Tutorial  Updated

NAND Rebuilding (for no backup / broken eMMC)

Disclaimer: I'm not responsible for any damage related to the following guide

NAND Rebuilding Guide

This rebuild of NAND is to use donor NAND from Switch (A) (which you may obtain from internet) with device ID (A) on Switch (D) which certainly has device ID (D)

It means that we are tricking the Switch (D) to see itself with device ID (A) so it will boot into NAND with device ID (A) encrypted by keys from Switch (D)

By this method, you can't go online and can't boot OFW
In theory, if the files are modified to match device ID, it should be possible to build NAND that can let Switch (D) to boot OFW or even go online, which I don't know how

Guide:
Before we start
Make sure that your Dead Switch (D) can use Hekate -> Tools -> USB Tools -> eMMC RAW GPP
and connect to PC
Otherwise you will need a EMMC reader like mmcblknx
However, a dead eMMC can also lead to unreadable problem when connected.
Please test your own situation before buying anything.
Normally, injecting Hekate payload directly from PC should let you connect.

Remarks:
(A) from good Switch;
(D) from dead Switch;
(O) for output files

0.1 Hardware

a working emmc module, which can let a normal switch to boot OFW normally
a good (donor) Switch (A) with good emmc (A)
a Switch (D) with dead emmc (D)
Windows PC
For mmcblknx user, also need Linux PC

0.2 Files Preparation
[On Switch]
Payloads: Lockpick v1.9.4.bin, prodinfo_gen v0.3.4.bin
Hekate v5.6.0 & Nyx v1.0.6

[On PC]
Suitable OFW, on my Switch OFW 12.0.2 works
Search for darthsternie's firmware on google should get you one
EmmcHaccGen v2.2.3
HacDiskMount v1.0.5-5
NxNandManager v5.0
(Optional) BalenaEtcher: Flash BOOT0 and BOOT1. For users mounting eMMC by Hekate or mmcblknx users with Windows PC only
(Optional) You can try to use PikaFix Pack's dump (Start from Step 5), which I didn't

*PC needs to be able to view all files including "Protected operating system files"

Assuming that you have 2 Switch (A) and (D)
and have 1 eMMC chips (A) with data you do not need

Let's get started
*For PikaFix Pack used, start from Step5 and consider PikaFix Pack as Switch (A)

  1. On Switch (A), inject Lockpick.bin to get prod.keys (A)
  2. On Switch (A), boot Hekate -> Tools -> Backup eMMC, select eMMC RAW GPP to dump rawnand.bin (A)
  3. On PC, copy prod.keys (A) and rawnand.bin (A) to PC from microsd (A)
  4. (a) start NxNandManager v5.0
    (b) import keys (Ctrl + K)
    (c) find key.dat (A), which contains the BIS keys, located under the NxNandManager v5.0 folder and copy to somewhere convenient
    (d) open rawnand.bin (A) (Ctrl + O)
    (e) export decrypted PRODINFO.bin (A), PRODINFOF.bin (A), SAFE.bin (A), SYSTEM.bin (A), USER.bin (A)
    (f) close NxNandManager v5.0
  5. Put eMMC chip from Switch (A) (or any good eMMC chip) to Switch (D)
  6. Dump prod.keys (D) by Lockpick.bin
  7. Copy PRODINFO.bin (A) prod.keys (D) to microsd (D) and rename PRODINFO.bin to donor_prodinfo.bin
  8. On Switch (D), inject payload prodinfo_gen.bin to get PRODINFO.bin (O)
    *if you encounter error about missing master keys, copy the following lines from prod.keys (A) to prod.keys (D) then try again:
    master_key_00 = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    master_key_01 = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    master_key_02 = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    master_key_03 = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    master_key_04 = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    master_key_05 = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    master_key_source = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

