You said it gave you 2 options which should be CFW or stock unless you're telling these are your 3 options.i have tried CTCaer Mod 1.6.bin again....now when i go to launch firmware there are 2 options
I have never seen nor heard of these options. I guess you can try picking one of them and see what happens.patched kernel
patched securemonitor
patched kip1
You said it gave you 2 options which should be CFW or stock unless you're telling these are your 3 options.
I have never seen nor heard of these options. I guess you can try picking one of them and see what happens.
I suppose there is that risk but I doubt one of those options would instantly brick your Switch otherwise someone else would have reported it. Plus if you backed up your NAND, you can theoretically restore it. I'm still trying to wrap my head around how you got those options to pop-up since nobody has else ever reported seeing them.I typed th wrong number, i mean 3.
I'm afraid to click one of the options, possible it writes something to the nand and brick?
So it has come to this. Presenting 'hekate_ipl' (grab it here https://t.co/g3YCGI800e), our PoC bootloader/package1 replacement - run it with your favourite shofEL2/FG launcher. Example config here https://t.co/cwqpFwL1m7 (place it on the root of your SD card).
— naehrwert (@naehrwert) April 30, 2018
Just dumped my Nand with hekate-ipl on 4.1.0. Any way to validate it and is 29.1 GB a correct size or should I try again?
I heard that it might cause some issues since the console's OS, Horizon, can't detect the battery level while its in RCM. If you can't disconnect the battery, someone suggested fully charging the Switch while in Horizon, then booting into Linux, charging to 100% in Linux, then booting back out into Horizon should fix it. I think the problem with Linux was that Linux tracked the battery in a different way than Horizon. However, RCM cannot check what the battery percentage is. But there is hope if you do let the Switch die in RCM, apparently. There's also some scripts that Scires was developing using Pegaswitch for those affected when using Linux but it hasn't seen the light of day.I was wondering if something like backing up the NAND in RCM or staying in RCM mode for a longer period of time effects the battery calibration at all as running Linux does?
It does have some files used to load homebrew that will be located on the root of the SD card. What you can do is check your Downloads from your browser that you used to get the homebrew launcher files and compare those files with what's on your SD card. Otherwise, its hard for us to tell without any names of the files or even a picture of the card.Is it safe to remove the SD card from the Switch while the console is on and running on CFW?
Also, I backed up my NAND onto the SD card, and now there are a bunch of files at the root of the USB. I do not know which ones are from the NAND so I can put them on the PC and delete from my SD card to save space. Does the SD card have any loose file not in any folder at the root level, for example from the homebrew installation? I don't want to delete something not from the NAND by accident.
Thanks for your help!
Since ReSwitched is not implementing it into Atmosphere and no one else has announced their intentions of developing a backup launcher, it will most likely not have that tool at launch. There is always the chance that someone is developing it in secret and is just waiting for Atmosphere to be completed before they release it, but that's highly unlikely. No one knows how long it will take for someone to make a backup launcher for Atmosphere or when they will release it. Then it will depend on how someone from the community will implement backup launching. There's the possibility that they could just mimic the way TX will be implementing it which will involve .XCI's either in full or into 4 GB parts if your SD card is formatted with FAT32. Or they might do it differently. Only time can tell. If you're impatient, you can always just buy TX's modchip which will support piracy from the get-go. But Atmosphere will eventually be able to do that and more.Hello quick question:
I will pirate games. Will I be able to launch games xcı formatted inside of Atmosphere when it releases by asking that I mean will a tool able to launch games developed by someone else(I know that reswitched won t implement it).
I am on 3.0.1 if atmosphere cfw tool is not possible should I update to play latest games on Team Xecuter's SX?
Just dumped my Nand with hekate-ipl on 4.1.0. Any way to validate it and is 29.1 GB a correct size or should I try again?
Yes, it seems like the correct size although I was sure there was a better way to check if your NAND dump was valid or not. Anways, the only way I can think of is to get your Switch's console-unique keys using biskeydump from here: https://switchtools.sshnuke.net/ Then from the same site, use the HacDiskMount tool to see if you can explore the NAND you just dumped.I would like to know that too
The ONLY way to get homebrew at the moment is by using RCM to boot into the "CFW" (more accurately HEN, but it doesn't hurt to call it CFW) to load the homebrew launcher. The best guide can be found here: https://gbatemp.net/threads/switch-hacking-101-how-to-launch-the-homebrew-menu-on-4-x-5-x.504012/oookkayyy, so I have a few questions of my own which hopefully aren't that obvious, I looked for a bit, so sorry if this was shown in a different thread(if it was could you point me to the thread?)
what's best way to get homebrew on 5.0.2? using Fusee, and what?
CDN seems to be the way that they got banned atm?
If I short the wrong two pins, it won't mess up anything bad, right?
did the charging in "cfw" get fixed? and do I need to reconfigure my battery after I get out of "cfw"?
