Hacking RELEASE biskeydump and HacDiskMount - Switch eMMC decryption/real-time mounting tools

SocraticBliss

SocraticBliss

Well-Known Member
Member
Level 3
Joined
Jun 3, 2017
Messages
130
Trophies
0
Age
36
XP
273
Country
United States
rajkosto said:
it doesn't ask for a bis key. Notice that the BIS KEY group box doesn't have a number next to it. These partitions arent encrypted (leave the 2 key boxes blank), see: http://switchbrew.org/index.php?title=Flash_Filesystem
Click to expand...

Do you think it would be better to hide those 2 boxes if they select those partitions? Might prevent people from making a mistake, as it's true that it isn't very clear.

Also, would be nice to save the previous keys used, that way we don't have to re-enter them each time we re-open a partition.
 
A

aut0mat3d

Well-Known Member
Member
Level 5
Joined
Mar 15, 2017
Messages
212
Trophies
0
XP
568
Country
Australia
SocraticBliss said:
Do you think it would be better to hide those 2 boxes if they select those partitions? Might prevent people from making a mistake, as it's true that it isn't very clear.

Also, would be nice to save the previous keys used, that way we don't have to re-enter them each time we re-open a partition.
Click to expand...

Hiding those boxes would be fine to avoid misunderstandings ;)

A Save Option is already included - the button "check keys" (or so) changes to save if the check was OK
 
riyyi

riyyi

Well-Known Member
Member
Level 5
Joined
Sep 13, 2009
Messages
100
Trophies
0
XP
621
Country
Netherlands
Using Hekate ipl (this commit https://github.com/nwert/hekate/commit/e7373548fa3dd51508b34ae9c673885f849f653e)
I get the 3 errors when dumping the eMMC, but it should be fine, according to this:
rajkosto said:
No. if they were unreadable the dump would have failed. They were able to be read on the 2nd try which is why you only see their address once. The eMMC probably just gets tired and fails sometimes :shrug:
Click to expand...

However, my dump is 27.9 GB (29,979,344,896 bytes), which is to small I think.
HacDiskMount says: [08:53:35:222535]
Not enough bytes reading secondary GPT header from offset 31268535808
What could I to fix this? I'm on 3.0.1

BcJb0gP.png

Edit: Dump is correct using the newest commit (https://github.com/nwert/hekate/commit/5ca3bbcaf18daabed20a168cb6ee63d9d51a1161)
 
Last edited by riyyi,
SocraticBliss

SocraticBliss

Well-Known Member
Member
Level 3
Joined
Jun 3, 2017
Messages
130
Trophies
0
Age
36
XP
273
Country
United States
aut0mat3d said:
Hiding those boxes would be fine to avoid misunderstandings ;)

A Save Option is already included - the button "check keys" (or so) changes to save if the check was OK
Click to expand...

Either hiding it, or ignoring the inputs would probably work...

Thanks for the save clarification :) my bad!
 
d4mation

d4mation

Well-Known Member
Member
Level 9
Joined
Aug 3, 2013
Messages
189
Trophies
0
XP
1,711
Country
United States
rajkosto said:
HacDiskMount - use your BIS keys and your RawNand.bin (or the physical eMMC attached via microSD reader or using a mass storage gadget mode in u-boot/linux) to dump, restore or REAL-TIME MOUNT AND EXPLORE/MODIFY partitions from the dump file or attached physical device !
Click to expand...

Could this be used to remove the "Super Nag" flag? This could be great for people who are on lower system firmwares who were effected by this.

https://gbatemp.net/threads/importa...ges-to-block-web-applets-from-working.502431/
 
rajkosto

rajkosto

Well-Known Member
OP
Member
Level 11
Joined
Apr 6, 2017
Messages
819
Trophies
1
XP
2,775
Country
It doesn't go there. HacDiskMount does not do anything with regards to boot0/boot1. If you want to readout keyblobs from your boot0 check out hactool with --infile=keygen
 
Imancol

Imancol

Otak Productions
Member
Level 11
Joined
Jun 29, 2017
Messages
1,376
Trophies
0
XP
2,774
Country
Colombia
rajkosto said:
It doesn't go there. HacDiskMount does not do anything with regards to boot0/boot1. If you want to readout keyblobs from your boot0 check out hactool with --infile=keygen
Click to expand...
Try your latest version of BiskeyDump and I could not not know if it should be executed first with TegraRMCSmash 1101 and then in CMD write the argument or just write the argument in CMD. Could you please guide me?
 
