Possibly a crack but I have no idea to test it, since i dont have much experience with the switch toolkits.
Basically, get v1.3 boot.dat, use hexkyz tx_unpack and tx_decompress to get the decrypted NSOs.
Then open sxos/firmware/Loader/tx/main in ida64 as ARM Little-endian, de-select 'create segments' and 'load as code segment' and then press ok to load the binary.
Then Edit >Select all to highly everything, press C to analyse and select analyse. This will give you all the subroutines/functions in the binary.
Make sure you already have a license.dat file in the correct folder. Can be anything junk.
Now sub_53D0 I think is used to check the license and verify the code you give.
Here patch the CBZ W0, loc_5580 to CBNZ WO, loc_5580 (basically in hex change 60 09 00 34 1F to 60 09 00 35 1F). I think what this does is that it checks the license, if not present or something it routes around getting you to input one, so instead of that we just reverse it so any invalid case it just says its fine. This way no matter what the license is it should just tell you to "reboot the switch console to enjoy sx os".
Now someone can just test this or tell me how i can repatch it and i'll try it for myself. if it doesnt work i'll keep looking.
unlike 99% of people on this site i am an actual researcher and developer, so stop winging for someone who hasnt done anything
