Homebrew Question How can I modify (and decrypt), the Nintendo switch firmware/OS?

FrenchCheese · Dec 30, 2019

Hi, (sorry if this is in the wrong spot)

I have a personal project which involves modifying the Nintendo switch OS/firmware.

I downloaded the firmware online from a website, and opened in notepad++. But obviously, the firmware would be encrypted. I tried using hactool to decrypt it, but I can’t seem to get it to work. I need a way(or some guidance) to be able to read, and modify the Nintendo switch firmware/OS.

Any help would be great.

Thanks,

French

Boydy86 · Dec 30, 2019

ChoiDujour
Converts Nintendo Switch firmware update packages to installable images/files that can be transferred to the device itself

FrenchCheese · Apr 8, 2020

(sorry for the late reply)
Would choidujor let me decrypt the firmware so I can try modifying it though?

masagrator · Apr 8, 2020

FrenchCheese said:
I downloaded the firmware online from a website, and opened in notepad++.

Well, I don't think you know what you are doing. First learn what is the difference between compiled and not compiled code.

FrenchCheese · Apr 8, 2020

From what I understand, non compiled code is code in a format meant for programmers, and compiled code is in a format meant for CPUs?

I'm really new to a lot of these things and don't really know much about them, I just need some help starting out.

Thanks,
French

masagrator · Apr 8, 2020

FrenchCheese said:
From what I understand, non compiled code is code in a format meant for programmers, and compiled code is in a format meant for CPUs?

I'm really new to a lot of these things and don't really know much about them, I just need some help starting out.

Thanks,
French

Yes, and Horizon OS consists only of compiled code. And this compiled code is hash checked, so any direct changes to FW can result in error, in worst case soft brick. So first learn what is disassembling and you need to have very good understanding of platform machine code to do anything that you probably want to accomplish. Easier way is to use Atmosphere as base for what you want to do, because it has many security measures and big library that makes easier to understand Switch and apply custom stuff - or maybe you can even help with development of CFW.

FrenchCheese · Apr 8, 2020

I suppose I should probably share my intention for the firmware.

I know this would be very hard, and perhaps unrealistic, but I wanted to see if I could modify the Nintendo switch firmware to run on the raspberry PI. I know there would be tons of errors (if it's even possible) but I still wanted to try.

Homlet · Apr 8, 2020

FrenchCheese said:
I suppose I should probably share my intention for the firmware.

I know this would be very hard, and perhaps unrealistic, but I wanted to see if I could modify the Nintendo switch firmware to run on the raspberry PI. I know there would be tons of errors (if it's even possible) but I still wanted to try.

It sounds like you have you have no experience with programming, so I wouldn't bother trying that. You'd need the source code to compile it to different CPU architecture, and even then it'd be much more than you can handle. If you want to have fun with the switch, I'd recommend making simple homebrew apps with libnx

masagrator · Apr 8, 2020

FrenchCheese said:
I suppose I should probably share my intention for the firmware.

I know this would be very hard, and perhaps unrealistic, but I wanted to see if I could modify the Nintendo switch firmware to run on the raspberry PI. I know there would be tons of errors (if it's even possible) but I still wanted to try.

First you would need to disassemble whole OS. Disassembling even Kernel is a big feat that can take years. And on top of that you need implement different programs. This is way too unrealistic for one person that doesn't have any experience with porting OS. If you will make your linux distro running on Raspberry from scratch, you can be proud. Horizon is many times higher level, because many engineers worked on it to be as hard as its possible to reverse engineer OS without compromising performance.

FrenchCheese · Apr 8, 2020

Thank you all for you responses,
I had figured that this project might not be possible, and already accepted that I wouldn't be able to do this, and instead use something like an emulator for the PI.
That being said, from what I read about compiled code, it said that it could be written in C/C++. I'm fairly certain you can't, but just to be sure, is their any way to modify compiled code?

Thanks for your replies, I don't really have any experience in programming, and I just wanted to know what was possible.

masagrator · Apr 8, 2020

FrenchCheese said:
That being said, from what I read about compiled code, it said that it could be written in C/C++.

Yes, to get machine code you need first write code in compiled language or/and Assembler. C/C++ are compiled languages.
To get Assembler code you need to put machine code through process called disassembling. To get C code, you need to go through decompiling. Automatic decompiling is always not perfect and if compiled code is stripped from useful for RE informations, decompiled code has multiple errors (milion is the low bar with good amount of debug informations for part of OS), so you need to fix all of them based on disassembled code or write from scratch whole code based on disassembled code.
Still this would probably require writing at least 1 GB of pure code.

Dracari · Apr 8, 2020

Dont take this as me trying to be a Arsehole but trying to layout what kind of work you'd be facing.

i'd doubt it'd be possible, for not just the Vastly Worlds apart SoC's between say a Pi4 and the Switch (OG/"Redbox"/Mariko/Lite), and that theres no 100% open source documentation of the GPU as far as i know on the Pi 4's VideoCore VI, (hell its only recent w/ Pi's they've got a Neutered version of Vulkan, and while i have no idea if the switch relies on something like OpenGL, then that's going to make your life More a living hell as the Pi4 GPU drivers openly support OpenGL ES (which the version it supports is compliant to OpenGL 2.0 standards but it's a stripped down version of the full API)

i think you have the idea of what you aim for mistaken, if the aim was to run HorizonOS and therefore Switch games, your better off working on porting Atmosphere, and you would haveto write drivers (or i guess for Horizon, sysmodules?) for the GPU, BCM2711 (the SoC and sound) and account for going from the TegraX1 to the BCM2711's Cortex-A72 ARMv8 CPU, Not to ment even Write code to handle Joycons and keeping them as 1 Controller w/ as little input as possible.