Imancol

Imancol

Otak Productions
Member
Level 11
Joined
Jun 29, 2017
Messages
1,376
Trophies
0
XP
2,774
Country
Colombia
Use this command with the version biskeydumpV6 and TegraCMSSmash 1.1.0.1

Code: 
TegraRcmSmash.exe -w biskeydump.bin BOOT:0x0
 
Addconsult

Addconsult

Well-Known Member
Newcomer
Level 2
Joined
Apr 29, 2018
Messages
61
Trophies
0
Age
40
XP
197
Country
Sweden
Tried to get the biskeys with tegrarcm and biskeydump.bin as payload. Nothing happens after "uploading payload". Fusee payload works and hekate payload too. I tried the newest version of tegrarcm and the version before that. Same issue. Launched it with
TegraRcmSmash.exe -w biskeydump.bin BOOT:0x0
AND
Without the "boot" flag. Running Switch FW 4.0.1

Anyone know a solution ? I have reinstalled APX drivers several times and rebooted. Also tried different usb ports (Same computer).
 

Site & Scene News

Go to forum More news

Popular threads in this forum

Emulation Homebrew  duckstation for Switch

Can you trade in a banned switch for an unbanned one?

Why is Atmosphere so dominant?

Hacking Misc Tutorial  Eiyuden Chronicle Hundred Heroes save editing

Hacking  Weird findings from that DQ trilogy switch port

Migswitch backups without certificate files

Help a noob with if I need to update CFW to 18.0 or not

Emulation Misc  Is a totk memory editor possible? If so why has no one made one yet?

General chit-chat
Help Users
  • No one is chatting at the moment.
  • K3Nv2 @ K3Nv2:
    https://www.newegg.com/p/0D9-002V-0...=snc-social-_-sr-_-0D9-002V-00AA1R-_-05202024
  • SylverReZ @ SylverReZ:
    @mthrnite, Cheetah Girls, the sequel to Action 52's Cheetah Men.
     +2
  • Psionic Roshambo @ Psionic Roshambo:
    Pokemon Black I played that one a lot
  • K3Nv2 @ K3Nv2:
    Honestly never messed with Pokémon on ds much
  • mthrnite @ mthrnite:
    I played pokemon once, was bored, never tried again
  • Psionic Roshambo @ Psionic Roshambo:
    Oh Dragon Quest IX
  • K3Nv2 @ K3Nv2:
    Spent like 5 hours on switch one never touched it again
  • Psionic Roshambo @ Psionic Roshambo:
    Sentinel of the stary skies
  • K3Nv2 @ K3Nv2:
    Ds is 20 years old this year
  • Psionic Roshambo @ Psionic Roshambo:
    So MJ no longer wants to play with it?
  • K3Nv2 @ K3Nv2:
    He put it down when the 3ds came out
  • K3Nv2 @ K3Nv2:
    https://youtube.com/shorts/eTlZ0qcSZf4?si=0vpkdIWplaLMFVqv
  • K3Nv2 @ K3Nv2:
    https://youtu.be/40XQ8L9wsCA?si=GzpPBaHQQLU0plt_ Neat
  • SylverReZ @ SylverReZ:
    @K3Nv2, RIP Felix does great videos on the PS3 yellow-light-of-death.
  • Jayro @ Jayro:
    Eventhough the New 3DS XL is more powerful, I still feel like the DS Lite was a more polished system. It's a real shame that it never got an XL variant keeping the GBA slot. You'd have to go on AliExpress and buy an ML shell to give a DS phat the unofficial "DS Lite" treatment, and that's the best we'll ever get I'm afraid.
     +1
  • Jayro @ Jayro:
    The phat model had amazingly loud speakers tho.
     +1
  • SylverReZ @ SylverReZ:
    @Jayro, I don't see whats so special about the DS ML, its just a DS lite in a phat shell. At least the phat model had louder speakers, whereas the lite has a much better screen.
     +1
  • SylverReZ @ SylverReZ:
    They probably said "Hey, why not we combine the two together and make a 'new' DS to sell".
  • Veho @ Veho:
    It's a DS Lite in a slightly bigger DS Lite shell.
     +1
  • Veho @ Veho:
    It's not a Nintendo / iQue official product, it's a 3rd party custom.
     +1
  • Veho @ Veho:
    Nothing special about it other than it's more comfortable than the Lite
    for people with beefy hands.
     +1
  • Jayro @ Jayro:
    I have yaoi anime hands, very lorge but slender.
  • Jayro @ Jayro:
    I'm Slenderman.
  • Veho @ Veho:
    I have hands.
  • Veho @ Veho:
    king-shark-hand.gif
    +1
    Veho @ Veho: +1