Hacking AutoRCM Implementation by Reisyukaku

[Huntereb]

Is there any difference between this and Reisyukaku's?

One will probably be implemented in the upstream Hekate and the other will be forgotten to time.

 

[Deletedmember448668]

Hey I already know i'm going to get shit for this comment but I'm still a tad skeptical so fuck it. Here it is.
Can you make a video powering off your switch, pluging your usb c in and then using Auto-RCM? Unfortunately, this proves nothing as you could have already been in RCM. Sorry to be such a skeptic, but I mean, I could literally make a video right now and do the same thing And I will to prove my point if needed.

 

[Lacius]

Hey I already know i'm going to get shit for this comment but I'm still a tad skeptical so fuck it. Here it is.
Can you make a video powering off your switch, pluging your usb c in and then using Auto-RCM? Unfortunately, this proves nothing as you could have already been in RCM. Sorry to be such a skeptic, but I mean, I could literally make a video right now and do the same thing And I will to prove my point if needed.

Why are you skeptical? It's a simple modification we all knew was possible since before TX advertised it.

 

[Huntereb]

Can you make a video powering off your switch, pluging your usb c in and then using Auto-RCM? Unfortunately, this proves nothing as you could have already been in RCM. Sorry to be such a skeptic, but I mean, I could literally make a video right now and do the same thing And I will to prove my point if needed.

It works, I've used it myself. It literally bricks your console, there's not much to prove. If you don't like your bricked console, execute the payload again and turn it off. You're not losing anything if you have a NAND backup.

 

[Deletedmember448668]

Why are you skeptical? It's a simple modification we all knew was possible since before TX advertised it.

I'm supporting their efforts 100%, just skeptical..for reasons

It works, I've used it myself. It literally bricks your console, there's not much to prove. If you don't like your bricked console, execute the payload again and turn it off. You're not losing anything if you have a NAND backup.

But the point of the video is to show that they have a working Auto-RCM right? If it bricks your console what's the point? Maybe i misread your comment about bricking..idk. Is that what you're saying?

 

[Lacius]

I'm supporting their efforts 100%, but the

But the point of the video is to show that they have a working Auto-RCM right? If it bricks your console what's the point? Maybe i misread your comment about bricking..idk. Is that what you're saying?

AutoRCM works by "bricking" the console. It makes the Switch unable to boot the OS, so it boots RCM (Tegra Recovery Mode) instead. Installing AutoRCM is beneficial because it will always launch RCM on boot, but it also means you will be unable to boot into the Switch OS without first loading an RCM payload through the USB-C port.

 

[Deletedmember448668]

AutoRCM works by "bricking" the console. It makes the Switch unable to boot the OS, so it boots RCM (Tegra Recovery Mode) instead.

I get that. They are corrupting the boot files, hunters comment makes it sound like a permabrick. Wording used wrong i guess

 

[Huntereb]

But the point of the video is to show that they have a working Auto-RCM right? If it bricks your console what's the point? Maybe i misread your comment about bricking..idk. Is that what you're saying?

Well, it's not "bricked" for say. The console can't find a validly signed partition to boot, so it launches RCM automatically. Your console is essentially a "brick" unless you launch your firmware using a RCM payload.

 

[Reisyukaku]

Hey I already know i'm going to get shit for this comment but I'm still a tad skeptical so fuck it. Here it is.
Can you make a video powering off your switch, pluging your usb c in and then using Auto-RCM? Unfortunately, this proves nothing as you could have already been in RCM. Sorry to be such a skeptic, but I mean, I could literally make a video right now and do the same thing And I will to prove my point if needed.

Given the previous comments in this thread and other of my threads, i think its safe to assume im well respected enough of a dev to where i can just say "trust me" and that should be enough. I mainly work privately on switch after the cancer that was the 3DS scene so you probably wouldnt know me well enough. But if your 3DS runs ReiNAND, ReiSix or Luma you can thank me (^:

 

[Lacius]

I get that. They are corrupting the boot files, hunters comment makes it sound like a permabrick. Wording used wrong i guess

Well, it's not "bricked" for say. The console can't find a validly signed partition to boot, so it launches RCM automatically. Your console is essentially a "brick" unless you launch your firmware using a RCM payload.

Without a way to launch an RCM payload using the USB-C port, the Switch is "bricked." If you have access to a way to launch an RCM payload through the USB-C port, then you're not "bricked."

If you install AutoRCM and then something bad happens to your USB-C port that makes it nonfunctional, then you're totally bricked.