(edit: not to mention this would likely only be feasible on the Pi4 4GB Model and running on Bare Metal w/o the underlying RaspbianOS as there's no Pi4 model w/ More memory than the switch.)

not to mention all this? would limit itself to Legally? Homebrew, otherwise, own cart dumps converted to ESPs/ eShop ESP Dumps. as there's likely no way to interface the Switch's gamecart reader over the Pi's GPIO in a timely fashion (i mean they cant even Drive a Floppy drive properly as a drop in replacement and those require stupid fast timings. ((for relevance look into something like FlashFloppy))

now if the Pi4 shared the same SoC? that'd take a Chunk of the extremely hard work work with "Possible" benefits off your back, the only things they share is just they both run an Arm based SoC,

masagrator · Apr 8, 2020

@Dracari Switch supports OpenGL, OpenGL ES2 and ES3.

Still doesn't change a fact this is absurd task.

Dracari · Apr 8, 2020

masagrator said:
@Dracari Switch supports OpenGL, OpenGL ES2 and ES3.

Still doesn't change a fact this is absurd task.

Agreed, sounds like they have the best of intentions on thier own part but way way above their skillset for likely wont go past a PoC. much less before Big N coming down and screaming "You Stop that baaad. .. " as for the API support, i think thats down more less to the limited choice What the Pi4 has, and what games and even homebrew uses/used and the high incompatibility this'd bring about.

The Real Jdbye · Apr 8, 2020

masagrator said:
Yes, to get machine code you need first write code in compiled language or/and Assembler. C/C++ are compiled languages.
To get Assembler code you need to put machine code through process called disassembling. To get C code, you need to go through decompiling. Automatic decompiling is always not perfect and if compiled code is stripped from useful for RE informations, decompiled code has multiple errors (milion is the low bar with good amount of debug informations for part of OS), so you need to fix all of them based on disassembled code or write from scratch whole code based on disassembled code.
Still this would probably require writing at least 1 GB of pure code.

C/C++ decompilers are pretty much not a thing, from what I've seen they just produce a .c file with functions and variables filled in (usually with random strings since debug symbols are usually not included) but completely devoid of any C code, instead using inline assembly, so they are only marginally more advanced than a disassembler and you still need to know asm. I wouldn't even call them decompilers, that's giving them too much credit.

FrenchCheese said:
I suppose I should probably share my intention for the firmware.

I know this would be very hard, and perhaps unrealistic, but I wanted to see if I could modify the Nintendo switch firmware to run on the raspberry PI. I know there would be tons of errors (if it's even possible) but I still wanted to try.

Even the pros in the scene are nowhere near the level of understanding needed to do something like that. They may both be ARM based platforms, but that's about the only similarities they share. The firmware makes use of a lot of Tegra specific functionality, and hardware specific to the Switch console. It will probably never be reverse engineered to the point where modifying it to run on other systems is possible, the best we might get is a hypervisor similar to Nintendont on Wii and Wii U or Wine on Linux which sits between the hardware/kernel and software and translates function and hardware calls where possible or emulates certain parts when that's not possible.

FrenchCheese · Apr 9, 2020

Thanks for your reply's. I figured this would be something far out of my skill set(afer all, Nintendo is a company with tons of developers and someone would have done it before me), but I wanted to see what would make it so difficult, and what the next best solution would be.

I hadn't really considered driver support, as I had found out that Nintendo used the free BSD kernel and figured they might have used the Raspberry Pi version for their base. Although, either way they would still need diffrent drivers, so that would be an issue.

As for hardware support, I had actually asked on the RBP forum (before realizing how hard software would be) how to connect the joy-con rails, coming to the conclusion that Soldering the ribbon cable end to a wire that connects to the GPio pins would be the best/only option(and doing something similar with cartridge reader). I don't think I'm allowed to leave a link yet, but it was entitled 'connecting joy-con rails to Raspberry Pi', if youre intrested.

Assuming I'd try the decompiler anyway, knowing it probably wont work/be too complex, then realize just how much I'm in over my head, and settle with a custom firmware to figure out how to port (assuming they built it from the ground up and didn't find a way to decompile it); Is there a firmware that's similar in apperance and function to the switch OS? And would I be able to go online without being banned?

Either way, I do understand how absurdly complicated and next-to-impossible this project would be, and that's why I asked, to see what was possible. Thanks.

Dracari · Apr 10, 2020

FrenchCheese said:
Is there a firmware that's similar in appearance and function to the switch OS? And would I be able to go online without being banned?

like it pretty much still is on the 3DS side, there's no 100% super guaranteed way to Prevent a ban. if by this your referring to a modified switch, both SX-OS and Atmosphere "look" like Normal Horizon. but going online w/o incognito applied is the fastest way to earn a ban.

there's a fine line between Ambition and "Crazy talk" ideals, and sadly your goal what you wanted to try, again just isn't feesable even if you implement a wine-like Layer to emulate basically what isn't available both software n Tegra specific hardware calls, there's going to be too much overhead to make it any more feesable w/ even the 4GB Pi4. and no telling if/when we'll see any new RaspberryPi hardware revisions with a decent enough bump in spec to make this possible.

if your trying to say recreate Horizon's Appearance however on the Pi, the closest GUI you could skin will be EmulationStation.

Though best of luck in future endeavors!

Homebrew Question How can I modify (and decrypt), the Nintendo switch firmware/OS?

Member

Well-Known Member

Member

The patches guy

Member

The patches guy

Member

Well-Known Member

The patches guy

Member

The patches guy

Well-Known Member

The patches guy

Well-Known Member

*is birb*

Member

Well-Known Member

Similar threads

Popular threads in this forum

is birb