1. tomsek68

    OP tomsek68 Member
    Newcomer

    Joined:
    May 19, 2018
    Messages:
    22
    Country:
    Hungary
    I bought a "faulty" board from ebay. No charging symbol, no Nintendo logo.
    • MT92T36 and BQ chip was replaced by original owner/shop.
      • I had to redo these, they did a rather sloppy job.
    • Seller sent it with the eMMC plugged in the wrong way.
    • RCM OK, boots Hekate IPL. BQ reports correctly, MT voltages are OK.

    It wont go into RCM mode automacially.
    • hekate reports that AutoRCM is ON
    • If i try to disable it hangs, than it says it was successful.
    • After a reboot, it still says its on. Still no RCM automacially.

    Hekate reports "Uknown pkg1 version for reading TSEC firmware".
    After dumping i have noticed (with hex editor):
    • PKG1 (hekate says that it is "encrypted") - All zeros
    • BOOT0 and BOOT1 are almost completely zeros, with some @ symbols.

    Also:
    • Biskeydump's keys wont pass in HacDiskMount.
    • Tried lockpick/hactool, no success.
    • The console *can* make a dump of a known good eMMC.
    • I think this is NOT the original nand, because the double sided tape pieces are not matching on the WIFI shield/eMMC.
    What do you suggest? (Dumps attached...)
     

    Attached Files:

    Last edited by tomsek68, Feb 26, 2020
  2. thesjaakspoiler

    thesjaakspoiler GBAtemp Regular
    Member

    Joined:
    Nov 20, 2018
    Messages:
    169
    Country:
    Afghanistan
    Sounds like they replaced the original eMMC with new/clean eMMC.
    They sell those on Aliexpress and other sites.

    But without the original eMMC, there is not much hope of installing a new system on it.
    That is something that still hasn't been figured out yet.

    You could consider installing Android on it as it uses the SD card and not the eMMC afaik.
    Or sell it off for parts on eBay.
     
  3. tomsek68

    OP tomsek68 Member
    Newcomer

    Joined:
    May 19, 2018
    Messages:
    22
    Country:
    Hungary
    I am thinking about circumventing the encription of the eMMC. What does HOS do with these partitions apart from booting the system and online verification?
    Maybe with an unencrypted installion of HOS and a payload to pull the data from the eMMC?

    I have a board which was in my personal switch.
    It had wifi and other problems, so i decided to salvage the tegra and use it on this board. It has the eMMC (and backups ofc), so it shoud be good if the board is fine.
     
    Last edited by tomsek68, Feb 27, 2020
Draft saved Draft deleted
Loading...

Hide similar threads Similar threads with keywords - unknown, BISkeys, Bought