Hacking Final Steps for Clean sysNAND

[_Pro_Man_]

Hello!

I recently changed my setup where I ran CFW on sysNAND (since emuNAND was not a thing when I hacked my Switch). Now I have set up emuNAND and I am running CFW on emuNAND with the goal of having a "dirty" emuNAND that remains offline and having a "clean" sysNAND where I can play games online. I had some questions related to this setup, but let me provide some context:

So far, I have restored my clean boot0/boot1/rawnand.bin to my sysNAND. These 3 files were taken before I did any modifications to my Switch. My Switch has remained offline since I modified it. After restoring, sysNAND boots perfectly fine.

My emuNAND has all of my games and saves which were previously on sysNAND, and emuNAND boots perfectly fine as well.

---

1. Am I correct in stating that all I have to do now to achieve a clean sysNAND where I can play online is update my sysNAND?

2. It is my understanding that when I update my Switch through the "official" Nintendo way, I will no longer have AutoRCM and have to reinstall it. Is there any way to avoid this? I don't believe there is, but I wanted to double-check.

3. If I do install AutoRCM, what is the proper way to launch sysNAND to play online? My understanding is to push the Hekate payload and then boot "Stock".

4. Is there any other file configuration that I should check before adding an internet connection to my sysNAND? hekate_ipl.ini for example?

5. Is it any safer to have AutoRCM disabled and boot sysNAND without Hekate?

6. If it's significantly safer to boot without Hekate, should I restore my clean boot0/boot1/rawnand.bin again since I have booted sysNAND with Hekate in order to see if restoring the files worked? Or would my sysNAND only have been "dirtied" if I was connected to the internet while I booted with Hekate?

Thank you for any help that you might be able to provide!

 

[BaamAlex]

1. Am I correct in stating that all I have to do now to achieve a clean sysNAND where I can play online is update my sysNAND?

I would factory reset the sysMMC. After that, your sysMMC should be really clean. Never use such tools which clear the switch's logs. It is known that "too much cleaned" logs caused bans in the past.

Is there any way to avoid this?

Since Atmosphère v0.8.0 the "ns" module is no longer granted write access to the BCT public keys, which prevents the fixing of BOOT0 ("AutoRCM-Protection").

If I do install AutoRCM, what is the proper way to launch sysNAND to play online? My understanding is to push the Hekate payload and then boot "Stock".

Yeah this should work.

Is there any other file configuration that I should check before adding an internet connection to my sysNAND? hekate_ipl.ini for example?

Both have nothing to do with each other. The hekate_ipl.ini is just a configuration file to boot a cfw (emuMMC or sysMMC) or ofw.

Is it any safer to have AutoRCM disabled and boot sysNAND without Hekate?

Keep in mind that you always have a slight risk to get banned when you use homebrew/cfw on your console. Use an emuMMC, blanked PRODinfo in there with blocked nintendo servers and you should be safe. Relatively...

If it's significantly safer to boot without Hekate, should I restore my clean boot0/boot1/rawnand.bin again since I have booted sysNAND with Hekate in order to see if restoring the files worked? Or would my sysNAND only have been "dirtied" if I was connected to the internet while I booted with Hekate?

I speak from my own experience. I always boot my ofw via hekate (except i coldboot my switch) and i am not banned until now. Technically nintendo could see what you do "outside the OS"...but i doubt that a firmware in the future will change that. They never did it nor they will do that in the future...hopefully.

 

[_Pro_Man_]

I would factory reset the sysMMC. After that, your sysMMC should be really clean. Never use such tools which clear the switch's logs. It is known that "too much cleaned" logs caused bans in the past.

Ok sounds good! I'll go ahead and factory reset just to be extra safe, I assume that is the reason why. I didn't really plan on using any cleaning tools since by nature of running them on your sysNAND, you are "dirtying" your sysNAND because you are running homebrew. I did not know that having too cleaned of a log could cause a ban, thank you for that information!

Since Atmosphère v0.8.0 the "ns" module is no longer granted write access to the BCT public keys, which prevents the fixing of BOOT0 ("AutoRCM-Protection").

Since I am booting stock, am I going to be using Atmosphere? This is sort of addressed in my next response.

Both have nothing to do with each other. The hekate_ipl.ini is just a configuration file to boot a cfw (emuMMC or sysMMC) or ofw.

I just wanted to be sure that I had the proper hekate_ipl.ini so that when I was booting OFW (stock with no CFW, I think that I might have been referring to this incorrectly as sysNAND previously so apologies for this). Right now my hekate_ipl.ini file is:

[config]
updater2p=1
{------ Atmosphere ------}
[Atmosphere FSS0 EmuMMC]
fss0=atmosphere/package3
kip1=atmosphere/kips/*
emummcforce=1
icon=bootloader/res/emu_boot.bmp
{}
[Atmosphere FSS0 SYS]
fss0=atmosphere/package3
kip1=atmosphere/kips/*
emummc_force_disable=1
icon=bootloader/res/sys_cfw_boot.bmp
{}
{-------- Stock ---------}
[Stock SYS]
fss0=atmosphere/package3
stock=1
emummc_force_disable=1
icon=bootloader/res/stock_boot.bmp

I guess my concern comes from the fact that there is the line fss0=atmosphere/package3 so are you utilizing Atmosphere while you launch Stock? If so, that addresses my question above.

Keep in mind that you always have a slight risk to get banned when you use homebrew/cfw on your console. Use an emuMMC, blanked PRODinfo in there with blocked nintendo servers and you should be safe. Relatively...

I was going to keep my emuNAND offline completely, which I believe is the "most" safe option. However, if blanking out my PRODinfo and blocking Nintendo servers provide some more protection in addition to keeping my emuNAND offline, I can go ahead and do this as well.

I speak from my own experience. I always boot my ofw via hekate (except i coldboot my switch) and i am not banned until now. Technically nintendo could see what you do "outside the OS"...but i doubt that a firmware in the future will change that. They never did it nor they will do that in the future...hopefully.

I think there might be a misunderstanding on my part, but were you banned? Hopefully not . Also, when you say coldboot, that means you have a hardware mod instead of using a Jig or AutoRCM right?

 

[BaamAlex]

but were you banned? Hopefully not

Re-read what I wrote. I'm not banned.

 

[_Pro_Man_]

Re-read what I wrote. I'm not banned.

Ok that's good, glad that you aren't banned. That's what I thought you meant, but you did write "not banned until now" which could be interpreted as you been being banned recently (now), so thank you for clarifying.

Thank you so much again for all of your information so far.