Edit: It should be noted that you only need to launch an RCM payload each time you coldboot the system. Once Atmosphere CFW is released, for example, I assume you will load it once and then likely keep your Switch in sleep mode 99% of the time.

 

[rajkosto]

There's only so many ways to change an RSA modulus, family. I've mentioned all kinds of ideas in my private group so it's hard to say 1 person thought of it and everyone else copied.

there is more than one way, a few days ago i did it by just xoring all the pubkey bytes with a random u8, which has about the same recoverability as changing the first byte, but why make it more complicated than it has to be

mine and yours are functionally identical so people can use whichever one they want
now lets just hope THEY do it the same way so all the tools are compatible

 

[Deletedmember448668]

Well, it's not "bricked" for say. The console can't find a validly signed partition to boot, so it launches RCM automatically. Your console is essentially a "brick" unless you launch your firmware using a RCM payload.

I understand how it works, the boot files are corrupt right? Or is he doing it a different way. Still wouild like to see a video of it in full.

Given the previous comments in this thread and other of my threads, i think its safe to assume im well respected enough of a dev to where i can just say "trust me" and that should be enough. I mainly work privately on switch after the cancer that was the 3DS scene so you probably wouldnt know me well enough. But if your 3DS runs ReiNAND, ReiSix or Luma you can thank me (^:

I've heard your name, i've seen your recent releases, I appreciate your work. But can you see why anyone would be skeptical, even if it is the 1%? Saying "trust me because i'm me" doesnt validate anything (Not being rude, just making a point) Rock on my dude!

 

[Qyriad]

Given the previous comments in this thread and other of my threads, i think its safe to assume im well respected enough of a dev to where i can just say "trust me" and that should be enough. I mainly work privately on switch after the cancer that was the 3DS scene so you probably wouldnt know me well enough. But if your 3DS runs ReiNAND, ReiSix or Luma you can thank me (^:

A reminder that there is almost 0 ReiNAND code left in Luma, and most of what remains is boilerplate.

 

[Deletedmember448668]

Without a way to launch an RCM payload using the USB-C port, the Switch is "bricked." If you have access to a way to launch an RCM payload through the USB-C port, then you're not "bricked."

If you install AutoRCM and then something bad happens to your USB-C port that makes it nonfunctional, then you're totally bricked.

Edit: It should be noted that you only need to launch an RCM payload each time you coldboot the system. Once Atmosphere CFW is released, for example, I assume you will load it once and then likely keep your Switch in sleep mode 99% of the time.

So, here's a question based on that. If we use this method right now, is there no way to get back to normal horizon to play our switch games?

 

[Reisyukaku]

there is more than one way, a few days ago i did it by just xoring all the pubkey bytes with a random u8, which has about the same recoverability as changing the first byte, but why make it more complicated than it has to be

mine and yours are functionally identical so people can use whichever one they want
now lets just hope THEY do it the same way so all the tools are compatible

it's public knowledge that corrupting nand, or pulling your nand chip out is alt ways of RCM. the modulus is just easy because static data.. and yea, xoring would be a good way too.. that way you can corrupt non-static data. Not sure why you're getting worked up.

 

[Lacius]

So, here's a question based on that. If we use this method right now, is there no way to get back to normal horizon to play our switch games?

You can uninstall AutoRCM and return your Switch to normal. With AutoRCM installed, the only way to launch the Switch OS without uninstalling AutoRCM is by launching CFW of some sort.

 

[Huntereb]

I understand how it works, the boot files are corrupt right? Or is he doing it a different way. Still wouild like to see a video of it in full.

This tool modifies a single byte in the partition headers of your NAND, breaking their signature. The console won't boot what doesn't look valid.

A reminder that there is almost 0 ReiNAND code left in Luma, and most of what remains is boilerplate.

So you're reminding us that without ReiNAND, Luma wouldn't exist? :v)

 

[memomo]

works greet in 4.1

but I switched back to normal because it still pc-dependent
Anyway, it's good to see our beloved developers do an amazing progress

 

[Deletedmember448668]

You can uninstall AutoRCM and return your Switch to normal. With AutoRCM installed, the only way to launch the Switch OS without uninstalling AutoRCM is by launching CFW of some sort.

Which leads to my next question. As you seem to be a beacon of knowledge, I will be your student. I'm new to this shit and still learning how eveyrthing works. When AutoRCM is released to the public (non-TX version), will we be able to play our Switch games? Right now in it's current iteration, my switch games do not boot while in any CFW.

 

[Huntereb]

When AutoRCM is released to the public (non-TX version), will we be able to play our Switch games? Right now in it's current iteration, my switch games do not boot while in any CFW.

That's for the Atmosphere developers to decide.