Homebrew Discussion Possibility of completely rebuilding nand any time soon?

gamesquest1

gamesquest1

Nabnut
OP
Former Staff
Level 22
Joined
Sep 23, 2013
Messages
15,153
Trophies
2
XP
12,247
Just wondering if anyone has any idea how far away we are (or if it will ever be possible) to completely rebuild a nand from nothing

basically I got hold of another broken switch and unfortunately it seems the original owner decided to try replace the batter and for some reason removed the emmc module and lost it
sm7_facepalm.gif
, I'm wondering if there is any technical reasoning why it wouldn't be possible to rebuild a donor nand for the system to restore it back to life with zero backups etc, I'm assuming it will probably be possible soon enough but just wondered if there is anything I'm overlooking

I'm guessing there may be some issue with console specific certs or something, but assuming we could use donor files from another switch, I'm also assuming I should be able to read out the fuse values to figure out what FW the system should be running

I just hate swing things that would otherwise function, completely dead over something that *should* be fixable
 
  • Like
Reactions: vastrolorde and Centergaming
D

Deleted-442439

Guest
I am not completely sure about the specifics of the crypto, but my understanding is that console specific stuff is only required for OFW, Fusee Gelee can patch out the checks (needs to be repeated on every boot) so without the emmc you could still boot with emunand from a SD card.

As for reconstructing a emmc to function normally the console specific stuff is apparently stored on the NAND itself so without it I don't think you can extract the necessary information from anywhere else on the system.

Someone with the right knowledge could give a better answer, but the above is at least the way I have understood it.
 
RHOPKINS13

RHOPKINS13

Geek
Member
Level 11
Joined
Jan 31, 2009
Messages
1,359
Trophies
2
XP
2,647
Country
United States
Pretty sure the nand contents are encrypted with a different key for each console. Without any way of getting that key, you don't have any chance at rebuilding that nand.

It may be possible in the future though. Maybe you can dump whatever key is needed while in RCM mode, or maybe with emunand you can boot a decrypted nand from SD. Or maybe they come up with something like CTRTransfer for Switch.

While plausible, I think you're going to be waiting a long time before any of these solutions are released. But I could be wrong, I would ask in the ReSwitched Discord about Atmosphere's emunand capabilities.
 
gamesquest1

gamesquest1

Nabnut
OP
Former Staff
Level 22
Joined
Sep 23, 2013
Messages
15,153
Trophies
2
XP
12,247
jjbredesen said:
I am not completely sure about the specifics of the crypto, but my understanding is that console specific stuff is only required for OFW, Fusee Gelee can patch out the checks (needs to be repeated on every boot) so without the emmc you could still boot with emunand from a SD card.

As for reconstructing a emmc to function normally the console specific stuff is apparently stored on the NAND itself so without it I don't think you can extract the necessary information from anywhere else on the system.

Someone with the right knowledge could give a better answer, but the above is at least the way I have understood it.
Click to expand...
yeah I know the nand would be console uniquely encrypted, but those keys will be derived from the CPU I assume, so I assume it would be possible to dump those via RCM and then use them to encrypt the rebuilt image similar to how it was done on the 3ds
RHOPKINS13 said:
Pretty sure the nand contents are encrypted with a different key for each console. Without any way of getting that key, you don't have any chance at rebuilding that nand.

It may be possible in the future though. Maybe you can dump whatever key is needed while in RCM mode, or maybe with emunand you can boot a decrypted nand from SD. Or maybe they come up with something like CTRTransfer for Switch.

While plausible, I think you're going to be waiting a long time before any of these solutions are released. But I could be wrong, I would ask in the ReSwitched Discord about Atmosphere's emunand capabilities.
Click to expand...
yeah I realise this is probably the most weird and less likely to be tackled for a while, but figured it might be worth spitballing to see if I'm overlooking something critical that would make it not possible
 
Last edited by gamesquest1,
D

Deleted-442439

Guest
gamesquest1 said:
yeah I know the nand would be console uniquely encrypted, but those keys will be derived from the CPU I assume, so I assume it would be possible to dump those via RCM and then use them to encrypt the rebuilt image similar to how it was done on the 3ds

yeah I realise this is probably the most weird and less likely to be tackled for a while, but rigured it might be worth spitballing to see if I'm overlooking something critical
Click to expand...

I believe those keys are the BIS keys used to decrypt a backup.They can be derived with a payload made by @rajkosto , perhaps they can be used to encrypt someone else's backup?

