ROM Hack eMMC hacking for patched switch ?

[Jandy123]

I have a patched switch with FW 4.1. Since for now there is no software way to hack it, I was wondering if it's possible with a hard mod, much like the xbox 360: dumping the NAND, extracting keys, decrypting, modifying it etc.

Would this work on a switch ? I understand custom bootloader, firmware, tools for reading/mounting/modifying the eMMC image are all available. Has anyone attempted this ?

Thanks !

 

[andyhappypants]

There is currently no method available to the public for patched units.

 

[Jandy123]

Right, thanks for you reply, but would this be possible ? I mean from what I read the tools are just there...

 

[lembi2001]

You already have your answer, at the moment this is not possible as there is no publicly available method of hacking patched switches.

Once the method(s) is/are made public then yes, this should be possible. Until then just sit tight.

 

[Teck-]

-snip-

 

[Tumoche]

This wont work. If you somehow got the keys, you would need some exploit anyway. And you cant inject games with the keys like that because of sigpatches.

 

[Jandy123]

I've been reading up on the Trinket M0 mod and I haven't seen any confirmation that it doesn't work on ipatched units.

Could you please share a link to this mod ?

 

[lembi2001]

Could you please share a link to this mod ?

Don't bother, the M0 Trinket mod is only for unpatched units.

It still requires the use of RCM and this entry point is patched on these patched units.

 

[xxstyler20xx]

I've been reading up on the Trinket M0 mod and I haven't seen any confirmation that it doesn't work on ipatched units.

You are not able to enter rcm / send payload on patched units.. So it will not work because you need that to launch cfw

 

[Tumoche]

Could you please share a link to this mod ?

He is probably talking about a auto payload injector. Again, nothing is released for ipatched units.

 

[Jandy123]

This wont work. If you somehow got the keys, you would need some exploit anyway. And you cant inject games with the keys like that because of sigpatches.

Can the keys be extracted from a nand dump ? If this cannot be done, then, yes I can understand why it won't work.

 

[lembi2001]

There is NO PUBLICLY AVAILABLE METHOD for patched units

It doesn't matter how many times you ask the question. The answer doesn't change.

 

[Tumoche]

Can the keys be extracted from a nand dump ? If this cannot be done, then, yes I can understand why it won't work.

With only a nand backup, impossible. But again, you cant get code execution without AN EXPLOIT.

 

[gnmmarechal]

I've been reading up on the Trinket M0 mod and I haven't seen any confirmation that it doesn't work on ipatched units.

That mod is literally just a payload injector slapped inside the Switch. It is the same as injecting the payload with a dongle or a PC and won't work on ipatched units.

 

[Jandy123]

There is NO PUBLICLY AVAILABLE METHOD for patched units

It doesn't matter how many times you ask the question. The answer doesn't change.

I understand that there is no public method available. This I already knew.

My question is if such an attempt would be possible. More specifically, can one extract the keys and decrypt/modify rom starting from a rom dump obtained by a hardware mod (i.e. remove the emmc and read it elsewhere).

 

[Tumoche]

I understand that there is no public method available. This I already knew.

My question is if such an attempt would be possible. More specifically, can one extract the keys and decrypt/modify rom starting from a rom dump obtained by a hardware mod (i.e. remove the emmc and read it elsewhere).

You just dont understand how encryption works. You NEED the keys in order to read the raw dump. You can't get them .

 

[Jandy123]

You just dont understand how encryption works. You NEED the keys in order to read the raw dump. You can't get them .

Ok, so if I read the nand with a different device, all I get is an encrypted image, which I cannot decrypt since I don't have the keys. Is this what you are saying ? If this is so, then I understand why this won't work.