Tutorial  Updated

A definitive way to test if your Switch is patched or not (purchases after 07-2018)

This tutorial uses TegraRCM command line to send payloads to RCM enabled Switch.
Command line is used since it offers a more detailed explanation on what is going on.
So it is a definitive way to confirm if your Switch is patched or not without further questions.
This tutorial does not make any modification to your Switch console.

Requirement:
No Micro SD Card is required.
1. Any way of entering Recovery Mode. Please read here, https://gbatemp.net/threads/the-ultimate-list-of-mods-to-enter-rcm.502145/
2. biskeydump.bin payload(please get the latest version, as of 30th July 2019, the latest version is V9), can be downloaded from https://switchtools.sshnuke.net/
3. TegraRcm GUI, can be downloaded from https://github.com/eliboa/TegraRcmGUI/releases
4. USB C to USB A cable
5. A PC with USB port (Sorry I don't have Mac so I could not cover this area)

Step-by-Step (in total 7 steps):
1. put in your RCM Jig on the right joy con rail. Press and hold Vol+ then press the power button.
You should see a black/blank screen after you press the power button.
If you see a Nintendo logo, you can power off your console and try to adjust your RCM Jig position.

2. To install APX driver
2.1 Launch TegraRcm GUI, go to Settings tab, click on "Install Driver" button.
2-1-1.jpg

Confirm the driver installation.
2-1-2.jpg

2.2 For those having problems installing APX driver :
Install and launch Zadig. Plug your Switch in RCM mode, then select Options > List All Devices.
Select the APX device and check which driver is installed for this specific device. If libusbK is not the current driver, install it.
zadig.png
(This step is copied from https://gbatemp.net/threads/tegrarcmgui-simple-gui-for-tegrarcmsmash.503510/)

3. Plug in USB cable from your PC to Switch(in RCM).
Open TegraRcm GUI and you should see this window with "RCM OK".
3.jpg

Alternatively, you can use Device Manager to confirm if the APX device is recognized.
3-2.jpg

Now you can close the TegraRcm GUI application.

4. Copy biskeydump.bin to the TegraRcm GUI folder.
4-1.jpg

5. Open a command line and go to the TegraRcm GUI folder.
4.jpg

6. Run this on the command line
Code: 
TegraRcmSmash.exe -w biskeydump.bin BOOT:0x0

7. Check the result
7.1 Switch accepts and executes payload, which mean your Switch is not patched.
Please refer to 0X7000
working.png

You will also see QR code on your Switch screen.

7.2 Switch accepts but does not executes payload, which means your Switch is patched.
Please refer to 0X0000
not-working.png
 
Last edited by gnilwob, , Reason: update biskeydump version
  • Like
Reactions: Blythe93, KholodOK, JenAtkinson and 43 others
Click to expand...
matias3ds

matias3ds

Well-Known Member
Member
Level 20
Joined
Oct 25, 2017
Messages
3,670
Trophies
1
Age
38
XP
9,321
Country
Argentina
Maybe is a dumg question but ,, lets say i eant to buy a second switch and i have the xecuter pro dongle .
I will just have to insert de microsd card connect the dongle and jig and enter in rcm mode .
Is i see the xecuter screen the unit is fine if i dont see it , then the unit is patch .
Right ??? or am i missing something
Im just asking caus i guess that in some stores they would let you try that before buying it .
 
G

gnilwob

Well-Known Member
OP
Member
Level 5
Joined
Mar 16, 2008
Messages
204
Trophies
1
XP
644
Country
Hong Kong
matias3ds said:
Maybe is a dumg question but ,, lets say i eant to buy a second switch and i have the xecuter pro dongle .
I will just have to insert de microsd card connect the dongle and jig and enter in rcm mode .
Is i see the xecuter screen the unit is fine if i dont see it , then the unit is patch .
Right ??? or am i missing something
Im just asking caus i guess that in some stores they would let you try that before buying it .
Click to expand...

