Can the Switch not be properly shut down with AutoRCM installed? What would happen if you were at the Hekate menu with AutoRCM installed, whilst plugged into a charger, and you shut down from the Hekate menu? Wouldn't that make it charge properly from that point as the device is completely off?
Or does this mean that AutoRCM just wont allow the device to completely turn off?
I looked at the tutorial for installing cfw especially the one to prevent fuse burn. its every long and intimating. Will a proper release of Atmosphere/REI etc in the near future be easy to use and able to automate all the process?
https://gbatemp.net/threads/an-easy...ch-firmware-without-burning-any-fuses.511847/
There's this easier method if that helps.
- Joined
- Jan 4, 2016
- Messages
- 252
- Trophies
- 0
- Age
- 27
- Location
- United States
- Website
- www.google.com
- XP
- 858
- Country
Yep! Once you install the NSP, it's written to your system NAND if you installed it onto your system, or the Nintendo folder (I believe it is) if you installed it on your SD card. You no longer need the .nsp on your SD card.
@Draxzelex Thanks for your help. I got hekate running now. What I had to do is: wait. 5 minutes at least. That's how long it takes to inject the payload. Do you have any idea how to speed it up?
Other question I made a backup of nandand now I want to launch Custom Firmware. when I click Launch Custom Firmware the switch Starts just my "normal"main Menu and tells me I have to update to use my SD card. No options in album, everything looks normal. I am on 4.0.
It shouldn't take five minutes to inject the payload. Try a different USB port or cable.
If you get that message, it means that you need to install the update for exFAT support and that your SD card is formatted to exFAT. Give this guide a look and choose whichever method appeals most to you. Note that formatting your SD card to FAT32 is another way to solve this, but I advise against doing that as you won't be able to put files larger than 4GB on your SD card; since a lot of .nsp backups can be larger than 4GB, FAT32 isn't feasible if that's what you plan to do.
Updating your Switch isn't a requirement for running hekate or ReiNX, so you can completely disregard anything about fuse burning.
Follow this tutorial to install hekate so that you can dump your NAND. Select all of the backup options. Once you finish (the process will take upwards of an hour most likely), extract the NAND backups to a safe place on your PC. This is also your chance to install AutoRCM if that interests you. Then wipe the SD card. Note that the options to dump your NAND will look different compared to the screenshots. The menu changed a bit in later versions of hekate but the functionality is the same. It's fine.
Follow this guide to install ReiNX once you've done the above. The reason I'm not telling you to install ReiNX first is because it can't currently create NAND backups, but hekate can.
When the Switch is shut down, it'll more than likely enter RCM mode automatically, which gives you no visual indication. In RCM mode, the Switch will drain the battery; charging the Switch in RCM mode will result in a much, much lower voltage than it would otherwise, meaning it won't charge as quickly. If you want to make sure your Switch isn't draining power in RCM, you should make sure you're booted up properly, and keep your console in sleep mode. To my knowledge shutting down the system via hekate doesn't bypass this.
That being said, if you happen to fully drain your device while it's completely off, you just have to keep your console plugged in for an extended period of time before you try powering it on, and it'll work fine.
Last edited by Rhapsody,
- Joined
- Dec 22, 2010
- Messages
- 483
- Trophies
- 0
- Age
- 24
- Location
- Greece,Thessaloniki
- Website
- Visit site
- XP
- 1,514
- Country
- Joined
- Jan 4, 2016
- Messages
- 252
- Trophies
- 0
- Age
- 27
- Location
- United States
- Website
- www.google.com
- XP
- 858
- Country
Give this a look. The working version of Tinfoil in the OP only works for the game itself (updates and DLC will brick your system!). There’s a working version of Tinfoil floating around with update compatibility (no DLC compatibility yet). I suggest you ask in the ReiSwitched Discord (NOT ReSwitched) if you want to be directed to that.
3.0.1 is the prime version to be on for an eventual coldboot exploit. Don’t update if you can help it.
Last edited by Rhapsody,
- Joined
- Jan 4, 2016
- Messages
- 252
- Trophies
- 0
- Age
- 27
- Location
- United States
- Website
- www.google.com
- XP
- 858
- Country
So i just saw TX announcement about the exploit for new consoles. They said the Switch they got is on 5.1. So if i understand this correctly, there is a software exploit similar to deja vu (and the others) for 5.1?
