Disclaimer: I'm not responsible for any damage related to the following guide

NAND Rebuilding Guide

This rebuild of NAND is to use donor NAND from Switch (A) (which you may obtain from internet) with device ID (A) on Switch (D) which certainly has device ID (D)

It means that we are tricking the Switch (D) to see itself with device ID (A) so it will boot into NAND with device ID (A) encrypted by keys from Switch (D)

By this method, you can't go online and can't boot OFW
In theory, if the files are modified to match device ID, it should be possible to build NAND that can let Switch (D) to boot OFW or even go online, which I don't know how

Guide:

Spoiler

Before we start
Make sure that your Dead Switch (D) can use Hekate -> Tools -> USB Tools -> eMMC RAW GPP
and connect to PC
Otherwise you will need a EMMC reader like mmcblknx
However, a dead eMMC can also lead to unreadable problem when connected.
Please test your own situation before buying anything.
Normally, injecting Hekate payload directly from PC should let you connect.

Remarks:
(A) from good Switch;
(D) from dead Switch;
(O) for output files

0.1 Hardware

a working emmc module, which can let a normal switch to boot OFW normally
a good (donor) Switch (A) with good emmc (A)
a Switch (D) with dead emmc (D)
Windows PC
For mmcblknx user, also need Linux PC

0.2 Files Preparation
[On Switch]
Payloads: Lockpick v1.9.4.bin, prodinfo_gen v0.3.4.bin
Hekate v5.6.0 & Nyx v1.0.6

[On PC]
Suitable OFW, on my Switch OFW 12.0.2 works
Search for darthsternie's firmware on google should get you one
EmmcHaccGen v2.2.3
HacDiskMount v1.0.5-5
NxNandManager v5.0
(Optional) BalenaEtcher: Flash BOOT0 and BOOT1. For users mounting eMMC by Hekate or mmcblknx users with Windows PC only
(Optional) You can try to use PikaFix Pack's dump (Start from Step 5), which I didn't

*PC needs to be able to view all files including "Protected operating system files"

Assuming that you have 2 Switch (A) and (D)
and have 1 eMMC chips (A) with data you do not need

Let's get started
*For PikaFix Pack used, start from Step5 and consider PikaFix Pack as Switch (A)

1. On Switch (A), inject Lockpick.bin to get prod.keys (A)
2. On Switch (A), boot Hekate -> Tools -> Backup eMMC, select eMMC RAW GPP to dump rawnand.bin (A)
3. On PC, copy prod.keys (A) and rawnand.bin (A) to PC from microsd (A)
4. (a) start NxNandManager v5.0
   (b) import keys (Ctrl + K)
   (c) find key.dat (A), which contains the BIS keys, located under the NxNandManager v5.0 folder and copy to somewhere convenient
   (d) open rawnand.bin (A) (Ctrl + O)
   (e) export decrypted PRODINFO.bin (A), PRODINFOF.bin (A), SAFE.bin (A), SYSTEM.bin (A), USER.bin (A)
   (f) close NxNandManager v5.0
5. Put eMMC chip from Switch (A) (or any good eMMC chip) to Switch (D)
6. Dump prod.keys (D) by Lockpick.bin
7. Copy PRODINFO.bin (A) prod.keys (D) to microsd (D) and rename PRODINFO.bin to donor_prodinfo.bin
8. On Switch (D), inject payload prodinfo_gen.bin to get PRODINFO.bin (O)
   *if you encounter error about missing master keys, copy the following lines from prod.keys (A) to prod.keys (D) then try again:
   master_key_00 = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
   master_key_01 = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
   master_key_02 = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
   master_key_03 = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
   master_key_04 = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
   master_key_05 = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
   master_key_source = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
   **Do not confuse with the lines master_kek
   ***PikaFix Pack users may need to find your own ways to obtain master keys
9. Copy PRODINFO.bin (O) to PC
10. (a) Copy prod.keys (D) to EmmcHaccGen.2.2.3 folder and rename the file to keys.txt
    (b) Unzip OFW in EmmcHaccGen.2.2.3 folder and rename the folder to fw
    i.e.
    

