1. ThiagoDaruma

    OP ThiagoDaruma Member
    Newcomer

    Joined:
    May 12, 2020
    Messages:
    20
    Country:
    Brazil
    Hello everyone,

    Sorry if this subject is being discussed in some other post. I looked at many posts and followed several tutorials and was not successful.
    I bought a friend’s console with a blue screen, he didn’t have a backup of the NAND and had already tried to do some process that I don’t know.

    First of all i tried to get the biskey by TegraRcmGUI 2.6
    and got the following archive:
    biskey_problem.JPG

    here i believe it was my first mistake.

    I was following a tutorial on youtube on how to restore a bricked console.
    Without previous knowledge, I deduced that the keys were not working because I should follow the steps in the video (and I followed without making a backup of nand, boot 0 and boot 1)
    in the video the guy used etcher to replace Boot 0 and boot 1 for 5.1.0 firmware files, as he did in the video I made this replacement and following he tried to extract the BIS_keys again.
    again I got the same error as the image above and now my console doesn't even show the blue screen anymore, just a black screen (it doesn't even seem to turn on the backligth).

    the next steps in the video was to use the biskeys to access the folders on HacDiskMount so I stopped there very discouraged and started to research if there was any way to correct this error.
    I read some posts here on the forum and tried to use Lockpic_Rcm to try to get the biskeys and I just came across more errors.
    lockpick_rcm_erro.jpg

    So I researched and found this post here on the forum:
    gbatemp net threads keyblob-0-to-5-corrupted.548659

    I even tried to install the linkle to try the procedure described in the post but unfortunately I had several errors during the installation and I was unable to install (maybe I can try a few more times).
    sdsetup com biskeygen

    (I cannot post hyperlinks. new member )

    And as magic I got my biskeys, I went back to watch and try the tutorial to restore NAND on youtube and luckily the keys worked and I got access to the system folders and everything in HACDISKMOUNT.

    I followed the tutorial and replacing BCPKG2-1,2,3,4

    I entered the SAFE folder and as he said in the tutorial I needed to delete everything inside, there was only one file called PRF2SAFE.RCV I deleted it (I made a backup)

    In the SYSTEM folder there were 3 folders and the same hidden file PRF2SAFE.rcv (he made it very clear that I needed to delete this file in the system folder)
    something i realized was that in the video his SYSTEM folder had a file called "saveMeta" and in my case it didn’t exist, what did exist was a folder called Savemeta, inside the folder there were 6 more empty folders (I made a backup anyway )
    pasta save meta.JPG

    I deleted the content folder as he said and copied two new folders to the SYSTEM drive "content" and "save". after these steps I went to the Users folder and replaced everything with the files he made available in the video. (I backed up everything before deleting and replacing files, I also backed up the nand before trying the whole procedure, even if I had already replaced boot 0 and 1 at the beginning of everything).
    after all the procedure he started the console via Atmosphere.
    I tried to do the same but the atmosfere boot screen simply flashes and I have an infinite black screen.
    if i split the power button the screen will flash between black and the atmosphere boot image.
    if i try to start the console without hekate (original sysnand)
    I just have a black screen and it activates the auto rcm automatically (even if I disable it in hekate several times)

    I tried to start the atmosphere with icognito activated by a custom hekate and in this case I have the following screen:

    atmosphere icognito.jpg

    I really don't know what else to try. I hope someone here can read my case and help me with a possible solution.
    thank you in advance for your help!
     
    bombob likes this.
  2. bombob

    bombob Advanced Member
    Newcomer

    Joined:
    May 4, 2020
    Messages:
    90
    Country:
    United States
    As long as you have a good prodinfo you should be able to rebuild.Use memloader payload and nandxmanager to save an decrypted copy of the prodinfo and open it with a hex editor. If the first line says Cal0 on the far right side,you are good.And then check how many burnt fuses you have burnt

    Sent from my SM-N960U using Tapatalk
     
    ThiagoDaruma likes this.
  3. ThiagoDaruma

    OP ThiagoDaruma Member
    Newcomer

    Joined:
    May 12, 2020
    Messages:
    20
    Country:
    Brazil
    Thank you very much for your attention! I did the ProdInfo Dump, opened it in Hxd and yes the first line shows me CAL0 as well as the serial number in the 0x250 line also matches the Switch sticker.
    In the hekate show me that I have 12 burned fuses
     
