 

[binkinator]

Yes I did run incognito on my sysnand. I’m pretty sure I have pirated games on my sysnand as well.

I did do a backup of my current sysnand. It’s working fine for CFW latest atmosphere. I’m going to use that to build my emunand I think.

Then I’m going to restore my oldest pristine backup, wipe factory reset it, then log in to NSO. I guess I have to update FW with Nintendo servers and blow fuses to do this ?

you’re 100% confirmed dirty my friend. restoring to your last known pristine is the only way to get clean BUT…you don’t want to do that if your oldest backup is not compatible with your current fuse count.

your direction towards emunand is correct.

a precious comment I made about fuses: https://gbatemp.net/threads/switch-noob-paradise-ask-questions-here.488277/page-1502#post-9744366

 

[binkinator]

Update: after hours of figuring this out, CAL0 Info now shows up correctly.
It was a simple change to just using SX Gear's boot.dat instead of the SX 3.1.0 beta.

Does this mean the backup I did with the Hekate-launched-with-beta-SXmight have something wrong with it compared to a backup from this hekate that was immediately launched by SX Gear's boot.dat?

(I'll prolly do another backup with this SX-Gear-launched-hekate just in case)

Nice Work!

Yeah…when making changes…I always snap numerous backups so I can get back. You can reclaim the space after everything is running well for a few days So it’s really not a big deal.

 

[Xehanort42]

1a) OLED (V3) can be hacked to support CFW using a HWFLY chip (SX clone)
1b) V1 Switches have hardware bug and are forever hackable. V2 switches can be hacked same way as V3 above.
1c) Users can’t ”patch” the hacks mentioned above. Not dependent upon FW version. Just add CFW at boot and then don’t turn off (use sleep mode.).

2) Safe is relative. In general, save files can be moved across from emunand to sysnand using JKSV. Using those save files Online, even with an otherwise clean switch, will always be risky. We have no way of knowing what Ninty is looking for and even if we did today…we don’t know what they will be looking for tomorrow.

Edit: Just saw @Hayato213 ’s note about phhex. Not familiar with it so I could be off base on #2.

Thanks, your answer about models was super helpful!

CFW ain't permanent, so you just need a compatiable CFW unit and CFW files, as for pokemon goes you can trade over pokemon you edit via pkhex by trading locally.

Is there a guide to how to trade pokemon locally? Is it only SwSh or for legends: arceus also?

 

[Hayato213]

Thanks, your answer about models was super helpful!



Is there a guide to how to trade pokemon locally? Is it only SwSh or for legends: arceus also?

There is a lady in Jubilife Village that allow you to initialize a trade.

 

[Allen-R]

Wait, when talking about SX's Cleanup option, they're only talking about the boot0.bin right?

What I found after dumping 4 types was:

	hekate (SX cleanup)​	SX backup (cleanup)​	hekate (SX Gear)​	SX backup (forgot cleanup)​
boot0.bin or BOOT0	different checksum (same contents #1)​	different checksum (same contents #1)​	different checksum (same contents #2)​	different checksum (same contents #2)​
boot1.bin or BOOT1	same checksum​	same checksum​	same checksum​	same checksum​

also after figuring out how to get the keys correctly, I used them in NxNandManager to extract PRODINFO->SAFE partitions, and between the Gear hekate, Cleanup hekate, & SX OS Backup (no cleanup). The checksums for PRODINFO, PRODINFOF, & SAFE all match. That means, for the NAND, it's the exact same thing right?

(tho weirdly enough, SX OS's 6 BCPKG2 bins were just 0Kb for some reason, I wonder if it had something to do with me backing it up without pressing Clean Up first)
[Note: I haven't yet tried extracting the BCPKG2 stuff from an SX backup that had the Cleanup option pressed prior to it. Still backing-up that one]

 

[binkinator]

View attachment 297296

View attachment 297297View attachment 297298
Hi, seems theyre still working for sure

Well that’s not good. I mean it’s good that it’s working but doesn’t give us any clues as to root cause because everything in the chain is working as expected from this end.

Let’s try another USB HDD freshly formatted as FAT32, copy one small game over, and see if your Switch will recognize it.

I’m thinking it’s possible your main HDD has something corrupted that’s enough to trigger the Switch but your PC manages to muscle through It.