I think these are all my questions
No, its just whatever you are using to scan the code is having a hard time picking up the QR code. Trust me, it took me a few minutes to properly scan it too. It might be easier to just copy and paste the keys rather than scanning the code. But it will scan, you just might have to experiment with some different angles to get it to be properly scanned.I have startet biskeydump and see all the keys and a qrcode but nothing happens if i scan the code.
There's 2 parts to this answer. The first part is the tethered nature of the exploit we are using. You see, we are exploiting a vulnerability in the RCM of the Tegra chip the Switch uses to hack it. Now, this RCM is booted before the Switch even turns on which gives us the highest level of code execution (coldboot), but that's not important in answering the question. The problem is in the nature of how this works. We are only able to run hacks through this method because this is the only method we have of running hacks on all firmwares. Previously, we had Pegaswitch which worked on firmwares 3.0 and below but it involved connecting to a server every time.Hey, all. I just started looking into Nintendo Switch hacks. I'm planning on getting a second Switch as an emulation machine. The one video I saw on YouTube that was uploaded 2 weeks ago said that as of right now every time your system is turned off you have to re-hack it when you turn it back on.
Is this still the case? Why is that the case? Are they close to finding a more permanent solution?
No, its just whatever you are using to scan the code is having a hard time picking up the QR code. Trust me, it took me a few minutes to properly scan it too. It might be easier to just copy and paste the keys rather than scanning the code. But it will scan, you just might have to experiment with some different angles to get it to be properly scanned.
There's 2 parts to this answer. The first part is the tethered nature of the exploit we are using. You see, we are exploiting a vulnerability in the RCM of the Tegra chip the Switch uses to hack it. Now, this RCM is booted before the Switch even turns on which gives us the highest level of code execution (coldboot), but that's not important in answering the question. The problem is in the nature of how this works. We are only able to run hacks through this method because this is the only method we have of running hacks on all firmwares. Previously, we had Pegaswitch which worked on firmwares 3.0 and below but it involved connecting to a server every time.
The other problem, and the one that we not be able to fix, are the Switch's keys. Now as stated before, due to the RCM exploit, we are able to execute any code we want. However, in reality, we are just bypassing the Switch's security system to do whatever we want. In order for us to make permanent changes to the Switch that it can recognize when it turns on, we would need its keys. Now, to get them, one would either need to hijack Nintendo's HQ and steal them or guess them. Both of these scenarios are unrealistic. So since we have no feasible way of obtaining the appropriate keys to sign our hacks, we have to instead bypass all of the Switch's security measures every time we want to use a hack.
Looking into the future, there are some unreleased exploits which could make rebooting the hacks much easier. There are some software-based solutions that work up to 4.1 for those who don't want to connect their Switch with a USB cable every time they want to use a hack. There is also theoretically a way to perform a coldboot up to 3.0.2, however it is so difficult that there is a bounty for whomever manages to discover it. The point is, all of these hacks must be performed every time the Switch is turned off because these hacks bypass the Switch's security to allow us to run hacks, or malicious code. The only way to make it permanent is if we had the keys to make them appear legitimate to the Nintendo Switch.
Thank you very much for that reply. Hmm...how much is the bounty? Can you donate to it?
Also, couldn't we flash a custom OS to the Switch? Wouldn't that eliminate the need for the Switch's keys since we'd no longer be using the Switch's software?
This is the guy who put up the bounty, however he hasn't stated any way to contribute to it meaning they probably won't accept any donations to increase it. As it is, him and the team that he is working with (ReSwitched) do not accept any donations for any of their hacking-related work. Probably due to avoid feeling a sense of responsibility to meet people's expectations after they donate, but there was never an official reason given.
I intend to be fully transparent about this shit, especially going forwards. At present, I'm not aware of any non-RCM means of getting code execution from coldboot. To the best of my knowledge, nobody else is, either.
This is the guy who put up the bounty, however he hasn't stated any way to contribute to it meaning they probably won't accept any donations to increase it. As it is, him and the team that he is working with (ReSwitched) do not accept any donations for any of their hacking-related work. Probably due to avoid feeling a sense of responsibility to meet people's expectations after they donate, but there was never an official reason given.
What is also noteworthy is that this same guy is developing a CFW, or custom firmware, that will be run instead of the Switch's OS, Horizon. So the community is planning on implementing a customized OS, but we aren't going to be implementing it into the console itself. Rather, we are going to be a making a copy of the system, its NAND, and create an EmuNAND partition on our SD cards. From there, we will boot the CFW to enjoy using hacks as this CFW is going to be designed to be like Horizon but without all of the security checks.
If we were to write this CFW into the Switch itself, the SysNAND, this would be a permanent modification. And unlike phones, you run the risk of getting banned for running a CFW. Well, that is if you connect to the Internet using the Switch. With EmuNAND, it allows us to use the CFW without being banned/going online. For example, you can update the SysNAND to the latest firmware to enjoy gaming online CFW-free to avoid being banned. But if you want to mess around with some hacks, you can boot the CFW onto EmuNAND without having it connected to the Internet. So while it is possible, it limits our options if we permanently modified the Switch's OS.