Hacking Got a Switch that loads with an error. Could it be fixed in some way?

[F713SG]

So, I got a Switch tablet almost for free that turns on (with the Nintendo and Switch logos fine), but starts black with a window in the center with the message "Could not start the software.". And the only thing that can be done there is changing the volume (the volume indicator shows fine) and touch the OK below the window that makes the Switch restart and do the same thing again.

If I enter the Maintenance Mode holding the volume buttons it starts fine as any Switch would. It says that it is version 4.1.0 and I can connect to the internet from there. Initializing the console doesn't fix anything. I COULD try updating the system to see what happens but I don't know if that could make things worse or is not related to the problem (hoping for someone with knowledge on the system to tell me if that could fix anything so I don't update it for nothing).

I dumped the rawnand and compared the GPT header with the one of my 5.1.0 Switch that I use. They were identical except with their UUID and CRC32 (that I checked was correct for the 92 bytes of the header). And also compared it with the header at the end and all was fine. I checked that because I'm not sure if the Maintenance Mode that worked fine is installed there or in the boot partitions or whatever.

I still don't have knowledge of the Switch internals because I'm just starting reading about it so I can't check the rest of the NAND but I think the majority of it is unique between consoles and encripted somehow.


So, my main concerns are if this is fixable or imposible or whatever. Also if despite this error (that seems like an OS error), it could load another OS, maybe in emunand?

 

[Thetoto]

You can try this maybe ?
https://gbatemp.net/threads/how-to-...nofficially-without-burning-any-fuses.507461/

 

[F713SG]

Ok. So I installed a new 4.1.0 firmware with the method in the link doing all the steps correctly. It didn't work at all.

After booting from hekate -> FS_XXX, it does exactly the same as described in the first post.

It rewrote the entire BOOT0, BOOT1, also BCPKG2-[1-4], SAFE, SYSTEM and USER partitions. Leaving only PRODINFO, PRODINFOF, and BCPKG2-[5-6] left in the entire eMMC I think? (I don't know if RPMB Area is relevant).

I made an exhaustive analysis in the GPT area before even knowing the existence of HacDiskMount and there is no problem there either.

Also I don't know if it's relevant but the SAFE partition was empty before and after the reflashing.

Would a reflashing of another firmware version (e.g. 5.1.0) do any difference? Could the error be in the remaining partitions? Or maybe could it be an error not in the eMMC?

 

[lieder1987]

Ok. So I installed a new 4.1.0 firmware with the method in the link doing all the steps correctly. It didn't work at all.

After booting from hekate -> FS_XXX, it does exactly the same as described in the first post.

It rewrote the entire BOOT0, BOOT1, also BCPKG2-[1-4], SAFE, SYSTEM and USER partitions. Leaving only PRODINFO, PRODINFOF, and BCPKG2-[5-6] left in the entire eMMC I think? (I don't know if RPMB Area is relevant).

I made an exhaustive analysis in the GPT area before even knowing the existence of HacDiskMount and there is no problem there either.

Also I don't know if it's relevant but the SAFE partition was empty before and after the reflashing.

Would a reflashing of another firmware version (e.g. 5.1.0) do any difference? Could the error be in the remaining partitions? Or maybe could it be an error not in the eMMC?[/QUOTE

Since it is already not working, what is the harm in trying to run the official update and get it on 5.1.0? Cant make anything worse than not working I wouldnt think.

 

[baretbh]

I'm excited to see if you can get this to work. Why not try updating to the latest firmware ?

 

[F713SG]

This time I tried installing the fw 5.1.0 with the same method from the link and the result is the same. Same error, and Maintenance Mode working fine (showing fw 5.1.0 this time) but thats it.

BTW, both times when I booted it for the first time with the FS_XXX, after the switch logo, the screen was all black and the system did nothing until I restarted it.

I don't think a real update would do anything if I'm already in 5.1.0 so I'll try something else before burning the efuse.

 

[BlastedGuy9905]

Have you tried to boot from hekate? (maybe you did and I didn't see it, if that's the case, sorry lol)

 

[IPLbug]

I'll recommend booting hetake and dumping everything. Then sending your dumps to a dev as to have them take a look at the possible issue but from what I gather it seems you have a corrupted internal memory problem in the main partions of the boot cycle as it seems inicial sectors are running fine until the call/hook to main os. Your Emmc mite be at fault but I haven't worked on that much on the switch just a tool I'm working on. So take a look at that or send your dumps as I said to a more definitive answer

 

[F713SG]

Have you tried to boot from hekate? (maybe you did and I didn't see it, if that's the case, sorry lol)

Yep, that doesn't help.


I do have the BOOT[0-1] and rawnand dumps but I can't ask a dev to do that unless he/she has curiosity or wants a challenge or whatever and ask for them.

 

[BlastedGuy9905]

Yep, that doesn't help.


I do have the BOOT[0-1] and rawnand dumps but I can't ask a dev to do that unless he/she has curiosity or wants a challenge or whatever and ask for them.

What, of course you can ask them! Ask on ReSwitched Discord maybe.

 

[F713SG]

What, of course you can ask them! Ask on ReSwitched Discord maybe.

I mean, I don't think it's a light work to examine a full rawnand and ask that for free. I suppose those devs frequent this section too so if anyone is interested they will hopefully help

 

[ShadowSynthesis]

I mean, I don't think it's a light work to examine a full rawnand and ask that for free. I suppose those devs frequent this section too so if anyone is interested they will hopefully help

Seriously dude, ask over there. You lose nothing and it might be an interesting case.

 

[reminon]

If you use the method listed above...and generate the same firmware that the switch has on it, you don't have to flash boot0/1 as your switch has the right number of fuses already burnt. In the beginning, since your switch was on 4.1, you could've generated the the firmware with the above method, and used your original boot 0 and boot 1.

 

[F713SG]

Seriously dude, ask over there. You lose nothing and it might be an interesting case.

Ok I'll try that.