Hacking Can someone with a banned switch help me repair mine?
- Thread starter guyman70718
- Start date
- Views 9,141
- Replies 61
- Likes 1
Ill try reflashing them. Someone suggested running biskeydump.bin and it is failing, maybe this helps?
Attachments
Alright, so then what could be causing the console to not boot still? Is it possible that its due to the error emmchaccgen was throwing before?
"Key derivation failed!" means the problem most likely comes from boot0/1. I'm not sure how reliable emmchaccgen is. How many keys did you recover with Lockpick_RCM? You should try using linkle and generate valid keyblobs.
Ok, how do I go about doing that? I did linkle keygen -k prod.keys and it outputted the file reorganized it seems
For that you'll need to have keyblob_00 to keyblob_05 entries in your console prod.keys. You probably don't have them now, but they are not console unique and can be found online pretty easily. After adding just those keyblob entries to your prod.keys, run linkle with that file, it should have added encrypted_keyblob_00 to encrypted_keyblob_05 entries. Use linkle's output to regenerate boot0/boot1.
Again, you shouldn't need that with 6.2.0. I don't remember if EmmcHaccGen with 6.2.0 worked or not for me but it should, does it still crash?
Again, you shouldn't need that with 6.2.0. I don't remember if EmmcHaccGen with 6.2.0 worked or not for me but it should, does it still crash?
EmmcHaccGen's readme.md says it supports 6.2.0. I actually already fixed the error, I downloaded a different dump of 6.2.0 and used that instead. It changed the contents of the SYSTEM partition only, boot0,1 stayed the same and so did all the pkg2 files. I updated the files on the system partition but still no boot. I just used linkle to add encrypted_keyblob_00-05 to my prod.keys and ran emmchaccgen again and the boot0 hash is still the same.
Actually, I just checked, it is normal that boot0/1 hashes haven't changed because emmchaccgen doesn't personalize boot0 with your own encrypted_keyblobs. Good news is that now we are sure that EmmcHaccGen works, as it worked for me. Which version tho I'm not sure. I really think it was 6.2.0 but maybe 7.0.0 or even 9.0.0.
Either you manually add your personalized encrypted_blobs at the end of the generated boot0 as per https://switchbrew.org/wiki/Flash_Filesystem#Boot_Partitions and try to boot on a <6.2.0 firmware with ChoiDuJour.
Or you try with EmmcHaccGen with 7.0.0 or 9.0.0.
It shouldn't make a difference but maybe try without exfat support too.
Also, please send a copy of Lockpick_RCM output.
Signing off for the day, wishing you success!
I added the encrypted keyblobs to BOOT0 manually with a hex editor (I referred to this post) and the console now boots using fusee_primary! Still though, I tried disabling autorcm and booting normally and it still will not do that. Still, this is a huge leap.
Oh, of course that's what it is. I don't know what version It was on, probably 10.1.0
Just updated to 10.2.0 and it boots fine! Thank you so much! I might try to write a semi-tutorial now that I was able to successfully do this, since it seems there is nothing written online about how to use these tools.
I was just lurking but i'm really happy for you, nice job guys
Similar threads
- No one is chatting at the moment.
-
-
-
-
-
-
-
-
-
-
-
-
@
Sonic Angel Knight:
Speaking of meatballs, what's the deal with meatball sandwich? How can people eat those? It's ROUND. Trying to bite those in a sandwich is a challenge. It's easier to eat a burger stacked with toppings.
-
-
-
-
-
-
-
-
-
-
-
-
-
