Hacking [RCM Payload] Hekate - CTCaer mod

[CTCaer]

ive read the entire thing twice, also searched for words with package1, only mentioned once and thats in the tool word only.
sorry mate, not being lazy.
What is is for and is it included in the raw dump?

It's included in BOOT0. The package1 as separate files is only needed for RE and development in the early boot chain.
As OP says the full backup consists of BOOT0/BOOT1 and rawdump.bin.
Also in menu you can see the categories of Full, seperate general purpose partitions and misc.

EDIT:
Added the missing section in OP. thanks for reporting it.

 

[metaljay]

brill thanks

 

[Ty_]

Something I can't find an answer for, what's the difference between this and the one I've already been using for 5.0.2? It is just support for 3.x?

 

[CTCaer]

Something I can't find an answer for, what's the difference between this and the one I've already been using for 5.0.2? It is just support for 3.x?

It's more than 40 commits and 1700 lines difference in code.

But let's narrow them down for your use case.
If you made a backup with 5.x one, your backup is probably corrupt.
It clears the boot reason.
And also has full support for all sdhc and sdxc SD cards.

 

[Ty_]

It's more than 40 commits and 1700 lines difference in code.

But let's narrow them down for your use case.
If you made a backup with 5.x one, your backup is probably corrupt.
It clears the boot reason.
And also has full support for all sdhc and sdxc SD cards.

Thanks for the clarification

 

[mav2010]

Thank you for the great work! Dumping the NAND took less than 30 mins.

Maybe it is a dump question, but why is the TSEC key 3 all zeroes?

 

[CTCaer]

Thank you for the great work! Dumping the NAND took less than 30 mins.

Maybe it is a dump question, but why is the TSEC key 3 all zeroes?

Genuine question.

The TSEC keys are 3. Stage2 in boot loading needs a key for executing. Normally the 1st one is used.
The first key is HOVI_EKS_01
the second is HOVI_COMMON_01
and the 3rd is an empty key.

So that's why it's all zeroes.

(Hmm, I'll print the names from the keys in next version.)

 

[Pacote]

Whats the best way to test your nand dump....

I got in chunks with the 1.5.1 payload and used the joiner.

It opens fine with HacDiskMount

Is there any other way to check?

 

[Azel]

Thanks a million for this
I'm in the middle of dumping my 3.0.1 NAND ^^

 

[CTCaer]

Whats the best way to test your nand dump....

I got in chunks with the 1.5.1 payload and used the joiner.

It opens fine with HacDiskMount

Is there any other way to check?

Currently no. And Hacdisktool and every os that exist, does not know if a file is corrupt.
(I mean you can open the partitions if the file table is OK. But maybe a file is corrupt in its data.)

The only real way to check is verification in hekate.
But this one has its own problems:
Is a "2 handles on the same file" supported?
Another way is to do it after it's done. But how about the partial dumping on small cards?
I think the best way is at the end of each part or if partial dumping is disabled, when the file is finished dumping.
We'll see. It's a much needed feature. But I want to add a way to disable it also.

 

[Deleted member 420418]

Very nice tool.

 

[Ferris1000]

I’m on firmware 2.0, I launched the CFW and tried to launch the Homebrew menu but it crashes all the time (same like with the pegaswitch exploit).

I tried it with my 128gb SDXC card on exFAT and also with a fresh Formated 4gb SDHC card with exFAT and also with FAT32 but I always get the error code 2345-0021

I don’t know why this happen all the time, sometimes (1 of 10 tries) the error code doesn’t appear but then I have the same issue with starting a Homebrew (1 of 10 tries it the Homebrew starts).

It’s really Annoying because I don’t want to reboot 2 hours my switch before I can play one of my dumped gba rom on my switch.

If anyone know why this happen it would be nice for to know how to get the Homebrew menu to work without 2 hours of rebooting the switch

 

[CTCaer]

I’m on firmware 2.0, I launched the CFW and tried to launch the Homebrew menu but it crashes all the time (same like with the pegaswitch exploit).

I tried it with my 128gb SDXC card on exFAT and also with a fresh Formated 4gb SDHC card with exFAT and also with FAT32 but I always get the error code 2345-0021

I don’t know why this happen all the time, sometimes (1 of 10 tries) the error code doesn’t appear but then I have the same issue with starting a Homebrew (1 of 10 tries it the Homebrew starts).

It’s really Annoying because I don’t want to reboot 2 hours my switch before I can play one of my dumped gba rom on my switch.

If anyone know why this happen it would be nice for to know how to get the Homebrew menu to work without 2 hours of rebooting the switch

You chose the wrong forum for that. But anyway.

The error you got is LibnxError_BadGfxDequeueBuffer

If the crash comes from hbmenu go to https://github.com/switchbrew/nx-hbmenu and create an issue.
If the crash comes from the homebrew you selected in hbmenu go to the homebrew's site and create an issue.

 

[Pacote]

Currently no. And Hacdisktool and every os that exist, does not know if a file is corrupt.
(I mean you can open the partitions if the file table is OK. But maybe a file is corrupt in its data.)

The only real way to check is verification in hekate.
But this one has its own problems:
Is a "2 handles on the same file" supported?
Another way is to do it after it's done. But how about the partial dumping on small cards?
I think the best way is at the end of each part or if partial dumping is disabled, when the file is finished dumping.
We'll see. It's a much needed feature. But I want to add a way to disable it also.

In any case, will dump it later, join and compare to see if it matchesd with my currecnt dump

 

[CTCaer]

In any case, will dump it later, join and compare to see if it matchesd with my currecnt dump

Reminder: If you booted into Horizon OS in between, they will not match.

 

[Pacote]

Reminder: If you booted into Horizon OS in between, they will not match.

I didnt

Just forced shut downt holding power 10+ seconds then booted with the payload again

 

[CTCaer]

I didnt

Just forced shut downt holding power 10+ seconds then booted with the payload again

Never do that. The sd card remains mounted.
Always try to reboot or power off through the main menu.

 

[Ohex4455]

New version v2.0 released

Support for 3.0.1 and 3.0.2 is now here!

Check OP for change log and download link and also its guide.

Oh thank the lord! You're the man! Thank you so much.

May I ask why 3.0.1 and 3.0.2 were the only ones that weren't able to launch CFW up until now? I didn't quite get it

 

[Zumoly]

Hekate - CTCaer mod v2.0

Was thinking sleep mode had been implemented when I saw this.
Anyways thanks for your hard work and kindness.

 

[CTCaer]

Oh thank the lord! You're the man! Thank you so much.

May I ask why 3.0.1 and 3.0.2 were the only ones that weren't able to launch CFW up until now? I didn't quite get it

No one cared I believe. For myself, I had a crashing IDA pro.
But in the end, Ac_K pushed me to fix my IDA.

The funny thing is that 3.0.1/.2 have the same verification code with 3.0.0.
But this was not working, and I lost countless of hours before checking the earlier hekate commits better.
The keygen in hekate was missing an important line. -.-

Was thinking sleep mode had been implemented when I saw this.
Anyways thanks for your hard work and kindness.

Nah, without configuring a certain register, this can't happen. I have to check if atmo implemented that.

EDIT:
Yes they have it since who knows when. But it needs a more complete replacement. Not just 2 kip1s.
It necessitates using exosphere as secure monitor binary. And this may have more dependencies.
I will try though.