    EmmcHaccGen.2.2.3 folder
    |--EmmcHaccGen.exe
    |--keys.txt
    |--fw
        |--firmware .nca files

    (c) Start CMD and nevigate to EmmcHaccGen.2.2.3 folder
    (d) use the following code to generate firmware file for Switch (D)
    

    EmmcHaccGen.exe --keys keys.txt --fw fw

    (e) In my case OFW 12.0.2 is used, then a folder named NX-12.0.2_exFAT is generated, which contains
    

    Folders SAFE (O), SYSTEM (O), USER (O),
    Files BOOT0.bin (O), BOOT1.bin (O), BCPKG2-1 to BCPKG2-4 (O)
    boot.bis is not used

    (f) Close CMD
11. Open key.dat (A) in step 4(c) by text editor (or rename to key.txt first if you want to)
12. !CAUTION! From now on, remember to use the eMMC chip you want to empty its content, all saved data on the chip will be deleted
    (a) start HacDiskMount v1.0.5-5 with Administrator permission
    
    Read eMMC by Hekate, go to Step12(b)
    Read eMMC by mmcblknx, go to Step12(c)
    
    (b) (i) On Switch (D), boot to Hekate -> Tools -> USB Tools -> (!!read only OFF!!) eMMC RAW GPP
    __(ii) Connect Switch (D) to PC, then go to Step 12(d)
    
    (c) Connect the eMMC chip to mmcblknx and connect mmcblknx to PC
    
    (d) On HacDiskMount, select File -> Open physical drive
    (e) Double click on your eMMC chip, should have size of 29.xx GB
    (f) (i) Double click PRODINFO
    __(ii) Copy corresponding BIS keys from key.dat (D)
    _____*Make sure that you copied correct BIS keys x, where x ranged from 0 to 2
    __(iii) Click Test then Save. If error occurs, please stop here and leave comment and let's discuss
    __(iv) Browse PRODINFO.bin (O) and click Start to copy to eMMC
    __(v) Close the window
    (g) Repeat Step 12(f) for PRODINFOF.bin (A), SAFE.bin (A), SYSTEM.bin (A), USER.bin (A) obtained from Step 4(e) or PikaFix Pack
    (h) (i) Double click BCPKC2-1-Normal-Main
    __(ii) Browse BCPKC2-1-Normal-Main (O) from Step 10(e) and click Start to copy to eMMC
    __(iii) Close the window
    (i) Repeat Step 12(h) for BCPKC2-2 to BCPKC2-4 (O)
    (k) Double click SAFE, under Virtual Drive, click Install
    (l) (i) Select a Drive Letter, I use "Y:"
    __(ii) Tick box for Passthrough zeroes
    __(iii) Click mount
    __(iv) Find your mounted drive on PC, which is Y:/ for me
    __(v) Delete all content and replace by that from Step 10(e)
    __(vi) Close the window
    (m) repeat (l) for SYSTEM and USER
    **Reminder: there are system files hidden, please make sure that you can see ALL files
    If you don't know how, Here it is. Tick the box for "Protected operating system files"
    (n) Close HacDiskMount
    
    If you use Linux PC with mmcblknx, unplug Switch and turn it off then go to (p)
    
    (o) (i) On Switch (D), unplug USB cable and reinsert with BOOT0 or
    __(ii) Use BalenaEtcher to flash BOOT0.bin (O) from Step 10(e)
    __(iii) repeat (o) for BOOT1.bin (O)
    
    Go to Step 13
    
    (p) (i) Copy BOOT0.bin (O) and BOOT1.bin(O) to Linux PC
    __(ii) With eMMC connected, open terminal and navigate to folder containing BOOT0.bin (O) and BOOT1.bin (O)
    __(iii) Enter the following code to flash BOOT0 and BOOT1
    

    sudo su
    echo 0 > /sys/block/mmcblk0/force_ro
    echo 0 > /sys/block/mmcblk0boot0/force_ro
    echo 0 > /sys/block/mmcblk0boot1/force_ro
    exit
    sudo dd if=boot0.bin of=/dev/mmcblk0boot0
    sudo dd if=boot1.bin of=/dev/mmcblk0boot1

13. Plug eMMC chip back to Switch (D) if you haven't
14. Insert microsd with all necessary CFW files then boot to CFW
15. Switch (D) is alive

Notes:
boot Atmospher with fusee-primary.bin
This may give an error and need to press power button to reboot once, then can boot into Atmosphere
I don't know if this is related to the use of device ID spoofing.
If you encounter infinite boot loop to Atmosphere splash screen / error screen, it's abnormal

After repairing NAND, OFW 12.1.0 is installed using Daybreak under emummc Atmosphere 0.20.1
Remember to use corresponding sigpatch

Thanks for reading.

Credit to all the payloads, software creators, and advices in this post and Unbricking Guide:
SciresM and the ReSwitched team for Atmosphere
CTCaer for Hekate
Shchmue for Lockpick_RCM
CaramelDunes for prodinfo_gen
SuchMemeManySkill for eMMC Hacc Gen
Rajkosto for HacDiskMount
Eliboa for NXNandManager
ignasurba for mmcblkNX
Balena for Balena Etcher

 

[impeeza]

Hi,

Can someone please clarify 4. (c) for me.
It says find key.dat (D) in the NxNandManager directory.
I have a file called keys.dat, but this was generated from importing the prod.keys from switch (A) into NxNandManager as in the previous steps.

