@bth , about nocntchk patch. For 19.0.0 exfat now it is patched at 745a0, but there are 2 other checks for the same flag, that produces the same error code: at 75498 and 7551c. Why 1st one so special, so it need to be patched and 2nd and 3rd ones should not?
@bth , about nocntchk patch. For 19.0.0 exfat now it is patched at 745a0, but there are 2 other checks for the same flag, that produces the same error code: at 75498 and 7551c. Why 1st one so special, so it need to be patched and 2nd and 3rd ones should not?
tl:dr 745a0 BL -> mov x0, xzr to cause zero to be passed down into this chain:
brown colored function is the header signature check, which performs the check if a non-zero result is passed to the function.
(mov x0,xzr sets x0 to 0 and x0 is what is passed down into that functon call/branch loader/ "BL")
nintendo has done this code this way, because this function is called repeadetly, and if a prior call of function has returned zero, it is passed down and skips the check.
patching to mov x0, xzr at that bl/function call/branch loader forces the "skip" condition.
Post automatically merged:
In other words, 745a0 is sacrificed to force zero to be passed for when BL 76ac0 is called, as 76ac0 is what actually checks the signature, or skips if zero is passed through x0.
@bth , I do understand code flow of this function. I am asking about 2 other places: 75498 and 7551c. Both of them are absent in your pictures and are part of another function, called in some other case. My question - why that places shouldn't be patched?
Hey so I stupidly updated to 19.0.0 without thinking and now even with hekate and atmosphere updated with the sig patches and running an Archive Bit Fix, I still get a fatal error 0xffe when attempting to load atmosphere from package3. Running from fusee seems to work but does not let me choose to boot semi-stock. inexplicably, running package3 to emummc works just fine. I -would- just stick with running using fusee, but several of my games won't let me play unless i install an update, and since it's blocked from updating i'm stuck doing nothing.
I'd very much appreciate some help unless this isn't the place to ask for it.
@bth , I do understand code flow of this function. I am asking about 2 other places: 75498 and 7551c. Both of them are absent in your pictures and are part of another function, called in some other case. My question - why that places shouldn't be patched?
tl:dr as highlighted with images above, the actual function loading the signature modulus for verification is called there with x0 as a parameter.
the other offsets/functions you reference do something else.
we care about the return value of this function, and it should be ret 0.
other functions example: 75498; bl FUN_71001517c
which is just ldrb w0, x0, ret, doesn't have much to do with anything really
just as example the "75498; bl FUN_71001517c" is called from within function 75410, and eventually leads to 743f0 which is where 745a0 is.
now why would you patch up there, or down here, or why not all places?
we patch 745a0 to control outcome of where problem is, no reason to go out of way 5 functions deep ahead when we can just ensure zero at the specific arm instruction we need.
while you can end the call chain and ret 0 already in function 75410 that is bad behavior, as this is FS- File System, it loads nca into memory and such, obvious stuff, interrupting with how that works bad.
Post automatically merged:
very obvious upon inspecting pseudocode why not to mess with before functions. and logically, a function checking header signature obviously does not do anything but verify signature.
similarily, the function which calls for result from 743f0 (fun 722a0) returns the value of 743f0 to 76634.
we could also just do this, as uvar5 is the return of 743f0 (which we change the outcome of by patching mov, x0, xzr
changing 7235c to mov, w0, wzr from mov, w0, w21 should have same effect.
in 722a0 which is the function that works with the result of 743f0 this is exactly what uses the value.
15174c / 151768 / 662f0 becomes ran if 743f0 returns zero, does not if return 1, which is why to patch function 743f0 and not 722a0 (patching 722a0 in addition would eliminate other fail conditions, but eh)
15174c is an external service call to what im guessing is spl or ncm
151768 is just instruction mover
662f0 is essentially just a check for zero
all of this information boils down to that 745a0 must be patched to return zero so that the function itself returns zero for the codepath below in 722a0, otherwise that function call to external function isn't made.
