Hacking SWITCH NOOB PARADISE - Ask questions here

[bupeapoop]

So I followed this RCM Loader Guide HERE in this video and I got all the Atmosphere and Hekate payload bin files copied across. Hekate is in the ATMOSPHERE folder and Atmosphere (fusee.bin) is currently in the USER1 profile. According to this guide in the image below, the yellow light indicates the USER1 profile.

The issue I'm having is cycling through each LED / Folder name. The instructions set the following:

How to show current payload:
Click the button + to show the current payload (LED flash twice).

// When I do this, it currently shows the Blue LED Colour

How to change build-in payload :
Hold the button + to jump to the next payload (LED flash 4 times).

// When I do this, it currently shows the Green LED Colour

For whatever reason though, I'm unable to cycle through LED/Folders. It seems to be stuck on Blue and refuses to the next colour on the list which should be Red.

Am I doing something wrong? The device was fully charged overnight and should be working fine.

 

[binkinator]

Oh yeah, how am i able to connect using online? can you break that down for me please?
both online play & just simply accessing the homebrew shop. Too scared to change my DNS settings back to automatic. Lol, it's manually set to not connect to anything right now. Don't want to get banned after seeing the light finally from this tunnel. haha. ill wait for your reply. Thanks man!

So glad you’re sorted!

Going online is dangerous because of the possibility of bans. You can mitigate, but not eliminate, the risk. The way I and many other do so is through exosphere which is a built in module of atmosphere. It blocks the well known Ninty telemetry servers (ala 90DNS but locally) and, in the event of a leak beyond that, it also blanks out your Prodinfo (ala Incognito). This is pretty solid protection in my mind. You will need to assess the risks and decide for yourself.

Theres a ton of info about everything you need to hack a switch here: https://rentry.co/SwitchHackingIsEasy

You’ll find the following section to set up exosphere…

• Create the file exosphere.ini in the root of your SD card and paste this inside (this step is needed in order to blank your prodinfo so that you can avoid getting your switch banned):
  

  1 2 3 4 5 6 7 8 9 10 11

  [exosphere] debugmode=1 debugmode_user=0 disable_user_exception_handlers=0 enable_user_pmu_access=0 blank_prodinfo_sysmmc=0 blank_prodinfo_emummc=1 allow_writing_to_cal_sysmmc=0 log_port=0 log_baud_rate=115200 log_inverted=0

• Afterwards create a file named default.txt in /atmosphere/hosts/ (the hosts folder won't exist, so make sure to create it)
  and paste this in your default.txt file (this step is prevents you from connecting to Nintendo's servers):
  

  1 2 3 4 5 6

  # Block Nintendo Servers 127.0.0.1 *nintendo.* 127.0.0.1 *nintendo-europe.com 127.0.0.1 *nintendoswitch.* 95.216.149.205 *conntest.nintendowifi.net 95.216.149.205 *ctest.cdn.nintendo.net

 

[binkinator]

So I followed this RCM Loader Guide HERE in this video and I got all the Atmosphere and Hekate payload bin files copied across. Hekate is in the ATMOSPHERE folder and Atmosphere (fusee.bin) is currently in the USER1 profile. According to this guide in the image below, the yellow light indicates the USER1 profile.


The issue I'm having is cycling through each LED / Folder name. The instructions set the following:

How to show current payload:
Click the button + to show the current payload (LED flash twice).

// When I do this, it currently shows the Blue LED Colour

How to change build-in payload :
Hold the button + to jump to the next payload (LED flash 4 times).

// When I do this, it currently shows the Green LED Colour

For whatever reason though, I'm unable to cycle through LED/Folders. It seems to be stuck on Blue and refuses to the next colour on the list which should be Red.

Am I doing something wrong? The device was fully charged overnight and should be working fine.

update the firmware on your RCM Loader to the latest and try again.

https://www.xkit.xyz/support/

they have a second download on the same page with relatively recent payloads that are known good. You can test with those and replace with yours once you’ve confirmed it works again.

 

[Toa_235]

hey guys, so i could use a teensy bit of help, I have quite a bit of experience with unpatched V1s, been sourcing and reselling them locally for years and only now for the first time i came across a "potentially patched" one which has a modchip, it came on 13.2.0 and it has something called neptune installed and it boots into it automatically. By what the seller told me the console could actually have sx core inside since he had it for about 3 years set ut as it is...

BUT it has a problem or two, first thing is that when it's on sleep the battery drains in a matter of couple hours... charging time to 100% seems normal by my experience with the v1s i've dealt with and handheld idling in botw gets about 2.5 hours of screen time, so my guess is it's not a problem with the battery.... I'm going to try connecting it to a battery from an another system i have on hand to test the battery further.

Also the guides i see online the sd setup and github guide seem to circle around ofw 4.0.0 being the base to start the mod and this console is updated to 13.2.0 and has no emummc, sysnand only. So i'm not very certain about rebuilding the sd card, booting hekate to try battery calibration etc etc.... best regards

 

[binkinator]

hey guys, so i could use a teensy bit of help, I have quite a bit of experience with unpatched V1s, been sourcing and reselling them locally for years and only now for the first time i came across a "potentially patched" one which has a modchip, it came on 13.2.0 and it has something called neptune installed and it boots into it automatically. By what the seller told me the console could actually have sx core inside since he had it for about 3 years set ut as it is...

