Hacking Backing up NAND

Disco Inferno · Apr 25, 2018

Are there any tools and/or tutorials yet on backing up the NAND in recovery mode? I want to make that the first thing I do on a new system.

Kubas_inko · Apr 25, 2018

Disco Inferno said:
Are there any tools and/or tutorials yet on backing up the NAND in recovery mode? I want to make that the first thing I do on a new system.

Nope. Not yet. But I can see them coming even from SciresM him self in the future
For Now, you have to create payload that can do it

kombos · Apr 25, 2018

Kubas_inko said:
Nope. Not yet. But I can see them coming even from SciresM him self in the future
For Now, you have to create payload that can do it

Wouldn't that be possible to access eMMC from Linux running on switch and create dump of eMMC easily ? (considering we will get keyboard working under switch)
I'm currently looking at possibilities.

shadowofdarkness · Apr 25, 2018

kombos said:
Wouldn't that be possible to access eMMC from Linux running on switch and create dump of eMMC easily ? (considering we will get keyboard working under switch)
I'm currently looking at possibilities.

I would assume you could at least do a basic image of the eMMC from Linux using dd, that doesn't require being able to mount any of the partitions.

Kubas_inko · Apr 25, 2018

kombos said:
Wouldn't that be possible to access eMMC from Linux running on switch and create dump of eMMC easily ? (considering we will get keyboard working under switch)
I'm currently looking at possibilities.

I dont know if linux have acces to nand (probably has), so.. maybe?

kombos · Apr 25, 2018

shadowofdarkness said:
I would assume you could at least do a basic image of the eMMC from Linux using dd, that doesn't require being able to mount any of the partitions.

Hence we know all the keys and got tools we can extract and decrypt partitions from raw dump. Am I wrong ? ;-)

--------------------- MERGED ---------------------------

Kubas_inko said:
I dont know if linux have acces to nand (probably has), so.. maybe?

It should be detected as standard block device under linux without any special drivers...

Taffy · Apr 25, 2018

I can't wait to get huge 32GB dumps of my nand. Ah yeah, time to find another hard drive.

Ima make a backup every week just in case. /s

Kubas_inko · Apr 25, 2018

Taffy said:
I can't wait to get huge 32GB dumps of my nand. Ah yeah, time to find another hard drive.

Ima make a backup every week just in case. /s

first you need big enough SD

Taffy · Apr 25, 2018

Yeah, I need to make some purchases soon. Bigger SD, better reader, SNS-30 Pro (I like my SNES controllers and my d-pads. and my cables).

Deleted-355425 · Apr 25, 2018

Would we need exfat support for dumping the nand if it’s 32gb?

normal19 · Apr 25, 2018

Any good dump tool can split images

laramie · Apr 25, 2018

it's only like 2.7Gb tho...

andijames · Apr 25, 2018

laramie said:
it's only like 2.7Gb tho...

Not sure if the dump is the whole internal NAND not just the SYSNAND so if that's the case it would be the whole 32GB

laramie · Apr 25, 2018

I think you misunderstand, it takes up ~2.7Gb for sysnand then uses the remaining 32GB for storage.

RedHunter · Apr 25, 2018

The nand itself is 2.7gb is this what's you're saying? Hope so, a 32gb emunand is going to kill even big SD cards.

Kubas_inko · Apr 25, 2018

RedHunter said:
The nand itself is 2.7gb is this what's you're saying? Hope so, a 32gb emunand is going to kill even big SD cards.

Emunand will be 32Gb. But as on normal switch, you can use it as storage.

kombos · Apr 25, 2018

RedHunter said:
The nand itself is 2.7gb is this what's you're saying? Hope so, a 32gb emunand is going to kill even big SD cards.

The NAND itself is 32GB. As it's likely it's encrypted without privileged access to the HorizonOS we're going to get only raw NAND dump which is 32GB. The HOS partition might be 2.7 GB but there is no was to get it without proper dumper payload - yet.

charlieb · Apr 25, 2018

*ahem*

https://github.com/reswitched/pegaswitch/blob/master/usefulscripts/DumpBIS.js

var partitions = [0];

to

var partitions = [20];

maybe?

Kubas_inko · Apr 25, 2018

kombos said:
The NAND itself is 32GB. As it's likely it's encrypted without privileged access to the HorizonOS we're going to get only raw NAND dump which is 32GB. The HOS partition might be 2.7 GB but there is no was to get it without proper dumper payload - yet.

We can already dump individual partitions via pegaswitch.

kombos · Apr 25, 2018

Kubas_inko said:
We can already dump individual partitions via pegaswitch.

Lucky you then. I can't. I'm on 3.0.1. Unless you give me the payload to execute the pegaswitch from FG vector I'm only able to dump whole NAND via Linux and decrypt/get individual partitions that way.

Hacking Backing up NAND

Well-Known Member

"Something funny goes here."

Well-Known Member

Well-Known Member

"Something funny goes here."

Well-Known Member

jdfiehgvrhfvhfjkvgrjhfejvgrjkbjvr

"Something funny goes here."

jdfiehgvrhfvhfjkvgrjhfejvgrjkbjvr

Deleted-355425

Guest

Well-Known Member

Well-Known Member

Well-Known Member

Well-Known Member

Well-Known Member

"Something funny goes here."

Well-Known Member

Well-Known Member

"Something funny goes here."

Well-Known Member

Similar threads

Popular threads in this forum