There is where things become...unclear. What we currently know is that there are Switch units with a patched bootrom that is no longer susceptible CVE-2018-6242 (aka Fusee Gelee) or at least an unmodified one as it appears TX were able to identify the patches applied to the bootrom that fix the vulnerability. Whether this was through a coldboot or warmboot is not clear as they reference both in their announcement. Coldboot would be yet another bootrom exploit while warmboot would mean another softmod similar to Deja Vu. Its possible that they are referring to Deja Vu on 5.X because parts of it have not been patched fully on 5.X meaning 5.X is vulnerable to Deja Vu. Another very important thing to note is what transpired during the Ktemkin drama not too long ago. Basically, there was a bug for the Pixel-C, a very old piece of tech, that was submitted to Google. What is interesting here is that the Pixel-C uses the same exploitable chip as the Nintendo Switch, the TX-210. Meaning its possible that this bug was going to be used on patched Switch units or possibly Mariko units themselves. Taking it another step further could imply this is the bug TX is referring to. But this is all again speculatory because they did not make it clear what exploit they have or how it works, just that they have a solution for patched units.
I'd also like to bring up that neither ReSwitched nor TX have an answer to Mariko units given that they have not hit the market yet. Since they are unreleased, it is not known which exploits will or won't work with them.
3.0.0 Switch here. Considering updating as most of what I want to do is already available. Talk me down...
TX actually said that they identified the changes by using another cold boot bootrom exploit that we don't know about. And this worked on a new hardware revision on 5.1.0.
So there's another exploit out there besides Fusee Gelee, that's probably as effective as Fusee Gelee. We just have to hope someone besides TX can discover it because TX themselves won't ever release it since it would most likely make their product obsolete.
This is all I could find when it comes to blocking Internet access.
I haven't seen anyone offering these for sale. Its more for how to build yourself. You can try posting in the Want to Buy under Trading Area section or checking the trinket/dongle discussion threads in the Modchips subforum.
They never stated that. They said that there are more coldboot and warmboot exploits then we originally thought.
Also, it has been stated by other hackers that you don't need a coldboot exploit to access the changes made to the bootrom.TX said:
Just on the record, you can read the Switch's fuses from userland by pwning the nvservices sysmodule, which has fuse MMIO access.
— Michael (@SciresM) July 29, 2018
(Re: "we can't read out the fuses without our precious USB RCM exploit, right? It is a classic chicken and egg problem.")
Quick note on Gateway (TX for the fam) and the """"unhackables"""":
— Mike Heskin (@hexkyz) July 29, 2018
While it's true that multiple bootrom vulns exist (including *multiple* warmboot ones, contrary to what was implied) you don't need one to dump the ipatches.
To be safe, I'm going to assume what you meant by this and just clarify it for others, if not yourself. They meant that the unit arrived to them with firmware 5.1 NOT came out of the box with firmware 5.1
This means that Mariko Units have still not hit the market meaning whatever exploit(s) they have may or may not work on those because they do not exist yet. Everything else you said though I agree with and it just makes me skeptical. I have no reason to doubt TX will deliver a solution but the information that they are presenting is unclear and misleading at best.TX said:
Slowly getting ready to hack my switch. It's updated to (5.0.1) so I'm gonna have to use the paperclip. I have a 128GB Sandisk in the mail. A normal android cell phone cable is good for usb-a to usb-c?
First of, how do I know if my switch is now updated to exFat or if I need to do I use this gbatemp.net/threads/how-to-install-the-exfat-driver-without-updating-2-x.505176/ ?
Then I follow this guide to make a NAND backup gbatemp.net/threads/switch-hacking-101-how-to-launch-the-homebrew-menu-on-all-fw.504012/
After I use this to install reiNX gbatemp.net/threads/guide-reinx-installation-and-use.512342/
First of, how do I know if my switch is now updated to exFat or if I need to do I use this gbatemp.net/threads/how-to-install-the-exfat-driver-without-updating-2-x.505176/ ?
Then I follow this guide to make a NAND backup gbatemp.net/threads/switch-hacking-101-how-to-launch-the-homebrew-menu-on-all-fw.504012/
After I use this to install reiNX gbatemp.net/threads/guide-reinx-installation-and-use.512342/
Last edited by soul0war,
Question: Is it safe to update firmware via Game .nsp I install while in Hetake? "This game requires you to update firmware"
This might be a stupid question but how do I check if AutoRCM is enabled without actually rebooting and finding out?
I'm asking because I updated without burning fuses, I went and enabled AutoRCM, but then didn't see any prompt or message telling me its now currently enabled. I dont want to just reboot to find out as I'll burn a fuses if its not actually enabled.
I'm asking because I updated without burning fuses, I went and enabled AutoRCM, but then didn't see any prompt or message telling me its now currently enabled. I dont want to just reboot to find out as I'll burn a fuses if its not actually enabled.