    **Do not confuse with the lines master_kek
    ***PikaFix Pack users may need to find your own ways to obtain master keys
  9. Copy PRODINFO.bin (O) to PC
  10. (a) Copy prod.keys (D) to EmmcHaccGen.2.2.3 folder and rename the file to keys.txt
    (b) Unzip OFW in EmmcHaccGen.2.2.3 folder and rename the folder to fw
    i.e.
    Code:
    EmmcHaccGen.2.2.3 folder
    |--EmmcHaccGen.exe
    |--keys.txt
    |--fw
        |--firmware .nca files
    (c) Start CMD and nevigate to EmmcHaccGen.2.2.3 folder
    (d) use the following code to generate firmware file for Switch (D)
    Code:
    EmmcHaccGen.exe --keys keys.txt --fw fw
    (e) In my case OFW 12.0.2 is used, then a folder named NX-12.0.2_exFAT is generated, which contains
    Code:
    Folders SAFE (O), SYSTEM (O), USER (O),
    Files BOOT0.bin (O), BOOT1.bin (O), BCPKG2-1 to BCPKG2-4 (O)
    boot.bis is not used
    (f) Close CMD
  11. Open key.dat (A) in step 4(c) by text editor (or rename to key.txt first if you want to)
  12. !CAUTION! From now on, remember to use the eMMC chip you want to empty its content, all saved data on the chip will be deleted
    (a) start HacDiskMount v1.0.5-5 with Administrator permission

    Read eMMC by Hekate, go to Step12(b)
    Read eMMC by mmcblknx, go to Step12(c)

    (b) (i) On Switch (D), boot to Hekate -> Tools -> USB Tools -> (!!read only OFF!!) eMMC RAW GPP
    __(ii) Connect Switch (D) to PC, then go to Step 12(d)

    (c) Connect the eMMC chip to mmcblknx and connect mmcblknx to PC

    (d) On HacDiskMount, select File -> Open physical drive
    (e) Double click on your eMMC chip, should have size of 29.xx GB
    (f) (i) Double click PRODINFO
    __(ii) Copy corresponding BIS keys from key.dat (D)
    _____*Make sure that you copied correct BIS keys x, where x ranged from 0 to 2
    __(iii) Click Test then Save. If error occurs, please stop here and leave comment and let's discuss
    __(iv) Browse PRODINFO.bin (O) and click Start to copy to eMMC
    __(v) Close the window
    (g) Repeat Step 12(f) for PRODINFOF.bin (A), SAFE.bin (A), SYSTEM.bin (A), USER.bin (A) obtained from Step 4(e) or PikaFix Pack
    (h) (i) Double click BCPKC2-1-Normal-Main
    __(ii) Browse BCPKC2-1-Normal-Main (O) from Step 10(e) and click Start to copy to eMMC
    __(iii) Close the window
    (i) Repeat Step 12(h) for BCPKC2-2 to BCPKC2-4 (O)
    (k) Double click SAFE, under Virtual Drive, click Install
    (l) (i) Select a Drive Letter, I use "Y:"
    __(ii) Tick box for Passthrough zeroes
    __(iii) Click mount
    __(iv) Find your mounted drive on PC, which is Y:/ for me
    __(v) Delete all content and replace by that from Step 10(e)
    __(vi) Close the window
    (m) repeat (l) for SYSTEM and USER
    **Reminder: there are system files hidden, please make sure that you can see ALL files
    If you don't know how, Here it is. Tick the box for "Protected operating system files"
    (n) Close HacDiskMount

    If you use Linux PC with mmcblknx, unplug Switch and turn it off then go to (p)

    (o) (i) On Switch (D), unplug USB cable and reinsert with BOOT0 or
    __(ii) Use BalenaEtcher to flash BOOT0.bin (O) from Step 10(e)
    __(iii) repeat (o) for BOOT1.bin (O)

    Go to Step 13

    (p) (i) Copy BOOT0.bin (O) and BOOT1.bin(O) to Linux PC
    __(ii) With eMMC connected, open terminal and navigate to folder containing BOOT0.bin (O) and BOOT1.bin (O)
    __(iii) Enter the following code to flash BOOT0 and BOOT1
    Code:
    sudo su
    echo 0 > /sys/block/mmcblk0/force_ro
    echo 0 > /sys/block/mmcblk0boot0/force_ro
    echo 0 > /sys/block/mmcblk0boot1/force_ro
    exit
    sudo dd if=boot0.bin of=/dev/mmcblk0boot0
    sudo dd if=boot1.bin of=/dev/mmcblk0boot1
  13. Plug eMMC chip back to Switch (D) if you haven't
  14. Insert microsd with all necessary CFW files then boot to CFW
  15. Switch (D) is alive
Notes:
boot Atmospher with fusee-primary.bin
This may give an error and need to press power button to reboot once, then can boot into Atmosphere
I don't know if this is related to the use of device ID spoofing.
If you encounter infinite boot loop to Atmosphere splash screen / error screen, it's abnormal

After repairing NAND, OFW 12.1.0 is installed using Daybreak under emummc Atmosphere 0.20.1
Remember to use corresponding sigpatch

Thanks for reading.

