You said it gave you 2 options which should be CFW or stock unless you're telling these are your 3 options.
I have never seen nor heard of these options. I guess you can try picking one of them and see what happens.
I typed th wrong number, i mean 3.
I'm afraid to click one of the options, possible it writes something to the nand and brick?
I suppose there is that risk but I doubt one of those options would instantly brick your Switch otherwise someone else would have reported it. Plus if you backed up your NAND, you can theoretically restore it. I'm still trying to wrap my head around how you got those options to pop-up since nobody has else ever reported seeing them.I typed th wrong number, i mean 3.
I'm afraid to click one of the options, possible it writes something to the nand and brick?
Ahhh i got it! These options came since i overwrite the hekate_ipl.ini with naehrwert´s hekate_ipl.ini from here:
now hekate_ipl.ini from CTCaer Mod 1.6
After i clicked CFW i see this........
So it has come to this. Presenting 'hekate_ipl' (grab it here https://t.co/g3YCGI800e), our PoC bootloader/package1 replacement - run it with your favourite shofEL2/FG launcher. Example config here https://t.co/cwqpFwL1m7 (place it on the root of your SD card).
— naehrwert (@naehrwert) April 30, 2018
now hekate_ipl.ini from CTCaer Mod 1.6
After i clicked CFW i see this........
Last edited by Quantumcat,
I was wondering if something like backing up the NAND in RCM or staying in RCM mode for a longer period of time effects the battery calibration at all as running Linux does?
Is it safe to remove the SD card from the Switch while the console is on and running on CFW?
Also, I backed up my NAND onto the SD card, and now there are a bunch of files at the root of the USB. I do not know which ones are from the NAND so I can put them on the PC and delete from my SD card to save space. Does the SD card have any loose file not in any folder at the root level, for example from the homebrew installation? I don't want to delete something not from the NAND by accident.
Thanks for your help!
Also, I backed up my NAND onto the SD card, and now there are a bunch of files at the root of the USB. I do not know which ones are from the NAND so I can put them on the PC and delete from my SD card to save space. Does the SD card have any loose file not in any folder at the root level, for example from the homebrew installation? I don't want to delete something not from the NAND by accident.
Thanks for your help!
Last edited by daijobu,
I bought a no brand one from a discount store for $8 and have had no issues
Edit: oh C to C, i ment usb to C
Edit: oh C to C, i ment usb to C
Hello quick question:
I will pirate games. Will I be able to launch games xcı formatted inside of Atmosphere when it releases by asking that I mean will a tool able to launch games developed by someone else(I know that reswitched won t implement it).
I am on 3.0.1 if atmosphere cfw tool is not possible should I update to play latest games on Team Xecuter's SX?
I will pirate games. Will I be able to launch games xcı formatted inside of Atmosphere when it releases by asking that I mean will a tool able to launch games developed by someone else(I know that reswitched won t implement it).
I am on 3.0.1 if atmosphere cfw tool is not possible should I update to play latest games on Team Xecuter's SX?
- Joined
- May 4, 2016
- Messages
- 640
- Trophies
- 1
- Age
- 39
- Location
- Floridia
- Website
- www.lucar.io
- XP
- 2,783
- Country
Just dumped my Nand with hekate-ipl on 4.1.0. Any way to validate it and is 29.1 GB a correct size or should I try again?
- Joined
- Aug 22, 2016
- Messages
- 2,260
- Trophies
- 0
- Location
- Constant Fear
- Website
- Gbatemp.net
- XP
- 2,258
- Country
oookkayyy, so I have a few questions of my own which hopefully aren't that obvious, I looked for a bit, so sorry if this was shown in a different thread(if it was could you point me to the thread?)
what's best way to get homebrew on 5.0.2? using Fusee, and what?
CDN seems to be the way that they got banned atm?
If I short the wrong two pins, it won't mess up anything bad, right?
did the charging in "cfw" get fixed? and do I need to reconfigure my battery after I get out of "cfw"?
I think these are all my questions
what's best way to get homebrew on 5.0.2? using Fusee, and what?
CDN seems to be the way that they got banned atm?
If I short the wrong two pins, it won't mess up anything bad, right?
did the charging in "cfw" get fixed? and do I need to reconfigure my battery after I get out of "cfw"?
I think these are all my questions
I heard that it might cause some issues since the console's OS, Horizon, can't detect the battery level while its in RCM. If you can't disconnect the battery, someone suggested fully charging the Switch while in Horizon, then booting into Linux, charging to 100% in Linux, then booting back out into Horizon should fix it. I think the problem with Linux was that Linux tracked the battery in a different way than Horizon. However, RCM cannot check what the battery percentage is. But there is hope if you do let the Switch die in RCM, apparently. There's also some scripts that Scires was developing using Pegaswitch for those affected when using Linux but it hasn't seen the light of day.
