Hacking [RCM Payload] Hekate - CTCaer mod

Lacius

Well-Known Member
Member
Joined
May 11, 2008
Messages
17,748
Trophies
2
XP
17,473
Country
United States
I ran into some errors using v1.1, and the rawnand.bin dump stopped at Part 12. I'll try a second time and see what happens.

Edit: Still no luck.
 

Attachments

  • IMG_20180504_163038.jpg
    IMG_20180504_163038.jpg
    73.5 KB · Views: 409
Last edited by Lacius,

CTCaer

Developer
OP
Developer
Joined
Mar 22, 2008
Messages
1,154
Trophies
0
XP
2,502
Country
Greece
I ran into some errors using v1.1, and the rawnand.bin dump stopped at Part 12. I'll try a second time and see what happens.

Edit: Still no luck.
Try to do some full error checking/repair to your sd card through windows (not linux).
It may have some bad sectors.
 

CTCaer

Developer
OP
Developer
Joined
Mar 22, 2008
Messages
1,154
Trophies
0
XP
2,502
Country
Greece
That didn't help, but I was able to make raw backups using other tools. Thanks.
Have in mind, that currently only my payload checks if the bytes were written in the SD card.
The other fail silently and continue without writing these bytes.

That means, that your backup is probably corrupt and less than 31,268,536,320 bytes. (That's why my version fails the whole backup if it can't write.)
Check it to make sure.

In order to try and fix your sd card, you need to do:
"format e: /fs:exFAT" (not quick format and fs can be changed with /fs:FAT32)
"chkdsk /f /r /x E:" (a simple check will not do)
Assuming that your sd card partition letter is E.

There are other tricks to avoid these sectors also. For example reaching them, and then in windows you write a 2GB file and leave it there. And the next time it will not try and write there.
 
  • Like
Reactions: fagnerkof

Jonacards

New Member
Newbie
Joined
May 4, 2018
Messages
2
Trophies
0
Age
24
XP
85
Country
Jamaica
samsung Evo+ 128 GB fat 32 "Failed to mount sdcard(make sure that it is inserted)" i don't know why this happens
 
Last edited by Jonacards,

Lacius

Well-Known Member
Member
Joined
May 11, 2008
Messages
17,748
Trophies
2
XP
17,473
Country
United States
Have in mind, that currently only my payload checks if the bytes were written in the SD card.
The other fail silently and continue without writing these bytes.

That means, that your backup is probably corrupt and less than 31,268,536,320 bytes. (That's why my version fails the whole backup if it can't write.)
Check it to make sure.

In order to try and fix your sd card, you need to do:
"format e: /fs:exFAT" (not quick format and fs can be changed with /fs:FAT32)
"chkdsk /f /r /x E:" (a simple check will not do)
Assuming that your sd card partition letter is E.

There are other tricks to avoid these sectors also. For example reaching them, and then in windows you write a 2GB file and leave it there. And the next time it will not try and write there.
Thank you for your reply. Before I tried the second time with your application, I did everything you suggested to my SD card, but I still received the above errors. However, using rajkosto's version, it successfully dumped my RawNand.bin, and it was 31,268,536,320 bytes. The dump also works properly with HacDiskMount.
 

CTCaer

Developer
OP
Developer
Joined
Mar 22, 2008
Messages
1,154
Trophies
0
XP
2,502
Country
Greece
samsung Evo+ 128 GB fat 32 "Failed to mount sdcard(make sure that it is inserted)" i don't know why this happens
Is your card a U3 sd card?
If yes, this is a known issue. I have working code, but it needs testing.

Thank you for your reply. Before I tried the second time with your application, I did everything you suggested to my SD card, but I still received the above errors. However, using rajkosto's version, it successfully dumped my RawNand.bin, and it was 31,268,536,320 bytes. The dump also works properly with HacDiskMount.
I checked the write filestystem code and it seems that in some cases, the cursor position moves, even when it fails to write. That's why your file size is correct.

Researching a bit for FatFS writing errors, all sources said that the error is actually fatal and you must try to write the file again and not retry (which seems normal, because it will make a bigger file than it should.).
So what is happening with rajkosto's version, is that it can't write to those sectors and they are left as they are. For example, if you have a file at the position where the error happened, it will be corrupt. Even though the image mounts correctly.