BUT it has a problem or two, first thing is that when it's on sleep the battery drains in a matter of couple hours... charging time to 100% seems normal by my experience with the v1s i've dealt with and handheld idling in botw gets about 2.5 hours of screen time, so my guess is it's not a problem with the battery.... I'm going to try connecting it to a battery from an another system i have on hand to test the battery further.

Also the guides i see online the sd setup and github guide seem to circle around ofw 4.0.0 being the base to start the mod and this console is updated to 13.2.0 and has no emummc, sysnand only. So i'm not very certain about rebuilding the sd card, booting hekate to try battery calibration etc etc.... best regards

crack open the back and see what type of hardware mod is in it. If could be a trinket m0 installed without removing the capacitor/led that’s always on and draining the battery.

More info and what to look for here: https://gbatemp.net/threads/interna...ybitsy-m0-express-guide-files-support.508068/

 

[chrisnasah]

update the firmware on your RCM Loader to the latest and try again.

https://www.xkit.xyz/support/

they have a second download on the same page with relatively recent payloads that are known good. You can test with those and replace with yours once you’ve confirmed it works again.

Guys, quick question related to this, how is this RCM loader different to the SX OS dongle? I am currently using SX OS dongle to load Hekate after migrating away from SX OS.

I am able to get this loader cheaply but wondering if there is any benefit if i already have the SX OS dongle.

Thanks

 

[binkinator]

Guys, quick question related to this, how is this RCM loader different to the SX OS dongle? I am currently using SX OS dongle to load Hekate after migrating away from SX OS.

I am able to get this loader cheaply but wondering if there is any benefit if i already have the SX OS dongle.

Thanks

They are different but serve the same purpose. No need to switch unless you want to. To “change payloads” with an SX dongle you don’t change the dongle payload like you do an rcm loader above. You change the “boot.dat” file that the default SX dongle looks for on the sd card using a tool like this: https://sx-boot-dat-creator.herokuapp.com
(simply upload hekate.x.x.x.bin or fusee.bin and receive a boot.dat file conversion to replace the boot.dat in the root of your SDCard)

 

[chrisnasah]

They are different but serve the same purpose. No need to switch unless you want to. To “change payloads” with an SX dongle you don’t change the dongle payload like you do an rcm loader above. You change the “boot.dat” file that the default SX dongle looks for on the sd card using a tool like this: https://sx-boot-dat-creator.herokuapp.com
(simply upload hekate.x.x.x.bin or fusee.bin and receive a boot.dat file conversion to replace the boot.dat in the root of your SDCard)

Thanks makes more sense now

 

[Toa_235]

crack open the back and see what type of hardware mod is in it. If could be a trinket m0 installed without removing the capacitor/led that’s always on and draining the battery.

More info and what to look for here: https://gbatemp.net/threads/interna...ybitsy-m0-express-guide-files-support.508068/

it says switchme
all components except the diagonal chip are pretty toasty after holding a finger down on them for a couple seconds, but i can remove this, it's just an injection trinket right ?

 

[binkinator]

it says switchme
all components except the diagonal chip are pretty toasty after holding a finger down on them for a couple seconds, but i can remove this, it's just an injection trinket right ?

Yup. This is exactly what you wanted to see. You have the infamous 4 wire install that’s always on. If you read through the thread I linked there is probably a way to avoid the constant 3.3v drain. I don’t use a switchme but it’s the same as a trinket for the most part.

Bottom Line: If you dont want to fix the mildly annoying power drain (and not have a cold boot hacked V1) and just want bone stock boring Hekate/Atmosphere then YES, you just remove the wires (carefully…those solder points are extremely delicate!!!) and you’re back to stock. You could technically just unsolder the 3v line (much easier) at the pad you can see and put some shrink wrap on wire and just let the next person know it’s all wired up should they want to use coldboot. (People pay a lot of money to get this done to their switch…it‘smvery nice to never have to fiddle with jigs and injectors.)

edit: looks like the original author (https://github.com/Aboshi/SwitchME) notes the old method of wiring is always on and will drain power (so always keep it in the charger…)

Wiring Diagrams: Check wiring dir 4_wire_always_on (Do not use this method any longer) Leaving it in the git for reference only 4_wire_on_at_powerup (when used with auto rcm you will get instant bootup to whatever you flahed the SwitchME with) We highly suggest CTCaer payloads! More diagrams will be added soon with auto rcm line strapping, emmc cutoff (another auto rcm) and many others.

Here’s the full wiring methodology…

 

[ganons]

Can switch sports be played on a banned console?

 

[Haxolatolhacks]

What partition, emummc, rawgpp, etc contain the user accounts. Would I be able to know the nickname of the user accounts by using a 3rd party application?

