Hacking Question Help with bricked Switch [Advanced]

DBOA

Active Member
OP
Newcomer
Joined
Apr 11, 2019
Messages
37
Trophies
0
Age
38
XP
269
Country
Brazil
Hi All,

I Have a Switch that Won't boot after Nintendo Logo, Witch means I have no Access to the Recovery...

The Switch has 9 blown fuses and all keys a shown correctly. As far as I can tell, the hardware is fine, I can run Android fine...

Before I explain the problem I wanna say that I know the importance of backing up the switch before messing with it, but the fact is, that I don't have any... Wasn't me who tried to hack the Switch.

I've used the https://switch.homebrew.guide/usingcfw/manualchoiupgrade Choidujour guide with firmware 5.1 and 6.2 (I found the restore files on xbins for 6.2) and none of them worked. The Switch still doesn't boot, CFW or OFW.

I have the system keys, the key dump payloads all work fine, when I try to teste the BIS Keys with HacDiskMount it says they are correct, but I thought that maybe someone might have restored boot0 and boot1 from a different switch, is that possible? the payload and desktop apps says the keys are correct but they really check If the keys are in the right switch?

Does someone have restore files for choidujour for a later version of the firmware maybe 7.0.0-8.0.1 ?

Any extra information helps, I'm a programmer with some knowledge of python, maybe someone can direct me to create a program to help diagnostics or something like that, I would be willing to update Choidujour so it can work with a later firmware.

Thank you all for you time reading this, and again, any information helps.
 

DBOA

Active Member
OP
Newcomer
Joined
Apr 11, 2019
Messages
37
Trophies
0
Age
38
XP
269
Country
Brazil
I have his boot0 and boot1 files from different firmware version. I think that that maybe the rest is busted.
 

Canna

Bad Ass Poisonous Mushroom
Member
Joined
Jul 14, 2018
Messages
1,396
Trophies
0
Age
36
Location
AZ
XP
1,539
Country
United States
I have his boot0 and boot1 files from different firmware version. I think that that maybe the rest is busted.

Choidujour, if worked correctly will output the correct boot0 /1 files to use in the output folder..
Manual method as far as im aware does not work over version 6.0 or 6.2 ( I could be wrong its been a little while)...

Your fuse count indicates that your system was updated to
either 7.0.0-8.0.1..

So,

If you have your correct biskeys, which you should as lockpick rcm or biskey dump will eorror out if they do not match the system..

Then personally, i would create a 5.1.0 rebuild image using choidujour manually,
Once the command window finishes, transfer the boot 0 and 1 from the 5.1.0 output folder
to the switch using etcher and memloader..
(Do not try to boot the switch until you get the 5.1.0 Update on the switch.)
Now using hacdiskmount transfer the 5.1.0 files from choidujour output folder. making sure to input the biskeys and save and test them..

(Once you transferred do not forget to use the hekate FS patch included in the output folder and its ini.. For first boot, to populate the Boot 0/1)

Run hekate and launch the FS patch option should be the only option in the menu.

Give this a moment and it should boot fine...

This has always been my goto way of booting the switch after a bad update, as i know for sure 5.1.0 with correct boot 0/1 and fs patch always works...

You have the biskeys for that system so your safe, just need a stable system image to boot .


Good luck..
 

DBOA

Active Member
OP
Newcomer
Joined
Apr 11, 2019
Messages
37
Trophies
0
Age
38
XP
269
Country
Brazil
Choidujour, if worked correctly will output the correct boot0 /1 files to use in the output folder..
Manual method as far as im aware does not work over version 6.0 or 6.2 ( I could be wrong its been a little while)...

Your fuse count indicates that your system was updated to
either 7.0.0-8.0.1..

So,

If you have your correct biskeys, which you should as lockpick rcm or biskey dump will eorror out if they do not match the system..