Credit to all the payloads, software creators, and advices in this post and Unbricking Guide:
SciresM and the ReSwitched team for Atmosphere
CTCaer for Hekate
Shchmue for Lockpick_RCM
CaramelDunes for prodinfo_gen
SuchMemeManySkill for eMMC Hacc Gen
Rajkosto for HacDiskMount
Eliboa for NXNandManager
ignasurba for mmcblkNX
Balena for Balena Etcher
 
Last edited by ewabc886,

iSyTheGreat

Well-Known Member
Newcomer
Joined
Oct 24, 2019
Messages
54
Trophies
0
Age
30
XP
550
Country
United Arab Emirates
If it is chipped.

Also as the pikafix guide author I do need to update it.



good writeup, I think the easiest way now would be tegra explorer + prodinfo gen with the prodinfo from my pikafix pack, which I will update and soon, maybe this upcoming weekend.

EDIT: I also recommend the nand dump/prodinfo at very least from the pikafix pack as a) it is tested working, and b) it has been wiped with incognito for device safety

EDIT 2: When I was doing testing I was personally bricking my switch each time to test and make sure it wouldn't boot. During this time I had a backup on hand ready incase things went sideways. It is always recommended to have the backup beforehand even if it is already bricked, just incase things get messed up more.
I will wait for your updated guide as my ipatched erista is not booting to ofw and cfw, whenever im booting to ofw blue screen appear. if you all have any idea what happen to my switch, because i was in sxos and trying to migrate to atmosphere but unlucky to not boot into atmosphere, when i try to revert back to sxos it wont boot anymore.
 

lsp199308

Well-Known Member
Newcomer
Joined
Nov 6, 2020
Messages
45
Trophies
0
Age
30
XP
420
Country
United States
May I ask if you were using the sysNAND or emummc?
As the OFW can't be booted, i'm quite uncomfortable to use sysNAND
but i'm planning to try using sysNAND on CFW with online function
I use sysnand,For my mariko, I used the following startup stock ofw
fss0=atmosphere/package3
stock=1
secmon=atmosphere/exosphere.bin
If there are no amos, switch refuses to start
 

impeeza

¡Kabito!
Member
Joined
Apr 5, 2011
Messages
6,052
Trophies
3
Age
46
Location
At my chair.
XP
17,618
Country
Colombia
I will wait for your updated guide as my ipatched erista is not booting to ofw and cfw, whenever im booting to ofw blue screen appear. if you all have any idea what happen to my switch, because i was in sxos and trying to migrate to atmosphere but unlucky to not boot into atmosphere, when i try to revert back to sxos it wont boot anymore.
do you have a SYSNAND backup as was stated on the mod guides? if you have, try to use for restore a emunand or sysnand if you like.
 

iSyTheGreat

Well-Known Member
Newcomer
Joined
Oct 24, 2019
Messages
54
Trophies
0
Age
30
XP
550
Country
United Arab Emirates
If it is chipped.

Also as the pikafix guide author I do need to update it.



good writeup, I think the easiest way now would be tegra explorer + prodinfo gen with the prodinfo from my pikafix pack, which I will update and soon, maybe this upcoming weekend.

EDIT: I also recommend the nand dump/prodinfo at very least from the pikafix pack as a) it is tested working, and b) it has been wiped with incognito for device safety

EDIT 2: When I was doing testing I was personally bricking my switch each time to test and make sure it wouldn't boot. During this time I had a backup on hand ready incase things went sideways. It is always recommended to have the backup beforehand even if it is already bricked, just incase things get messed up more.
Im Still waiting for the updated guide. Hope you help us with this. thanks!
 

zorusgb

Well-Known Member
Newcomer
Joined
Dec 10, 2021
Messages
48
Trophies
0
Age
49
XP
142
Country
Bulgaria
I used my own dump only because it failed for the pikafix pack which I believe it's not the pack's problem, but the firmware version I used.
I tested quite a lot of versions, but only 12.0.2 worked for me.
I have a similar situation where I'm rebuilding the nand due to a failed emmc, but in my case I don't have access to a donor Switch. Instead, I'm using donor partitions form Adrian and Matty's rebuild packs. I have no idea what the Switch FE revision was before the emmc bit the dust, but I have 15 burned fuses, so I used 12.0.2 when I followed your guide. When you were having issues with the FW revisions, what were the symptoms you were experiencing? I get a black screen after the Atmosphere black screed (or this error with the latest revisions of Atmosphere). Do you remember how many burned fuses you had; I wonder if it's a FW mismatch in my case as well.
 

