Hacking Downgrade 9.0.3 Ipatched switch

linuxares · Nov 14, 2019

emris93 said:
But with which tool we can downgrade ? If it's possible.

I thought maybe Mattytrog might know how to raw write it. Classic write every 0101 directly to the nand. I let him answer and we shall see. It might not be possible at all.

emris93 · Nov 14, 2019

Okay

.

FR0ZN · Nov 14, 2019

You would still run into a fuse mismatch.

emris93 · Nov 14, 2019

Don't know if it's possible but maybe just run into RCM (vol + and -) and try to inject the sysnand ?

mattytrog · Nov 14, 2019

linuxares said:
@mattytrog and/or @MatinatorX
Wouldn't it be possible to do a raw dump of the nand? I guess you need the keys to do a "raw" downgrade as well?

The only way of getting a raw NAND dump for this gentleman, is to unplug his eMMC from his Switch, fit into another fusee vuln Switch and dump rawnand via Hekate, remembering associated boot0/1.

But a downgrade won`t boot because 9.0.1 fusecount is active.

So, yes. You can fully downgrade.

But if your fuses are cooked, forget about actually booting it on an ipatched unit.

I don`t have any ipatched units here sadly.

But I am more convinced we can glitch it into booting. The Tegra oscillator circuit (38.4Mhz) is right there. I`m thinking of a Trinket yet again, use a spare pin, connect a strap to the oscillator testpoint and pulse it (pull it high / low - see if it can dizzy the Tegra into running unsigned code).

I cannot actually try this and I`m sure more knowledgeable people than me have already tried this.

emris93 · Nov 14, 2019

Maybe I have a backup of the rawnand (same with nand?) I will confirm you tonight.
You are a lovely Guy @mattytrog

Have a ipatched switch but I'm very noob on "DIY" so too risky for me.

LoggerMan · Nov 14, 2019

emris93 said:
Yes it's 9.0.1 a mistake of my part sorry.

omg you nearly gave me a heart attack with this 9.0.3 stuff. I updated my sysnand to that too recently, burning fuses, because it’s compatible with os sx anyway. I’m so lazy. I think I used the safe update method to update emunand though.

emris93 · Nov 14, 2019

LoggerMan said:
omg you nearly gave me a heart attack with this 9.0.3 stuff. I updated my sysnand to that too recently, burning fuses, because it’s compatible with os sx anyway. I’m so lazy. I think I used the safe update method to update emunand though.

I'm very sorry for that

ZachyCatGames · Nov 14, 2019

emris93 said:
I think yes in choixdujourNX you have the choice to update sysnand or emunand. The mistake that I had is leaving tick sysnand by default.
Just simple search in Google can confirme that.

No, it doesn’t. I’ve been using Choi a shit ton recently, there’s definitely no option like that.

emris93 · Nov 14, 2019

ZachyCatGames said:
No, it doesn’t. I’ve been using Choi a shit ton recently, there’s definitely no option like that.

I don't have a game cartridge and I blocked the nintendo updates with the DNS so I don't see how my switch could be updated and the only update that I made it's with choixdujourNX.

ZachyCatGames · Nov 14, 2019

emris93 said:
I don't have a game cartridge and I blocked the nintendo updates with the DNS so I don't see how my switch could be updated and the only update that I made it's with choixdujourNX.

You probably accidentally booted into your sysmmc instead of emummc when you went to update. Writing to sysmmc from emummc isn’t really something that can be easily done, also the last Choi update released before emummc did

emris93 · Nov 14, 2019

ZachyCatGames said:
You probably accidentally booted into your sysmmc instead of emummc when you went to update. Writing to sysmmc from emummc isn’t really something that can be easily done, also the last Choi update released before emummc did

I think I found : unintentionally I installed atm in sysnand and when i updated atm it update also the sysnand.

The Real Jdbye · Nov 14, 2019

emris93 said:
I think I found : unintentionally I installed atm in sysnand and when i updated atm it update also the sysnand.

That's not really how it works, you must have had a boot entry for sysNAND in Hekate and booted into it like I said.

emris93 · Nov 14, 2019

The Real Jdbye said:
That's not really how it works, you must have had a boot entry for sysNAND in Hekate and booted into it like I said.

That's what I said I installed atm in the sysnand and when booting I booted directly to the sysnand via hekate without creating the emunand and I made the update with choidujourNX everything being in the sysnand believing I was in emunand.

The Real Jdbye · Nov 14, 2019

emris93 said:
That's what I said I installed atm in the sysnand and when booting I booted directly to the sysnand via hekate without creating the emunand and I made the update with choidujourNX everything being in the sysnand believing I was in emunand.

Oh.
For future reference you can check by looking at the firmware version in System Settings, there should be an E after the version if you're in emuNAND.
Also a good idea to change the theme and user icons so they're different between the two.

emris93 · Nov 14, 2019

The Real Jdbye said:
Oh.
For future reference you can check by looking at the firmware version in System Settings, there should be an E after the version if you're in emuNAND.
Also a good idea to change the theme and user icons so they're different between the two.

Yeah I know but to late now. Then I have two solutions :
- a miracle occurs to be able to downgrade before January.
- waiting for the solution tx in January.

tivu100 · Nov 14, 2019

smf said:
You can update with choidujournx, but it won't help as you can't avoid burning the fuses with an ipatched switch.

How that works is you force into RCM on every boot and then use a payload, but that can't possibly work for you. Either choidujournx will refuse to enable autorcm, or your switch will be bricked and require you to remove autorcm using a hard mod. Either way as soon as you boot then fuses will be burned.

If you want the latest version on an ipatched switch then you need to setup emunand, but of course you need to be on a quite low firmware to be able to trigger that right now.

Echo this point here but short Andy simple:

Don’t use AutoRCM on ipatched Switch

tivu100 · Nov 14, 2019

The Real Jdbye said:
Oh.
For future reference you can check by looking at the firmware version in System Settings, there should be an E after the version if you're in emuNAND.
Also a good idea to change the theme and user icons so they're different between the two.

The more OP said, the more I feel like it’s just lying to cover for his mistake:

Clearly said OP didn’t make an EMUNAND, yet somehow wishful thinking booting via Hetake would magically create EMUNAND!

“...in choixdujourNX you have the choice to update sysnand or emunand...”

Nothing can be further from truth, just as Hekate point.

People, please stop suggesting with downgrading using raw NAND dump. It’s an ipatched Switch and it’s running on latest firmware (fuses burned)! Clearly no fuses protection enabled.

Edit:

Not trying to burn anyone. The point is everyone make mistake. Own it up, and learn from it, or you make the same mistake again (doesn’t understand what you’re doing and don’t ask for help when you should).

Hacking Downgrade 9.0.3 Ipatched switch

The inadequate, autocratic beast!

Active Member

Well-Known Member

Active Member

You don`t want to listen to anything I say.

Active Member

Well-Known Member

Active Member

Well-Known Member

Active Member

Well-Known Member

Active Member

*is birb*

Active Member

*is birb*

Active Member

Well-Known Member

Well-Known Member

Similar threads

Popular threads in this forum

is birb

is birb