Then personally, i would create a 5.1.0 rebuild image using choidujour manually,
Once the command window finishes, transfer the boot 0 and 1 from the 5.1.0 output folder
to the switch using etcher and memloader..
(Do not try to boot the switch until you get the 5.1.0 Update on the switch.)
Now using hacdiskmount transfer the 5.1.0 files from choidujour output folder. making sure to input the biskeys and save and test them..

(Once you transferred do not forget to use the hekate FS patch included in the output folder and its ini.. For first boot, to populate the Boot 0/1)

Run hekate and launch the FS patch option should be the only option in the menu.

Give this a moment and it should boot fine...

This has always been my goto way of booting the switch after a bad update, as i know for sure 5.1.0 with correct boot 0/1 and fs patch always works...

You have the biskeys for that system so your safe, just need a stable system image to boot .


Good luck..
Thank you man, I'll try that later today, I've tried before manual 5.1 update but I wasn't carefully like that. I'll get back to you whatever happens.
 
  • Like
Reactions: Canna

DBOA

Active Member
OP
Newcomer
Joined
Apr 11, 2019
Messages
37
Trophies
0
Age
38
XP
269
Country
Brazil
Just use the unbrick_my_switch pack. Will get you back to 6.2.0
So, I tried doing that and it didn't work. After I launched UNBRICK_FIRST_BOOT_ONLY, the system didn't boot anymore. not even to the Nintendo Logo.

One thing that I checked before doing this, I've downloaded NxNandManager and connected to the switch to backup PRODINFO, I did an encrypted backup, but when I tried to decrypt it, it didn't work, even with the right keys.
I noticed that in manual upgraded you don't actually mess with PRODINFO, only set the key with HacDiskMount.

It's possible that my PRODINFO is busted? maybe PRODINFOF, Repair-Main and Repair-Sub are busted too.
 

Canna

Bad Ass Poisonous Mushroom
Member
Joined
Jul 14, 2018
Messages
1,396
Trophies
0
Age
36
Location
AZ
XP
1,539
Country
United States
So, I tried doing that and it didn't work. After I launched UNBRICK_FIRST_BOOT_ONLY, the system didn't boot anymore. not even to the Nintendo Logo.

One thing that I checked before doing this, I've downloaded NxNandManager and connected to the switch to backup PRODINFO, I did an encrypted backup, but when I tried to decrypt it, it didn't work, even with the right keys.
I noticed that in manual upgraded you don't actually mess with PRODINFO, only set the key with HacDiskMount.

It's possible that my PRODINFO is busted? maybe PRODINFOF, Repair-Main and Repair-Sub are busted too.
re build
 
  • Like
Reactions: DBOA

DBOA

Active Member
OP
Newcomer
Joined
Apr 11, 2019
Messages
37
Trophies
0
Age
38
XP
269
Country
Brazil
I tried again and got the message while executing UNBRICK_FIRST_BOOT_ONLY:
Read pkg2
Pkg2 decryption failed!
Firmware failed.
 

Canna

Bad Ass Poisonous Mushroom
Member
Joined
Jul 14, 2018
Messages
1,396
Trophies
0
Age
36
Location
AZ
XP
1,539
Country
United States
So I've tried a couple of times and keep getting Pkg2 decryption fail
https://imgur.com/oZOFNLA

Any Ideas anyone?

--------------------- MERGED ---------------------------


Apparently @mattytrog hates anime...
ihateanime2

Like i said
rebuild yourself a 5.1.0 image
Use choidujour.exe With commandline and a downloaded 5.1.0 image from the web..

Build a 5.1.0 image
Use the files from the choidujour output folder, into hacdiskmount,
and test save biskeys, transfer the boot0/1 provided by choidujour transfer flash the boot0/1 with etcher first. then the system files with hacdiskmount...

You can follow the no burn fuse guide to guide you how to rebuild a nand image..

Clear ya sd card for now..

