Hacking Question Erista V1 patched or Mariko V2 Switch?

[bibititou]

Hi everyone !
I got some questions about my switch model because I want to get all the benefits possible from it.

To do that, I must define some things. What model of switch do I have ?

My switch serial number is > XAJ10030000000 so according to Essometer thread, my switch is not able to have a hardware exploit.

Furthermore, I have bought my switch in December 2018 so if I have understood right, it is an Erista patched switch (V1). Can you clarify this because I have some doubts between patched Erista or Mariko ?

I inquired about SX Core that sounds like a good choice for patched switch, because it does not matter what Switch version I have. But if I really got an Erista model, is it compatible with the CFW Atmosphère ? Actually, I would prefer to use this one rather than the CFW SX OS because I am an open source enthusiast and do not want to run under a proprety operating system... Is it possible ? If it is, is there a tutorial or any thread talking about this case ?

I am actually a noob in switch hacking etc. Sorry about those potentials idiotic questions...

Thank You in advance.

 

[Der_Blockbuster]

I looked the serial up, you definetly have a patched model.
So. To use any kind of Custon Firmware you need to install SX CORE.
With this, you can use ANY CFW , Atmosphere etc you want.
There is no other way currently..
Thats it.

--------------------- MERGED ---------------------------

https://gbatemp.net/threads/sx-core...itch-v1-erista-fw-10-1-0-and-os-3-0-4.572693/

 

[bibititou]

Thank you for your reply.

Any homebrew should be ok with this model so ? Because I have heard about Incognito or ChoiDujourNX bricks switch for Mariko models etc.

I just want to be sure before doing a mistake !

 

[Der_Blockbuster]

Thank you for your reply.

Any homebrew should be ok with this model so ? Because I have heard about Incognito or ChoiDujourNX bricks switch for Mariko models etc.

I just want to be sure before doing a mistake !

No problem. I didnt say that any Homebrew is compatible. For more Informations about what is compatibe or not I would recommend you to visit the Site of TeamXecuter.

They also have a forum.
I can't answer that because I never used any TX Solutions sorry ^^
Also don't believe what 1 says, because people can always make mistakes, so try to look on their website what they officially say is supported or not.

Greetings!

 

[Maq47]

No problem. I didnt say that any Homebrew is compatible. For more Informations about what is compatibe or not I would recommend you to visit the Site of TeamXecuter.

They also have a forum.
I can't answer that because I never used any TX Solutions sorry ^^
Also don't believe what 1 says, because people can always make mistakes, so try to look on their website what they officially say is supported or not.

Greetings!

I'm pretty sure you can NOT use Atmosphere on SX CORE or SX LITE. The modchip looks for the SX OS files.

 

[bibititou]

But actually, if my switch model got the Erista chipset, why would it be different of a SX PRO method ?

I mean, it run on the same chipset, can't we use Hekate to boot into Atmosphère CFW ?

 

[Maq47]

But actually, if my switch model got the Erista chipset, why would it be different of a SX PRO method ?

I mean, it run on the same chipset, can't we use Hekate to boot into Atmosphère CFW ?

Hekate uses an RCM vulnerability (which is patched for you) to break through the console's security and get permissions to load custom modules. Since this relies entirely on that vulnerability (which is only in RCM), patched consoles cannot load Hekate, or use .kip files (such as Noexs). Also, Atmosphere needs the aforementioned permissions to even boot, and relies almost entirely on an RCM payload to load.

@SciresM could, in theory, write an Atmosphere payload that masquerades as an SX OS payload, and loads Atmosphere, but this would require signing said payload with TX's keys and using their formatting, which would legally require TX to pack the payload for him, which would make the source code private, which would be against his MO when it comes to keeping his software open source, and so this can't happen.

 

[HenryMin]

Hekate uses an RCM vulnerability (which is patched for you) to break through the console's security and get permissions to load custom modules. Since this relies entirely on that vulnerability (which is only in RCM), patched consoles cannot load Hekate, or use .kip files (such as Noexs). Also, Atmosphere needs the aforementioned permissions to even boot, and relies almost entirely on an RCM payload to load.

@SciresM could, in theory, write an Atmosphere payload that masquerades as an SX OS payload, and loads Atmosphere, but this would require signing said payload with TX's keys and using their formatting, which would legally require TX to pack the payload for him, which would make the source code private, which would be against his MO when it comes to keeping his software open source, and so this can't happen.

It's not true, you can run hekate or AMS without RCM if FW is lower than 4.1.0 (Deja Vu exploit)
Also, you can launch payloads from SX CORE boot menu.
But SX CORE modifies BOOT0, and you can't boot to AMS with modified BOOT0.
So if you want to run AMS on chipped console, you have to run 'Clean Up' before injecting fusee.

