Question switch semi bricked

Discussion in 'Switch - Exploits, Custom Firmwares & Soft Mods' started by Andre993, Jul 20, 2019.

  1. Andre993
    OP

    Andre993 Member

    Newcomer
    1
    Jun 23, 2019
    Italy
    hi guys, i try to restore my backup from 6.2 to 5.1 but no success, i use manual choi and never happening
    i have a full backup, my biskey but i ask to mattytrog's to rebuild my nand and i found out i have a corrupt boot0/boot1, and we missing my keyblobs
    teh switch start only in rcmmode, nothing to OFW or CFW
    lockprick give me this error:
    keyblob 0 corrupt
    keyblob 1 corrupt
    keyblob 2 corrupt
    keyblob 3 corrupt
    keyblob 4 corrupt
    keyblob 5 corrupt
    failed to decrypt package2

    this is my boot0/boot1 https://drive.google.com/open?id=123KwJkxDYHZB_4BfmrRcSGtzI_n58Vc6
    mattytrog's tell me this
    OK... The problem you have is your keyblobs are missing. If your keyblobs were intact, we could have made you a new boot0.
    Any firmware before 6.2 requires keyblobs. And manual choi wont work beyond 6.2.
    You need to somehow generate your keyblobs again

    there is any way to recover/generate my keyblobs?

    thanks in advance
     
  2. Andre993
    This message by Andre993 has been removed from public view by x65943, Jul 25, 2019, Reason: Don't bump your own thread.
    Jul 25, 2019
  3. DBOA

    DBOA Member

    Newcomer
    1
    Apr 11, 2019
    Brazil
    I'm having the same problem you are having.
    i trying to understanding how boot0 and boot1 work, so I can rebuld them, but it's kinda complicated.
     
  4. youngc29

    youngc29 Member

    Newcomer
    1
    Jan 12, 2017
    Have you tried restoring the partitions also? Full emmc inc gppt partitions, my issue may have been different though but that's how I fixed mine.
     
  5. Andre993
    OP

    Andre993 Member

    Newcomer
    1
    Jun 23, 2019
    Italy
    i don't know how; in hekate 5.0 have a eMMC RAW GPP (rawnand.bin) and i don't have any success and eMMC ALL but i don't know how to restore this
     
  6. youngc29

    youngc29 Member

    Newcomer
    1
    Jan 12, 2017
    Rawnand.bin and boot 0/1 sit in the sd card directory: backup/8digitserial/restore you then have a partition folder in here that contains your partition backups including system.bin (don't worry about restoring safe.bin as this can be quite large.
    When I initially took my backup I must have saved all these also. If you don't have them then you can't restore them.
    When you run the full gpp restore in hekate it will tell you what's missing and also generate the folders on the sd card (although empty)
    In hacdisk tool you can also mount this using memloader payload, choose emmc on the switch (I think thats second from the bottom) obviously remember not to hit format when it pops up in Windows. In hacdisktool do your biskeys entropy match (green) for system and prodinfo?
    I may be wrong but it's what I learned in the 18 hours yesterday in front of my pc trying to recover mine's yesterday :)
    Edit: just read the keyblob thing above, I really don't know anything about that, smarter guy's in here could probably help. What I've said above may be all shit in your case :)
     
    Last edited by youngc29, Jul 27, 2019
  7. Andre993
    OP

    Andre993 Member

    Newcomer
    1
    Jun 23, 2019
    Italy
    it's similar manual choidojour downgrade, if i understand, i extract from rawnand.bin the prodinfo system safe ecc... right?
     
  8. mattytrog

    mattytrog You don`t want to listen to anything I say.

    Member
    13
    Apr 27, 2018
    United Kingdom
    What we need to do is generate you a new boot0/1

    This shouldn`t be a problem(however, we normally have something to work with).

    We can generate everything upto offset 0x180000. After offset 0x180000, this is the keyblob area.

    Yours is blank.

    If you need a firmware <6.2, this is a big problem.

    After this firmware, you don`t need the keyblobs (due to TSEC/ Sept changes)

    This leaves the NAND patrol area. No keys are stored in this area as far as I can tell, and is unencrypted.

    I can provide some boot0/1 blank to test.


    Next...
    PRODINFO.

    This MUST be intact. However, you can generate a new one without serials and certificate and you will never be able to use the eshop.

    You are better off sending it in Andre. PM me if you would like me to take a look.
     
    youngc29 and Andre993 like this.
  9. DBOA

    DBOA Member

    Newcomer
    1
    Apr 11, 2019
    Brazil
    Hey man, I managed to put the keyblob in my boot0, it didn't fixed my switch, but maybe it will be different for you.
    I had an old backup of boot0, i don't know if you have one.

    I downloaded a file splitter and split in files of 1572864 bites. (That's the size of the blank file that mattytrog gracefully shared.)
    I took the second file it split it in files of 16384 bytes (the size of the keyblob)

    Took the first file I generated and renamed it keyblob for posterity and used a file joiner app to join the blank boot0 with the keyblob file.
    Now the keys are correct. But maybe I'm still missing something. I need to study it further, maybe is missing the PRODINFO, i don't know.

    I got this sizes on https://switchbrew.org/wiki/Flash_Filesystem.

    Hope that help someone
     
    Andre993 likes this.
  10. Andre993
    OP

    Andre993 Member

    Newcomer
    1
    Jun 23, 2019
    Italy
    i try that, but it's seems to difficult for me, i don't understand very well the passage
    anyway thanks so much :D

    EDIT: i split my boot0 first in 1572864 bites and i have 3 file of 1536kb i take the second file and split in 16384 bytes i have 96 file of 16kb, now i take only the first file and join in blank boot0 right?
    where i find the blank boot0?
     
    Last edited by Andre993, Jul 29, 2019
  11. DBOA

    DBOA Member

    Newcomer
    1
    Apr 11, 2019
    Brazil
    Sorry it took so long to answer
    You can get it here:

    https://github.com/mattytrog/Switchboot_PART_2/blob/master/BOOT_REPAIR_PACKAGE_iha2.7z
     
    Andre993 likes this.
  12. DBOA

    DBOA Member

    Newcomer
    1
    Apr 11, 2019
    Brazil
    Were you able to fix the switch?
    I haven't fixed mine yet
     
  13. Andre993
    OP

    Andre993 Member

    Newcomer
    1
    Jun 23, 2019
    Italy
    i didn't try again :( i'm busy to work
    i try next week
     
  14. ScrPotato

    ScrPotato GBAtemp Regular

    Member
    1
    Aug 3, 2019
    United States
    in your closet
    That is why you make a NAND backup :D

    Also this;

    :P
     
  15. Andre993
    OP

    Andre993 Member

    Newcomer
    1
    Jun 23, 2019
    Italy
    i have a 3 full nand backup, 1 on hdd , 1 on cloud and 1 in usbdrive, i take backup 3 times to my switch
     
Loading...