And transfer the hekate fs patch and ini file provided in the choidujour output folder to the sd card and make sure to run the fs ;aumch option in hekate first ,..

Not sure why you havent tried my idea
as i believe a nand rebuild will get you back and running again.


No fuse burn guide
https://gbatemp.net/threads/how-to-...nofficially-without-burning-any-fuses.507461/
 
  • Like
Reactions: DBOA

DBOA

Active Member
OP
Newcomer
Joined
Apr 11, 2019
Messages
37
Trophies
0
Age
38
XP
269
Country
Brazil
Not sure why you havent tried my idea
Mattytrog's process is the same only with firmware 6.2.

Anyways, I just tried it, the way you explained and the boot stops after Nintendo Logo.

I've done the manual upload with 5.1 and 6.2 numerous times, none of them worked.
I'm sure there's some other problem I need to identify.
I don't know what happened to the switch before I got it.

Let me just ask you guys something, by doing the repair process e substituting the partitions and files from the manual upgrade, what other parts of the firmware would stop the switch from booting? PRODINFO, PRODINFOF, Repair-Main and Repair-Sub? Any other parts of the other partitions could be damaged?

There's any per-console data on any of those?

Thank you guys for the help
 

mattytrog

You don`t want to listen to anything I say.
Member
Joined
Apr 27, 2018
Messages
3,708
Trophies
0
Age
48
XP
4,328
Country
United Kingdom
If there are other problems with your consoles, ie hardware faults, the pack will not help.

All the pack does, is give you fresh 6.2.0 partitions, partial 6.2.0 boot0/1 files, up to keyblobs.

And does a nocmac boot to get it running.

If the pack is not working for you, double check everything. Check your prodinfo isn't borked.

Check you have no hardware faults.

If you have fuses burned for a lesser firmware than 6.2.0, then use the manual choi downgrade, which is exactly the same as the pack but with a different firmware.

The pack works. It's been tested and retested on different consoles. It's a last chance saloon really.
 
  • Like
Reactions: Canna

DBOA

Active Member
OP
Newcomer
Joined
Apr 11, 2019
Messages
37
Trophies
0
Age
38
XP
269
Country
Brazil
If the pack is not working for you, double check everything. Check your prodinfo isn't borked.
I think PRODINFO is effd...
I couldn't decrypt it when downloading with NxNandManager and when I downloaded with Hacdiskmount, the first 4 characteres did'nt matched with the Magic NUMBER 'CAL0'.

Is it possible to rebuild PRODINFO? Even if online functionality is not present.

As for the hardware, I tested Switchroot Android and Lakka and they work fine. There's any diagnostics tool I could try?

Also I tried you pack for 6.2 a couple of times and I get a "Pkg2 decryption failed!" message.
 
Last edited by DBOA,

mattytrog

You don`t want to listen to anything I say.
Member
Joined
Apr 27, 2018
Messages
3,708
Trophies
0
Age
48
XP
4,328
Country
United Kingdom
I think PRODINFO is effd...
I couldn't decrypt it when downloading with NxNandManager and when I downloaded with Hacdiskmount, the first 4 characteres did'nt matched with the Magic NUMBER 'CAL0'.

Is it possible to rebuild PRODINFO? Even if online functionality is not present.

As for the hardware, I tested Switchroot Android and Lakka and they work fine. There's any diagnostics tool I could try?

Also I tried you pack for 6.2 a couple of times and I get a "Pkg2 decryption failed!" message.
If prodinfo is buggered, you are snookered. The only possible way to get the console r to boot would be to get the device key (think it's in ECC form) from the borked prodinfo and then you can probably create a blank one.

You can remove certs, serials etc, recompute the hashes (there are two that need to be generated) and make one that will boot as long as your device key is intact. Think it's at 0x480 offset in prodinfo

I think lockpick/ or is it that tool that blahblah made that does a similar thing.

I'm trying to recall this from memory, as I'm sat in a hotel in Spain, about 1500 miles away from home.

