Toggle sidebar

Hardware Un/patched Switch ?

  • Thread starter Thread starter dotmhd
  • Start date Start date
  • Views Views 2,550
  • Replies Replies 11
dotmhd

dotmhd

Well-Known Member
Member
Level 10
Joined
Jun 1, 2019
Messages
144
Reaction score
107
Trophies
1
Age
32
Location
Paris, France, Europe, Earth (Milky Way).
XP
1,957
Country
France
Hello everyone, while seeking for new Switches to hack, I've found a model that surprised me :

- When checking his S/N on ismyswitchpatched and other website, I found out that it had no chances to be unpatched,
- Still, I tried to run a payload just in case : it worked !
- The Switch is also able to run Hekate and CFWs
- SX OS runs perfectly up until the latest version
- AMS has been running perfectly up until version 0.12.0, the more recent versions leave me with a black scree

The problem is that I can't update the Switch to 10.x since AMS doesn't run on it anymore, and I feel like this problem is related to the NAND decryption of the console : I've been dumping the BIS keys of the console with both Hekate and NxNand, and still I cannot decrypt my NAND backups in any way. I also had a problem while trying to use Incognito_RCM, the payload was never able to work on it and I had to use the nro version of Incognito.

Is it possible that this model is a hybrid that is vulnerable to the RCM exploit but has a different way of encryption for its NAND ?

If needed, I can give you more informations about this very unique model :mellow:

Thank you all for reading :D
 
Sneethan said:
Try daybreak. I believe its built into atmosphere. Search it on yt or something
Click to expand...

Daybreak is useful when it comes to update HorizonOS. Sadly, in my case, I cannot update Atmosphère, not HOS. Plus, AMS 14 is needed to use this tool, and as I said, I can't go upper than AMS 12.

If I update to 10.1 and launch SXOS, it boots instantly, but AMS will give me a black screen after showing me the bootlogo.
 
dotmehdi said:
Daybreak is useful when it comes to update HorizonOS. Sadly, in my case, I cannot update Atmosphère, not HOS. Plus, AMS 14 is needed to use this tool, and as I said, I can't go upper than AMS 12.

If I update to 10.1 and launch SXOS, it boots instantly, but AMS will give me a black screen after showing me the bootlogo.
Click to expand...
Are you deleting the atmosphere and sept folders on your SD card before transferring over the new versions? Are you booting the system using the latest fusee-primary?
 
Lacius said:
Are you deleting the atmosphere and sept folders on your SD card before transferring over the new versions? Are you booting the system using the latest fusee-primary?
Click to expand...

I have followed a specific protocol to see what is the latest compatible version with this Switch : format to FAT32 > install Hekate & AMS > Boot.

I'm not a dev or an engineer, but I feel like AMS fails to decrypt the content of the NAND maybe... I don't know

As I said before, the Switch is referred as patched, still it's vulnerable to the RCM exploit and can boot any payload this way
 
  • Like
Reactions: Deleted User
dotmehdi said:
I have followed a specific protocol to see what is the latest compatible version with this Switch : format to FAT32 > install Hekate & AMS > Boot.

I'm not a dev or an engineer, but I feel like AMS fails to decrypt the content of the NAND maybe... I don't know

As I said before, the Switch is referred as patched, still it's vulnerable to the RCM exploit and can boot any payload this way
Click to expand...

Both work on 10.1.0

Grab new atmos
Grab new atmos patches

WIll boot - Atmos logo lags a bit but boots

TX SX grab

Boot.dat
Payload.bin if needed

If black screen then try fat 32 card to make sure
 
ModderFokker619 said:
Both work on 10.1.0

Grab new atmos
Grab new atmos patches

WIll boot - Atmos logo lags a bit but boots

TX SX grab

Boot.dat
Payload.bin if needed

If black screen then try fat 32 card to make sure
Click to expand...

It's not about sigpatches, the Switch just doesn't boot at all. It get to the bootlogo and then just crashes and gives me a black screen. I never use exFAT on my cards, only FAT32.

