Hello guys, this is my first post here! I just got a MIG Switch card out of curiosity and I was tinkering with it. For those who don't know, it's used by placing XCI dumps as well as other game specific bin files in the sd card of the MIG Switch, and are obtained from the original cartridge by using an app like nxdumptool. Two of these bin files are mandatory to get the game to boot: Initial Data.bin and Certificate.bin. They stay the same for every cartridge of a specific game. Now, if you want to use an XCI dump from a shady website it's impossible to get it to work without those files. By using the Certificate.bin from another game it has no problem, but this does not count for the Initial Data.bin. So I looked for a way to obtain this Initial Data from an XCI file and read a bit of the XCI file documentation from switchbrew dot org. Here's what I understood so far: The Switch checks if the cartridge is valid by doing a challenge–response authentication on the Initial Data. The Package ID is contained both on the XCI and the Initial Data, on positions 0x110 and 0x0 respectively. The Initial Data hash is on the XCI at position 0x160. It is calculated by doing a SHA-256 hash on the full Initial Data content. So I was wondering, is there a way to to construct a functional Initial Data file starting from an XCI dump? I also tried a reverse approach by editing the Package ID in the Initial Data from another game, generating the Initial Data hash and putting it in the XCI file but is not enough to get the Switch believe it's a real game. Sorry if this may seem stupid but let me know what you think.

mig switch not working/updating??

stickybit · 2024-03-28T19:59:51+00:00

just got my mig switch and followed instructions to the T to update it and all im getting is a red light and then a message saying cart not recognised, all im trying to do is update it to the latest firmware, it says it should flash blue when...

Homebrew Question Did that coldboot exploit from failoverfl0w go anywhere?

Thread starter daemonspudguy
Start date Oct 31, 2019
Views 1,380
Replies 4

daemonspudguy

Video Maker, Broken 3DS Owner, They/them Pronouns

Member

Level 5

Oct 31, 2019

The title says it all

Hayato213

Newcomer

Member

Level 28

Oct 31, 2019

You probably won't see any coldboot method for a while, if you want something close to it , get a modchip fitted.

CompSciOrBust

🤔

Member

Level 11

Nov 1, 2019

Yes. Every payload you launch uses it. They had two ShofEL2, and another unnamed one. ShofEL2 is also known as Fusee-Gelee and is what Atmosphere, SX, etc uses. This exploit was discovered by at least 4 people independently (F0f, KTemkin, Team-Xecuter, and the anonymous leaker who posted it on paste bin). The other unnamed exploit isn't really useful unless you already have control over the system and it lets you patch the boot rom before going in to sleep mode. Both exploits are documented on switchbrew and are the first and fourth exploits in this list. https://switchbrew.org/wiki/Switch_System_Flaws#Hardware

Lacius

Well-Known Member

Member

Level 26

Nov 1, 2019

Fusee gelee is the coldboot exploit.

hippy dave

BBMB

Member

Level 33

Nov 1, 2019

Yep tethered coldboot is what it was and what we've got. If you want untethered, get a modchip fitted. This is as good as it's gonna get, and honestly it's great.