So double check everything I say as I'm a simpleton.

Though alas, looks like you are snookered forever if your prodinfo is completely unencryptable.

Unless atmosphere can somehow patch out the device key check? Maybe?
 

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
  • K3Nv2 @ K3Nv2:
    Alot of manufactures do care about older consoles they just want to whine about piracy
    +2
  • S @ salazarcosplay:
    @BigOnYa I had 4.89 hfw on super slim that was great, but when I got a new hard disk I forgot where the guide was and could only find a guide for 4.90 and its resources
  • S @ salazarcosplay:
    @BigOnYa I think another reason to want to update is if the hfw is at the level of the fw
  • S @ salazarcosplay:
    you can sync trophies
  • BigOnYa @ BigOnYa:
    Yea that's what I'm sitting on now- 4.9, and it seems fine, have had no issues at all
  • S @ salazarcosplay:
    I don't know if people play online or such
  • K3Nv2 @ K3Nv2:
    My ps3 short circuited during a deep clean still salty about it after downloading 2tbs worth but SteamDeck okay with emulation still just can't run mgs4 worth shit
  • BigOnYa @ BigOnYa:
    Yea forgot bout trophies. They just silly to me. Just like the xbox achievements. Hey, to each they own tho.
  • K3Nv2 @ K3Nv2:
    It keeps players in touch with the game like a check list of things to do after they beat it
  • S @ salazarcosplay:
    @BigOnYa they ruined the gaming experience for me to be honest
  • S @ salazarcosplay:
    @BigOnYa Im not crazy about getting all of them, i feel like I have something to show for for the time put in
  • S @ salazarcosplay:
    @BigOnYa If you want to do rgh or 360 mod
  • S @ salazarcosplay:
    does it matter if you update your 360 or not before trying is it advisable or not
  • BigOnYa @ BigOnYa:
    Yea I don't pay attention to them really. Or do I try to 100% a game. I just play till story ends/ or I get the girl!
  • K3Nv2 @ K3Nv2:
    Bigonya uses his wiener to mod 360s
    +1
  • Xdqwerty @ Xdqwerty:
    Going to the water park, see ya
  • BigOnYa @ BigOnYa:
    You should update the 360 to newest dash before RGHing it yes. But not a big deal if you don't, you can install new dash/avatar updates after. It's just easier to do it auto online before, instead manual offline after.
  • BigOnYa @ BigOnYa:
    Have fun @Xdqwerty. If you see a chocolate candy bar floating in the water, don't eat it!
  • AncientBoi @ AncientBoi:
    :O:ohnoes: Y didn't U Tell ME that ALSO? @BigOnYa :ohnoes: 🤢🤮
    +1
  • BigOnYa @ BigOnYa:
    Does it taste like... chicken?
    +1
  • S @ salazarcosplay:
    @BigOnYa I wanted to ask you about your experience with seeing south park. Most of the people a bit younger like my younger brother and cousins that are a few younger than me that saw kids found south park funny because of the curse words, kids at school, that seemed like liking the show on a very basic level.

    I could not quite have a in depth discussion of the show.

    How was it for you? As an adult. What did you find the most interesting part about it. Did you relate to the parents of the kids and their situations. Was it satires, the commentary on society. The references on celebrities' and pop culture.
  • BigOnYa @ BigOnYa:
    I remember seeing the very first episode back in the day, and have watched every episode since. I used to set my VCR to record them even, shows how long ago.
  • BigOnYa @ BigOnYa:
    I just like any comedies really, and cartoons have always been a favorite of mine. Family guy, American Dad, Futurama, Cleveland Show, Simpsons - I like them all.
  • BigOnYa @ BigOnYa:
    South Park is great cause they always touch on relavent issues going on today, and make something funny out of it.
    BigOnYa @ BigOnYa: South Park is great cause they always touch on relavent issues going on today, and make...