Question Would it be "legal" for me to post "blank" boot0 / 1 for repair purposes?

Discussion in 'Switch - Emulation, Homebrew & Software Projects' started by mattytrog, Mar 17, 2019.

  1. KINGFRIKI

    KINGFRIKI Newbie

    Newcomer
    1
    Oct 16, 2019
    Spain
    Hi all guys!. @mattytrog i need your help.

    I try update my 8.0.0 firmware to 9.0.0 with choidojourNX and now I'm stuck with a blue screen (because the beta version 2.9 of OS xtreme). I have backup nand of 7.0.0 and biskeys but no Boot0 and Boot1. I try restore backup raw but not working. I try this guide but i have a error when i try take Keys of boot0.

    gbatemp.net/threads/how-to-get-switch-keys-for-hactool-xci-decrypting.506978/

    "Could not find keyblob_mac_key_source! Please check the integrity of the data used in the current stage!"

    This guide i think is the key for fix this problem but need the boot0 and 1 that no have

    gbatemp.net/threads/how-to-install-run-any-switch-firmware-unofficially-without-burning-any-fuses.507461/

    I can use payloads (hekate, mmemoloader..etc) but cant start OF or any CF (Sx, atmosphere etc)

    I'm new to this and have difficulties to understand what does what. Thanks for reading and sorry for my bad english. ☺️
     
  2. linuxares

    linuxares I'm not a generous god!

    Moderator
    17
    Aug 5, 2007
    Sweden
    Yeah I used FTP to copy it to my computer, but that shouldn't have modified the data. That just sounds strange.
     
  3. ZachyCatGames

    ZachyCatGames GBAtemp Addict

    Member
    9
    Jun 19, 2018
    United States
    Hell
    9.0.1 boot0/1s are identical to 9.0.0 boot0/1s (firm packages weren’t updated in 9.0.1 :P).
     
  4. mattytrog
    OP

    mattytrog You don`t want to listen to anything I say.

    Member
    13
    Apr 27, 2018
    United Kingdom
    Are they?

    Haven`t checked.

    Never mind ;)
     
    ZachyCatGames likes this.
  5. flduch

    flduch Member

    Newcomer
    1
    Oct 7, 2019
    Switzerland
    No I haven't any theme installed
     
  6. shchmue

    shchmue Developer

    pip Developer
    8
    Dec 23, 2013
    United States
    is the rest of your BOOT0 file aligned right lol
    system doesn't use keyblobs at all starting with firmware 6.2.0. doesn't read or write, and really shouldn't be writing to that area ever
     
  7. mattytrog
    OP

    mattytrog You don`t want to listen to anything I say.

    Member
    13
    Apr 27, 2018
    United Kingdom
    Yep. So in theory, it shouldn't matter if it is misaligned.

    Still, would be nice to get to the bottom of how these bytes are going missing.

    I think FTP is dropping a "packet" somewhere. Might be wrong.

    But even for posterity, of you want your keyblobs to be right, they start at 0x180000. As shchmue says, not needed +6.2.0.

    Though if keyblobs can become misaligned, anything can.

    Be warned! You could brick!
     
  8. flduch

    flduch Member

    Newcomer
    1
    Oct 7, 2019
    Switzerland
    I just follow your tuto and write le directory "Dump to SD" to the SD card.

    What write the keyblobs of my switch into Boot 0 ? (Switchboot ?)
     
  9. mattytrog
    OP

    mattytrog You don`t want to listen to anything I say.

    Member
    13
    Apr 27, 2018
    United Kingdom
    Once you have written all the partitions, drag contents of the "Dump to SD" folder to SD.

    Then launch hekate_switchboot_mod with TegraRCMGIU or whatever.

    You will see:

    Restore rawnand
    Restore Boot0
    Restore boot1.

    Restore boot0/1

    Then go to launch.

    Click UNBRICK_FIRST_BOOT or whatever and it should launch.
     
  10. flduch

    flduch Member

    Newcomer
    1
    Oct 7, 2019
    Switzerland
    Ok mattyrog,

    First, I don't believe we are working on the same tuto : I use this from your message on friday (last week) at 1:46 PM
    Where can I found the right one ?

    Second, can you tell me what write the keyblobs of my switch into Boot 0 ? (Switchboot, hekate_switchboot_mod?)

    Thx
     
  11. mattytrog
    OP

    mattytrog You don`t want to listen to anything I say.

    Member
    13
    Apr 27, 2018
    United Kingdom
    Keyblobs arent written to. Ever.

    In the pack, there is a brief write-up on the steps to take. I assume you have found the UNBRICK_PACK?
     
  12. smf

    smf GBAtemp Psycho!

    Member
    10
    Feb 23, 2009
    United Kingdom
    You have to be careful with ftp, especially if you set it to auto. If it decides it is an ascii file then it will do line ending translations.
    Binary should be fine, but even then it's a very simple protocol and there are many failure points.
     
