Homebrew Homebrew app sys-patch - sysmod that patches on boot

linuxares

The inadequate, autocratic beast!
Global Moderator
Joined
Aug 5, 2007
Messages
13,438
Trophies
2
XP
18,444
Country
Sweden
so i was missing the latest version of hekate i guess as you mentioned it was updated again while ive been troubleshooting this problem. everything else tho i had. just put in the new copy of hekate 6.2.0 from the github source and restarted my switch, again the game wouldnt launch however it said an update was found this time so ill try launching the game after the update. my net is super slow tho so its gunna take like 3hrs. fingers crossed! cause if this doesnt work im starting from fresh.
Post automatically merged:

still not opening still says the software closed because an error occured lol idk guys im kinda stumped
Post automatically merged:

So I decided to try updating the games via nsp to version 1.22 of xenoverse 2 through dbi and I got this. Now the game wasn't working b4 hand but I'm assuming this could be a reason y.
Post automatically merged:

And upon exiting dbi now xenoverse says important files were missing and is downloading them now 🙏
Post automatically merged:

Wat can I say I don't like giving up haha 😅 plus everything else is working soo that would be alot my switch has had done to it id have to configure all over so I don't really wanna do that.
I mean it say the issue right there. "CRC error" the file you downloaded is broken.
 

John403

Member
Newcomer
Joined
Jun 12, 2024
Messages
12
Trophies
0
Age
35
XP
12
Country
Canada
wild i kno but only with games ive paid for b4 from the eshop yes. and i would simply put the whole file on but it wont copy unless it is 4gb file size limit due to the format of the sd card so i read nsp splitty was needed. this is literally the only game im having problems with lol everything else works fine im absolutely dumbstruck. also for some reason tinfoil always wants to download the latest update for this game i feel this has something to do with the issue like watever is going on the game just wont fully update regardless of the source. idk dbi has run checks for integrity and comes back with 0 errors so idk and i recently just installed luigis mansion3 super mario party and super smash bros all just fine and all 3 games work no fails! so not like tinfoil is giving me bad sources and i doubt the eshop would give a bad download however ive tried several different copies highly unlikely every copy i have doesnt work or is faulty im sure its to do with my setup somehow just not registering that game as fully installed idk cuz why would tinfoil give me 3 working games yet xenoverse 2 doesnt work from tinfoil? most likey it would install and work for anyone that uses tinfoil its just my switch being stupid lol
 

scturtle

New Member
Newbie
Joined
Jul 10, 2022
Messages
1
Trophies
0
Location
Beijing
XP
61
Country
China
Glad it worked!

Learning regex is always handy at the end of the day! Sys-patch doesn't use regex by the way. It starts by looking for a pattern (it can be a full set of bytes or a set of multiple bytes (for example 0x0945.6787 will look for places where 09456787 - a random byte following by 6787 is set). Once you have found the pattern (at this point it can be in different places) it gives you an offset where you have to go based on the place the pattern was found and you have to retrieve the next 4 bytes.

For example if you found the value 09 45 54 67 87 in address 0x0000 and what comes after that is 01 24 35 67 89 0A if the code tells you that for this pattern you then have to check the value at offset 6 you have to pick the number 24 35 67 89. After that it checks the value bit by bit with AND mask to only check the relevant bits (I'll go in detail exactly what it is below). When all checks out, there is another offset that gives you the position of where you have to modify your code relative to the number you checked. Then it checks if the old value to replace is the expected one and then replace it.
With MrDude pattern it only checks a known pattern.

I think it is interesting to know exactly the purpose of all this and what exactly the patch is doing. Since atmosphere is open source it is relatively easy to trace everything.
This tutorial is awesome. After learning from it, I find a way to re-produce the FS patch.

Follow the Switch-Ghidra-Guides, we can setup the hactool and ghidra.

With hactool, we can find which nca file is for fat32 (with title id 0100000000000819) with one-liner bash:
Bash:
for f in $(ls firmware/); do if hactool --disablekeywarns -t nca firmware/$f | grep -q 0100000000000819; then echo $f; fi; done

Then we get the code file:
Code:
hactool --intype=nca --romfsdir=romfs firmware/2151dbc5cfb38fb3353a15d91456533f.nca
hactool --intype=pk21 --ini1dir=romfs/nx/ini1 romfs/nx/package2
hactool --intype=kip1 --uncompressed=uncompressed_fat32.kip1 romfs/nx/ini1/FS.kip1

Load it in ghidra. First we use File -> Export Program, to dump the whole decompiled C code to a file.