It does have some files used to load homebrew that will be located on the root of the SD card. What you can do is check your Downloads from your browser that you used to get the homebrew launcher files and compare those files with what's on your SD card. Otherwise, its hard for us to tell without any names of the files or even a picture of the card.
Since ReSwitched is not implementing it into Atmosphere and no one else has announced their intentions of developing a backup launcher, it will most likely not have that tool at launch. There is always the chance that someone is developing it in secret and is just waiting for Atmosphere to be completed before they release it, but that's highly unlikely. No one knows how long it will take for someone to make a backup launcher for Atmosphere or when they will release it. Then it will depend on how someone from the community will implement backup launching. There's the possibility that they could just mimic the way TX will be implementing it which will involve .XCI's either in full or into 4 GB parts if your SD card is formatted with FAT32. Or they might do it differently. Only time can tell. If you're impatient, you can always just buy TX's modchip which will support piracy from the get-go. But Atmosphere will eventually be able to do that and more.
Yes, it seems like the correct size although I was sure there was a better way to check if your NAND dump was valid or not. Anways, the only way I can think of is to get your Switch's console-unique keys using biskeydump from here: https://switchtools.sshnuke.net/ Then from the same site, use the HacDiskMount tool to see if you can explore the NAND you just dumped.
The ONLY way to get homebrew at the moment is by using RCM to boot into the "CFW" (more accurately HEN, but it doesn't hurt to call it CFW) to load the homebrew launcher. The best guide can be found here: https://gbatemp.net/threads/switch-hacking-101-how-to-launch-the-homebrew-menu-on-4-x-5-x.504012/
CDN downloading seems to be the reason that one of SciresM's Switches got banned because to access Nintendo's CDN, you need to present a console-unique certificate, and if that Switch starts making illegitimate requests, Nintendo can ban it. This is why other users are warned of the dangers of using any CDN downloader and more importantly, why Freeshop may not be as easy to implement in this scene. However, one of ShinyQuagsire's Switches was banned without doing any CDN downloading (only some homebrew and Pegaswitch). This leads me to think that he was banned for his status and not for doing anything hacking-related directly. Of course, this is speculation but the risks with CDN downloading are ever present.
Pin 10 must be shorted to enter RCM as this is the Switch's "hidden" home button. This is how devices normally enter RCM by holding power, volume +, and home. The Switch console itself doesn't have a home button (the Joy-Con's home button doesn't count) but we discovered that pin 10 is the equivalent. The one pin that you should never short out is pin 4 as this may fry the Switch. Shorting pin 9 will prevent the Joy-Con from being connected to the Switch, preventing it from being charged. It will be stuck as a BlueTooth controller until pin 9 is no longer being shorted. If you somehow manage to break one of the pins, Switch rails are extremely cheap and relatively easy to replace. You don't even need to open your console to do it.
As far as I know, there is no charging or battery issue with running CFW. This is also why I prefer to call it a HEN because you're not running a new fully-fledged firmware above Horizon, you're running a modified version of Horizon. The only battery problems I know of involve using Linux or AutoRCM. The Linux issue is due to turning the console off at a different battery level than what Horizon last detected. The fix for this is easy, just re-sync the battery between Linux and Horizon (a full battery is the easiest way to tell if they are at the same percentage). The AutoRCM issue is a combination of smaller problems. The Switch is extremely easy to turn on whether it be connecting a USB cable to connect it or disconnecting it from the dock. However, AutoRCM is designed to put the Switch into RCM whenever it tries to turn on. And RCM is not detectable by the naked eye. You need to connect the Switch to something else to see if its in RCM (although another user noted it should be warm in RCM). The other half of this issue comes from the fact that RCM cannot charge the device and instead drains the battery. How much it drains has not been tested but it can empty your Switch's battery. The good news is that the Switch may be able to charge with AutoRCM and an empty battery.
Hey, all. I just started looking into Nintendo Switch hacks. I'm planning on getting a second Switch as an emulation machine. The one video I saw on YouTube that was uploaded 2 weeks ago said that as of right now every time your system is turned off you have to re-hack it when you turn it back on.
Is this still the case? Why is that the case? Are they close to finding a more permanent solution?
Is this still the case? Why is that the case? Are they close to finding a more permanent solution?
