Hacking SWITCH NOOB PARADISE - Ask questions here

[ieatbananas]

Hello everyone,
i wanted to ask if you knew how updates on the switch work and if there was a method to fake an update an inject it?
It all goes back to the 'hack a switch without a chip' thing, cuz i've read bad reviews of hwfly and i am not 100% sure of installing it.
Neither i wanna buy a used switch

 

[Draxzelex]

Hello everyone,
i wanted to ask if you knew how updates on the switch work and if there was a method to fake an update an inject it?
It all goes back to the 'hack a switch without a chip' thing, cuz i've read bad reviews of hwfly and i am not 100% sure of installing it.
Neither i wanna buy a used switch

There is an internal list of known updates that the Switch keeps track of which also gets updated everytime you update your firmware. So even if you never bring your console online, if you're constantly updating your firmware but not your games, eventually your games will nag you about available updates. There is no way around this outside of not updating your firmware but if you don't update your firmware then you won't be able to play newer games. So the only solution is to simply install the updates. There is no way to fake an update.

 

[ieatbananas]

There is an internal list of known updates that the Switch keeps track of which also gets updated everytime you update your firmware. So even if you never bring your console online, if you're constantly updating your firmware but not your games, eventually your games will nag you about available updates. There is no way around this outside of not updating your firmware but if you don't update your firmware then you won't be able to play newer games. So the only solution is to simply install the updates. There is no way to fake an update.

Ok thanks for that, but i was thinking more about. Is there a way to use the function that the switch uses to update to install something else?

 

[Draxzelex]

Ok thanks for that, but i was thinking more about. Is there a way to use the function that the switch uses to update to install something else?

What do you mean? If you mean download something else online then that won't work. If you mean install something else offline, we can technically install homebrew apps as .NSP files.

 

[ieatbananas]

What do you mean? If you mean download something else online then that won't work. If you mean install something else offline, we can technically install homebrew apps as .NSP files.

Yah, i meant the irst one unfortunately.

 

[HelloShitty]

Probably Tinwoo/NS-USBloader. I was just throwing out more options.

The right move though is to try them all and see what works for you.

I'm trying NUT.
Anyone knows how this works?

I connected the console to my laptop via USB cable and tried to launch nut but I get this error message:

$ python3 nut.py
loading blacklist /media/Storage/Nintendo/nut/nut/conf/blacklist.online.txt
could not load find or load keys.txt, all crypto operations will fail. See keys_template.txt for an example of how this file should look
loaded user guest
                        ,;:;;,
                       ;;;;;
               .=',    ;:;;:,
              /_', "=. ';:;:;
              @=:__,  \,;:;:'
                _(\.=  ;:;;'
               `"_(  _/="`
                `"'
fin

There is this keys_template.txt file but it have no keys whatsoever. Where should I get these keys from? nut github says nothing about this.

Also, github says to add 2 rules to /etc/udev/rules.d/99-switch.rules and it mentions idProduct=="3000" but my dmesg says it's not 3000 but 2000. I already tried to change this to 2000 but I still can't make nut to work, so far!

 

[binkinator]

I'm trying NUT.
Anyone knows how this works?

I connected the console to my laptop via USB cable and tried to launch nut but I get this error message:

$ python3 nut.py
loading blacklist /media/Storage/Nintendo/nut/nut/conf/blacklist.online.txt
could not load find or load keys.txt, all crypto operations will fail. See keys_template.txt for an example of how this file should look
loaded user guest
                        ,;:;;,
                       ;;;;;
               .=',    ;:;;:,
              /_', "=. ';:;:;
              @=:__,  \,;:;:'
                _(\.=  ;:;;'
               `"_(  _/="`
                `"'
fin

There is this keys_template.txt file but it have no keys whatsoever. Where should I get these keys from? nut github says nothing about this.

Also, github says to add 2 rules to /etc/udev/rules.d/99-switch.rules and it mentions idProduct=="3000" but my dmesg says it's not 3000 but 2000. I already tried to change this to 2000 but I still can't make nut to work, so far!

Get the keys to fill out keys.txt (using keys_template.txt as a…well…a template) by dumping prod.keys with Lockpick_RCM. Inject the lockpick payload or chain load it with Hekate. Take a screenshot of the results so you can catch any errors and it shows where it stored they key dumps. Edit: /switch/prod.keys

No new logs from udev during boot? Strange.

edit: this person had to 3000 vs 2000 conundrum as well…
https://github.com/blawar/nut/issues/284#issuecomment-866059890

 

[HelloShitty]

Get the keys to fill out keys.txt (using keys_template.txt as a…well…a template) by dumping prod.keys with Lockpick_RCM. Inject the lockpick payload or chain load it with Hekate. Take a screenshot of the results so you can catch any errors and it shows where it stored they key dumps. Edit: /switch/prod.keys

No new logs from udev during boot? Strange.

