It's my understanding that they way autoRCM works, is by corrupting BOOT0. So why can't we substitute BOOT0 with something else?
This may be a very ignorant question to ask. Sorry.
This may be a very ignorant question to ask. Sorry.
Hacking Could we substitute BOOT0 with hekate?
- Thread starter kevin_1351
- Start date
- Views 2,898
- Replies 13
From what I understand (and if it's anything like the 3DS) corrupting boot0 will make the console boot into a "failsafe" mode (RCM in the Switch's case and the other boot sector in the 3DS) as the processor expects that.
Replacing it isn't as easy as you'd think.
It could be signed or the CPU will simply refuse to load the code you're trying to write.
I'm not up to date on Switch hacking but if it was that easy, you'd already see it applied.
Replacing it isn't as easy as you'd think.
It could be signed or the CPU will simply refuse to load the code you're trying to write.
I'm not up to date on Switch hacking but if it was that easy, you'd already see it applied.
Indeed, I didn't think that it was going to be easy. But we have all relevant keys If I'm not mistaking. Hekate would have to be modified for this purpose of course. But I don't see why it shouldn't work.
Well, I just wanted to know. Thanks
Last time I checked, which was yesterday I believe, only 40 out of 80 keys where known.
I'm pretty sure that in the not so distant future, we might see something similar to BootMii or Godmode9 at boot but for now...
Personally, I would welcome it.
A almost brickproof console/handheld is better then no safety net at all.
Tho, nothing beats hardware flashers.
There was a leak just a few days ago that provided us with many more keys; and besides, it's not about the numbers.
I don't think Nintendo would be as stupid as Sony to hide masterkeys in their firmware.
And with masterkeys I mean that PSP hackers where able to sign homebrew to be ran on OFW haha.
But... I have all the masterkeys in a txt, even dev ones...
We decrypt xci's with them...
But they have to be somewhere in the switch, thus we can get them.
Hasn't happened with the 3DS, hasn't happened with the Wii U and I doubt it'll happen with the Switch.
I honestly don't think Nintendo is that stupid.
Sony leaving PSP signing keys inside the PS3 firmware was shear stupidity.
You would need either a bootROM exploit that takes advantage of the launching mechanism for BOOT0, or the ability to forge a valid signature for the substituting package, the latter of which is virtually impossible.
What the Switch has in its storage are the public signing keys and private decryption keys, which are used for verifying that a file was signed by a specific sender's private signing key (Nintendo, in this case), and decrypting files encrypted with the public decryption key, ensuring that only the holder (or holders, I guess) of the private decryption key are able to decrypt them.
You need Nintendo's own private signing keys, which only they have access to, in order to sign a file for the bootROM to accept it as valid.
What the Switch has in its storage are the public signing keys and private decryption keys, which are used for verifying that a file was signed by a specific sender's private signing key (Nintendo, in this case), and decrypting files encrypted with the public decryption key, ensuring that only the holder (or holders, I guess) of the private decryption key are able to decrypt them.
Hekate doesn't corrupt anything, autoRCM does. And autorcm doesn't launch anything or "install" anything, it just corrupts a part of it which triggers a failsafe boot into RCM. It doesn't boot any payload itself, it's just the same as standard RCM and will require a USB host still to work.
So no, you can't just install hekate to boot0, that's not how it works
So no, you can't just install hekate to boot0, that's not how it works
Similar threads