Download: https://switchtools.sshnuke.net/
 
gamesquest1

gamesquest1

Nabnut
OP
Former Staff
Level 22
Joined
Sep 23, 2013
Messages
15,153
Trophies
2
XP
12,247
jjbredesen said:
I believe those keys are the BIS keys used to decrypt a backup.They can be derived with a payload made by @rajkosto , perhaps they can be used to encrypt someone else's backup?

Download: https://switchtools.sshnuke.net/
Click to expand...
yeah I was thinking of giving something like that a shot(although I'm guessing it may be similar to the 3DS where stuff needs to be fixed before it will be accepted by the host system), but just got to swap the battery over to another switch as it doesn't charge in RCM mode, fingers crossed its not just a totally dead system :rofl2:.....although it does solve the problem of me wanting to revive it
 
D

Deleted-442439

Guest
gamesquest1 said:
yeah I was thinking of giving something like that a shot(although I'm guessing it may be similar to the 3DS where stuff needs to be fixed before it will be accepted by the host system), but just got to swap the battery over to another switch as it doesn't charge in RCM mode, fingers crossed its not just a totally dead system :rofl2:.....although it does solve the problem of me wanting to revive it
Click to expand...

Yeah I presume not all the binaries would just work out of the box, but with a few tweaks (presumably a few other bytes that would need to be configured for the host unit) I don't see why it would not work.

I do think it would be a very tedious process though.
 
rajkosto

rajkosto

Well-Known Member
Member
Level 11
Joined
Apr 6, 2017
Messages
819
Trophies
1
XP
2,775
Country
savedata is device specific and not reverse engineered so dont know which bytes need to be recalculated with new device's key if you are transplating it...
without system savedata you just get a black screen after (Nintendo) logo

other than that, normal system operation requires PRODINFO, which is ALL device specific data only creatable by nintendo
 
Last edited by rajkosto,
Reecey

Reecey

Mario 64 (favorite game of all time)
Member
Level 14
Joined
Mar 7, 2010
Messages
5,870
Trophies
2
Location
At Home :)
XP
4,475
Country
I’m not sure if I’m correct here but can you not buy a complete eMMC module and plug it in I thought you could? Try ebay GQ I’m sure they sell them. Yes eBay have loads put in Nintendo switch eMMC there’s loads for sale. Is that what you want? Not sure?
 
Last edited by Reecey,
gamesquest1

gamesquest1

Nabnut
OP
Former Staff
Level 22
Joined
Sep 23, 2013
Messages
15,153
Trophies
2
XP
12,247
ok, well thanks for the input, seems there may be something else wrong with the system, idk if its a broken charge IC as it doesn't seem to be detected by windows, but it does seem to be warming up like its on, might be why the original owner was trying to change the battery not realising the charge IC was broken

just wondering if people know if the charge IC being broken would also mean it would not interface via USB, I'm assuming so but idk, kinda means its on the back, back, back burner for now :P
 
NO_ob

NO_ob

Well-Known Member
Member
Level 3
Joined
Apr 16, 2017
Messages
155
Trophies
0
Age
25
XP
306
Country
RHOPKINS13 said:
Pretty sure the nand contents are encrypted with a different key for each console. Without any way of getting that key, you don't have any chance at rebuilding that nand.

It may be possible in the future though. Maybe you can dump whatever key is needed while in RCM mode, or maybe with emunand you can boot a decrypted nand from SD. Or maybe they come up with something like CTRTransfer for Switch.

While plausible, I think you're going to be waiting a long time before any of these solutions are released. But I could be wrong, I would ask in the ReSwitched Discord about Atmosphere's emunand capabilities.
Click to expand...
you can already dump the keys if you look at the tutorial for getting exefs on lower fws you dump the keys i'm pretty sure you can decrypt all partitions with these
 
Prince ofhell

Prince ofhell

Well-Known Member
Member
Level 4
Joined
Sep 16, 2016
Messages
180
Trophies
0
Age
43
XP
509
Country
Syria
N:wtf:b said:
you can already dump the keys if you look at the tutorial for getting exefs on lower fws you dump the keys i'm pretty sure you can decrypt all partitions with these
Click to expand...