I just commented in an issue in the github repository with more details! udev sees the device and also Tinfoil. I already added a new entry in the rules file as it changes the idProduct while the console connects.
https://github.com/blawar/nut/issues/422

I have to check that about Lockpick. Never messed with that!
About Lockpick_RCM.bin, I have to launch the payload in hekate, is that it?

 

[binkinator]

I just commented in an issue in the github repository with more details! udev sees the device and also Tinfoil. I already added a new entry in the rules file as it changes the idProduct while the console connects.
https://github.com/blawar/nut/issues/422

I have to check that about Lockpick. Never messed with that!
About Lockpick_RCM.bin, I have to launch the payload in hekate, is that it?

Correct. i actually set up another hekate entry for just for Lockpick

[Lockpick_RCM]
payload=bootloader/payloads/Lockpick_RCM.bin
icon=/graphics/icons/current/lockpick.bmp
logopath=/graphics/splash/hack.bmp
id=lock

only first 2 lines matter.

(The last 3 are Icon and logopath are for graphics and I use id as a tag for fastCFWswitch)

 

[HelloShitty]

Correct. i actually set up another hekate entry for just for Lockpick

[Lockpick_RCM]
payload=bootloader/payloads/Lockpick_RCM.bin
icon=/graphics/icons/current/lockpick.bmp
logopath=/graphics/splash/hack.bmp
id=lock

only first 2 lines matter.

(The last 3 are Icon and logopath are for graphics and I use id as a tag for fastCFWswitch)

Ok, I think I can try that. I'm still very noob and I'm still learning the very basics about hekate and its functionalities!

About the idProduct, when I posted here the first message (about this matter) I had already added the 2 lines to rules file as in the comment you mentioned. I had been there too.

Edited;

Which one to chose and where does it goes? Does it creates a file?

 

[binkinator]

Is there a way to go back to the hekate menu while in atmosphere? If so how? I'm using OLED switch with modchip.

Mainly ther's a"Reboot to Hekate " option in your Homebrew Menu ?

https://wiidatabase.de/switch-downloads/hacks/reboot-to-payload/

Have a look there

This has been bugging me for a while now. Reboot_to_payload absolutely works. Full stop.

…but if you’re like me and you have autoboot=1 (or anything except 0 frankly), and you don’t catch it in time with a (Vol -) key, it will boot into your autoboot selection instead of stopping at Hekate and letting you chose a payload (or use the USB tools or whatever that prompted you to boot into Hekate In the first place.)

I initially made another entry with a bogus payload (called deadcat if you must know.) This worked and I was able to launch it with fastCFWswitch BUT now I also had a bogus entry in my More Configs tab in Hekate and it too bugged me.

I removed the entry altogether and left /config/fastCFWswitch/config.ini with the following entry:

[HEKATE]
name=hekate
path=/bootloader/update.bin
bootId=dead

/bootloader/update.bin is just Hekat.bin renamed and dead (in honor of the cat) doesn’t exist at all.

by breaking the entry with a bogus bootId Hekate boots up and stops dead in its tracks waiting for another command.
No errors.
No bogus artifacts.
Just a a clean reboot into Hekate.
Just like you asked.

I will sleep well tonight.

 

[binkinator]

Ok, I think I can try that. I'm still very noob and I'm still learning the very basics about hekate and its functionalities!

About the idProduct, when I posted here the first message (about this matter) I had already added the 2 lines to rules file as in the comment you mentioned. I had been there too.

Edited;

Which one to chose and where does it goes? Does it creates a file?

Just chose whichever is newest/most recently upgraded firmware.

(It probably doesn’t matter though, because your emunand is likely a copy of your Sysnand.)

It will dump they keys to /switch/prod keys.txt

 

[HelloShitty]

Just chose whichever is newest/most recently upgraded firmware.

(It probably doesn’t matter though, because your emunand is likely a copy of your Sysnand.)

It will dump they keys to /switch/prod keys.txt

I didn't understand what you said about the newest/most recent upgraded firmware.
It doesn't matter if I chose Dump from SysNAND or EmuNAND?

An then, to be able to get the keys, I have to remove the SD card and read them on the laptop, right?

