Hacking Question Possibility of pre-CFW NAND chip hardmod in the future?

kje123

kje123

this title is false
OP
Member
Level 4
Joined
Aug 9, 2015
Messages
421
Trophies
0
Age
24
Location
Seattle
Website
kje123.github.io
XP
524
Country
United States
Basically the title. Would it be possible to recreate the switch NAND chip and sell it with a CFW pre installed to avoid EmuNAND? I'm not sure how Ninty's patent would affect manufacturing, nor do I know if it's even possible in the first place.
 
  • Like
Reactions: jimmyj
gamesquest1

gamesquest1

Nabnut
Former Staff
Level 22
Joined
Sep 23, 2013
Messages
15,153
Trophies
2
XP
12,247
probably device specifc encryption in use, its pretty much standard at this point....plus with anti-downgrade protections in place, you would need the OS to match what the system was already on

basically you have a better chance of making a custom RCM payload that just wipes the nand and rebuilds it with a matching stock image
 
  • Like
Reactions: The9thBit and jimmyj
M

mikey420

Well-Known Member
Member
Level 4
Joined
Dec 11, 2015
Messages
911
Trophies
0
Age
30
XP
493
Country
United States
The switch's NAND contains per console specific information that would need to be extracted and injected into the new chip not to mention the signature verifications performed by the bootloader which would need to be defeated. In short no.
 
gabru

gabru

Well-Known Member
Newcomer
Level 4
Joined
Aug 22, 2016
Messages
82
Trophies
0
Age
28
XP
477
Country
Spain
kje123 said:
Basically the title. Would it be possible to recreate the switch NAND chip and sell it with a CFW pre installed to avoid EmuNAND? I'm not sure how Ninty's patent would affect manufacturing, nor do I know if it's even possible in the first place.
Click to expand...

If you contact Daru to hack Ninty systems to get the blueprints you have two options: buy the automatas and rent a place to build the chip's or ask a China's manufacture (because they give a shit about copyrighted shit) to make that chip. Good luck with that.
 
kje123

kje123

this title is false
OP
Member
Level 4
Joined
Aug 9, 2015
Messages
421
Trophies
0
Age
24
Location
Seattle
Website
kje123.github.io
XP
524
Country
United States
mikey420 said:
The switch's NAND contains per console specific information that would need to be extracted and injected into the new chip not to mention the signature verifications performed by the bootloader which would need to be defeated. In short no.
Click to expand...
couldn't it be possible to inject that info needed to the CFW chip as a sort of "first time setup"?

--------------------- MERGED ---------------------------

gabru said:
If you contact Daru to hack Ninty systems to get the blueprints you have two options: buy the automatas and rent a place to build the chip's or ask a China's manufacture (because they give a shit about copyrighted shit) to make that chip. Good luck with that.
Click to expand...
i mean, it really shouldnt be hard to manufacture the chip. iirc, its a pretty basic 32gb eMMc module. my concern was more how much the board needed to be altered so the (theoretical) manufacturer wouldnt be hit with a big ol lawsuit from ninty.
 
NeoSlyde

NeoSlyde

Let us start the game
Banned
Level 11
Joined
Mar 6, 2015
Messages
1,899
Trophies
0
Location
Morocco
XP
2,565
Country
France
kje123 said:
couldn't it be possible to inject that info needed to the CFW chip as a sort of "first time setup"?

--------------------- MERGED ---------------------------


i mean, it really shouldnt be hard to manufacture the chip. iirc, its a pretty basic 32gb eMMc module. my concern was more how much the board needed to be altered so the (theoretical) manufacturer wouldnt be hit with a big ol lawsuit from ninty.
Click to expand...

And where you will get a valid unique id :) and valid unique keys :))))))
 
Mazamin

Mazamin

Well-Known Member
Member
Level 12
Joined
Sep 4, 2014
Messages
1,895
Trophies
0
XP
3,088
Country
Italy
WTF, this topic is no sense
If an user is able to install a nand chip, he's also able to install a cfw in emunand lol
 
kje123

kje123

this title is false
OP
Member
Level 4
Joined
Aug 9, 2015
Messages
421
Trophies
0
Age
24
Location
Seattle
Website
kje123.github.io
XP
524
Country
United States
Mazamin said:
WTF, this topic is no sense
If an user is able to install a nand chip, he's also able to install a cfw in emunand lol
Click to expand...
not necessarily