No, its just whatever you are using to scan the code is having a hard time picking up the QR code. Trust me, it took me a few minutes to properly scan it too. It might be easier to just copy and paste the keys rather than scanning the code. But it will scan, you just might have to experiment with some different angles to get it to be properly scanned.
There's 2 parts to this answer. The first part is the tethered nature of the exploit we are using. You see, we are exploiting a vulnerability in the RCM of the Tegra chip the Switch uses to hack it. Now, this RCM is booted before the Switch even turns on which gives us the highest level of code execution (coldboot), but that's not important in answering the question. The problem is in the nature of how this works. We are only able to run hacks through this method because this is the only method we have of running hacks on all firmwares. Previously, we had Pegaswitch which worked on firmwares 3.0 and below but it involved connecting to a server every time.
The other problem, and the one that we not be able to fix, are the Switch's keys. Now as stated before, due to the RCM exploit, we are able to execute any code we want. However, in reality, we are just bypassing the Switch's security system to do whatever we want. In order for us to make permanent changes to the Switch that it can recognize when it turns on, we would need its keys. Now, to get them, one would either need to hijack Nintendo's HQ and steal them or guess them. Both of these scenarios are unrealistic. So since we have no feasible way of obtaining the appropriate keys to sign our hacks, we have to instead bypass all of the Switch's security measures every time we want to use a hack.
Looking into the future, there are some unreleased exploits which could make rebooting the hacks much easier. There are some software-based solutions that work up to 4.1 for those who don't want to connect their Switch with a USB cable every time they want to use a hack. There is also theoretically a way to perform a coldboot up to 3.0.2, however it is so difficult that there is a bounty for whomever manages to discover it. The point is, all of these hacks must be performed every time the Switch is turned off because these hacks bypass the Switch's security to allow us to run hacks, or malicious code. The only way to make it permanent is if we had the keys to make them appear legitimate to the Nintendo Switch.
Thank you very much for that reply. Hmm...how much is the bounty? Can you donate to it?
Also, couldn't we flash a custom OS to the Switch? Wouldn't that eliminate the need for the Switch's keys since we'd no longer be using the Switch's software?
This is the guy who put up the bounty, however he hasn't stated any way to contribute to it meaning they probably won't accept any donations to increase it. As it is, him and the team that he is working with (ReSwitched) do not accept any donations for any of their hacking-related work. Probably due to avoid feeling a sense of responsibility to meet people's expectations after they donate, but there was never an official reason given.
I intend to be fully transparent about this shit, especially going forwards. At present, I'm not aware of any non-RCM means of getting code execution from coldboot. To the best of my knowledge, nobody else is, either.
What is also noteworthy is that this same guy is developing a CFW, or custom firmware, that will be run instead of the Switch's OS, Horizon. So the community is planning on implementing a customized OS, but we aren't going to be implementing it into the console itself. Rather, we are going to be a making a copy of the system, its NAND, and create an EmuNAND partition on our SD cards. From there, we will boot the CFW to enjoy using hacks as this CFW is going to be designed to be like Horizon but without all of the security checks.
If we were to write this CFW into the Switch itself, the SysNAND, this would be a permanent modification. And unlike phones, you run the risk of getting banned for running a CFW. Well, that is if you connect to the Internet using the Switch. With EmuNAND, it allows us to use the CFW without being banned/going online. For example, you can update the SysNAND to the latest firmware to enjoy gaming online CFW-free to avoid being banned. But if you want to mess around with some hacks, you can boot the CFW onto EmuNAND without having it connected to the Internet. So while it is possible, it limits our options if we permanently modified the Switch's OS.
I see...hmm. Where is the best place to lurk and watch the progress for updates? Are a lot of the programmers/modders on this site?
Hackers always find a way. I have hope this will be as hacker-friendly as the PSP someday. This exploit seems like a major oversight..
Also, couldn't we create a custom OS (even if it's based on Horizon) that Ninty couldn't detect if it went online? And wouldn't Ninty probably ban devices by MAC addresses? Would spoofing MAC addresses be possible?
- No one is chatting at the moment.
-
-
@
CameronCataclysm:
Why no blog posts about Nitendont going after Garry's Mod repos that have been up for a decade or 2? -
-
-
@
Xdqwerty:
Is it safe to update a modded ps3?
Can I play online in pirated games? (with ps3hen either enabled or not) -
-
-
-
-
-
@
Xdqwerty:
@salazarcosplay, I used apollo save tool to activate my ps3 offline so i could play a game that wasnt working
-
S @ salazarcosplay:from what I understood. you load up the piratged game. you the clear the syscalls, then you play
-
-
-
-
-
-
-
-
-
-
-
-
-