Are you sure you're finding anything? Becuase the function call which is related to function 743f0 (745a0) is 7550c, not
75498 or 7551c (this one is 0x10 wrong, but close enough)
75498 doesn't have much to do with anything of interest.
7551c also doesn't have much to do with anything of interest
both are just x0 to w0 loaders
if you are confused, 745a0 is patched not because it's loading x0 to w0 loader, it's patched to force zero to x with mov x0, xzr (zero to x0) so that the check is bypassed, and the function call itself is worthless, so nice place to sacrefice the call to force zero
for 7551c specifically, zero comes out there down where the value that is being compared is derived from (ultimately function 743f0)
like sure you could patch 1517c4 to be mov, w0, wzr instead of placing mov x0, xzr at 745a0, and instead of patching 3 BL's since this function is what is called, and all it does is load x0 into w0 for then to be called into a zero check
the reason i didn't implement a pattern for 1517c4 is because exfat/fat32 different in that region, and it's surrounded by other various loader functions, which while not impossible to just instruction pattern search, is more of hassle than 745a0
@bth: Thanks for all these explainations, it's far from my comprehension but it's intresting to have some informations on how things work so thanks again to share your knolages with us.
Hi, I still have the error when i try to connect to internet. I have done an complete reinstallation from 0 of my hacked switch with the HATS 1.8.0 prerelease v1.2 pack and i still have this problem. Can someone look into it ?
Hi, I still have the error when i try to connect to internet. I have done an complete reinstallation from 0 of my hacked switch with the HATS 1.8.0 prerelease v1.2 pack and i still have this problem. Can someone look into it ?
Latest sys-patch 1.5.4 has nim prodinfo fix included so it should fix that error you're having. Make sure to reboot after you copy the files over to your SD card.
Latest sys-patch 1.5.4 has nim prodinfo fix included so it should fix that error you're having. Make sure to reboot after you copy the files over to your SD card.
From what I can see here, the program ID matches the one for NPNS services, used for Push Notifications. Not really sure what else you can do about that.
Do you have DNS MITM set up? If not, try that as well.
If that doesn't work, make a backup of your atmosphere and bootloader folders just in case something goes wrong and remove them afterwards from your SD card. After that, download the latest fresh Atmosphere and Hekate from their official repositories. While you're at it, you'll need a new hekate_ipl.ini which you can grab from the sigpatches thread, as well as latest sys-patch. After that, put the SD card back into your PC, launch RCM mode and send the latest fusee.bin payload and, hopefully, it'll work this time around.
Ultimately, I'd check if the SD card is faulty or not with h2testw and see if that's the issue. If you can boot into stock firmware, I'd start from scratch by following the NH Switch guide and install the latest firmware, sys-patch and set up DNS MITM.
The forwarder part of your problem is related to a kernel change in 19.0.0+, you have to obtain new forwarders complying with debug flag change in kernel.
the other half is you have sysmodules that exist in /atmosphere/contents/ that are outdated and need to be removed completely (all of them), and reobtain newer versions (if they exist)
From what I can see here, the program ID matches the one for NPNS services, used for Push Notifications. Not really sure what else you can do about that.
Do you have DNS MITM set up? If not, try that as well.
If that doesn't work, make a backup of your atmosphere and bootloader folders just in case something goes wrong and remove them afterwards from your SD card. After that, download the latest fresh Atmosphere and Hekate from their official repositories. While you're at it, you'll need a new hekate_ipl.ini which you can grab from the sigpatches thread, as well as latest sys-patch. After that, put the SD card back into your PC, launch RCM mode and send the latest fusee.bin payload and, hopefully, it'll work this time around.
Ultimately, I'd check if the SD card is faulty or not with h2testw and see if that's the issue. If you can boot into stock firmware, I'd start from scratch by following the NH Switch guide and install the latest firmware, sys-patch and set up DNS MITM.
Like i said, i have done a clean install from 0 of my sd card with the latest HATS pack. DNS MITM is set up, I have latest sigpatches and sys patch. My switch was working flawlessly until i update my switch from 19.0.0 to 19.0.1 and now I can't connec to internet without it crashing...
