I've managed to dump the game and patch it. Here is what I did.
First you need to get the keys to dump everything, so just follow this guide how-to-get-switch-keys-for-hactool-xci-decrypting
1. dumping the game from sd (skip this if you dump it from nand) I don't have a sd card reader on my pc but I was able to get around that.
Now you need to get the sdseed key.
Download a hex editor I downloaded HxD
Download hacdiskmount if you haven't already.
Download memloader.
Download tegrarcmsmash
Extract memloader files to the tegrarcmsmash folder.
Put switch in RCM mode and in cmd cd to the tegrarcmsmash folder and run TegraRcmSmash.exe memloader.bin --dataini=ums_emmc.ini
Run and open hacdiskmount. Open physical drive - linux ums
Double click on the system partition and a new window will pop up. Enter the BIS keys it asks for. Hit save system.bin and save it to your PC. (this will take 15 mins).
Turn off the switch and boot it back into RCM and run in cmd TegraRcmSmash.exe memloader.bin --dataini=ums_sd.ini
Windows should pop up with a external usb drive and you can browse the sd card on the switch from explorer. Browse to /nintendo/contents/ and copy the private file to your computer.
Open the hex editor and open the private file in it. Highlight and copy all the bytes in the file.
Open the system.bin file you dumped earlier in the hex editor and do a search->find and in the find window click on the hex values tab and paste the bytes you copied before into the search and hit ok.
It will find the values you pasted and the line of hex below that is your sdseed, so highlight and copy that and paste it into a text file and save it somewhere.
Go back to the sd card on the switch and go to /nintendo/contents/registered folder and look for a folder with a file in it with a size of 1.7gb named f5983d8f4951458e8f1413be7579e3f9.nca mine was 000000CB.
Edit: sorry I forgot to mention copy f5983d8f4951458e8f1413be7579e3f9.nca to your hactool folder. It will take about 10 mins.
In the cmd prompt cd to the folder with hactool.
Run this command hactool -t nax0 -k keys.ini --sdseed=your sd key here --sdpath=/registered/000000CB/f5983d8f4951458e8f1413be7579e3f9.nca f5983d8f4951458e8f1413be7579e3f9.nca --plaintext=out.nca
2. Now you need to get the titlekey for the game.
Search for and download get_ticketbins.py and get_titlekeys.py and release-python-script-to-generate-the-rsa_kek.
Download and install python 2.7 if you havent already.
In cmd prompt run pip install asn1
next run py -2 -m pip install pycrypto
Follow the guide on how to generate the rsa-kek, once you have that key right click on get_titlekeys.py and hit edit and find the line where it says rsa_kek=('XXXXXXXXX'), and replace the X's with the rsa-kek.
Now you need prodinfo.bin and 80000000000000e2 file.
Now you need to boot your switch back into rcm mode and load TegraRcmSmash.exe memloader.bin --dataini=ums_emmc.ini
Open up hacdiskmount and double click on prodinfo enter the keys it asks for and click save prodinfo.bin put it in your hactool folder.
Now double click on system. Enter the BIS keys it asks for. install driver for mounting. check read only. click mount.
Browse the new drive in windows and under the save folder copy 80000000000000e2 to your hactool dir.
In cmd cd to your hactool folder.
run py -2 get_ticketbins.py 80000000000000e2 it should dump a personal_ticketsblob.bin
now run py -2 get_titlekeys.py PRODINFO.bin personal_ticketblob.bin it will display some titleid's and title keys that go along with them. The titlekey we want is under the 010096000b3ea000 titleid. Copy that key.
now run hactool -k keys.ini --titlekey=titlekeyyoujustcopied out.nca --exefsdir=C:\temp\decrypted\ make sure you have a c:\temp\decrypted folder (or change it to what you want).
Now download nso2elf and elf2nso.
run nso2elf C:\temp\decrypted\main it should put out a main.elf in the same dir.
open the hex editor and open the main.elf file.
go to search and goto... and enter 8F9D0
It will jump to that location it should look like 08 00 00 12 change it to this 08 00 80 52
hit save.
in cmd run elf2nso C:\temp\decrypted\main.elf C:\temp\decrypted\main2
Either delete the original main or rename it to something else and rename main2 to main.
reboot switch to rcm mode and run TegraRcmSmash.exe memloader.bin --dataini=ums_sd.ini to mount the sd card in windows.
copy main to \atmosphere\titles\010096000B3EA000\exefs\ on the sd drive. (create the folders if they don't exist).
I haven't tested if this actually works yet but I'll let you know in a few hours. I might need layeredfs.
I forgot if you get a lot of errors installing pycrypto google Microsoft Visual C++ Compiler for Python 2.7 and install that.
