Hardware My Switch is a 2019 v6.2.0 XAJ4008278 UNPATCHED unit!

PRAGMA

Well-Known Member
OP
Member
Joined
Dec 29, 2015
Messages
2,258
Trophies
1
Location
Ireland
Website
github.com
XP
5,009
Country
Ireland
1.png
2.png

a.png


Edition: Gray + £30 eShop Included with Sticker advertising this on the corner.
Revision: Original Launch Edition (White Box)
Original Firmware Version: Probably 6.2.0, I can't remember, but definitely 8.1.1 or older.
Shell: Original Launch Edition, not the glittery and more metallic shells you typically see on 2019+ units.
Merchant: Scan.co.uk
Purchase Date: 23rd of August, 2019

1671806066733.png


This was purchased just around the time that the merchant was struggling to get Nintendo Switch's, especially as the new V2 Red Box versions were just around the corner.




I bought this brand new a couple of days ago and it arrived today. I checked the serial on ismyswitchpatched.com and based on its result it should be "definitely patched".

3.png


However, I tried to send a payload anyway and it worked! At first, I thought this is a shell swap but it isn't. I matched the serial number on the shell's sticker with the serial numbers inside the settings.




Interestingly enough, BIS Key generation for this unit failed on Atmosphere, Lockpick_RCM, and biskeydump. It seems to have revised BIS key generation. SciresM who created Atmosphere said my console needs a fix that he will help with in ~6 hours.

4.png


Because of this, I cannot safely use this Switch as I cannot get valid BIS keys to keep with my eMMC backup. BIS keys are required for decrypting eMMC backups and without them, the backup is more or less useless.




On the 29th of August, 2019, SciresM pushed a fix for BIS Key generation to Atmosphere: https://github.com/Atmosphere-NX/Atmosphere/commit/600d68bd1aa6f13b47b1482e48110b2e3c2684ed and then 15 days later released Atmosphere v0.9.4 with this fix.

On the 16th of September, 2019, Shchmue pushed a similar fix to Lockpick_RCM: https://github.com/shchmue/Lockpick_RCM/commit/6540ddc24ba65fdf4863c78b0119869f8dfd0ed8 and then a day later released Lockpick_RCM v1.5.0 with this fix.

All that needs updating is rajkosto's biskeydump project.

I can confirm the fixes made on both projects work and dump the correct BIS Keys on my unit. I managed to decrypt SYSTEM.bin, and mount it with HacDiskMount and the BIS Key's entropy was Valid.




Just in case there was anything interesting about my specific system, or if anything of interest was left on my eMMC, SciresM took a look at the NCA headers of my decrypted SYSTEM.bin and found nothing of interest.




Take from this thread what you will, but just know that you cannot take the Serial number or the Serial checker websites at face value. It may be worth taking the time to try and send a Payload even if the websites say it's "definitely patched". You can't blame these websites either as they only have limited data to work on and can only go by what seems to be the common path for serials. After all, this unit can be considered a bit of a weird one.
 
Last edited by PRAGMA,

antiNT

:)
Member
Joined
Sep 14, 2015
Messages
619
Trophies
0
Location
Doha - Qatar
XP
2,780
Country
Qatar
This is absolutely remarkable to say the least. I would've never guessed that could be possible. I hope the opposite isn't though (i.e switch that's definitely supposed to be vulnerable but isn't)
 
D

Deleted-452294

Guest
The OS prints the serial on PRODINFO. I will be interested in knowing whether the Device ID in eFuses matches the Device ID in PRODINFO.
Feel free to DM me if you want me to calculate your BIS keys. This will require a FUSE+KFUSE dump for your console, though.
 

Nerdtendo

Your friendly neighborhood idiot
Member
Joined
Sep 29, 2016
Messages
1,753
Trophies
1
XP
4,549
Country
United States
At first I thought this was one of those "I got a patched switch, can I hack?" Threads.

Can it actually boot CFW or is it unable to with what's available
 
  • Like
Reactions: Budsixz

PRAGMA

Well-Known Member
OP
Member
Joined
Dec 29, 2015
Messages
2,258
Trophies
1
Location
Ireland
Website
github.com
XP
5,009
Country
Ireland
At first I thought this was one of those "I got a patched switch, can I hack?" Threads.

Can it actually boot CFW or is it unable to with what's available
It can actually boot CFW.

--------------------- MERGED ---------------------------

The OS prints the serial on PRODINFO. I will be interested in knowing whether the Device ID in eFuses matches the Device ID in PRODINFO.
Feel free to DM me if you want me to calculate your BIS keys. This will require a FUSE+KFUSE dump for your console, though.
I would check that but I don't have BIS keys to read PRODINFO. Id rather wait for the fix from sciresm though.
 