  4. bombob

    bombob Advanced Member
    Newcomer

    Joined:
    May 4, 2020
    Messages:
    90
    Country:
    United States
    12 fuses means you need to restore 9.2.0
    Check your PM

    Sent from my SM-N960U using Tapatalk
     
  5. ThiagoDaruma

    OP ThiagoDaruma Member
    Newcomer

    Joined:
    May 12, 2020
    Messages:
    20
    Country:
    Brazil
    The bombob helped me a lot with some steps to restore the nintendo switch system.
    my prod.keys were corrupted and I downloaded others on the internet for firmware 9.2.
    my console has 12 burned fuses.
    some things have changed, the screen no longer flashes when the atmosphere starts, now the images of the atmosphere logo are fixed and right after I have the black screen again.
    I made the system Wipe and tried to start factory default.
    now the nintendo logo appears but after that the screen goes black again.

    does this happen because my keyblobs are corrupted? has something to do?
     
    bombob likes this.
  6. sylver78

    sylver78 GBAtemp Regular
    Member

    Joined:
    Oct 16, 2006
    Messages:
    110
    Country:
    France
    Haha we are in the same boat with crash after Nintendo logo, excepted that my keyblob are valid !
    Linkle is a command line application, you can get it from https://github.com/MegatonHammer/linkle/releases
    Take the version that corresponds to your operating system (macOS, Windows, Linux) then extract it ! There is nothing to install …
    Then you have to run it from the command line/terminal application !

    About the lockpick_rcm payload, are you injecting it from a computer ? At the first steps I thought that my keyblob were corrupt also but it was because I was running the lockpick payload using SXOS boot menu and this is causing lockpick to act strangely !
    Anyway if you fail to generate your encrypted_keyblob_x, just send me a private message with a dump of your boot0 and your keys and I’ll generate that for you and put it in your boot0 dump !
     
    ThiagoDaruma likes this.
  7. ThiagoDaruma

    OP ThiagoDaruma Member
    Newcomer

    Joined:
    May 12, 2020
    Messages:
    20
    Country:
    Brazil
    well I got my keyblob, but putting boot0 in HxD there is no key sequence
    KEYblob_key_00 = .... 180000
    keyblob_key_01 = .... 180200
    keyblob_key_02 = .... 180400
    keyblob_key_03 = .... 180600
    keyblob_key_04 = .... 180800
    keyblob_key_05 = .... 180a00

    the numbers above do not exist in the file hahaha
     
  8. KingPieter

    KingPieter Member
    Newcomer

    Joined:
    Jul 16, 2017
    Messages:
    16
    Country:
    Belgium
    Yeah I have the same problem, black screen after the Nintendo logo..
     
  9. ThiagoDaruma

    OP ThiagoDaruma Member
    Newcomer

    Joined:
    May 12, 2020
    Messages:
    20
    Country:
    Brazil
    checking Boot0.bin for versions 9.1 - 9.2 and 6.2 I realized that they all end at the maximum in 0017FFF0 and do not have the 0018000 line ahead.
    so would it be impossible to restore the keybloobs?

    I also tried a simple restoration for section 6.2 and when injecting fusee-primary.bin that came with the package I received the following message:
    "(error) Fatal error: (NXboot): keys derivation failed!"
    researching about the error a topic saying it was just insert the biskeys in the sd root.
    I tried but without success (Would it really be just playing the file biskey.txt in the root of the SD or would it have another way?)

    in the Unbrick package there is still a second attempt, with a Blank nand with all keys null.
    I was a little afraid to try this one, because if I change the console's biskeys, I certainly won't be able to try anything anymore.