  13. flduch

    flduch Member

    Newcomer
    1
    Oct 7, 2019
    Switzerland
    I've may be understand, there are two tutos right ? The first one I've used is on \Unbrick_Your_Switch_iha2 and the second one is on \Unbrick_Your_Switch_iha2\Unbrick_Your_Switch_iha2.
    Now I've tried the second one and goes until the step "launch hekate_switchboot_mod and ... the switch started successfuly (6.2). Greath job, many thanks ... but I do not understand why the switch started normaly instead launching hekate_switchboot_mod. May be I wasn't in CF mode ? I never restored again Boot0/1 and also never launch unbrick_first_boot_only. Vers strange.

    I read that a part of Boot0 was specific for the switch. An encrypted form of the keyblobs was in. May be it was for version < 6.2 ?

    Anyway, I'm very happy and thanks You a lot
     
  14. mattytrog
    OP

    mattytrog You don`t want to listen to anything I say.

    Member
    13
    Apr 27, 2018
    United Kingdom
    The boot0 is smaller than normal. This keeps your keyblobs intact.

    The important thing is that you are up and running.

    Well done!

    Now, upgrade to 9.0.1 with choidujournx, initialising the system
     
  15. flduch

    flduch Member

    Newcomer
    1
    Oct 7, 2019
    Switzerland
    If the keyblobs are intact, why for exemple Lockpick_RCM saying me that they are corrupted now ? Is that normal ?

    I use many times a procedure using choidujour to bring my switch back. It nevers work (even choidujour create smaller Boot0/1) I've used the files generated by choidujour and my own biskeys. To write Boot0/1 I used balenaEtcher.

    Can you explain me the difference betwen the two methods ? The only difference I can see is that the files BCPKG2-1-Normal-Main.bin, ..., Boot0, ... have may be not the same origin.

    In my special case, I've broken my switch by restoring full Boot0/1 (not the smaller one) containing only zero value with hekate / restore / ... . That's why I was pretty shure that I've erased the keyblobs in Boot0.
     
  16. mattytrog
    OP

    mattytrog You don`t want to listen to anything I say.

    Member
    13
    Apr 27, 2018
    United Kingdom
    Your keyblobs will only be corrupt if something has corrupted them.

    If you have restored a full boot0 with wrong / incorrect / missing keyblobs, they are gone.

    In practice, all this means is that you can no longer downgrade past 6.2.0. And Lockpick etc will complain that keyblobs are corrupt.

    If, after everything that has happened, your console is now booting and running, you are able to load a cartridge, play it and able to go online, I call that an acceptable outcome.

    It won`t get better than that sir!
     
  17. flduch

    flduch Member

    Newcomer
    1
    Oct 7, 2019
    Switzerland
    I've check the content of Boot0. The keyblobs should start at offset 0x180000 increment of 0x200 for each one (keyblob 0 is at offset 0x180000, keyblob1 is at 0x180200, etc). In the Boot0 at 0x180000 : I see "
    [config]..autoboot=0..autoboot_list ..." The other keyblob are all 00" The keyblobs haven't been writen into the Boot0. Lockpic_RCM and biskeydump say "corrupted keyblobs" That's the true.

    As I said, I couldn't launch hekate_switchboot_mod so I couldn't restore special Boot0/1. I think they were restored before from the other tuto. If I tried to launch hekate_switch_mod, the switch do a normal boot.

    Now I just can boot my switch in 6.2 and play normal games. That's all.

    Do you think that your tuto can reinitialize a full Boot0 (with the keyblobs) ?

    Maybe https://github.com/MegatonHammer/linkle can help to generate the encrypted keyblobs to be put in Boot at the right locations ?
     
  18. mattytrog
    OP

    mattytrog You don`t want to listen to anything I say.

    Member
    13
    Apr 27, 2018
    United Kingdom
    You are seeing a Hekate_ipl.ini in your keyblobs. How on earth has that happened?

    NOTHING should ever write to the keyblob area, even if it isn`t used nowadays.

    Regenerating them? Yep, I think it can be done.

    Looks like you accidentally flashed a Hekate binary to your BOOT0 region.
    If so, you have been extremely lucky. If it was a raw restore, you could have overwritten your PRODINFO then you would have been fooked.

    You have two options as I see it. Unless the Discord / Kosmos lot know of anything better... I don`t frequent them channels.

    Leave the "keyblobs"(which are knackered) as is, or zero them out.
     
  19. flduch

    flduch Member

    Newcomer
    1
    Oct 7, 2019
    Switzerland
    When you write "Regenerating them? Yep, I think it can be done.", I believe you don't say how ?

    To be certain : no way to encrypt the keyblobs into Boot0 = nothing to do excepted use originals gaming cartridges ?
     
  20. mattytrog
    OP

    mattytrog You don`t want to listen to anything I say.

    Member
    13
    Apr 27, 2018
    United Kingdom
    I don`t say how for good reason. I had a method I thought was accurate, but it wasn`t.

    I don`t believe anyone can re-encrypt the keyblob payloads once they are missing. Unless I am missing something.
    SciresM can probably provide some pointers. He is VASTLY more up to speed on the Switch crypto system than I am.
     
Quick Reply
Draft saved Draft deleted
Loading...