First you need to get the keys to dump everything, so just follow this guide how-to-get-switch-keys-for-hactool-xci-decrypting
1. dumping the game from sd (skip this if you dump it from nand) I don't have a sd card reader on my pc but I was able to get around that.
Now you need to get the sdseed key.
Download a hex editor I downloaded HxD
Download hacdiskmount if you haven't already.
Download memloader.
Download tegrarcmsmash
Extract memloader files to the tegrarcmsmash folder.
Put switch in RCM mode and in cmd cd to the tegrarcmsmash folder and run TegraRcmSmash.exe memloader.bin --dataini=ums_emmc.ini
Run and open hacdiskmount. Open physical drive - linux ums
Double click on the system partition and a new window will pop up. Enter the BIS keys it asks for. Hit save system.bin and save it to your PC. (this will take 15 mins).
Turn off the switch and boot it back into RCM and run in cmd TegraRcmSmash.exe memloader.bin --dataini=ums_sd.ini
Windows should pop up with a external usb drive and you can browse the sd card on the switch from explorer. Browse to /nintendo/contents/ and copy the private file to your computer.
Open the hex editor and open the private file in it. Highlight and copy all the bytes in the file.
Open the system.bin file you dumped earlier in the hex editor and do a search->find and in the find window click on the hex values tab and paste the bytes you copied before into the search and hit ok.
It will find the values you pasted and the line of hex below that is your sdseed, so highlight and copy that and paste it into a text file and save it somewhere.
Go back to the sd card on the switch and go to /nintendo/contents/registered folder and look for a folder with a file in it with a size of 1.7gb named f5983d8f4951458e8f1413be7579e3f9.nca mine was 000000CB.
Edit: sorry I forgot to mention copy f5983d8f4951458e8f1413be7579e3f9.nca to your hactool folder. It will take about 10 mins.
In the cmd prompt cd to the folder with hactool.
Run this command hactool -t nax0 -k keys.ini --sdseed=your sd key here --sdpath=/registered/000000CB/f5983d8f4951458e8f1413be7579e3f9.nca f5983d8f4951458e8f1413be7579e3f9.nca --plaintext=out.nca
2. Now you need to get the titlekey for the game.
Search for and download get_ticketbins.py and get_titlekeys.py and release-python-script-to-generate-the-rsa_kek.
Download and install python 2.7 if you havent already.
In cmd prompt run pip install asn1
next run py -2 -m pip install pycrypto
Follow the guide on how to generate the rsa-kek, once you have that key right click on get_titlekeys.py and hit edit and find the line where it says rsa_kek=('XXXXXXXXX'), and replace the X's with the rsa-kek.
Now you need prodinfo.bin and 80000000000000e2 file.
Now you need to boot your switch back into rcm mode and load TegraRcmSmash.exe memloader.bin --dataini=ums_emmc.ini
Open up hacdiskmount and double click on prodinfo enter the keys it asks for and click save prodinfo.bin put it in your hactool folder.
Now double click on system. Enter the BIS keys it asks for. install driver for mounting. check read only. click mount.
Browse the new drive in windows and under the save folder copy 80000000000000e2 to your hactool dir.
In cmd cd to your hactool folder.
run py -2 get_ticketbins.py 80000000000000e2 it should dump a personal_ticketsblob.bin
now run py -2 get_titlekeys.py PRODINFO.bin personal_ticketblob.bin it will display some titleid's and title keys that go along with them. The titlekey we want is under the 010096000b3ea000 titleid. Copy that key.
now run hactool -k keys.ini --titlekey=titlekeyyoujustcopied out.nca --exefsdir=C:\temp\decrypted\ make sure you have a c:\temp\decrypted folder (or change it to what you want).
Now download nso2elf and elf2nso.
run nso2elf C:\temp\decrypted\main it should put out a main.elf in the same dir.
open the hex editor and open the main.elf file.
go to search and goto... and enter 8F9D0
It will jump to that location it should look like 08 00 00 12 change it to this 08 00 80 52
hit save.
in cmd run elf2nso C:\temp\decrypted\main.elf C:\temp\decrypted\main2
Either delete the original main or rename it to something else and rename main2 to main.
reboot switch to rcm mode and run TegraRcmSmash.exe memloader.bin --dataini=ums_sd.ini to mount the sd card in windows.
copy main to \atmosphere\titles\010096000B3EA000\exefs\ on the sd drive. (create the folders if they don't exist).
I haven't tested if this actually works yet but I'll let you know in a few hours. I might need layeredfs.
I forgot if you get a lot of errors installing pycrypto google Microsoft Visual C++ Compiler for Python 2.7 and install that.
Last edited by SliverSrufer,