    Any idea? would it be prudent to try this method?

    ps. Thanks for the help BomBob
     
  10. bombob

    bombob Advanced Member
    Newcomer

    Joined:
    May 4, 2020
    Messages:
    90
    Country:
    United States
    you cant change or delete the biskeys (its impossible) because they are from hardware.But prodinfo partition is the only thing that cant be rebuilt.Even Boot0 and Boot1 can be generated.but watch out not to delete your prodinfo

    if you have a valid backup I dnt know why its not booting. Maybe someone else could help you further or maybe you could find a similar thread here

    — Posts automatically merged - Please don't double post! —

    BTW I missed the part where you said the switch has BSOD
    Check this post
    https://gbatemp.net/threads/nintendo-switch-bsod-fix-reballing-emmc-soc-nvidia-tegra.563266/
     
  11. ThiagoDaruma

    OP ThiagoDaruma Member
    Newcomer

    Joined:
    May 12, 2020
    Messages:
    20
    Country:
    Brazil
    as soon as I got the switch it really had a BSO, but after the procedures it just didn't show up anymore. would it really be the case for reballing?
     
  12. bombob

    bombob Advanced Member
    Newcomer

    Joined:
    May 4, 2020
    Messages:
    90
    Country:
    United States
    Since you got to the logo its probably a corrupted nand that you need to rebuild.

    Sent from my SM-N960U using Tapatalk
     
  13. ThiagoDaruma

    OP ThiagoDaruma Member
    Newcomer

    Joined:
    May 12, 2020
    Messages:
    20
    Country:
    Brazil
    in this case, no reballing, correct? hahaha
    or would it be a valid attempt?
     
  14. sylver78

    sylver78 GBAtemp Regular
    Member

    Joined:
    Oct 16, 2006
    Messages:
    110
    Country:
    France
    I told you to send me your boot0 and prodinfo.keys, I'll update your boot0 with some valid keyblob !
     
    bombob likes this.
  15. bombob

    bombob Advanced Member
    Newcomer

    Joined:
    May 4, 2020
    Messages:
    90
    Country:
    United States
    Probably boot corruption

    Sent from my SM-N960U using Tapatalk
     
  16. ThiagoDaruma

    OP ThiagoDaruma Member
    Newcomer

    Joined:
    May 12, 2020
    Messages:
    20
    Country:
    Brazil
    could you teach me how to do it or send me a post explained how to do it? it would be good for me to learn in case I run into a similar problem again.

    when I use Linkle on prod.keys of the bricked switch it shows me only 31 lines and no encrypted_keyblob. I believe it is completely corrupted
     
    Last edited by ThiagoDaruma, May 17, 2020
  17. sylver78

    sylver78 GBAtemp Regular
    Member

    Joined:
    Oct 16, 2006
    Messages:
    110
    Country:
    France
    Just run linkle with your prod.keys as shown in every howto (linkle keygen -k prod.keys) and put the outputted encrypted_keyblob_0 - 5 in your boot0.bin at offsets 0x180000 / 0x180200 / ...
    That's as easy as that. If lockpick_rcm is not giving a complete enough key file, take one you'll find over the internet and add/replace your biskey in it.
     
    ThiagoDaruma likes this.
  18. ThiagoDaruma

    OP ThiagoDaruma Member
    Newcomer

    Joined:
    May 12, 2020
    Messages:
    20
    Country:
    Brazil
    ok, i was able to insert the keyblobs in my console and there really are no more corrupted keyblob errors. but something is still wrong. I'm sending a photo comparing the bricked switch and my functional switch.


    is there anything else i can restore in Boot0? apparently he can't read the titlekeys.

    Edit.
    I tried to run the atmosphere and sysnand and continue the nintendo logo and then the black screen.
     

    Attached Files:

    Last edited by ThiagoDaruma, May 17, 2020
  19. bombob

    bombob Advanced Member
    Newcomer

    Joined:
    May 4, 2020
    Messages:
    90
    Country:
    United States
    Seems like it cant access user saves but it should be able to boot with a clean installation

    Sent from my SM-N960U using Tapatalk
     
  20. ThiagoDaruma

    OP ThiagoDaruma Member
    Newcomer

    Joined:
    May 12, 2020
    Messages:
    20
    Country:
    Brazil
    to do this again I would have to delete all the files in the USER folder and in the SYSTEM folder leave only the 8X0120 file? leave original factory? I tried that. I also tried systemwipe.te but without success.

    or when you say clean install do you mean mattytrog unbrickpack with empty 6.2.0 firware?
     
Draft saved Draft deleted
Loading...

Hide similar threads Similar threads with keywords - bricked, whitout, Switch