So, with a blank emmc and a emmc reader, I can clone the emmc and replace emmc in Mariko. Is that right?!
that's correct, you first clone the actual MMC then you modify it.
So, if it's possible change the emmc, why anyone think in change the firmware in emmc and that way not necessary a mod chip?!
That is just one thought.
on page 34 there is decrypted uf2 file, before that there is encrypted uf2 file that is probably working
But this is an ubuntu only version, I've heard about a working version that boot in HOS but restricted to an specific pico id. Is that the one you try to reverse / bypass or whatever ?
If you replace something in the boot chain sequence you break the signature and then the console will not work. That is precisely the purpose of the chip.
- Joined
- Dec 26, 2022
- Messages
- 95
- Trophies
- 0
- Location
- your router's unprotected root shell
- XP
- 170
- Country
send it my way as well if you don't mind. sorry for the inactivity, I've been kinda busy
Alright so obviously because @Tafty 's Switch is a Lite/Mariko, the BCTs in there are encrypted at a certain point.
Does anybody know if the BCTs are encrypted with the Mariko KEK or BEK? Or is it the custom key? If it is the custom key, where can I find the private key so that I can decrypt the BCT? AFAIK there's only the public key modulus in the BCT
Does anybody know if the BCTs are encrypted with the Mariko KEK or BEK? Or is it the custom key? If it is the custom key, where can I find the private key so that I can decrypt the BCT? AFAIK there's only the public key modulus in the BCT
nop, because the firmware is encrypted using the own console keys, that's why there is a tutorial for recreate a sysnand using a donor one
- Joined
- Dec 26, 2022
- Messages
- 95
- Trophies
- 0
- Location
- your router's unprotected root shell
- XP
- 170
- Country
looking through hwfly-nx and switchbrew wiki i can't help but notice that although the bct is supposedly encrypted, the mariko bct that hwfly-nx flashes is static, defined in mariko_bct.h. how would that work? are they all encrypted with the same key or what? i'd expect the encryption to be different from console to console. that's probably the case and i'm not understanding something
i'd expect the encryption to be different from console to console. that's probably the case and i'm not understanding something I have the leaked BootROM specification PDF for the Mariko, it says that the BCT (can) be encrypted with a BEK (boot encryption key), this key is OEM specific, i.e. Nintendo has their own.looking through hwfly-nx and switchbrew wiki i can't help but notice that although the bct is supposedly encrypted, the mariko bct that hwfly-nx flashes is static, defined in mariko_bct.h. how would that work? are they all encrypted with the same key or what?
So HWFLY-NX probably has encrypted their BCT with the leaked BEK, however they got it. This, however, means that every Mariko has the same BEK.
- Joined
- Dec 26, 2022
- Messages
- 95
- Trophies
- 0
- Location
- your router's unprotected root shell
- XP
- 170
- Country
would you mind totally not sending that pdf my way?
Post automatically merged:
although, i'm not getting the results i want.. maybe i'm just wack at decrypting or the key is bs
. anyone who wants to try, you might get it better than me , aes-256 cbc, iv is all zeroes as per (at least i think that's what it's saying) the pdf
Last edited by saladus,
What did you use to generate this output?would you mind totally not sending that pdf my way?
Post automatically merged:
although, i'm not getting the results i want.. maybe i'm just wack at decrypting or the key is bs
- Joined
- Dec 26, 2022
- Messages
- 95
- Trophies
- 0
- Location
- your router's unprotected root shell
- XP
- 170
- Country
the key? i got it from a link someone sent earlier in the thread. https://gist.githubusercontent.com/...b2612ab62998243ce5e7877496466cabb77f/tsec.txt
Similar threads
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
@
Psionic Roshambo:
I would have gotten away with it if it wasn't for those darn kids and that dog!!! -
-
-
-
