Hacking Any hard mod that can read/write on SysNAND?

  • Thread starter Thread starter Showpony21
  • Start date Start date
  • Views Views 1,532
  • Replies Replies 5

Showpony21

New Member
Newbie
Joined
Nov 27, 2018
Messages
2
Reaction score
0
Trophies
0
Age
33
XP
74
Country
Australia
I am mainly interested in accessing save game files without the need of Checkpoint or Homebrew CFW.
I'm not a fan of transferring profiles to another Nintendo as I don't have any friends (either online or irl).

I don't really care about pirating software as I am financially quite stable.

I am wondering if there is a hard mod that allows direct read/write access to SysNAND. Is there any way to clone the SysNAND into a micro SD card and physically rewire the console so that it boots from the clone.
I know EmuNAND is a software alternative to bypassing SysNAND but it is more vulnerable to updates (as seen with the current 6.2.0 patch).
I am just curious as to how the hardware is set up to prevent such hardware modification. I wasn't able to find a clear explanation browsing the forums.
I know this will void all warranty.
 
Does hacdiskmount allow you do write on the SysNAND tho?
No point in having a back up if you can't transfer it back to the SysNAND.
 
HacDiskMount - use your BIS keys and your RawNand.bin (or the physical eMMC attached via microSD reader or using a mass storage gadget mode in u-boot/linux) to dump, restore or REAL-TIME MOUNT AND EXPLORE/MODIFY partitions from the dump file or attached physical device !

you can either connect physically or backup your nand with hekate, edit with hacdiskmount, then restore dump.
 
Last edited by bedbug1226,
was going to ask if anybody has a guide on how to do this, but then I found the following from a much older post. Please tell me there is an easier way to do it than this.....


  • Get TegraRCMSmashGUI. Unpack to a folder somewhere. Call it something convenient, like Tegra.
  • Go here and download biskeydump, memloader, and HacDiskMount.
  • Unpack biskeydump.bin, and memloader.bin. Put in the Tegra folder.
  • In memloader.zip, there is a folder called sample. Unpack the contents to your SD card.
  • Turn off your Switch, get jiggy, and go into RCM mode.
  • Launch TegraRcmGUI. It should say "RCM OK" in the bottom left of the UI. Select "biskeydump.bin" as the payload, and click Inject Payload.
  • Note down everything manually or take a shot of the QR code, then save it somewhere.
  • Press the power button to turn off your Switch, get jiggy, and go into RCM mode.
  • Go back to TegraRcmGUI. It should say "RCM OK" in the bottom left of the UI. Select "memloader.bin" as the payload, and click Inject Payload.
  • In the resulting screen, select "ums_emmc.ini". If this option is not present, you didn't do step 4 correctly. Turn off your switch, and go do it. Continue from step 8.
  • Once selected, press power once.
  • Launch HacDiskMount, run as Administrator. Go to File-Open physical drive.
  • You should see "Linux UMS disk 0 (21.121 GiB)" or something very similar. Select this then click OK.
  • Now you should see a list of items starting with PRODINFO and ending with USER. Double click USER.
  • A window called "Operations on USER" should have appeared. At the top it should say "BIS Key 3", along with two text boxes for Crypto and Tweak.
  • Go to the keys you noted from biskeydump. Copy the correct keys from this to the appropriate text boxes. Click Test. If the result is green with OK! Entropy, continue. Otherwise double check your keys.
  • Below the keys section there is Virtual Drive. Click install, if it hasn't been done already after previously following a different tutorial.
  • Select an empty/unused drive letter. Click Read Only (for safety). Click Mount.
  • Open Explorer, navigate to the newly mounted drive. If nothing appears or Windows says it needs to be formatted, abort and check your keys.
  • In the mounted drive, you will see five folders (Album, Contents, save, saveMeta, temp) and one file (PRF2SAFE.RCV). Copy save and saveMeta somewhere safe, and good luck identifying which one is which.
  • Click Unmount in HacDiskTool. You can now turn off your Switch, hold down Power for 13 seconds.
 

Site & Scene News

Popular threads in this forum