[RCM Payload] Hekate - CTCaer mod

Discussion in 'Switch - Exploits, Custom Firmwares & Soft Mods' started by CTCaer, May 1, 2018.

  1. Al79gigs

    Al79gigs Newbie

    Newcomer
    1
    Sep 29, 2018
    United States
    hello been out of the scene a bit, now back wolud like to link with someone with more understanding iam on fw 7.0.1 tryed new card and get [fatfa] error EXBMM - !!!!!HELP!!!!!
    old sd tell me no main can t copy or delete from old sd
     
  2. BaamAlex

    BaamAlex (*(vu64 *)0x1FF81100)

    Member
    5
    Jul 23, 2018
    Germany
    Your card should be mbr formatted. Not gpt.

    — Posts automatically merged - Please don't double post! —

    And Fat32 with 32k cluster size.
     
  3. Zap Rowsdower

    Zap Rowsdower I am you.

    Member
    6
    Jan 17, 2015
    Canada
    I don't go map findin' behindin'
    The new FatFS seems to have introduced some critical timing problems with any mSD extension cabling adapters. Just a heads up I guess.
     
  4. CTCaer
    OP

    CTCaer GBAtemp Maniac

    Member
    11
    Mar 22, 2008
    Greece
    Can you explain?
     
  5. Zap Rowsdower

    Zap Rowsdower I am you.

    Member
    6
    Jan 17, 2015
    Canada
    I don't go map findin' behindin'
    It's not that important and I'm sure a rare setup, but TF extension cabling like this one have worked fine with any FAT32 up until this new FAT FS implementation. System either now crashes or wildly misreports free space when accessing the card where 4.9.1 works perfectly fine booting and through ams Horizon. Hekate is just the first instance of it I've come across, and all it means is that I won't have the convenience of that anymore.
     
    Last edited by Zap Rowsdower, Apr 22, 2019
    tiliarou likes this.
  6. CTCaer
    OP

    CTCaer GBAtemp Maniac

    Member
    11
    Mar 22, 2008
    Greece
    Strange setup, but whatever.

    Do you have a discord?
    If yes PM me.
     
    tiliarou likes this.
  7. CTCaer
    OP

    CTCaer GBAtemp Maniac

    Member
    11
    Mar 22, 2008
    Greece
    hekate v4.10.1 is released!

    This is a hotfix version that rectifies the following:

    • Reverted 204MHz SD device clock
      Some U1 sd cards with Sandisk microcontroller misbehaved in this speed.
    • Some small QoL changes

    Check OP or HERE for changelog or more..[/SIZE]
     
    FunThomas, Ninn, hippy dave and 2 others like this.
  8. Nazosan

    Nazosan GBAtemp Fan

    Member
    5
    May 12, 2009
    United States
    I don't suppose, by any chance, you might consider including builds of flashable UF2 files for the various "modchips" (Trinket M0, SwitchMe, etc -- most, if not all, are essentially the same, so one file would fit most devices)? There's a pretty significant delay on getting updates. I realize it can chainload an update from a file on the SD card on every startup, but there are sometimes some important updates I really want built in even if the memory card becomes corrupted/is removed/etc. (Plus I'll admit it's a little bit an OCD thing that I want it to go straight into the current version rather than starting an older one and then loading the newer one from there.)
     
    Last edited by Nazosan, Apr 24, 2019
  9. CTCaer
    OP

    CTCaer GBAtemp Maniac

    Member
    11
    Mar 22, 2008
    Greece
    I also have that and I update my modchip. But no I can't do that.
    It's a pain to maintain every single one. Best scenario is to learn how you can create these images, after which you can just run a script and create a new image.
     
  10. Nazosan

    Nazosan GBAtemp Fan

    Member
    5
    May 12, 2009
    United States
    Well, I added an edit, but anyway, aren't the greater majority of those chips really just one basic chip? Eg, wouldn't it be one UF2 for almost all of them? I'm sure there's one or two that are different, but it isn't that big of a deal to just do the most common one.

    Honestly, I tried before and failed. Maybe there's a better source, but for now I've been having to go to the SwitchMe GitHub where they have UF2s, but they are always a bit behind.
     
  11. CTCaer
    OP

    CTCaer GBAtemp Maniac

    Member
    11
    Mar 22, 2008
    Greece
    The chip is the same. Not the board and pinout cfg. Plus any tweaks.

    If only chip would matter, we would have L4T in switch since ever.
    So no. There's no "one fit all" solution. Neither I have the time to invest on finding what the differences are.
     
  12. Nazosan

    Nazosan GBAtemp Fan

    Member
    5
    May 12, 2009
    United States
    Oh no, I think there is some misunderstanding? With the UF2 files it's the same regardless of the PCB. All it does is give it instructions on a payload to deliver (and most are really the same chip more or less, so same instructions and nothing special needed in the payload on a per-chip basis.) For instance, I've personally used the same one on both the Trinket M0 and the SwitchMe. A number of those "modchips" are almost literally the same thing with the biggest differences really just being that the SwitchMe doesn't have a USB port to have to remove and has nice easy solder points instead of having to use the legs for the USB port.

