Hacking Firmware status

[SoCALCat]

So I think the patches ones don't have a problem getting to recovery mode (rcm) but they are patched so you can't send payloads. So the way to test is to try and push a payload to see if it goes through. I tested mine by checking my bis keys

I injected biskey and TagraRcmGUI Status said "Payload Injected" with a check mark in the green square of the black Switch picture of TagraRcmGUI. The only problem is that I don't see any text on the Switch Screen. The screen is completely off...

PS
I wonder if the black screen when I'm in RCM Mode has anything to do with me not setting up the Switch for the first time. It's still in factory mode...

Update.
I set the Switch for the first time to go to the home menu, but the screen still remains off while on RCM Mode.

TagraRcmGUI detects the Switch with no issues and it's able to send payloads to the Swtch. But no display on the Switch screen.

I wonder if this has to do with me not having an SD card installed in the Switch? I'll have to look for one and test it out to see if that works...

 

[gnilwob]

I injected biskey and TagraRcmGUI Status said "Payload Injected" with a check mark in the green square of the black Switch picture of TagraRcmGUI. The only problem is that I don't see any text on the Switch Screen. The screen is completely off...

PS
I wonder if the black screen when I'm in RCM Mode has anything to do with me not setting up the Switch for the first time. It's still in factory mode...

Can you try the command line in this post https://gbatemp.net/threads/black-s...-hardware-released.510858/page-7#post-8140618

No SD card is required for biskeydump payload.

 

[Cdoan34]

I injected biskey and TagraRcmGUI Status said "Payload Injected" with a check mark in the green square of the black Switch picture of TagraRcmGUI. The only problem is that I don't see any text on the Switch Screen. The screen is completely off...

PS
I wonder if the black screen when I'm in RCM Mode has anything to do with me not setting up the Switch for the first time. It's still in factory mode...

So rcm mode is supposed to be a completely black screen on the switch. I'm not sure if you are not sending the payload correctly or if it's actually blocked. Gonna have someone with more knowledge than me to help you from here.

 

[SoCALCat]

So rcm mode is supposed to be a completely black screen on the switch. I'm not sure if you are not sending the payload correctly or if it's actually blocked. Gonna have someone with more knowledge than me to help you from here.

Roger that. I'll try a few more things when I wake up in the morning.
Thx

--------------------- MERGED ---------------------------

Can you try the command line in this post https://gbatemp.net/threads/black-s...-hardware-released.510858/page-7#post-8140618

No SD card is required for biskeydump payload.

Cool! No SD Card required. I'll give it a shoot when I get up in the morning! I'll keep you posted on how it goes. Thank's for the link

 

[SoCALCat]

Can you try the command line in this post https://gbatemp.net/threads/black-s...-hardware-released.510858/page-7#post-8140618

No SD card is required for biskeydump payload.

Good Morning here in the US from So.CAL CA. That being said.

I tried the command line with TegraRcmSmash1213 and biskeydump payload! The results were not good.

This are the results I got. I added x for security purposes.

C:\Users\P.C. Killer\Desktop\New folder (4)\x64>TegraRcmSmash.exe -w biskeydump.bin BOOT:0x0
TegraRcmSmash (64bit) 1.2.1-3 by rajkosto
Wanted device not connected yet, waiting...
Looking for devices matching the pattern *VID_0955&PID_7321*
Opened USB device path \\?\usb#vxx_09xx&pxx_7xxx#5&2xxxxxxx&0&3#{aa0dxxxx-3xxx-f3xx-5xx9-7xbf6xxxxxxx}
RCM Device with id C0xxxxxxxxxxxx0Cxxx64xxxxxxxxxx2 initialized successfully!
Uploading payload (mezzo size: 92, user size: 76328, total size: 142544, total padded size: 143360)...
Smashing the stack!
Smashed the stack with a 0x0000 byte SETUP request!

It's confirmed that any Switch that starts with S/N. XAW100857XXXXX is a patched Switch...

PS
I guess that explains the reason for a blank screen on the Switch...

 

[gnilwob]

Good Morning here in the US from So.CAL CA. That being said.

I tried the command line with TegraRcmSmash1213 and biskeydump payload! The results were not good.

This are the results I got. I added x for security purposes.

C:\Users\P.C. Killer\Desktop\New folder (4)\x64>TegraRcmSmash.exe -w biskeydump.bin BOOT:0x0
TegraRcmSmash (64bit) 1.2.1-3 by rajkosto
Wanted device not connected yet, waiting...
Looking for devices matching the pattern *VID_0955&PID_7321*
Opened USB device path \\?\usb#vxx_09xx&pxx_7xxx#5&2xxxxxxx&0&3#{aa0dxxxx-3xxx-f3xx-5xx9-7xbf6xxxxxxx}
RCM Device with id C0xxxxxxxxxxxx0Cxxx64xxxxxxxxxx2 initialized successfully!
Uploading payload (mezzo size: 92, user size: 76328, total size: 142544, total padded size: 143360)...
Smashing the stack!
Smashed the stack with a 0x0000 byte SETUP request!

It's confirmed that any Switch that starts with S/N. XAW100857XXXXX is a patched Switch...

PS
I guess that explains the reason for a blank screen on the Switch...

Welcome to the club

If it is ok, please also help to report your finding here, https://gbatemp.net/threads/switch-informations-by-serial-number.481215/
So peoples can avoid the patched unit.
Thanks.

 

[SoCALCat]

Welcome to the club

If it is ok, please also help to report your finding here, https://gbatemp.net/threads/switch-informations-by-serial-number.481215/
So peoples can avoid the patched unit.
Thanks.

It's all good. I'll be returning the Switch and hunt for another one.

