Hacking keyblob 0 to 5 corrupted

designgears

Well-Known Member
Member
Joined
Aug 8, 2016
Messages
289
Trophies
0
XP
630
Country
United States
BOOT1 doesn’t need anything.

From my experience it seems like lockpick complains when non-original keyblobs are installed for whatever reason, looks like it was able to derive the masterkeys which probably means the keyblobs are fine though. Have you tried booting it yet?

Yeah, I get a `pkg2 decryption failed!`
 

designgears

Well-Known Member
Member
Joined
Aug 8, 2016
Messages
289
Trophies
0
XP
630
Country
United States
Are your BOOT0/1 and rawnand contents both for the same firmware?

Also, worst case, you can just manually update to 6.2.0<= which doesn’t require keyblobs :P

I will just go that route if it will let me :)
Will report back shortly

Edit: they are both 1.0.0, restored my backup and then used choi to generate boot0/1.

@ZachyCatGames

uhh, how can I do 6.2.0, choi doesn't support it. Is there another method Im unaware of?!

-----------

Well, managed to get things back in a working order. Luckily I upgraded my switch nand a while ago and the old nand has 8.0.1 on it. That boots up with some janky hekate config (gotta sort out the boot stuff still). Dumped the nand, restored it to my 256gb nand which got it into the same state. At least have a good backup now to get back to a mostly working state.
 
Last edited by designgears,

studio1b

Well-Known Member
Member
Joined
Mar 14, 2009
Messages
146
Trophies
0
Age
41
Location
NEW YORK CITY
XP
444
Country
United States
I'm having kind of the same issue with 1 switch unit
I have rawnand of 6.X and a rawnand of 9.1.0
If i reflash the 6.X stock will boot no problem , but AMS will not boot it will go to atom logo flash and then black screen ( but with blacklight on)
If i take the 9.1.0 rawnand and reflash it back to the console , stock will boot and AMS will boot
If i run lockpick in both 6.X or 9.1.0 it gives me a error about the KEYBLOB 1 to 5 corrupt
I have all the keys for the console and boot0/1 for the console
6.X rawnand was done with a older hek non gui
9.1.0 rawnand was done with hek 5.1.1 gui

question is why is lockpick bitching about the keyblobs they should be correct for the console.
how can i check to make sure the boot0 is correct
I would have to keygen the keys with the prod keys ?
 

FiddyOnFiddy

Member
Newcomer
Joined
Mar 24, 2020
Messages
10
Trophies
0
Age
26
XP
46
Country
United Kingdom
Zachy hoping you can help me out as I think I have a similar problem to what you were helping with. My switch just boots to black screen after nitnendo and sept logo and my bis keys don't match in hacmount despite being from my console.

Lockpick shows these keyblobs are corrup, 0 through 5 and 1 more notable error I have is

[FatFS] Error: NOFAT
unable to mount system paritition.

So it feels to me like my system partition is corrupt. Mounting it in hacdiskmount tells me it doesn't have a compatible file system to explore. biskeys are invalid for every partition on hacdiskmount including prodinfo so not sure if my prodinfo is corrupt, or a nuked emmc like you described with the other person you were helping. Although what I did make progress on was mounting my USER partition and formatting it and then when I try and test my keys for bis key3 they work, same goes for the SAFE partition. Doing this with the SYSTEM partition allows me to then navigate the folder and I tried the downgrade but when trying to launch it'll crash on atmospher logo so assuming this bricks the console so I restored my nand to before I formatted system.


Hope this info is enough and you can help me out, thanks man.
 

ZachyCatGames

Well-Known Member
Member
Joined
Jun 19, 2018
Messages
3,262
Trophies
1
Location
Hell
XP
3,314
Country
United States
Zachy hoping you can help me out as I think I have a similar problem to what you were helping with. My switch just boots to black screen after nitnendo and sept logo and my bis keys don't match in hacmount despite being from my console.

Lockpick shows these keyblobs are corrup, 0 through 5 and 1 more notable error I have is

[FatFS] Error: NOFAT
unable to mount system paritition.

So it feels to me like my system partition is corrupt. Mounting it in hacdiskmount tells me it doesn't have a compatible file system to explore. biskeys are invalid for every partition on hacdiskmount including prodinfo so not sure if my prodinfo is corrupt, or a nuked emmc like you described with the other person you were helping. Although what I did make progress on was mounting my USER partition and formatting it and then when I try and test my keys for bis key3 they work, same goes for the SAFE partition. Doing this with the SYSTEM partition allows me to then navigate the folder and I tried the downgrade but when trying to launch it'll crash on atmospher logo so assuming this bricks the console so I restored my nand to before I formatted system.


Hope this info is enough and you can help me out, thanks man.
Keyblobs don’t matter on 6.2.0+, so it’s not that.
Did you restore another console’s nand backup on it? That would fuck up everything, I can’t think of much else that would cause that *shrug*
 

FiddyOnFiddy

Member
Newcomer
Joined
Mar 24, 2020
Messages
10
Trophies
0
Age
26
XP
46
Country
United Kingdom
I figured it out and it was really dumb. I'm repairing a job lot of switches and got the eMMC chips mixed up. So I was pulling the wrong keys. Thankfully I did do a nand backup before messing with it so I was able to restore it, get it in the correct console, find the correct eMMC for the console I had issues with and both are working perfectly fine now.

Honestly I spent like 20 hours researching, trying and diagnosing and never thought to try that but at least it's sorted now.
 