    EDIT: I guess maybe there are more than I thought. I honestly think Trinket is probably the most common -- it's certainly one of the most available and cheap on its own, plus of course there's the Switchme -- but I could be wrong.
     
    Last edited by Nazosan, Apr 24, 2019
  13. angelo_

    angelo_ Member

    Newcomer
    1
    Apr 23, 2019
    Brazil
    Hello,

    I am new to the Switch hacking scene and I still have some doubts.
    Is it possible to the Switch always to boot to the Hekate menu without needing an external payload sender?
     
  14. Hayato213

    Hayato213 GBAtemp Guru

    Member
    11
    Dec 26, 2015
    United States
    Only if you installed an internal modchip.
     
    angelo_ likes this.
  15. angelo_

    angelo_ Member

    Newcomer
    1
    Apr 23, 2019
    Brazil
    Do you think in the future it will be possible without a modchip?
     
  16. Hayato213

    Hayato213 GBAtemp Guru

    Member
    11
    Dec 26, 2015
    United States
    With the Modchip and AutoRCM, when the unit cold boot it boots the switch into RCM, with Hekate as the payload on the chip it loads up Hekate. When there is a permanent CFW you can reboot from CFW into the Hekate, the bootloader. There are warm boot exploit coming for the patched unit, if they managed to turn that into a permanent CFW then it would give you access to Hekate.
     
    Last edited by Hayato213, Apr 24, 2019
    angelo_ likes this.
  17. angelo_

    angelo_ Member

    Newcomer
    1
    Apr 23, 2019
    Brazil
    I am thinking on doing the following:
    - Install a modchip with hekate
    - Install atmosphere when emunand comes out
    - Make it always boot to hekate, so I can choose
    - Stock fw for online play
    - CFW for emulators
     
  18. Hayato213

    Hayato213 GBAtemp Guru

    Member
    11
    Dec 26, 2015
    United States
    If you are good at soldering, then go ahead go for it, look for the Trinket M0 Chip if you got an unpatched unit. Anyway about the permenant CFW I meant once they figure out how to get that, you wouldn't need a dongle to boot into CFW. A mod chip is somewhat coldboot as it boot up hekate, and you have autoboot set it boot the specified CFW.
     
    angelo_ likes this.
  19. Nazosan

    Nazosan GBAtemp Fan

    Member
    5
    May 12, 2009
    United States
    I would definitely recommend the SwitchMe (or if there are any other official Switch "modchips" like it one of the others is probably fine too as they're probably all about the same.) If you get a Trinket M0 you have to remove the USB port to fit it inside the case which is quite a lot of trouble if you don't have a full desoldering station (I don't and I'm willing to bet you quite a lot of money that this person does not either.) As I was saying earlier, it uses the same chip as the Trinket M0 (a lot of devices use that same chip) so you can use the same files, just it has no USB port on it and has really huge easy to get to solder points.

    There is a software exploit, but you're jumping through a bunch of hoops every time you boot the system to get it to CFW and it has a lot of disadvantages. If your system can do RCM this is the best possible way to do it. I don't know if permanent CFW is really on the horizon. The system's own boot signature checks aren't actually bypassed by any existing methods -- RCM just manually bypasses the system's normal boot method. But as long as you're using RCM to do it you have to have something send a payload. A completely different exploit than any we're currently using would be needed to do something equivalent to the 3DS' B9S or A9LH (though I would definitely love it if someone out there is actually working on such a thing, to the best of my knowledge none have been found at this time -- and if they have they probably won't release the info for a long time to ensure the maximum number of units possible are exploitable.)

    All that said, if you do a "modchip" it won't make a whole lot of difference to you. It's almost as convenient as having a true permanent CFW. There are only a few minor disadvantages like that if you have a USB cord plugged in on startup it may not deliver the payload properly to the system, so you have to disconnect it and reset the chip (push in on the case where the chip's reset switch is assuming it hasn't been removed for some reason) or force the Switch off (hold power for quite a few seconds) and back on.


    Anyway, the internal chip is actually really easy to install if you get properly small wires to do it with. Just get magnet coil wire which is really thin and has a sort of painted on insulation and then it's really easy to work as long as your iron has a decent fine tip. I suggest using a bit of double-sided tape to hold the wire along a fairly fixed path so they don't move around. (I'll admit I'm a bit paranoid about that super thin insulation, but probably there's nothing to worry about there. That said though, if the wire moves around a lot it could potentially break loose or get into something such as the cooling fan over a long enough period of time. So I put down a bit of tape and run the wire fairly carefully to make sure it will hold up a good long time.)
     
    Last edited by Nazosan, Apr 24, 2019
  20. almmiron

    almmiron GBAtemp Regular

    Member
    4
    Jan 9, 2012
    Brazil
    i'm on 8.0.1. Bought from a friend a second hand unpatched unity <july 2018 and was never hacked before. So, i've bought the dongle rcm loader from xkit, and downloaded hekate payload but it wont inject. Hekate allegedly supports 8.0.1, but i dont see hekate screen loading up when it should
     
Loading...