PS
I'm reporting it as of now...

 

[gnilwob]

It's all good. I'll be returning the Switch and hunt for another one.

Check the serial on https://gbatemp.net/threads/switch-informations-by-serial-number.481215/
Especially on page 58-63.
So you know which one is in a safe range.

 

[SoCALCat]

Check the serial on https://gbatemp.net/threads/switch-informations-by-serial-number.481215/
Especially on page 58-63.
So you know which one is in a safe range.

Ok. Cool! I'll check it out. Thanks

I went ahead and posted the S/N that's on the link you provided. I was going to do it anyway but you beat me to it...

 

[SoCALCat]

Welcome to the club

If it is ok, please also help to report your finding here, https://gbatemp.net/threads/switch-informations-by-serial-number.481215/
So peoples can avoid the patched unit.
Thanks.

Well! After my girlfriend going to 4 different stores and having the sales people and store manager check every S/N of at least 15 to 20 Switches in stock per store because they have them locked up! She finally was able to find one that was on the good S/N list. The crazy part is that it was the last one in stock that had a good S/N.

The minute I ran TegraRcmSmash1213 and biskeydump payload! The screen on the Switch came on right away displaying the keys, where the first one I had didn't...


This things are getting harder and harder to find. I got lucky that my girlfriend was able to find one for me...

Serial: XAW100801xxxxx
Serial on device matches serial on box: yes
Region: US
Firmware: 4.1.0
Color option: Gray/Black
Store: Target
Was a bundle (if yes, which): No
Purchase date: 7-14-2018
Fusée Gelée works: Didn't try it with Fusée Gelée! But Yes! It worked with (TegraRcmSmash1213 and biskeydump payload)

I'll be posting this info to the other link...

 

[gnilwob]

Well! After my girlfriend going to 4 different stores and having the sales people and store manager check every S/N of at least 15 to 20 Switches in stock per store because they have them locked up! She finally was able to find one that was on the good S/N list. The crazy part is that it was the last one in stock that had a good S/N.

The minute I ran TegraRcmSmash1213 and biskeydump payload! The screen on the Switch came on right away displaying the keys, where the first one I had didn't...
View attachment 135825

This things are getting harder and harder to find. I got lucky that my girlfriend was able to find one for me...

Serial: XAW100801xxxxx
Serial on device matches serial on box: yes
Region: US
Firmware: 4.1.0
Color option: Gray/Black
Store: Target
Was a bundle (if yes, which): No
Purchase date: 7-14-2018
Fusée Gelée works: Didn't try it with Fusée Gelée! But it Yes! It worked with (TegraRcmSmash1213 and biskeydump payload)

I'll be posting this info to the other link...

It is good that you can return it.
I do not have an option to return my patched unit in Hong Kong

Are you saying that in your home town, majority of switch consoles are patched ??
WOW, it hits US very fast then.
Which state it is ?

 

[SoCALCat]

It is good that you can return it.
I do not have an option to return my patched unit in Hong Kong

Are you saying that in your home town, majority of switch consoles are patched ??
WOW, it hits US very fast then.
Which state it is ?

That sucks that you can not return your patched Switch for another console. If you don't mind me asking! Why can't you return your console from where you bought it?

Here in the US all of the major stores have a 30 day return policy. No questions asked...

Yes! As far as I know. Most of the units are patched in my state of California. I'm saying this because of what my girlfriend had to go thru to find a none patched Switch...

 

[gnilwob]

That sucks that you can not return your patched Switch for another console. If you don't mind me asking! Why can't you return your console from where you bought it?

Here in the US all of the major stores have a 30 day return policy. No questions asked...

Yes! As far as I know. Most of the units are patched in my state of California. I'm saying this because of what my girlfriend had to go thru to find a none patched Switch...

The culture / marketing / policy in Asia is not as good as US

 

[SoCALCat]

The culture / marketing / policy in Asia is not as good as US

That's awful. Maybe you should try to sell your patched switch and buy yourself another one that's not patched. Just make sure you write down a list of none patched S/N that are posted here on this cool site so you could compare them before you buy the Switch...

 

[gnilwob]

That's awful. Maybe you should try to sell your patched switch and buy yourself another one that's not patched. Just make sure you write down a list of none patched S/N that are posted here on this cool site so you could compare them before you buy the Switch...

I got my spare one already. I will also exchange this patched unit with my friend who does not need f-g enabled.
If I am lucky, I would exchange this unit with the custom firmware provider, still waiting for their response

 

[SoCALCat]

I got my spare one already. I will also exchange this patched unit with my friend who does not need f-g enabled.
If I am lucky, I would exchange this unit with the custom firmware provider, still waiting for their response

Right on! Well good luck to you and keep me posted on how it goes for you...

 

[havip503]

Damn my 3.0.2 switch sitting in the shelves for months waiting for Homebrew. Should I update and use SX pro instead ?

 

[SoCALCat]

Damn my 3.0.2 switch sitting in the shelves for months waiting for Homebrew. Should I update and use SX pro instead ?

Depends on what you want to do with it! Like play XCI backups or even HB like myself. Unless your willing to wait for Atmosphere to be release and see what it's going to be able to handle.

If you can afford it. Buy yourself a second Switch so you could have the best of both worlds...

 

[Dan-the-Rebirth]

I got Serial:XAJ40045xxxx and a SX pro seems to work... Y?

Edit: someone realy should update the first post about the j4 and j7 mistake

 

[tech3475]

Damn my 3.0.2 switch sitting in the shelves for months waiting for Homebrew. Should I update and use SX pro instead ?

You can update using the method which avoids blowing efuses, only problem may be the cart slot depending on what you want.