ROM Hack Is a reeboot payload NSP or XCI possible?

Kallim

Well-Known Member
OP
Member
Joined
Jan 12, 2021
Messages
291
Trophies
0
Age
47
XP
652
Country
United Kingdom
There's been similar questions to this. But has anyone written, working on, or thought of "Reboot to payload" as an XCI or NSP file.

The idea being it'd basically be a Fake Game so it'd exist in OFW. So it would allow you to boot into Custom Firmware even when OFW (no homebrew) is running. The concept is to allow CFW to launch even if no jig/dongle or laptop are handy.

Other people have asked if the homebrew app "reeboot to payload" or "payload launcher" can be installed on OFW but this obviously isn't possible as OFW can't run homebrew apps.

I'm asking if anyone has written or thought of effectively writing a full NSP that will do the same thing, independently of CFW?? It'd obviously need to be installed on the sysnand, but would completely eliminate the need for a Jig/RCM loader/laptop etc.

In theory can this even be done?? Also would it have a ban risk? (after all it will be on the sysnand)
 

kidkat210

Well-Known Member
Member
Joined
Nov 9, 2016
Messages
1,049
Trophies
0
Age
29
XP
2,297
Country
United States
1) I dont think it would be possible, you would need sig patches to "launch" said nsp. Without cfw, the nsp would error out and kick you to the switches dashboard. In order to achieve something like what your thinking/suggesting, you would need nintendo keys for signing games and such (which no one has, nor has been leaked)

2) even if this was possible, it would more than likely lead to a ban. Since its an unsigned (non-legit) nsp installed.

Anyone correct me if I'm wrong/misinformed
 
  • Like
Reactions: CompSciOrBust
Joined
Sep 9, 2019
Messages
904
Trophies
1
Location
Switch scene
Website
github.com
XP
2,663
Country
Korea, North
You can make a reboot to payload NSP (any homebrew can be compiled as an NSP) but it wouldn't work outside of CFW unless you somehow got ahold of Nintendo's private keys, which probably isn't happening any time soon unless you're willing to break in to their offices.

Edit: Actually even if you got their private keys it still wouldn't work outside of CFW because rebooting to payload requires extra permissions that games don't normally have access (CFW allows them to run with extra permissions) to so you would have to get the keys for signing the firmware. If you managed to get them you wouldn't even need an NSP though, you can just boot straight in to CFW.
 
Last edited by CompSciOrBust,

Kallim

Well-Known Member
OP
Member
Joined
Jan 12, 2021
Messages
291
Trophies
0
Age
47
XP
652
Country
United Kingdom
You can make a reboot to payload NSP (any homebrew can be compiled as an NSP) but it wouldn't work outside of CFW unless you somehow got ahold of Nintendo's private keys, which probably isn't happening any time soon unless you're willing to break in to their offices.

Edit: Actually even if you got their private keys it still wouldn't work outside of CFW because rebooting to payload requires extra permissions that games don't normally have access (CFW allows them to run with extra permissions) to so you would have to get the keys for signing the firmware. If you managed to get them you wouldn't even need an NSP though, you can just boot straight in to CFW.


Not the same keys provided lockpickrcm.bin I assume?? Or that'd be too easy.
 
Joined
Sep 9, 2019
Messages
904
Trophies
1
Location
Switch scene
Website
github.com
XP
2,663
Country
Korea, North
No definitely not. Nintendo's private signing keys don't exist within the Switch to be extracted, and don't exist outside of specially designed secure hardware within Nintendo headquarters.
Tangently related: I can't confirm it but I've heard from a usually reputable source (big name in the PS4 scene) that a private group has obtained Xbox 360 retail signing keys even though MS uses hardware signing machines too.
 
  • Like
Reactions: hippy dave

Kallim

Well-Known Member
OP
Member
Joined
Jan 12, 2021
Messages
291
Trophies
0
Age
47
XP
652
Country
United Kingdom
Ok So In theory the only way to do this would be to boot cfwsysnand downgrade the firmware to v4.00 (to when the switch was software exploitable). Then install the NSP that nobody has written yet (and probably won't as it doesn't work with new Firmware).... then it could work?

Also you can't go online with the old firmware and updating could result in a ban. Anything else I've missed???

Actually joking aside it could still be a handy NSP for those with a banned switch as you wouldn't need any other devices to boot CFW. You could just delete the network settings once installed so it never updates.

Thanks for your help!
 

hippy dave

BBMB
Member
Joined
Apr 30, 2012
Messages
9,789
Trophies
2
XP
28,227
Country
United Kingdom
Ok So In theory the only way to do this would be to boot cfwsysnand downgrade the firmware to v4.00 (to when the switch was software exploitable). Then install the NSP that nobody has written yet (and probably won't as it doesn't work with new Firmware).... then it could work?
Even on the low firmware, you'd only be able to run it after manually running the software hacks (through the browser or whatever). In which case you might as well use the software hacks to reboot to payload directly. So, the nsp/xci doesn't get you anything you couldn't have had already at that firmware - and it won't work on higher firmware - so there's no point to it honestly.
 
  • Like
Reactions: CompSciOrBust

Kallim

Well-Known Member
OP
Member
Joined
Jan 12, 2021
Messages
291
Trophies
0
Age
47
XP
652
Country
United Kingdom
OK no worries. I've asked a similar question to you in another thread but I think that's answered everything. Unless I can think of another idea (maybe a 3rd clean emunand to trick Nintendo etc). But I'm probably getting obsessed with a minor inconvenience.
 
  • Like
Reactions: hippy dave
Joined
Sep 9, 2019
Messages
904
Trophies
1
Location
Switch scene
Website
github.com
XP
2,663
Country
Korea, North
If you really don't want to use another device to boot cfw you could install a mod chip. The idea is to put a small low power computer inside of the Switch that will automatically inject a payload when rcm is detected.
https://gbatemp.net/threads/interna...ybitsy-m0-express-guide-files-support.508068/

SwitchMe seems to be the easiest chip to install. I was able to install mine with minimal soldering experience. I've heard good things about rcmx86 too.
 
  • Like
Reactions: hippy dave

Draxzelex

Well-Known Member
Member
Joined
Aug 6, 2017
Messages
18,986
Trophies
2
Age
29
Location
New York City
XP
13,326
Country
United States
Ok So In theory the only way to do this would be to boot cfwsysnand downgrade the firmware to v4.00 (to when the switch was software exploitable). Then install the NSP that nobody has written yet (and probably won't as it doesn't work with new Firmware).... then it could work?

Also you can't go online with the old firmware and updating could result in a ban. Anything else I've missed???

Actually joking aside it could still be a handy NSP for those with a banned switch as you wouldn't need any other devices to boot CFW. You could just delete the network settings once installed so it never updates.

Thanks for your help!
No it wouldn't work because there is nothing 'magical' about firmware 4.0 that would make such a .NSP file work. All .NSP files require CFW in order to be launched no matter how or what firmware they are installed to; without CFW, .NSP files are useless.
 

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
  • No one is chatting at the moment.
    LeoTCK @ LeoTCK: yes for nearly a month i was officially a wanted fugitive, until yesterday when it ended