 

[binkinator]

What partition, emummc, rawgpp, etc contain the user accounts. Would I be able to know the nickname of the user accounts by using a 3rd party application?

i have to wonder what you might be doing where you couldn’t just turn the switch on and look?

Regardless, here are some details that scratch the surface of how the file system is laid out:

https://switchbrew.org/wiki/Flash_Filesystem

Once you know where you want to look you can use hactool to decrypt things: https://github.com/SciresM/hactool

edit: NXNandManager will probably be helpful as well: https://github.com/eliboa/NxNandManager

edit2: I keep remembering things. Hacdiskmount might be helpful in your search as well: https://switchtools.sshnuke.net/

I’m not going to pretend I know all the ins and outs and am just going to throw you off the deep end here and see if anyone else has more information for your specific user account question.

 

[Haxolatolhacks]

i have to wonder what you might be doing where you couldn’t just turn the switch on and look?

Regardless, here are some details that scratch the surface of how the file system is laid out:

https://switchbrew.org/wiki/Flash_Filesystem

Once you know where you want to look you can use hactool to decrypt things: https://github.com/SciresM/hactool

edit: NXNandManager will probably be helpful as well: https://github.com/eliboa/NxNandManager

edit2: I keep remembering things. Hacdiskmount might be helpful in your search as well: https://switchtools.sshnuke.net/

I’m not going to pretend I know all the ins and outs and am just going to throw you off the deep end here and see if anyone else has more information for your specific user account question.

Used this video to fix my switch. Trying to figure out how to get my old purchase receipts from some years ago. Since the Switch is now wipe is it impossible? I have all the emmcrawgpp and other stuff.
Edit: thank you so much, I will definitely see if it is possible to find my old nicknames as well as emails(if its possible).

 

[binkinator]

Used this video to fix my switch. Trying to figure out how to get my old purchase receipts from some years ago. Since the Switch is now wipe is it impossible? I have all the emmcrawgpp and other stuff.
Edit: thank you so much, I will definitely see if it is possible to find my old nicknames as well as emails(if its possible).

You would have to be hacked to get this far, and if that’s the case, why not just download whatever replacements you’d like and call it a day? Just saying it seems like quite a bit of trouble that’s easily circumvented…

 

[Haxolatolhacks]

You would have to be hacked to get this far, and if that’s the case, why not just download whatever replacements you’d like and call it a day? Just saying it seems like quite a bit of trouble that’s easily circumvented…

Yeah man, I am done with this shit tbh. I have enough info on the nintendo account to get my compromised accounts back.(like 30 minutes ago) I am just going to add a liquid metal and cooling mod and call it a day.

 

[NeoToadThree]

Does 90DNS not work with 2.4GHz Frequency Bands?

 

[binkinator]

Does 90DNS not work with 2.4GHz Frequency Bands?

90DNS is an address lookup service. It can make it’s queries over any Internet connection. Your Internet can be connected over wireless (or other medium.) That wireless could be over 2.4GHz frequencies (Or other frequencies.) 90DNS depends upon the entire stack to make it’s address queries but not specifically dependent upon 2.4GHz. You radios inside your Switch and router are blissfully unaware of the actual data bits flying between them…whether it is 90DNS queries or game data…makes no difference.

Bottom Line: 90DNS absolutely works over a 2.4GHz wifi radio (but you might want to look into exosphere.ini)

 

[steve_fox]

I'm leaning more and more towards buying a v2 as my daily driver and hacking the v1 I already own as I can get a second hand v2 as just the tablet with nothing else for under £100

It appears to not be patched, its serial starts XAJ1001146 but its running the latest firmware (13.2.1), can it be hacked running the latest firmware?

will a hacked switch run downloaded ROMs from the SD and can you install games to SD from physical cartridges like you could with discs on the Wii and Wii U?

lastly, I have skimmed over sites while not really reading properly but I
remember see something about hiding cfw from Nintendo, how successful is it and can you go online while running cfw, more specifically if a game on SD is possible can you go online with it without getting a ban?

steve.

 

[Draxzelex]

I'm leaning more and more towards buying a v2 as my daily driver and hacking the v1 I already own as I can get a second hand v2 as just the tablet with nothing else for under £100

It appears to not be patched, its serial starts XAJ1001146 but its running the latest firmware (13.2.1), can it be hacked running the latest firmware?

will a hacked switch run downloaded ROMs from the SD and can you install games to SD from physical cartridges like you could with discs on the Wii and Wii U?

lastly, I have skimmed over sites while not really reading properly but I
remember see something about hiding cfw from Nintendo, how successful is it and can you go online while running cfw, more specifically if a game on SD is possible can you go online with it without getting a ban?

steve.

Firmware is irrelevant if the console is unpatched because the exploit is hardware-based.

You have to install pirated games from the SD card or even from your computer. They won't immediately run when placed on the SD card.

All bans are due to people going online after using CFW/homebrew. To avoid getting banned, you simply don't go online after using CFW/homebrew. Games on the SD card are irrelevant; what is relevant is if your console is hacked or not.