Fusee Gelee: All the payloads

Discussion in 'Switch - Exploits, Custom Firmwares & Soft Mods' started by jjbredesen, Apr 25, 2018.

  1. jjbredesen
    OP

    jjbredesen WarezNX Owner

    Member
    13
    GBAtemp Patron
    jjbredesen is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    Feb 16, 2018
    Norway
    Hyrule
    Thought it would be useful to have a thread with a collection of everything that can be used on Fusee Gelee / RCM exploits

    message edited by a moderator.

    The payload injectors and binaries are now listed on Wikitemp.
    https://wiki.gbatemp.net/wiki/List_of_Switch_payloads



    If you know any missing payload or tool, you can add it or post here and someone with wiki access will update the list.


    original thread
     
    Last edited by Cyan, Sep 13, 2018
    YaYPIXXO, RY0M43CH1Z3N, 877 and 34 others like this.
  2. Natehaxx

    Natehaxx GBAtemp Maniac

    Member
    9
    Jul 26, 2017
    Eritrea
    is there anyway to write fail0verfl0ws exploit to the bootrom /nand
     
  3. ShroomKing

    ShroomKing Mr. Nice ( ͡° ͜ʖ ͡°)

    Member
    4
    Mar 3, 2017
    United States
    in bed
    The bootrom is read-only, you can't write anything to it.

    Without access to NAND/eMMC drivers(with write abilities) you can't write anything to it.
     
  4. Natehaxx

    Natehaxx GBAtemp Maniac

    Member
    9
    Jul 26, 2017
    Eritrea
    i think on rcm we could with linux write to the consoles emmc but that would be dangerous
     
  5. Deathscreton

    Deathscreton GBAtemp Advanced Fan

    Member
    6
    Oct 1, 2009
    United States
    It could possibly be detected as well. Extra partitions or missing space could show as unauthorized access.
     
    Dr.doom likes this.
  6. jjbredesen
    OP

    jjbredesen WarezNX Owner

    Member
    13
    GBAtemp Patron
    jjbredesen is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    Feb 16, 2018
    Norway
    Hyrule
    Why do that anyways, emunand is much better and less risky, the tools we have now are to unstable, would not risk it.
     
  7. Jayro

    Jayro MediCat USB and Mini Windows 10 Developer

    Member
    14
    GBAtemp Patron
    Jayro is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    Jul 23, 2012
    United States
    Octo Canyon
    *Waits patiently for user-friendly payloads while Splatoon gets the best update ever*
     
  8. jjbredesen
    OP

    jjbredesen WarezNX Owner

    Member
    13
    GBAtemp Patron
    jjbredesen is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    Feb 16, 2018
    Norway
    Hyrule
    Update: Added a NAND dump payload, and a Animated version of the test payload.
     
    Jayro likes this.
  9. Mnecraft368

    Mnecraft368 I hate my name.

    Member
    7
    Aug 8, 2015
    United Kingdom
    Spelling mistake
     
  10. jjbredesen
    OP

    jjbredesen WarezNX Owner

    Member
    13
    GBAtemp Patron
    jjbredesen is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    Feb 16, 2018
    Norway
    Hyrule
    Thanks!
     
    Mnecraft368 likes this.
  11. marice

    marice GBAtemp Regular

    Member
    4
    Mar 14, 2009
    Netherlands
    It doesn't actually dump the NAND right?
     
  12. jjbredesen
    OP

    jjbredesen WarezNX Owner

    Member
    13
    GBAtemp Patron
    jjbredesen is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    Feb 16, 2018
    Norway
    Hyrule
    It said it did, but turns out it just shows some more protected data.
     
  13. Crazy-S

    Crazy-S Pessimist

    Member
    5
    GBAtemp Patron
    Crazy-S is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    Jun 18, 2007
    Germany
    Ask NSA, KGB, or BND

    Title is a bit misleading, the Payload is not Animated (No fancy eyecandyfor you), but it's made by a guy called GRAnimated.

    EDIT:
    There is a new Payload
    https://github.com/rajkosto/biskeydump
    Dumps all your Switch BIS keys for eMMC contents decryption
     
    Last edited by Crazy-S, Apr 26, 2018
    Sasori, jjbredesen and Natehaxx like this.
  14. jjbredesen
    OP

    jjbredesen WarezNX Owner

    Member
    13
    GBAtemp Patron
    jjbredesen is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    Feb 16, 2018
    Norway
    Hyrule
    BL4Z3D247 likes this.
  15. Naked_Snake

    Naked_Snake Constant Miscreant

    Member
    7
    Oct 6, 2013
    Australia
    Hyrule Field
    We need a payload to dump and restore our saves
     
    OkazakiTheOtaku likes this.
  16. kombos

    kombos GBAtemp Regular

    Member
    2
    Apr 24, 2018
    Ukraine
    Universe
  17. Stoned

    Stoned GBAtemp Advanced Maniac

    Member
    7
    Mar 26, 2014
    Germany
    How to do that?

    1. Place your own tsec fw as a C hex array or escaped string into the file src/hwinit/tsecfw.inl
     
  18. kombos

    kombos GBAtemp Regular

    Member
    2
    Apr 24, 2018
    Ukraine
    Universe
    You have to dump your TSEC (Tegra Security Co-processor) firmware with total size 3840 bytes (get it from your pkg1ldr.bin (at offset 0x00001900) or boot0.bin (at offset 0x00101900), and place it as a C hex array in src/hwinit/tsecfw.inl :unsure:
     
  19. nWo

    nWo The Game Master

    Member
    4
    Oct 20, 2016
    Mexico
    Great. Thank you. Keep ´em coming. All I want is to reach the end of the tunnel and, have a CFW, and a decent, great list of apps / payloads. I want one to dump / inject saves, and maybe convert the ones from Wii U games to their Switch counterpart the easy way. (Apart from emulating my favorite consoles) Waiting patiently.... Very... very insanely... but patiently...
     
  20. Stoned

    Stoned GBAtemp Advanced Maniac

    Member
    7
    Mar 26, 2014
    Germany
    Who can i find pkg1ldr.bin or boot0bin?
     
Loading...