Hacking RELEASE TegraRcmGUI : Simple GUI for TegraRcmSmash

[eliboa]

@eliboa

There is a new version of memloader

@rajkosto posted that v3 improves UMS performance by 80%

if you could update your tool thanks

TegraRcmGUI_v2.5 is available

Changelog :

• TegraRcmSmash updated to v1.2.1-3
• memloader updated to v3
• Added rajkosto's UMS samples to mount eMMC partitions
• biskeydump v7 added : dump BIS keys for eMMC content decryption
• Added logging console
• Fixed #22 : enter problem

Embedded payloads :

• Fusee primary (Atmosphere bootloader)
• Hekate CTCaer 4.6
• ReiNX bootloader
• SX Loader (SX OS bootloader)

 

[Onnikus]

Hey there, sorry if this is a necro, but I'm running everything needed at its latest releases (TegraGUI, TegraSmash, APX driver, etc.). Got my Switch (FW 7.0.1, serial XAW10088XXXXXX) into RCM mode (tinfoil method), trying to test a biskeydump so I know if I'm lucky enough to be hackable or not. I get an RCM O.K. message from the GUI, but trying to send biskeydump via the command line given via gnilwob's thread (TegraRcmSmash.exe -w biskeydump.bin BOOT:0x0) here on the forum (can't link it as a new member...), even if normal OR admin-invoked, or if invoked from either a documents folder within /users/ or C:/test/; same results in any combination here, yields an error, returning the following:

TegraRcmSmash (32bit) 1.2.1-3 by rajkosto
Couldn't open payload file 'biskeydump.bin' for reading

I don't know how to fix this. I've checked access rights (read-only property is unticked, accessible by user, etc.) and tried redownloading fresh everything from the .bin itself to the GUI and the APX driver. I also tried dragging biskeydump.bin onto TegraRcmSmash.exe (nothing seems to happen, just hangs out in the command line after saying it accessed a USB file path, but nothing else) and using the GUI's built-in biskeydump button in the Tools tab (that just freezes the program) and that yields the following out.log file:

TegraRcmSmash (32bit) 1.2.1-3 by rajkosto
Opened USB device path \\?\usb#vid_0955&pid_7321#6&e9bcfe3&0&8#{aa0dbd45-3117-f331-5c49-76bf65225042}
RCM Device with id 0084FE0800000020C475446401101062 initialized successfully!
Uploading payload (mezzo size: 92, user size: 66216, total size: 132432, total padded size: 135168)...
Win32 error 31 happened trying to write payload buffer to RCM

I tried both USB 3.0 and 2.0 ports and different USB-C cables, hasn't helped. I also reinstalled the needed C runtime (on Windows 10, if that matters).
I feel like I'm so close to getting an answer, what am I missing?

 

[Zumoly]

NxNandManager is pretty awesome!
Just to make sure, is it the same backup as hekate?
If yes I can restore from hekate right?

 

[eliboa]

NxNandManager is pretty awesome!
Just to make sure, is it the same backup as hekate?
If yes I can restore from hekate right?

Thanks Yes the backup is exactly the same as Hekate (it dumps the GPT + all partitions + backup GPT, i.e all until offset 0x747C00000). You can restore it either from NxNM or Hekate.
Also, NxNM can restore a splitted dump made with SX OS or Hekate

 

[alaecs]

Isn't working for me. "This program can't start because api-ms-win-crt-runtime-[1-1-0.dll is missing from your computer. Try reinstalling the program to fix this problem"

Reinstalled 3 times, same result. What do I do??

same,I tried to install the missing file but now it says "error 0xc000007b"

 

[Smd4420]

FYI to anyone that is concerned. I was holding out on Win10 1809 and decided to finally let my computer update the other night. After the update I had to reinstall before my computer would see the switch in RCM mode again. Not sure if this has already been covered but it sure scared the piss out of me thinking I bricked my switch.

 

[dudoso87]

Hi!
I have a Mac with Parallels and it says it has injected the payload, but my Switch still has a black screen. How can I inject it then? Thanks!

 

[eliboa]

Hi!
I have a Mac with Parallels and it says it has injected the payload, but my Switch still has a black screen. How can I inject it then? Thanks!

For some reason this app doesn't work on VMs for Mac (Parallels, VirtualBox, etc). This is not an issue I'll try to fix because I don't have a Mac myself and the problem may be caused by the embedded program TegraRcmSmash.exe (by rajkosto).

 

[eliboa]

TegraRcmGUI_v2.6 is available

This is a minor update, no new feature.

The following was changed since the last release:

• biskeydump updated to v9 (Support new tsec fw in 8.1.0)
• embedded payloads updated to latest version : Fusée, Hekate & ReiNX bootloader
• fixed an error when loading shofel2 coreboot

 

[lukechamber]

hello I am new user nintendo switch
try to inject some games, using TEGRARCM.
But, it has error "is not valid Win32 application"
I tried change sources, computer but still same result.
I use windows XP SP3 and windows 7 64bit

any suggestion? or did I missed something?

thank you

 

[PatchTuesday]

hello I am new user nintendo switch
try to inject some games, using TEGRARCM.
But, it has error "is not valid Win32 application"
I tried change sources, computer but still same result.
I use windows XP SP3 and windows 7 64bit

any suggestion? or did I missed something?

thank you

Windows XP?

Maybe you need a newer version of Windows

 

[lukechamber]

Windows XP?

Maybe you need a newer version of Windows

but I already tried windows 7 64 bit too
should I tried windows 10?

 

[eliboa]

but I already tried windows 7 64 bit too
should I tried windows 10?

Latest release has been tested on Win7 x64, Win10 x64 et Win10 x86.
That said, I switched to VC++ 2017 v141 toolset to build latest release, instead of VC++ 2017 v140-xp for previous release so maybe you should try v2.5.

 

[yodenny]

im using the latest release was able to get the rcm ok but when i click inject it gives me the hourglass but then shuts itself down and restarts i checked the antivirus but nothing any help? using win 10

update i noticed it leaves me a text file named "out" but when i open it there is nothing in it

update 2: good news it worked with the installer was using the portable version. i noticed the microsoft store open so i changed the settings so it allows non microsoft apps to install anywhere

 

[Mogiie]

Hi,

why when I use 2.6 to go to rcm with my 5.1 Switch I get a purple screen of death but when I use the 2.4 everything works fine? Does it have to do with the switch OS version?

thank you

 

[saeedabouhamzeh]

guys I've just update my framework and its working, i used hekate_ctcaer_5.0.0 payload in Tegra and it worked. but i cant find FTPD to transfer .NSP games. where can i find that?

 

[Starfire213]

would I be able to disconnect the switch after injecting? just a question

--------------------- MERGED ---------------------------

Would I be able to unplug the switch after injecting the payload?
(sorry for double post.)

 

[pLaYeR^^]

would I be able to disconnect the switch after injecting? just a question

--------------------- MERGED ---------------------------

Would I be able to unplug the switch after injecting the payload?
(sorry for double post.)

Sure, after you have injected the payload successfully, you can unplug the switch from your computer.

 

[Starfire213]

oh good

 

[Starfire213]

also how much space is needed for a emuNand with hekate ctcaer? I don't have a sd card slot on my pc and the laptop I use with an sd card has a measly 1 gb of free space so I can't even move the sysnand backup off the sd.