 

[binkinator]

I didn't understand what you said about the newest/most recent upgraded firmware.
It doesn't matter if I chose Dump from SysNAND or EmuNAND?

An then, to be able to get the keys, I have to remove the SD card and read them on the laptop, right?

I’m assuming one of your *nand is more up to date that]n the other. This may or may not be the case if you recently hacked your switch then might be the same and it won’t matter.

If your Sysnand and Emunand are not on the same Firmware version then chose whichever is most recent (probably FW 14.1.0)

Try one and it will spit out /switch/prod.keys. Use your PC to look inside the prod.keys file for master_key_0d

This is the 0d master key and is the latest revision.

 

[HelloShitty]

I’m assuming one of your *nand is more up to date that]n the other. This may or may not be the case if you recently hacked your switch then might be the same and it won’t matter.

If your Sysnand and Emunand are not on the same Firmware version then chose whichever is most recent (probably FW 14.1.0)

Oh, ok. I ama completely lost here. I just modded my OLED last week and did everything as Rentry guides says, but used a pack of files that someone here gave me! So, I'm a bit confused about the terminology used here.
I created EmuNAND with a 12GB partition in a 64Gb SD card! So, I'm not sure about the versions but yes, they must be all the latest possible. I also updated the mod chip itself with the firmware version 0.6.2.

I already have the SD card in my laptop and I'm going now to explore the 2 partitions it has to see where is the file you mentioned with the keys!

Edited;
I just see that the partition created from EmuNAND is of unknown type

Device         Boot    Start       End  Sectors  Size Id Type
/dev/mmcblk0p1         32768  99483647 99450880 47.4G  c W95 FAT32 (LBA)
/dev/mmcblk0p2      99483648 124712959 25229312   12G e0 unknown

Edited 2;
Ok, it's partition 1. I found the file there and copied it to my laptop!

 

[binkinator]

Oh, ok. I ama completely lost here

sorry man. Hang in there…we’re very close.

I just modded my OLED last week and did everything as Rentry guides says, but used a pack of files that someone here gave me! So, I'm a bit confused about the terminology used here.

No worries…this pain will cement it in your brain.

I created EmuNAND with a 12GB partition in a 64Gb SD card! So, I'm not sure about the versions but yes, they must be all the latest possible. I also updated the mod chip itself with the firmware version 0.6.2.

We want to dump keys that go with the latest Switch Firmware version (which is currently 14.1.0 but anything recent will do)

I already have the SD card in my laptop and I'm going now to explore the 2 partitions it has to see where is the file you mentioned with the keys!

You won’t have anything under /switch/prod.keys unless you pressed the power button to dump keys in Lockpick_RCM

Edited;
I just see that the partition created from EmuNAND is of unknown type
Code:
Device Boot Start End Sectors Size Id Type
/dev/mmcblk0p1 32768 99483647 99450880 47.4G c W95 FAT32 (LBA)
/dev/mmcblk0p2 99483648 124712959 25229312 12G e0 unknown

Yeah, the emunand partition is proprietary stuff that requires other tools to much with such as NXNandManager or Emutool.

Edited 2;
Ok, it's partition 1. I found the file there and copied it to my laptop!

Nice!

 

[HelloShitty]

sorry man. Hang in there…we’re very close.

No worries…this pain will cement it in your brain.

We want to dump keys that go with the latest Switch Firmware version (which is currently 14.1.0 but anything recent will do)

You won’t have anything under /switch/prod.keys unless you pressed the power button to dump keys in Lockpick_RCM

Thanks for your patience.

I have the keys there. I pressed Power button on EmuNAND.

So, I just have to rename this prod.keys file to keys.txt and put it in nut folder? Or I ave to copy key by key and just complete what is asked in the template?

 

[binkinator]

Thanks for your patience.

I have the keys there. I pressed Power button on EmuNAND.

Cool. Are they the 0d keys? (see note above)

 

[binkinator]

Thanks for your patience.

I have the keys there. I pressed Power button on EmuNAND.

So, I just have to rename this prod.keys file to keys.txt and put it in nut folder? Or I ave to copy key by key and just complete what is asked in the template?

Technically you are supposed to copy paste just the necessary keys according to the template but yeah, you can just make a copy and call it keys.txt and drop it in.

 

[binkinator]

If you’re tired of removing you SD card all the time you might want to look at https://github.com/cathery/sys-ftpd-light. Then you can just ftp into your switch at any time and save your SD card reader some wear and tear. It’s very fragile and it’s a pain in the ass to shutdown and reboot.