Attachments

  • Capture.PNG
    Capture.PNG
    92.4 KB · Views: 121

Adran_Marit

Walküre's Hacker
Member
Joined
Oct 3, 2015
Messages
3,781
Trophies
1
Location
42*South
XP
4,538
Country
Australia
I have a similar situation where I'm rebuilding the nand due to a failed emmc, but in my case I don't have access to a donor Switch. Instead, I'm using donor partitions form Adrian and Matty's rebuild packs. I have no idea what the Switch FE revision was before the emmc bit the dust, but I have 15 burned fuses, so I used 12.0.2 when I followed your guide. When you were having issues with the FW revisions, what were the symptoms you were experiencing? I get a black screen after the Atmosphere black screed (or this error with the latest revisions of Atmosphere). Do you remember how many burned fuses you had; I wonder if it's a FW mismatch in my case as well.

15 burnt fuses is

12.0.2-13.2.015
 

lsp199308

Well-Known Member
Newcomer
Joined
Nov 6, 2020
Messages
45
Trophies
0
Age
30
XP
420
Country
United States
I have a similar situation where I'm rebuilding the nand due to a failed emmc, but in my case I don't have access to a donor Switch. Instead, I'm using donor partitions form Adrian and Matty's rebuild packs. I have no idea what the Switch FE revision was before the emmc bit the dust, but I have 15 burned fuses, so I used 12.0.2 when I followed your guide. When you were having issues with the FW revisions, what were the symptoms you were experiencing? I get a black screen after the Atmosphere black screed (or this error with the latest revisions of Atmosphere). Do you remember how many burned fuses you had; I wonder if it's a FW mismatch in
 

zorusgb

Well-Known Member
Newcomer
Joined
Dec 10, 2021
Messages
48
Trophies
0
Age
49
XP
142
Country
Bulgaria
For 0100000000000005, if it is not a boot0 error, I suggest to abandon the repair, it may be pcb damage
I bet it's a board or chip problem, but if it's that I have a donor board so long the chip is alive. Just have to teach myself this kind of soldering.
 

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
  • Sicklyboy @ Sicklyboy:
    I wanna grab a 360 Slim and a 360 E one of these days. Missed the boat of getting them at their lowest though, once they were discontinued. Could've got them for cheap back when I was a broke 20 something working at Target, but then again, I was a broke 20 something working at Target
  • Veho @ Veho:
    Being broke is no fun.
  • K3Nv2 @ K3Nv2:
    @Sicklyboy, $150 isn't that bad for a jtag slim on ebay
  • Veho @ Veho:
    I only wish it was actually playable.
  • Veho @ Veho:
    There's a guy on the Tube of You that makes playable mechanical arcade games out of Lego. This could work on the same principle.
  • Veho @ Veho:
    Just a couple of guys taking their manatee out for some fresh air, why you have to molest them?
  • Veho @ Veho:
    Stupid Chinese shop switched their shipping company and this one is slooooooow.
  • LeoTCK @ LeoTCK:
    STOP BUYING CHINESE CRAP THEN
  • LeoTCK @ LeoTCK:
    SUPPORT LOCAL PRODUCTS, MAKE REVOLUTION
  • LeoTCK @ LeoTCK:
    THEY KEEP REMOVING LOCAL SHIt AND REPLACING WItH INFERIOR CHINESE CRAP
  • LeoTCK @ LeoTCK:
    THATS WHY MY PARTNER CANT GET A GOOTWEAR HIS SIZE ANYMORE
  • LeoTCK @ LeoTCK:
    HE HAS BIG FOOT AND BIG DUCK
  • LeoTCK @ LeoTCK:
    d*ck i mean*
  • LeoTCK @ LeoTCK:
    lol
  • Veho @ Veho:
    Mkay.
  • Veho @ Veho:
    I just ordered another package from China just to spite you.
  • SylverReZ @ SylverReZ:
    Communism lol
  • SylverReZ @ SylverReZ:
    OUR products
  • The Real Jdbye @ The Real Jdbye:
    @LeoTCK actually good quality products are dying out because they can't compete with dropshipped chinese crap
    +2
  • BakerMan @ BakerMan:
    @LeoTCK is your partner the sascrotch or smth?
  • Xdqwerty @ Xdqwerty:
    Good morning
    Xdqwerty @ Xdqwerty: Good morning