  • Like
Reactions: ZachyCatGames

FiddyOnFiddy

Member
Newcomer
Joined
Mar 24, 2020
Messages
10
Trophies
0
Age
26
XP
46
Country
United Kingdom
Keyblobs don’t matter on 6.2.0+, so it’s not that.
Did you restore another console’s nand backup on it? That would fuck up everything, I can’t think of much else that would cause that *shrug*

I've actually got another quick question if you don't mind helping me out. I'm prepping this console for sale and want to revert it to stock so the user has the choice to jailbreak or not.

Just tried the tutorial for restoring stock and removing custom firmware without nand backup but I can't seem to boot to stock without going into hekate. I have 12 fuses burned too. Is there a way around this? Like revert to 6.1 using choi then system update?

Thanks man

EDIT: Figured it out, this syste was on atmospher and ofw 8.1 yet fuse count was 12 so I upgraded to 9.2 with choi and now I can boot to stock without the use of hekate so going to clean the nand and I think I'm good to go.
 
Last edited by FiddyOnFiddy,

MK7Hax1811

Well-Known Member
Newcomer
Joined
Mar 6, 2018
Messages
90
Trophies
0
XP
977
Country
Germany
Code:
linkle keygen -k prod.keys
prod.keys only needs to contain keyblob 0-5, keyblob_key_source 0-5, keyblob_mac_key_source, secure boot key, and tsec_key
secure boot key and tsec key are console unique (but are easily dumpable), the rest can come from another console.

EDIT: They'll show up as `encrypted_keyblob_xx`, and you can just copy them over to your boot0
I have the same issue, i dumped my prod.keys, used linkle to build the encrypted keyblobs but i see only the keyblob source keys from 00 to 05 and not 'encrypted_keyblob_0X...' Any help? Thx
 
General chit-chat
Help Users
  • No one is chatting at the moment.
  • El_Doot @ El_Doot:
    by 1
    Gift
  • Julie_Pilgrim @ Julie_Pilgrim:
    funnily enough when i was telling my openly femboy furry bf and my friend(we talk about femboys sometimes) they said "nope we don't wanna hear that that's disgusting"
    Gift
  • Julie_Pilgrim @ Julie_Pilgrim:
    why is cheeto dust of all things
    the subject that crosses the line
    Gift
  • RichardTheKing @ RichardTheKing:
    Wait, Switch Online now has Super Mario 64, right?
    Gift
  • Julie_Pilgrim @ Julie_Pilgrim:
    i really hate to say this but
    Gift
  • Julie_Pilgrim @ Julie_Pilgrim:
    i dont think it does
    Gift
  • RichardTheKing @ RichardTheKing:
    Huh, makes sense; they did sell that through the 3D All-Stars collection.
    Gift
  • RichardTheKing @ RichardTheKing:
    Which, last I heard was removed from the eShop...so they might as well offer it again, I guess...
    Gift
  • RichardTheKing @ RichardTheKing:
    Will they use the same Shindou-translated ROM, or the original English ROM?
    Gift
  • Julie_Pilgrim @ Julie_Pilgrim:
    googling it, it seems that mario 64 is on the service
    Gift
  • Julie_Pilgrim @ Julie_Pilgrim:
    in japan they use the shindou version apparently but in the states and elsewhere they use the original rom
    Gift
  • Julie_Pilgrim @ Julie_Pilgrim:
    oh boy oh boy oh boy i sure do love living in japan and being a mario fan, i just got the new expansion pack, i cant wait to do some bljs!
    +1
    Gift
  • RichardTheKing @ RichardTheKing:
    From what I've heard about the Expansion Pack, the emulator used has some noticeable input delay and/or lag...would BLJs even be possible?
    Gift
  • RichardTheKing @ RichardTheKing:
    Apparently Nintendo adapted the 3D All-Stars emulator, instead of their old Virtual Console emulator - or, if nothing else, copying what fans have done.
    Gift
  • Julie_Pilgrim @ Julie_Pilgrim:
    from what i can seem to gather there's some issues but nothing dramatic enough to severely impact what you're playing
    Gift
  • Julie_Pilgrim @ Julie_Pilgrim:
    honestly the whole expansion pack confuses me since i thought the nes/snes games were just a neat little bonus
    Gift
  • El_Doot @ El_Doot:
    wait julie your bf is a femboy holy shit im jealous
    +1
    Gift
  • AkiraKurusu @ AkiraKurusu:
    So many planes flying overhead, and they sound close...
    Gift
  • DJPlace @ DJPlace:
    do you need friends to play the games online for the switch exapsion pack i know snes and nes do.
    Gift
  • Julie_Pilgrim @ Julie_Pilgrim:
    @El_Doot well hey hot people do get more benefits in life
    Gift
  • J @ Jephter:
    Please I need help with this. I just homebrew my old 3ds console and downloaded a CIA file, but after surfing through for only 10 sec or less this appears. please can someone help me? Thank you in advance.
    Gift
  • Veho @ Veho:
    Start a new thread in the 3DS board, the chat box is not the best place to ask for such advice.
    Gift
  • Gift
  • RichardTheKing @ RichardTheKing:
    A week ago I got a payment request, through PayPal, from "[email protected]", who wanted US$64.
    Scam? Cancelled it anyway.
    Gift
  • RichardTheKing @ RichardTheKing:
    The note added to it simply said "Lucky Charms?", too.
    Gift
    RichardTheKing @ RichardTheKing: The note added to it simply said "Lucky Charms?", too.