Because this is an important issue, we need to add mechanisms to overcome this (imagine this error happening in the MFT area, your whole partition will show up as corrupt).

Please, when you have time, test the attached version.
Like rajkosto's, it continues with the operation, but shows you the error code and a total of unwritten bytes.
So mark down the error code (if there are different ones, mark them all) and also how many bytes missed.

EDIT:
Use the v2 from below.
(V1 was the wrong payload...)

EDIT2:
Payload removed to not confuse users
Latest version adds the option to choose and continue (and potentially have a corrupt backup even if it mounts) or abort and try again from the last part right away
 
Last edited by CTCaer,

Jonacards

New Member
Newbie
Joined
May 4, 2018
Messages
2
Trophies
0
Age
24
XP
85
Country
Jamaica
Is your card a U3 sd card?
If yes, this is a known issue for hekate ipl and switch linux. I have working code, but it is halving the speed to 50MB/s. Keep an eye here for more news.

Yes is U3, but i have another sdcard "Samsung EVO 32gb U1" and the same thing happens :S
 

CTCaer

Developer
OP
Developer
Joined
Mar 22, 2008
Messages
1,154
Trophies
0
XP
2,502
Country
Greece
Yes is U3, but i have another sdcard "Samsung EVO 32gb U1" and the same thing happens :S

Nice, the more the merrier (from debugging point of view of course).
Use the attached payload and report back the last printed step you see Removed. It's now fixed in v1.2

Mine for example, stops at "[sd] after send if cond"
 
Last edited by CTCaer,

CTCaer

Developer
OP
Developer
Joined
Mar 22, 2008
Messages
1,154
Trophies
0
XP
2,502
Country
Greece
@Jonacards
So I have good news for you and everyone that uses Samsung SD Cards or from another vendor who writes whatever fake info on the sd cards registers.
The problem is that these cards, report support for low voltage of 1.8V but actually only support 3.3V.

I'll update the OP as soon as I finish with sd write error checking.
 
  • Like
Reactions: Jonacards

Maximilious

*whistles his distinct tune*
Member
Joined
Nov 21, 2014
Messages
2,570
Trophies
0
XP
1,824
Country
United States
@Jonacards
So I have good news for you and everyone that uses Samsung SD Cards or from another vendor who writes whatever fake info on the sd cards registers.
The problem is that these cards, report support for low voltage of 1.8V but actually only support 3.3V.

I'll update the OP as soon as I finish with sd write error checking.

Should we still use v1.1 or the fatal_error_v2 you posted yesterday (didn't see the debug one before starting the dump, whoops!)? I'm currently dumping with v2 in case of any error info to provide. I have a (should be) legitimate Samsung Evo SDXC 256GB, exFAT.

Edit - Update: fatal_error_v2 worked fine for me. Dumped my NAND in about 20 minutes. I'm dumping my second system now with a standard 32GB card and can tell it's taking much longer to dump due to write speed/format.
 
Last edited by Maximilious,

Lacius

Well-Known Member
Member
Joined
May 11, 2008
Messages
17,748
Trophies
2
XP
17,473
Country
United States
Is your card a U3 sd card?
If yes, this is a known issue. I have working code, but it needs testing.


I checked the write filestystem code and it seems that in some cases, the cursor position moves, even when it fails to write. That's why your file size is correct.

Researching a bit for FatFS writing errors, all sources said that the error is actually fatal and you must try to write the file again and not retry (which seems normal, because it will make a bigger file than it should.).
So what is happening with rajkosto's version, is that it can't write to those sectors and they are left as they are. For example, if you have a file at the position where the error happened, it will be corrupt. Even though the image mounts correctly.

Because this is an important issue, we need to add mechanisms to overcome this (imagine this error happening in the MFT area, your whole partition will show up as corrupt).

Please, when you have time, test the attached version.
Like rajkosto's, it continues with the operation, but shows you the error code and a total of unwritten bytes.
So mark down the error code (if there are different ones, mark them all) and also how many bytes missed.

EDIT:
Use the v2 from below.
(V1 was the wrong payload...)
I'll do this today.
 
General chit-chat
Help Users
  • No one is chatting at the moment.
    Elodain @ Elodain: yay I turned my Ps4 into a paperweight today because everyone insisted the exploit was stable.