Hacking RELEASE biskeydump and HacDiskMount - Switch eMMC decryption/real-time mounting tools

[rajkosto]

it doesn't ask for a bis key. Notice that the BIS KEY group box doesn't have a number next to it. These partitions arent encrypted (leave the 2 key boxes blank), see: http://switchbrew.org/index.php?title=Flash_Filesystem

 

[T-Error]

^^ OK! Stupid me... Thx for giving us those usefull tools. Works like a charm.

 

[Dr.doom]

@rajkosto how do I add boot 0 and boot1 back into the nand safely.

 

[Dr.doom]

@rajkosto how do I add boot 0 and boot1 back into the nand safely.

Never mind .

 

[rajkosto]

biskeydump v6 is out, which outputs the dumped keys text to the RCM host (your PC) if you use TegraRcmSmash 1.1.0 or newer with an additional argument (see README)

 

[SocraticBliss]

it doesn't ask for a bis key. Notice that the BIS KEY group box doesn't have a number next to it. These partitions arent encrypted (leave the 2 key boxes blank), see: http://switchbrew.org/index.php?title=Flash_Filesystem

Do you think it would be better to hide those 2 boxes if they select those partitions? Might prevent people from making a mistake, as it's true that it isn't very clear.

Also, would be nice to save the previous keys used, that way we don't have to re-enter them each time we re-open a partition.

 

[aut0mat3d]

Do you think it would be better to hide those 2 boxes if they select those partitions? Might prevent people from making a mistake, as it's true that it isn't very clear.

Also, would be nice to save the previous keys used, that way we don't have to re-enter them each time we re-open a partition.

Hiding those boxes would be fine to avoid misunderstandings

A Save Option is already included - the button "check keys" (or so) changes to save if the check was OK

 

[cpasjuste]

biskeydump v6 is out, which outputs the dumped keys text to the RCM host (your PC) if you use TegraRcmSmash 1.1.0 or newer with an additional argument (see README)

So, you could dump via USB I guess, could be cool ?

 

[MonMonz]

make sure logging is enabled (because you wont be able to see all the keys in the debug pane) and evalfile this script: https://pastebin.com/QfBxeNt5

i tried it and all i got is 8 lines with numbers and words in the debug log! i dont know what to do next

 

[riyyi]

Using Hekate ipl (this commit https://github.com/nwert/hekate/commit/e7373548fa3dd51508b34ae9c673885f849f653e)
I get the 3 errors when dumping the eMMC, but it should be fine, according to this:

No. if they were unreadable the dump would have failed. They were able to be read on the 2nd try which is why you only see their address once. The eMMC probably just gets tired and fails sometimes :shrug:

However, my dump is 27.9 GB (29,979,344,896 bytes), which is to small I think.
HacDiskMount says: [08:53:35:222535]

Not enough bytes reading secondary GPT header from offset 31268535808
What could I to fix this? I'm on 3.0.1

Spoiler: HacDiskMount output

Edit: Dump is correct using the newest commit (https://github.com/nwert/hekate/commit/5ca3bbcaf18daabed20a168cb6ee63d9d51a1161)

 

[Xyphoseos]

Which keys are needed for BCPKG ?

 

[mariogamer]

Edit

 

[SocraticBliss]

Hiding those boxes would be fine to avoid misunderstandings

A Save Option is already included - the button "check keys" (or so) changes to save if the check was OK

Either hiding it, or ignoring the inputs would probably work...

Thanks for the save clarification my bad!

 

[d4mation]

HacDiskMount - use your BIS keys and your RawNand.bin (or the physical eMMC attached via microSD reader or using a mass storage gadget mode in u-boot/linux) to dump, restore or REAL-TIME MOUNT AND EXPLORE/MODIFY partitions from the dump file or attached physical device !

Could this be used to remove the "Super Nag" flag? This could be great for people who are on lower system firmwares who were effected by this.

https://gbatemp.net/threads/importa...ges-to-block-web-applets-from-working.502431/

 

[mariogamer]

How can i add boot0/1 to the rawnand? Do I append them to the start?

 

[rajkosto]

It doesn't go there. HacDiskMount does not do anything with regards to boot0/boot1. If you want to readout keyblobs from your boot0 check out hactool with --infile=keygen

 

[Imancol]

It doesn't go there. HacDiskMount does not do anything with regards to boot0/boot1. If you want to readout keyblobs from your boot0 check out hactool with --infile=keygen

Try your latest version of BiskeyDump and I could not not know if it should be executed first with TegraRMCSmash 1101 and then in CMD write the argument or just write the argument in CMD. Could you please guide me?

 

[Imancol]

Use this command with the version biskeydumpV6 and TegraCMSSmash 1.1.0.1

TegraRcmSmash.exe -w biskeydump.bin BOOT:0x0

 

[Addconsult]

Tried to get the biskeys with tegrarcm and biskeydump.bin as payload. Nothing happens after "uploading payload". Fusee payload works and hekate payload too. I tried the newest version of tegrarcm and the version before that. Same issue. Launched it with
TegraRcmSmash.exe -w biskeydump.bin BOOT:0x0
AND
Without the "boot" flag. Running Switch FW 4.0.1

Anyone know a solution ? I have reinstalled APX drivers several times and rebooted. Also tried different usb ports (Same computer).

 

[rajkosto]

Delete intermezzo.bin if you have it in any of the folders TegraRcmSmash.exe would use