Is this the right file? I'm confused as to why it says this file should be from switch (D) when so far this switch hasn't been used in the guide yet.

Yeah that is the file. That file is unique for each console and shouldn't shared (wink, wink)

 

[losth1ghway]

ok cool. thanks for clarifying

 

[Roy73]

Yeah that is the file. That file is unique for each console and shouldn't shared (wink, wink)

So does that mean the guide has a typo?? As When I was reading it I got confused just the same, is it supposed to be keys.dat (A) and not (D)

 

[impeeza]

So does that mean the guide has a typo?? As When I was reading it I got confused just the same, is it supposed to be keys.dat (A) and not (D)

that file contains copyrighted material of BigN and console unique keys so you shouldn't share it because you can incurs in piracy and you can disclosure private information.

you can:

Use a special payload on your console to generate it.

Use a Web Search engine to get a pirate one.

 

[Roy73]

that file contains copyrighted material of BigN and console unique keys so you shouldn't share it because you can incurs in piracy and you can disclosure private information.

you can:

Use a special payload on your console to generate it.

Use a Web Search engine to get a pirate one.

I can get the keys for console A & D, but from the guide it says you load the keys from console A and transfer the keys from D after loading console A, that’s where I got confused.

 

[impeeza]

I can get the keys for console A & D, but from the guide it says you load the keys from console A and transfer the keys from D after loading console A, that’s where I got confused.

Ah, OK, you are transferring a NAND from a Console to Other?

On that case you need the keys from both consoles, the keys from source console are used to decrypt the NAND, then you need Re-encrypt the NAND with the keys of destination console in order to be able to use that NAND on the destination console.

 

[Roy73]

I’m

Ah, OK, you are transferring a NAND from a Console to Other?

On that case you need the keys from both consoles, the keys from source console are used to decrypt the NAND, then you need Re-encrypt the NAND with the keys of destination console in order to be able to use that NAND on the destination console.

wanting to rebuild a nand on a switch which has a modchip as the original nand doesn’t work

 

[impeeza]

I’m

wanting to rebuild a nand on a switch which has a modchip as the original nand doesn’t work

exaclty you are using a donor NAND, you need to decrypt the donor NAND with the keys of donor console, and the keys of your console to re-recypt the NAND to work on your console.

 

[Roy73]

exaclty you are using a donor NAND, you need to decrypt the donor NAND with the keys of donor console, and the keys of your console to re-recypt the NAND to work on your console.

Yeh I understand how it’s doing it, does it matter that the donor nand (working switch) is on a newer firmware than the broken switch?

 

[impeeza]

Yeh I understand how it’s doing it, does it matter that the donor nand (working switch) is on a newer firmware than the broken switch?

No problem, the Firmware is on the NAND not in the console, (beside the fuses but that is another topic.)

 

[Diogen_Karpis]

hi, someone knows if it exist any video tutorial on u tube???

 

[impeeza]

hi, someone knows if it exist any video tutorial on u tube???

Never follow YT tutorials they are always outdated, and normally incomplete. the scene changes so quickly what the most of yt vídeos are outdated at the moment of being recorded.

Read and re-read the OP you will get into it and the best, you will learn "the why" no only "the what".

 

[Diogen_Karpis]

Never follow YT tutorials they are always outdated, and normally incomplete. the scene changes so quickly what the most of yt vídeos are outdated at the moment of being recorded.

Read and re-read the OP you will get into it and the best, you will learn why no only what.

i remember does this tutorial and revive one switch last year, sthetix has a video but i dont know why he hide or erase from youtbe.
i asked him for the video and he prefered no tallk about it.

if someone have this video was talking about send a link. please

 

[Silentwidow]

I know this is old, but I am unable to get it to work updating with Daybreak, I got the system booting just fine, but if I try and get off my 12.0 version it just gives a PKG1 error, even if flashing a new boot0/1 with emu, Prodinfo still shows as 12 no matter what I do.

 

[impeeza]

I know this is old, but I am unable to get it to work updating with Daybreak, I got the system booting just fine, but if I try and get off my 12.0 version it just gives a PKG1 error, even if flashing a new boot0/1 with emu, Prodinfo still shows as 12 no matter what I do.

you need to update your Hekate and atmosphère to latest ones FROM THE GITHUB page, even if you think you have them on your console or pc download them AGAIN.

 

[Silentwidow]

you need to update your Hekate and atmosphère to latest ones FROM THE GITHUB page, even if you think you have them on your console or pc download them AGAIN.

Ahh, love ya! That was all it was, I had already reflashed to 12 and redid the update after installing the new atmos and hekate and it works now. Thank you so much!