To test it with SX Pro dongle.
1. Put in JIG on right joycon rail
2. Take out SD Card (no sd card is needed)
3. Put in fully charged SX Pro dongle on USB C port
4. Hold vol+ button then press power button and release both button and look at the led on SX Pro dongle, it should blink in blue 1 or 2 times (which mean it is injecting payload).
If you see a blank screen after SX Pro injected payload, this is a patched unit.
If you see a complaining sd card imageafter SX Pro injected payload, this is an unpatched unit. (You will want to buy this unit)
 
matias3ds

matias3ds

Well-Known Member
Member
Level 20
Joined
Oct 25, 2017
Messages
3,670
Trophies
1
Age
38
XP
9,321
Country
Argentina
gnilwob said:
To test it with SX Pro dongle.
1. Put in JIG on right joycon rail
2. Take out SD Card (no sd card is needed)
3. Put in fully charged SX Pro dongle on USB C port
4. Hold vol+ button then press power button and release both button and look at the led on SX Pro dongle, it should blink in blue 1 or 2 times (which mean it is injecting payload).
If you see a blank screen after SX Pro injected payload, this is a patched unit.
If you see a complaining sd card imageafter SX Pro injected payload, this is an unpatched unit. (You will want to buy this unit)
Click to expand...
ho you will refer to the missing .dat screen , right ?
So , if you got that missing .dat screen the unit is fine .
And if the screen is just black its patched right ?
 
G

gnilwob

Well-Known Member
OP
Member
Level 5
Joined
Mar 16, 2008
Messages
204
Trophies
1
XP
644
Country
Hong Kong
matias3ds said:
ho you will refer to the missing .dat screen , right ?
So , if you got that missing .dat screen the unit is fine .
And if the screen is just black its patched right ?
Click to expand...

yes, you are correct on both types.
But make sure you see a blinking blue led color to verify that it is actually injecting its payload.
 
  • Like
Reactions: matias3ds
D

darthtron64

New Member
Newbie
Level 1
Joined
Apr 16, 2019
Messages
1
Trophies
0
Age
38
XP
56
Country
United States
fst312 said:
Turned out my switch was hackable, I ended up ordering a different usb c cable and everything worked out. Got the qr code. My other cable wasn’t showing the apx driver I needed. Good thing too since I had till August 8 to return it to amazon if it wasn’t hackable.
Click to expand...

What cable did you buy?
I am hopeful that all I need is a different cable!

Could you please post a link to the exact cable you purchased? Please and thank you!!!
 
Last edited by darthtron64,
F

fst312

Well-Known Member
Member
Level 12
Joined
Nov 4, 2008
Messages
1,176
Trophies
1
Age
35
Location
New York
XP
2,976
Country
United States
darthtron64 said:
What cable did you buy?
I am hopeful that all I need is a different cable!

Could you please post a link to the exact cable you purchased? Please and thank you!!!
Click to expand...
This is the cable I bought atleast by the picture, the user might not be the same person I bought it from. I had cable that didn’t work before I bought this, so it is possible that the cable could be an issue. I did see another reply for you to visit a website.
https://rover.ebay.com/rover/0/0/0?mpre=https://www.ebay.com/ulk/itm/202368005801

--------------------- MERGED ---------------------------

That website might actually be helpful.
This is my switch, it knew it was hackable.
 

Attachments

  • 64B52C77-F341-4B2C-AC59-6CE5599BB1B4.jpeg
    64B52C77-F341-4B2C-AC59-6CE5599BB1B4.jpeg
    302.5 KB · Views: 181
G

gnilwob

Well-Known Member
OP
Member
Level 5
Joined
Mar 16, 2008
Messages
204
Trophies
1
XP
644
Country
Hong Kong
fst312 said:
That website might actually be helpful.
This is my switch, it knew it was hackable.
Click to expand...

Yes, it is helpful for preliminary checking.
But if you want a 100% confirmation for console purchase after July 2018.
You have to test the console with the actual payload injected and see if your console accept or reject it.
The information on the website is based on user reports and sometime it is not accurate.
 
S

Syco54645

Member
Newcomer
Level 2
Joined
Apr 19, 2019
Messages
21
Trophies
0
Age
123
XP
182
Country
United States
Just got a Switch today used from Amazon warehouse with a serial of XA101018 that came with 4.1. It looks brand new so unsure how much it was used. User account was still on there but wifi looks like it was never set up. Anyway when I use the biskeydump to test if it is hackable I get "Smashed the stack with 0x7000 byte SETUP request!" which according to what I have read means it is hackable HOWEVER it never proceeds. Nothing shows on the switch key and I do not get the report of the keys. Any ideas here? How long should I have to wait for it to dump. Should I perform an initialization on the console and try again?

Also I am not sure if the console is banned or not. Is there a safe way I can check that without updating the FW?

edit: should say I am running this via vmware right now as I really only have access to Linux machines. When I have a moment I am going to try with what ever linux tool exists to send this payload.

edit2: seems this is a patched system but the windows 7 vm was producing a false positive. Tried it in a few different systems and all is 0x0000 byte. Tried with another that I know is exploitable via fusee and it worked fine on the other systems.
 