  • Like
Reactions: Nerdtendo

The Real Jdbye

*is birb*
Member
Joined
Mar 17, 2010
Messages
23,139
Trophies
4
Location
Space
XP
13,610
Country
Norway
So basically everyone with a patched switch needs to try it, and even buying a patched switch could be actually unpatched?
Yeah it seems like they sometimes have old stock that are shipped with new serial numbers. Not the first report I've heard of this.
qz4BY2O.png
Gbr6Hb4.png

ELxr7ht.png


I bought this new a couple of days ago and it arrived today, checked serial and based on it, assumptions was that it was "definitely patched".

ynDLXUO.png


However I tried anyway and it worked.
At first I thought this is a shell swap but it isn't. I matched the serial numbers with the serial numbers inside the OS against the shell's sticker.
And interestingly enough, BIS Key generation isn't working properly, apparently according to SciresM my console needs a "fix" that he will help with in "~6 hours".

RV1Mr1t.png


This also means that it isnt a first revision unit due to it having revised BIS key generation.
Because of this, as of right now I cannot safely use the switch as I cannot get a proper backup as the BIS keys currently gotten from Lockpick_RCM/biskeydump isn't working, it's entropy doesn't match the NAND.

Pretty odd stuff.
Which edition Switch is it? Neon, gray, etc.
 

Essometer

Needs data
Member
Joined
Oct 22, 2010
Messages
732
Trophies
1
Age
32
Location
Bielefeld
Website
none.de
XP
3,535
Country
Germany
Guys, chill out. Comparing Serials was never an accurate science. To make predictions, we need data, the less data we have the less good are the predictions.
This is the reason why we can pretty accurately tell if a Switch is unpatched. Since this is a hacking community, people bought the unpatched Switches and
the potential patched Switches stayed mostly in the shelf. Since we had to establish a boarder somewhere, the cutoff point to "patches" was more or less
arbitrarily. It just means that where was never a Switch with this high of a firmware reported to be unpatched. Your find means that the boarders for potential
unpatched units will be moved.

That it doesn't support the BIS Key Generation is intersting however.
 

PRAGMA

Well-Known Member
OP
Member
Joined
Dec 29, 2015
Messages
2,258
Trophies
1
Location
Ireland
Website
github.com
XP
5,009
Country
Ireland
Yeah it seems like they sometimes have old stock that are shipped with new serial numbers. Not the first report I've heard of this.

Which edition Switch is it? Neon, gray, etc.
Gray

--------------------- MERGED ---------------------------

yours isnt the latest version right? the one with better battery?
No its the original
 

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
  • No one is chatting at the moment.
  • Xdqwerty @ Xdqwerty:
    I'm back
  • Xdqwerty @ Xdqwerty:
    I ate pizza
    +1
  • Xdqwerty @ Xdqwerty:
    Awkward silence again
  • Xdqwerty @ Xdqwerty:
    I imagine a family guy cutaway where Peter is in fire emblem and when losing all his health in a battle he does that thing he does when hurting his knee
  • Xdqwerty @ Xdqwerty:
    Alone, alone, alone...
  • Sicklyboy @ Sicklyboy:
    same tho
    +1
  • Xdqwerty @ Xdqwerty:
    Thank god someone came in
  • BakerMan @ BakerMan:
    i just moved on to arena 16 in clash royale
  • BakerMan @ BakerMan:
    i stomped a fkn logbait player
  • Xdqwerty @ Xdqwerty:
    Damn the game weights 451 mb
  • Xdqwerty @ Xdqwerty:
    Thats too much storage
  • Xdqwerty @ Xdqwerty:
    (for a Mobile Game)
  • Xdqwerty @ Xdqwerty:
    Damn, i'm alone again
  • Xdqwerty @ Xdqwerty:
    Good night i guess
  • HiradeGirl @ HiradeGirl:
    It's weird. Thursday/Friday and still not a lot of people here.
  • HiradeGirl @ HiradeGirl:
    @Xdqwerty Good animation. :rofl2:
  • HiradeGirl @ HiradeGirl:
    Is there any chat app for Android or iOS? Like for getting notifications for every new message even if I'm not tagged?
  • Jayro @ Jayro:
    Besides e-mail notifications, I don't believe so.
  • K3Nv2 @ K3Nv2:
    I think you can subscribe to certain threads and enable push notification
  • K3Nv2 @ K3Nv2:
    Or bookmark it using this
    Screenshot-20240222-230124-Brave.jpg
    K3Nv2 @ K3Nv2: Or bookmark it using this