With SX, I just have to put boot.dat and it boots perfectly.

I've tried booting created emuNANDs also, but it doesn't work at all.

Also, I can't get to decrypt the raw backup with the dumped keys.
 
  • Like
Reactions: Deleted User
dotmehdi said:
It's not about sigpatches, the Switch just doesn't boot at all. It get to the bootlogo and then just crashes and gives me a black screen. I never use exFAT on my cards, only FAT32.

With SX, I just have to put boot.dat and it boots perfectly.

I've tried booting created emuNANDs also, but it doesn't work at all.

Also, I can't get to decrypt the raw backup with the dumped keys.
Click to expand...

Make sure card is fresh
Try another card
 
  • Like
Reactions: dotmhd
dotmehdi said:
It's not about sigpatches, the Switch just doesn't boot at all. It get to the bootlogo and then just crashes and gives me a black screen. I never use exFAT on my cards, only FAT32.

With SX, I just have to put boot.dat and it boots perfectly.

I've tried booting created emuNANDs also, but it doesn't work at all.

Also, I can't get to decrypt the raw backup with the dumped keys.
Click to expand...
Follow these troubleshooting steps:
  1. Make sure the SD card is FAT32.
  2. Remove all CFW files/folders from your SD card (that would be folders like /sept/ and /atmosphere/)
  3. Download the latest Atmosphere
  4. Download the latest fusee-primary (next to Atmosphere)
  5. Put Atmosphere onto your SD card
  6. Put the SD into your Switch
  7. Enter RCM
  8. Launch Atmosphere using fusee-primary
What happens? If it doesn't work, try a different SD card. If it still doesn't work, you might want to contact SciresM. This all reminds me of what happened in this thread:
https://gbatemp.net/threads/my-switch-is-a-2019-v6-2-0-xaj4008278-unpatched-unit.546996/

https://github.com/Atmosphere-NX/Atmosphere/commit/600d68bd1aa6f13b47b1482e48110b2e3c2684ed
 
Last edited by Lacius,
  • Like
Reactions: dotmhd
sd card might be corrupted. Done alot of switches installation in the past. Make sure you try hekate partition, for some reason my sd card keep corrupting. Genuine samsung sd card
 
dotmehdi said:
Hello everyone, while seeking for new Switches to hack, I've found a model that surprised me :

- When checking his S/N on ismyswitchpatched and other website, I found out that it had no chances to be unpatched,
- Still, I tried to run a payload just in case : it worked !
- The Switch is also able to run Hekate and CFWs
- SX OS runs perfectly up until the latest version
- AMS has been running perfectly up until version 0.12.0, the more recent versions leave me with a black scree

The problem is that I can't update the Switch to 10.x since AMS doesn't run on it anymore, and I feel like this problem is related to the NAND decryption of the console : I've been dumping the BIS keys of the console with both Hekate and NxNand, and still I cannot decrypt my NAND backups in any way. I also had a problem while trying to use Incognito_RCM, the payload was never able to work on it and I had to use the nro version of Incognito.

Is it possible that this model is a hybrid that is vulnerable to the RCM exploit but has a different way of encryption for its NAND ?

If needed, I can give you more informations about this very unique model :mellow:

Thank you all for reading :D
Click to expand...
Does the SN reported in software match the physical serial on the case? May have had a board swap in the past....

Sent from my SM-G975F using Tapatalk
 

Site & Scene News

Go to forum More news

Popular threads in this forum

Dusk for switch (TLoZ Twilight Princess port)

Homebrew  Full List of N64 Recompilation Switch ports

Homebrew  New Homebrew "Foil Server"?

Homebrew Tutorial Translation Project  CS2SX — Write Nintendo Switch Homebrew in C#

Hacking  WiFi chip failing and can't boot. is it possible to enable Airplane Mode by editing system save files directly?

Homebrew Homebrew game Project  So... Dan didn't want to reveal his Vulkan, so I made mine.

Homebrew  Sonic Unleashed Recompiled (Homebrew Port)

Is it fixable