Last edited by Syco54645,
G

gnilwob

Well-Known Member
OP
Member
Level 5
Joined
Mar 16, 2008
Messages
204
Trophies
1
XP
644
Country
Hong Kong
Syco54645 said:
Just got a Switch today used from Amazon warehouse with a serial of XA101018 that came with 4.1. It looks brand new so unsure how much it was used. User account was still on there but wifi looks like it was never set up. Anyway when I use the biskeydump to test if it is hackable I get "Smashed the stack with 0x7000 byte SETUP request!" which according to what I have read means it is hackable HOWEVER it never proceeds. Nothing shows on the switch key and I do not get the report of the keys. Any ideas here? How long should I have to wait for it to dump. Should I perform an initialization on the console and try again?

Also I am not sure if the console is banned or not. Is there a safe way I can check that without updating the FW?

edit: should say I am running this via vmware right now as I really only have access to Linux machines. When I have a moment I am going to try with what ever linux tool exists to send this payload.

edit2: seems this is a patched system but the windows 7 vm was producing a false positive. Tried it in a few different systems and all is 0x0000 byte. Tried with another that I know is exploitable via fusee and it worked fine on the other systems.
Click to expand...

Thanks for the information.
I have not tested it using VM guest Windows OS before.
So I didn't know about the false positive from the VM.
 
  • Like
Reactions: Syco54645
frostii

frostii

Well-Known Member
Member
Level 7
Joined
Jun 24, 2009
Messages
181
Trophies
1
Location
Brisbane, Australia
XP
1,028
Country
United States
Hi,
I was going to test a friend's switch later today to confirm it is patched or not.
Can I confirm 2 things please?

- I was going to just place the SX OS 'boot.dat' onto an SD card and try to get a 'you need a licence' error message or similar to confirm it isn't patched. That should work too, right?
- If it is patched and you just get a black screen, can you just hold the power down for 12 seconds to reboot to OFW?

Thanks for your help.
 
Draxzelex

Draxzelex

Well-Known Member
Member
Level 23
Joined
Aug 6, 2017
Messages
19,006
Trophies
2
Age
29
Location
New York City
XP
13,372
Country
United States
frostii said:
Hi,
I was going to test a friend's switch later today to confirm it is patched or not.
Can I confirm 2 things please?

- I was going to just place the SX OS 'boot.dat' onto an SD card and try to get a 'you need a licence' error message or similar to confirm it isn't patched. That should work too, right?
- If it is patched and you just get a black screen, can you just hold the power down for 12 seconds to reboot to OFW?

Thanks for your help.
Click to expand...
Yes to both questions
 
  • Like
Reactions: frostii
WC00

WC00

New Member
Newbie
Level 1
Joined
May 22, 2019
Messages
2
Trophies
0
Age
42
XP
43
Country
Brazil
Hi, have a qq.

I won a Switch last month and the serial says it can maybe be patched. Since it's already updated to 8.0.1, i'm wondering if i can use the biskeydump v8 on it. I'm asking because on the site it says it supports 7.0.0.

Anyone knows if this firmware can be tested?

Thanks
 
Draxzelex

Draxzelex

Well-Known Member
Member
Level 23
Joined
Aug 6, 2017
Messages
19,006
Trophies
2
Age
29
Location
New York City
XP
13,372
Country
United States
WC00 said:
Hi, have a qq.

I won a Switch last month and the serial says it can maybe be patched. Since it's already updated to 8.0.1, i'm wondering if i can use the biskeydump v8 on it. I'm asking because on the site it says it supports 7.0.0.

Anyone knows if this firmware can be tested?

Thanks
Click to expand...
Site is outdated. Biskeydump should work even on firmware 8.X since no new keys were added.
 

Site & Scene News

Go to forum More news

Popular threads in this forum

The MIG Switch Thread

Kingdom Come Deliverance Nswitch MOD

Homebrew Tutorial  Building Pagascape from source to running Self Hosted mode on Windows and MSYS

mig switch not working/updating??

Hacking Homebrew Tutorial  Portable PegaScape (Win32)

Hacking Misc  Getting the MIG Switch to load an XCI dump without its original Initial Data

Fusee.bin with the new Pre-release of Atmoshere 1.7.0

DBI language error

General chit-chat
Help Users
  • No one is chatting at the moment.
    K3Nv2 @ K3Nv2: https://youtu.be/MddR6PTmGKg?si=mU2EO5hoE7XXSbSr