Like i said, i have done a clean install from 0 of my sd card with the latest HATS pack. DNS MITM is set up, I have latest sigpatches and sys patch. My switch was working flawlessly until i update my switch from 19.0.0 to 19.0.1 and now I can't connec to internet without it crashing...
Ok so i found what the problem was. My emummc and sysmmc software versions were not the same. I found a 19.0.1 firmware version to update to and now the problem is solved.
Im sorry for losing everyone's time
Ok so i found what the problem was. My emummc and sysmmc software versions were not the same. I found a 19.0.1 firmware version to update to and now the problem is solved.
Im sorry for losing everyone's time
I'm glad that you managed to fix it. ^^ While my emuMMC is usually the latest available, my sysMMC is still on 16.1.0 or something like that (that's the firmware it had on it when I bought it). No worries, I'm no expert so I try to help however I can, even if it is a moral support only. ^^ Have fun.
Over two decades ago, a small company by the name of Bleem! appeared and offered a unique product in the gaming market, the ability to play PlayStation games outside...
With the Nintendo Switch being such a runaway success, and having a successor console on the way, it looks like an old rival might be throwing their hat back into the...
Another beloved classic from the 5th Generation of videogame consoles is getting a native PC port. This time, the famous on-rails shooter for the Nintendo 64, Star...
Nintendo has a surprise drop for Nintendo Switch Online subscribers. A classic Game Boy title has landed on the service tonight, in the form of Donkey Kong Land. Only...
Popular Nintendo DS emulator melonDS has seen some major additions in a brand new release. Making the milestone jump from the previous v0.9.5, this new version is...
The Nintendo Switch is at the end of its lifecycle, but especially so in China. After what will have been six years of service, the Nintendo Switch eShop will be...
A new update for Cemu has been released. Though it is still currently in pre-release form, this 2.4 version fixes a few bugs, including one that did not allow users...
Launching today is Dragon Quest III HD-2D Remake. This entry to the Dragon Quest franchise is chronologically the first in the “Erdrick Trilogy" and has been remade...
Today, digital storefront GOG has announced the GOG Preservation Program as a continuation of its committment to preserve and restore classic video games. With this...
Half Life 2 is one of the highest praised videogames of the new millennium, and many people worldwide have fond memories of the game, with many still replaying it and...
With the Nintendo Switch being such a runaway success, and having a successor console on the way, it looks like an old rival might be throwing their hat back into the...
Another beloved classic from the 5th Generation of videogame consoles is getting a native PC port. This time, the famous on-rails shooter for the Nintendo 64, Star...
Over two decades ago, a small company by the name of Bleem! appeared and offered a unique product in the gaming market, the ability to play PlayStation games outside...
The Nintendo Switch is at the end of its lifecycle, but especially so in China. After what will have been six years of service, the Nintendo Switch eShop will be...
Nintendo has a surprise drop for Nintendo Switch Online subscribers. A classic Game Boy title has landed on the service tonight, in the form of Donkey Kong Land. Only...
Launching today is Dragon Quest III HD-2D Remake. This entry to the Dragon Quest franchise is chronologically the first in the “Erdrick Trilogy" and has been remade...
Today, digital storefront GOG has announced the GOG Preservation Program as a continuation of its committment to preserve and restore classic video games. With this...
A toy company managed to completely dismantle an indie game storefront, according to Itch.io, whose website was down for half a day after an automated system disabled...
The Game Awards are taking place later today, and as always, you can expect to see some game announcements made during the show. This year, however, there's a little...
December 4th is synonymous to Dragon Age Day to Dragon Age fans and BioWare is celebrating the event this year by releasing a free Character Creator. This standalone...
@kijetesantakalu042, Nile Red seems to always start his videos with "Okay, so today" and "A few days ago". It gets pretty annoying when he re-uses the same sentences but tweaks it a little bit to make it in line with the topic.