 

[Maq47]

It's not true, you can run hekate or AMS without RCM if FW is lower than 4.1.0 (Deja Vu exploit)
Also, you can launch payloads from SX CORE boot menu.
But SX CORE modifies BOOT0, and you can't boot to AMS with modified BOOT0.
So if you want to run AMS on chipped console, you have to run 'Clean Up' before injecting fusee.

Yeah, I did more research, and just saw this:
https://gbatemp.net/threads/how-to-launch-hekate-from-sx-core.568291/page-4#post-9163772
Sorry for the confusion.

 

[bibititou]

It's not true, you can run hekate or AMS without RCM if FW is lower than 4.1.0 (Deja Vu exploit)
Also, you can launch payloads from SX CORE boot menu.
But SX CORE modifies BOOT0, and you can't boot to AMS with modified BOOT0.
So if you want to run AMS on chipped console, you have to run 'Clean Up' before injecting fusee.

@HenryMin Sorry, I am pretty new in Switch hacking, but what do you mean by run 'Clean up' before injecting fusée ? And what is BOOT0 ?

Thank you for your reply by the way !

Edit: I have searched about the 'Clean up' option in the SX bootloader on internet and find that wipe the NAND. Actually if I do that, this should delete the SX bootloader or not (because I need it to inject fusée right ?) ? Furthermore, if I have understood, BOOT0/1 are basically the NAND...

 

[Hayato213]

UP

There is no thread bumping here on Gbatemp, don't do that or you going to get modded. Based on the Serial number look like you got a V1 patched unit.

 

[bibititou]

So, should I follow the Mariko tutorial for the SX Core even if I have a V1 Patched if I want to hack the switch ? I am a little lost...
Thank you in advance !

 

[CompSciOrBust]

I'm pretty sure you can NOT use Atmosphere on SX CORE or SX LITE. The modchip looks for the SX OS files.

You can run Atmosphere on a Core but you need to use SXOS' boot menu to launch it and it currently only works on Erista because Atmosphere doesn't support V2 hardware yet.

So, should I follow the Mariko tutorial for the SX Core even if I have a V1 Patched if I want to hack the switch ? I am a little lost...
Thank you in advance !

Yes following the Mariko tutorial will work just use the v1 ribbon cable that comes with the Core instead of the V2. The install is very easy to mess up though so you might want to pay someone to do it.

 

[HenryMin]

So, should I follow the Mariko tutorial for the SX Core even if I have a V1 Patched if I want to hack the switch ? I am a little lost...
Thank you in advance !

Just install SX CORE modchip, backup NAND and biskeys, then follow your favorite guide.

 

[bibititou]

Just install SX CORE modchip, backup NAND and biskeys, then follow your favorite guide.

Ipatched V1 and Unpatched V1 share the same chipset. Is there a difference on what homebrew we could run on each model ? I mean, I know some Homebrew don't work or even brick a Mariko switch...

It could be cool if I could use Incognito or even ChoixDuJour !

 

[cai_miao]

Edit: I have searched about the 'Clean up' option in the SX bootloader on internet and find that wipe the NAND. Actually if I do that, this should delete the SX bootloader or not (because I need it to inject fusée right ?) ? Furthermore, if I have understood, BOOT0/1 are basically the NAND...

the "cleanup" is to remove any modification by the sx core to the BOOT partitions.
if your BOOT partition is clean (e.g. factory first boot) sx core injects some code to BOOT partition in order to speedup your next cold boot, and for some reason they decided to provide an option to remove their injection each time on user's demand. that's all.

 

[ZachyCatGames]

Ipatched V1 and Unpatched V1 share the same chipset. Is there a difference on what homebrew we could run on each model ? I mean, I know some Homebrew don't work or even brick a Mariko switch...

It could be cool if I could use Incognito or even ChoixDuJour !

In theory, yes. In practice, probably not(?)
I wouldn't use anything that touches prodinfo on patched (and Mariko) consoles.

 

[Draxzelex]

Ipatched V1 and Unpatched V1 share the same chipset. Is there a difference on what homebrew we could run on each model ? I mean, I know some Homebrew don't work or even brick a Mariko switch...

It could be cool if I could use Incognito or even ChoixDuJour !

ChoiDujour can't even be used with any Mariko unit.

 

[ZachyCatGames]

ChoiDujour can't even be used with any Mariko unit.

installing 6.x with Choi would probably work
(6.0.0 was the first firm to support retail Mariko devices. And Choi does make a boot0 with contents intended for Erista, but the modchip has protections for that and should automatically replace them with Mariko contents iirc. Terrible idea though)