the eMMc that contains the OS is on a small chip that actually plugs into the mainboard, making for a super easy hardmod if you could remanufacture the chip and flash a custom firmware on it. my question was more if it's possible to do it from a technical standpoint. (judging by the replies its probably too much work to make it worth it tho lmao)

just trying to make conversation while we wait for atmosphere ;p

EDIT: here's a pic of the chip, literally just plugs right in
 

Attachments

  • qYDfZbZ.jpg
    qYDfZbZ.jpg
    17.6 KB · Views: 281
Last edited by kje123,
D

Deleted-442439

Guest
Nothing is impossible, but the crypto makes it highly unlikely that we will ever get anything like that + it would be expensive compared to other hardmods.

The best hardmod you can get with current methods is soldering a small chip to the D+ / D- test points on the PCB that injects a USB payload on powerup.
 
kje123

kje123

this title is false
OP
Member
Level 4
Joined
Aug 9, 2015
Messages
421
Trophies
0
Age
24
Location
Seattle
Website
kje123.github.io
XP
524
Country
United States
jjbredesen said:
Nothing is impossible, but the crypto makes it highly unlikely that we will ever get anything like that + it would be expensive compared to other hardmods.

The best hardmod you can get with current methods is soldering a small chip to the D+ / D- test points on the PCB that injects a USB payload on powerup.
Click to expand...
would it be possible to decrypt those keys needed with the master keys BBB has released, or are those different keys? im not quite sure what they're for or what they do. (at this point it's probably crossed the line into illegal tho lmao)
 
WaterBotttle

WaterBotttle

Well-Known Member
Member
Level 3
Joined
Dec 19, 2014
Messages
163
Trophies
0
Age
34
XP
307
Country
This isn't really possible. The Bootrom checks the eMMC chip for properly signed code.

So this would only be possible if you could write a new Bootrom (Hint: rom stands for read only memory)
Or if you could sign your own custom firmware (You would need Nintendo's private key)

Both of these are wildly impractical.
 
  • Like
Reactions: TheSynthax
D

Deleted-442439

Guest
kje123 said:
would it be possible to decrypt those keys needed with the master keys BBB has released, or are those different keys? im not quite sure what they're for or what they do. (at this point it's probably crossed the line into illegal tho lmao)
Click to expand...

masterkeys in the context of BBB is not the same as the true master key used to sign by Nintendo. It is private, and unless a Nintendo employee wants to leak it I don't think we will ever be able to bypass it. We write to the bootrom, so there is no workaround right now :/
 
T

TheSynthax

Well-Known Member
Member
Level 4
Joined
Apr 29, 2018
Messages
220
Trophies
0
XP
509
Country
United States
kje123 said:
would it be possible to decrypt those keys needed with the master keys BBB has released, or are those different keys? im not quite sure what they're for or what they do. (at this point it's probably crossed the line into illegal tho lmao)
Click to expand...
It is literally impossible to achieve this, and horribly impractical. Why would a new NAND need to be manufactured for SysNAND CFW? We'll be able to flash SysNAND CFW soon enough and use a modchip to boot it. Doesn't matter if you manufacture a new NAND, the boot ROM that handles the security checks is etched into the CPU itself, not written to a memory chip. There are physical copper traces embedded within the silicon chip that produce a small bit of executable binary code (this is the bootROM) which is uploaded to the RAM. The only public method of bypassing the security checks involves putting this bootROM into firmware update mode and sending a payload too large for it to check properly, so the signature checks are bypassed entirely. This requires a modchip or something to upload the payload via USB.

Could a replacement NAND be manufactured though? Yes. Very easily. But you would need an original NAND backup to flash to it.
 
Last edited by TheSynthax,

Site & Scene News

Go to forum More news

Popular threads in this forum

Homebrew Tutorial  Building Pagascape from source to running Self Hosted mode on Windows and MSYS

Hacking Misc  Getting the MIG Switch to load an XCI dump without its original Initial Data

mig switch not working/updating??

Hacking Homebrew Tutorial  Portable PegaScape (Win32)

Fusee.bin with the new Pre-release of Atmoshere 1.7.0

DBI language error

Homebrew Tutorial  Setup a DevKitPro environment on Windows.

Homebrew  I accidentally updated to fw 18.0 on my switch in cfw and now I am getting an error that says unknown pkg1 version. please help me find a solution

General chit-chat
Help Users
    Xdqwerty @ Xdqwerty: @SylverReZ, lol +1