Hacking Question How to go back to Stock FW without working nand backul

Toby4213

Toby4213

Member
OP
Newcomer
Level 1
Joined
Dec 7, 2019
Messages
14
Trophies
0
Age
26
XP
91
Country
Austria
I go my switch about a year ago with fw version 4.1.0(I think, definitely 4.x.x). I immediately booted into hekate and made a nand backup (boot and full nand). After that I booted into cfw, installed some emulators through hbgstore and everything worked fine. After that I created a new backup for if I fuck up I can go back again without loosing anything. At some point I wanted to format my sdcard to exfat but for that I had to upgrade to 6.0.1 (or 6.1.0 not sure, oldest version supporting exfat). I did this using ChoiDujourNX and enabled autorcm to not burn fuses. This also worked fine. Yesterday, after a long time not using my Switch, I decided I wanted to go back to a complete stock fw. I booted into the latest version of hekate (I made the backup with the old version where you navigated by pressing vol up down but I think it wouldnt matter what I used to restore). The restore worked without errors Boot0 and 1 and than the full nand and then disabled autorcm. After pressing power off I pressed the power button once and was greeted by a bluescreen.

Great so now my switch was bricked. I found a guide on homebrew.guide "Upgrading/Downgrading Manually With a PC" (I cant post links yet) and with that I updated the switch back to 6.0.1 thinking that maybe the fuses had burned. That worked, but now I am only able to boot into stock fw with hekate using the FSXXX-exfat_nocmac_nogc.kip1 file I got from ChoiDujour.exe If I press the power button normally nothing happens, not even rcm mode since autorcm is disabled. To get the switch booting again I have to old the power button for 10 seconds then use the rcm jig an vol up and pow button to get into hekate and boot from there.

TL;DR
How do I boot into clean stock fw again without using the rcm method and without working nand backup
 
Toby4213

Toby4213

Member
OP
Newcomer
Level 1
Joined
Dec 7, 2019
Messages
14
Trophies
0
Age
26
XP
91
Country
Austria
Update: I got my 4.1.0 nand backup running. I think the problem was the newer hekate version, the old version v4.9.1 restore my backup slower than the current one but I was able to boot into stock through hekate. No fuses were burnt, the problem now is, that I am unable to boot into stock fw without rcm loader even through autorcm is disabled. The only way I can boot my switch is by rcm loading hekate and selecting stock from the launch options. My 4.1.0 nand backup is completely clean and was literally the first thing I did after using hekate for the first time.

I suspect it has something to do with autorcm not being fully disabled but as far as I know restoring the BOOT0 & 1 partition would revert autorcm. Also hekate reports autorcm as disabled.
I am also not able to boot into the stock switch recovery mode. Everytime I press the power button without the jig and vol up my switch hangs in a kind of boot loop, displaying nothing and not detected as being in rcm mode.
 
Last edited by Toby4213,
Toby4213

Toby4213

Member
OP
Newcomer
Level 1
Joined
Dec 7, 2019
Messages
14
Trophies
0
Age
26
XP
91
Country
Austria
Update 2: Well I know what the problem is. I have 7 burnt fuses which according to a this github gist: NintendoSystemVersionTable.csv corresponds to fw 6.0.1-6.1.0 That is why I am unable to boot into stock fw without hekate. I will now update my switch to 6.1.0 to resolve this but I am unsure if this will fix it. I already tried updated my switch with the pc method mentioned in my first post. I found another post here on gbatemp how-to-install-run-any-switch-firmware-unofficially-without-burning-any-fuses.507461 its a bit older but should work.

The problem I am having is that ChoiDujour.exe that the master keys somehow don't match:
C:\Users\Toby\Desktop\Switch Hacking\rescue switch>ChoiDujour.exe --keyset=keys.txt fw610

ChoiDujour 1.1.0 by rajkosto
uses hactool by SciresM (h tt ps: / / github . com /SciresM/hactool)
visit ht tps : / / switchtools.sshnuke.net for updates and more Switch stuff!

Using source firmware files from folder fw610
Traceback (most recent call last):
File "ChoiDujour.py", line 517, in <module>
File "ChoiDujour.py", line 225, in call_hactool
Exception: [WARN]: Failed to match key "master_kek_04", (value "xxxx")
[WARN]: Failed to match key "master_kek_05", (value "xxxx")
[WARN]: Failed to match key "master_kek_02", (value "xxxx")
[WARN]: Failed to match key "master_kek_03", (value "xxxx")
[WARN]: Failed to match key "master_kek_00", (value "xxxx")
[WARN]: Failed to match key "master_kek_01", (value "xxxx")

[27308] Failed to execute script ChoiDujour
(xxxx substitutes 32 hex chars, I also had to add some spaces to the links)
If I remove the 6 master_kek values from the keys.txt file ChoiDujour finishes successfully. I have tried firmware zips from team-xecuter forum and darthsternie both don't work with the master keys.
 
Toby4213

Toby4213

Member
OP
Newcomer
Level 1
Joined
Dec 7, 2019
Messages
14
Trophies
0
Age
26
XP
91
Country
Austria
Ok well, i got it working. Updated to 6.1.0 with ChoiDujourNX and now I can boot into stock without jig and hekate. It really was the burnt fuses, though I don't know how they got burnt...

If anyone is still reading this, my very last question is: If I do a factory reset with the stock switch maintenance mode and never boot into cfw again (I used cfw once to get ChoiDujourNX running) will nintendo detect my switch as being or has been hacked if I go online? I will be setting up emuMMC for homebrew stuff but I know that this wouldn't affect the sysNAND. I am just concerned about the one time I used cfw to update from 4.1.0 to 6.1.0...

Even though I pretty much solved my own problem I hope that this will help anyone with a similar problem...

--------------------- MERGED ---------------------------

Oh and also is there any point in preventing burning fuses? Since I have a hardware exploitable switch it would be pointless since I don't need to wait for a new iteration of warmboot. Why would I want to go back to an older firmware version?
 
Last edited by Toby4213,
Mauio

Mauio

New Member
Newbie
Level 1
Joined
Apr 29, 2015
Messages
2
Trophies
0
Age
30
XP
44
Country
United States
Well, as far as I know, there's no point in preventing burnt fuses as long as you're hardware exploitable. Since from the sounds of it you haven't done very much that could be seen as bad, I think it's extremely likely you'd be 100% fine if you factory reset, seeing as there's nothing left to detect after that. So yeah, I'd say go for it.
 
Toby4213

Toby4213

Member
OP
Newcomer
Level 1
Joined
Dec 7, 2019
Messages
14
Trophies
0
Age
26
XP
91
Country
Austria
Yea thought so too, so I just upgraded to 8.1.0 to play legit Link's Awakening. Thanks for you input on going online, haven't tried yet but I think you're right.
 

Site & Scene News

Go to forum More news

Popular threads in this forum

The MIG Switch Thread

Kingdom Come Deliverance Nswitch MOD

Homebrew Tutorial  Building Pagascape from source to running Self Hosted mode on Windows and MSYS

mig switch not working/updating??

Hacking Homebrew Tutorial  Portable PegaScape (Win32)

Hacking Misc  Getting the MIG Switch to load an XCI dump without its original Initial Data

Fusee.bin with the new Pre-release of Atmoshere 1.7.0

DBI language error

General chit-chat
Help Users
  • No one is chatting at the moment.
    K3Nv2 @ K3Nv2: https://youtu.be/IihvJBjUpNE?si=CsvoEbwzNKFf0GAm cool