Then we search for "0x234c02" in the C code and get the following part.
C:
if ((uVar10 & 1) == 0) {
  uVar11 = 0x234c02;
  uVar12 = 0x39e9ae0a190b16f2;
}

0x234c02 is for the error code 2002-4518 that means "nca header signature verification failed".

In C code file we find which function this part is in, and open it in ghidra.

Select the "if" line in C function, We will find the corresponding "tbz" instruction.

What we want to do is just "nop" it. That's what sys-patch has done.

(More hints: for the ES patch search for 0x291 (error code 2145-0001), and for the NIFM patch search for "ctest.cdn".)
 
Last edited by scturtle,

DigitalSilencer

New Member
Newbie
Joined
Jun 19, 2024
Messages
3
Trophies
0
Age
30
XP
7
Country
United States
Hello everyone, could not get into my old account but its been a while since i touched my switch i went from 16 to 18.1 without thinking to check if it was a new update, I updated Hektate+atomosphere.

I also downloaded sys patch and the binaries not sure if it matters as i am getting nosigchk at boot. So not sure how to use Sys-patch ( as that is new to me being away for so long)

Are there folders i should be deleting

EDIT: V2 posted above did the trick i thought it was the one i downloaded but i guess not
 
Last edited by DigitalSilencer,

RedColoredStars

Well-Known Member
Member
Joined
Aug 14, 2022
Messages
1,224
Trophies
1
Location
Angoche
XP
1,653
Country
Mozambique
Hello everyone, could not get into my old account but its been a while since i touched my switch i went from 16 to 18.1 without thinking to check if it was a new update, I updated Hektate+atomosphere.

I also downloaded sys patch and the binaries not sure if it matters as i am getting nosigchk at boot. So not sure how to use Sys-patch ( as that is new to me being away for so long)

Are there folders i should be deleting

First off, did you also place the Tesla Menu and ovlloader files on your sd card? If not, extract this to your sd card. You need them to use sys-patch.

https://gbatemp.net/threads/sigpatc...kate-fss0-fusee-package3.571543/post-10442256

Regarding the error message itself, since you're using sys-patch you can try deleting the following line from the hekate_ipl.ini file on your SD card.

kip1patch=nosigcheck

Delete that line and reboot. See if you still get the message.
 
  • Like
Reactions: Blythe93

DigitalSilencer

New Member
Newbie
Joined
Jun 19, 2024
Messages
3
Trophies
0
Age
30
XP
7
Country
United States
First off, did you also place the Tesla Menu and ovlloader files on your sd card? If not, extract this to your sd card. You need them to use sys-patch.


Regarding the error message itself, since you're using sys-patch you can try deleting the following line from the hekate_ipl.ini file on your SD card.

kip1patch=nosigcheck

Delete that line and reboot. See if you still get the message.
i downloaded V2 that seemed to work, think i initially downloaded v1 and thought i replaced it. thanks for the reply though
 

dogtygr

Active Member
Newcomer
Joined
May 30, 2023
Messages
42
Trophies
0
XP
108
Country
United States
This tutorial is awesome. After learning from it, I find a way to re-produce the FS patch.

Follow the Switch-Ghidra-Guides, we can setup the hactool and ghidra.

With hactool, we can find which nca file is for fat32 (with title id 0100000000000819) with one-liner bash:
Bash:
for f in $(ls firmware/); do if hactool --disablekeywarns -t nca firmware/$f | grep -q 0100000000000819; then echo $f; fi; done

Then we get the code file:
Code:
hactool --intype=nca --romfsdir=romfs firmware/2151dbc5cfb38fb3353a15d91456533f.nca
hactool --intype=pk21 --ini1dir=romfs/nx/ini1 romfs/nx/package2
hactool --intype=kip1 --uncompressed=uncompressed_fat32.kip1 romfs/nx/ini1/FS.kip1

Load it in ghidra. First we use File -> Export Program, to dump the whole decompiled C code to a file.

Then we search for "0x234c02" in the C code and get the following part.
C:
if ((uVar10 & 1) == 0) {
  uVar11 = 0x234c02;
  uVar12 = 0x39e9ae0a190b16f2;
}

0x234c02 is for the error code 2002-4518 that means "nca header signature verification failed".

In C code file we find which function this part is in, and open it in ghidra.

Select the "if" line in C function, We will find the corresponding "tbz" instruction.

What we want to do is just "nop" it. That's what sys-patch has done.

(More hints: for the ES patch search for 0x291 (error code 2145-0001), and for the NIFM patch search for "ctest.cdn".)
Super interesting thank you for sharing it! I'm glad that the knowledge can be spread for everyone!
 
  • Like
Reactions: Blythe93

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
    Xdqwerty @ Xdqwerty: im still alive