Hacking Any new ways to get device ID for patched switches?

[The Real Jdbye]

I got an idea though... I GOT a master key from Nintendo once. If you can calculate the key from the device ID & inquiry number, can't you reversely calculate the device ID from the inquiry number & master key?

Potentially, not if they use some sort of hashing algorithm as those are one directional, or they are just looking up the key in a database and the only thing the inquiry number is used for is to verify that you actually have the console in your possession, which is also quite possible.

 

[Ondrashek06]

Potentially, not if they use some sort of hashing algorithm as those are one directional, or they are just looking up the key in a database and the only thing the inquiry number is used for is to verify that you actually have the console in your possession, which is also quite possible.

If it was only to verify that you do have the console, why do you then need it for the mkey generator site? And why did you need ONLY the inquiry number to generate the key on FW <8.0.0?

 

[paulttt]

Just out of interest, what is the country of origin of this switch?

Reason I'm asking, couldn't of of us fine gents just call Nintendo for you with the serial and enquiry information?

 

[linkinworm]

no the 2 known variables shown can not be used alone, msaltkey already knows how to calculate the code, its right there for anyone to use, the issues is the function requires you to know the unknown variable. and bruteforcing the maths isn't easy. you've got effectively something like this
0523+132878+x=?
date+parity+x=?
tell me can you work that out? youre going in circles because you've failed to understand at the basics what maths are involved to generate the correct number

 

[M7L7NK7]

Dunno what you want us to tell you, it's either call them or do nothing

 

[linkinworm]

youre more than welcome to brute force it your self by finding a prodkey online doing this to work out what length the device ID should be, and then putting in every number possible for the device ID and then putting the master key results in

open PRODINFO in a hex editor like HxD, make sure the first 5 bytes are 43 41 4C 30 07 (the decoded text on the side should read CAL0.), so that you know it's been decrypted properly.
offsets 0x546-555 contain the device ID. you can ignore the "NX" before that and only need those 16 digits.

if you see a bunch of gibberish instead, then it wasn't decrypted properly/at all. you mentioned usage of Hekate but not HacDiskMount, so i'll assume you need to decrypt it. i copied these instructions with some changes from the readme file for SwitchSDtool.

Spoiler

Download and use Lockpick_RCM in conjunction with Hekate CTCaer Mod to dump your NAND and keys if necessary (a NAND dump isn't really needed if you already have one, but i would at least recommend having an updated copy of your keys)
Download HacDiskMount and use it to open up rawnand.bin
Double click on PRODINFO
Open up your keys document and copy in the first 32 characters from 'bis_key_00' to 'Crypto (Upper)', and the last 32 characters to 'Tweak (Lower)'
(The same keys can be gathered from a biskey document)
Click on 'Test', make sure the result says 'Entropy OK'
Click on 'Browse' under 'Dump to file', and browse to where you want to save the file
Click on 'Start'

 

[linuxares]

I think Team Salt would already have that method implemented if it was possible

 

[NightsEkim]

Use Google voice, they have some good pricing for international calls. Outside of actually calling Nintendo though I don't think you're going to get anywhere with this, whether you are willing to realize that or not, is your decision.

I could go in to more details about what is or isn't Nintendos fault along the lines of customer service, but that doesn't matter at this point, considering you're going to have to call them, like it or not.

 

[Ondrashek06]

Use Google voice, they have some good pricing for international calls. Outside of actually calling Nintendo though I don't think you're going to get anywhere with this, whether you are willing to realize that or not, is your decision.

I could go in to more details about what is or isn't Nintendos fault along the lines of customer service, but that doesn't matter at this point, considering you're going to have to call them, like it or not.

Is that a matter you can sue about? I'm pretty sure that having to pay $4/min to unlock a console that you paid for in it's entirety is illegal.

--------------------- MERGED ---------------------------

Just out of interest, what is the country of origin of this switch?

Reason I'm asking, couldn't of of us fine gents just call Nintendo for you with the serial and enquiry information?

My switch currently isn't locked. But I don't want to repeat the situation where I had to bruteforce the parental PIN.

 

[Hayato213]

I'm pretty sure that having to pay $4/min to unlock a console that you paid for in it's entirety is illegal.

Don't you have Nintendo support in the Czech Republic?

 

[Ondrashek06]

Don't you have Nintendo support in the Czech Republic?

As stated in my previous post.

It IS Nintendo's fault for not offering good customer service here. The only support email listed on the official Nintendo site for my country, www.mojenintendo.cz, *goes to only 1 person* which responds after a week or two. When we had a problem with my Switch being locked, we managed to brute force the PIN before they sent us the key.
Plus, it isn't even Nintendo support, it's support for a company called ConQuest that is only authorized to distribute Nintendo consoles and nothing else. When we sent our broken-out-of-the-box joy-cons to them for repair, they only stated that "the damage done was mechanical and you'll need to shell out for a repair, even though you have warranty". Like, that isn't even fair.

 

[Hayato213]

As stated in my previous post.

I see.

 

[ZachyCatGames]

The mkey generator site says that the ID can be derived from fuses, and the burnt fuses can be derived from installed FW.

It’s derived from fuses, but not those fuses. It’s derived from the SoC lot code, wafer id, and wafer x and y coordinates fuses.
(and fab code but that’s always the same)

 

[Draxzelex]

The mkey generator site says that the ID can be derived from fuses, and the burnt fuses can be derived from installed FW.

Yet, I still cannot figure out a way to actually GET the ID without hacking the Switch, which will never apparently be possible on patched switches without soldering.

Someone has a new way? I sure as hell ain't making an INTERNATIONAL call for $4/min to Nintendo just to get a 6 digit number to unlock a Switch.

I WON'T BE GETTING AN UNPATCHED SWITCH OR SOLDERING A CHIP. THE SWITCH IS A FAMILY SWITCH AND IS THE ONLY SWITCH WE'RE EVER GETTING.

Nope. Better dial Nintendo.

 

[cocowantsamasterkey]

I got an idea though... I GOT a master key from Nintendo once. If you can calculate the key from the device ID & inquiry number, can't you reversely calculate the device ID from the inquiry number & master key?

yo if this gets through u might be right but you'd have to hack into nintendo's data base. also, if im right, they might always have the same master key, try that.

 

[Draxzelex]

yo if this gets through u might be right but you'd have to hack into nintendo's data base. also, if im right, they might always have the same master key, try that.

No one is ever going to be able to hack into Nintendo's database to get the keys. The keys are most likely not even going to be on their servers.

 

[909590y]

Complain to your carrier for overcharging for international calls. That's not Nintendo's fault.

do u play fortnite so we can discuss the switch info? if u do my username is kokoyama44 if not work try this one kokoyama444

 

[909590y]

yes actually there is a way but from what i heard u have to exploit the switch

 

[WafflesTheProto]

The mkey site generates the "master key" (unlock code) for 3DS, Wii U and Switch parental controls. It is not designed for any device id. Otherwise i dunno what you mean with this device id...

switches on firmware 8+ need the device ID (Not serial number) to work.