the prodinfo is the big problem it's the key for every thing if you rebuild the system and the user and the safe and the prodinfo is still faulty the switch will be stuck on the logo so you need a way to rebuild the prodinfo and prodinfof

tell now you don't have a way to rebuild a wii u nand if the key's are lost ... i guess you should forget about that switch .... i have a smiler switch with a prodinfo damaged tell now no answer for how to rebuild the prodinfo partition
 
Last edited by Prince ofhell,
Prince ofhell

Prince ofhell

Well-Known Member
Member
Level 4
Joined
Sep 16, 2016
Messages
180
Trophies
0
Age
43
XP
509
Country
Syria
if you got the keys for the fuse.bin and the tsec_keys.bin so buck up of those 2 is 50% of the work
buckup the prodinfo and prodinfof is the other 50% of work

so to rebuild any cfw you will need a fuse.bin and the tsec_keys.bin ... prodinfo and prodinfof.bin this 4 fils can do the magic work
 
linuxares

linuxares

The inadequate, autocratic beast!
Global Moderator
Level 26
Joined
Aug 5, 2007
Messages
13,371
Trophies
2
XP
18,290
Country
Sweden
Trying to repair the prodinfo is something some hackers have tried to figure out. So far, no luck. I still think there must be an algoritm how they're made. That they match hardware etc inside the Switch. Is the TSEC the one that confirms the prodkeys are correct? What is deciding prodinfo are valid keys or not?
 

Site & Scene News

Go to forum More news

Popular threads in this forum

Emulation Homebrew  duckstation for Switch

Can you trade in a banned switch for an unbanned one?

Why is Atmosphere so dominant?

Hacking Misc Tutorial  Eiyuden Chronicle Hundred Heroes save editing

Hacking  Weird findings from that DQ trilogy switch port

Migswitch backups without certificate files

Help a noob with if I need to update CFW to 18.0 or not

Emulation Misc  Is a totk memory editor possible? If so why has no one made one yet?

General chit-chat
Help Users
  • No one is chatting at the moment.
  • BigOnYa @ BigOnYa:
    Biomutant looks cool tho, may have to try that
  • Quincy @ Quincy:
    Usually when such a big title leaks the Temp will be the first to report about it (going off of historical reports here, Pokemon SV being the latest one I can recall seeing pop up here)
  • K3Nv2 @ K3Nv2:
    I still like how a freaking mp3 file hacks webos all that security defeated by text yet again
  • BigOnYa @ BigOnYa:
    They have simulators for everything nowdays, cray cray. How about a sim that shows you playing the Switch.
  • K3Nv2 @ K3Nv2:
    That's called yuzu
     +1
  • K3Nv2 @ K3Nv2:
    https://www.verizon.com/home/intern...0a82b82a&vendorid=CJM&PID=552179&AID=11365093 can I cancel and keep the switch lol
     +1
  • BigOnYa @ BigOnYa:
    I want a 120hz 4k tv but crazy how more expensive the 120hz over the 60hz are. Or even more crazy is the price of 8k's.
  • K3Nv2 @ K3Nv2:
    No real point since movies are 30fps
  • BigOnYa @ BigOnYa:
    Not a big movie buff, more of a gamer tbh. And Series X is 120hz 8k ready, but yea only 120hz 4k games out right now, but thinking of in the future.
  • K3Nv2 @ K3Nv2:
    Mostly why you never see TV manufacturers going post 60hz
  • BigOnYa @ BigOnYa:
    I only watch tv when i goto bed, it puts me to sleep, and I have a nas drive filled w my fav shows so i can watch them in order, commercial free. I usually watch Married w Children, or South Park
  • K3Nv2 @ K3Nv2:
    Stremio ruined my need for nas
  • BigOnYa @ BigOnYa:
    I stream from Nas to firestick, one on every tv, and use Kodi. I'm happy w it, plays everything. (I pirate/torrent shows/movies on pc, and put on nas)
  • K3Nv2 @ K3Nv2:
    Kodi repost are still pretty popular
  • BigOnYa @ BigOnYa:
    What the hell is Kodi reposts? what do you mean, or "Wut?" -xdqwerty
  • K3Nv2 @ K3Nv2:
    Google them basically web crawlers to movie sites
  • BigOnYa @ BigOnYa:
    oh you mean the 3rd party apps on Kodi, yea i know what you mean, yea there are still a few cool ones, in fact watched the new planet of the apes movie other night w wifey thru one, was good pic surprisingly, not a cam
  • K3Nv2 @ K3Nv2:
    https://www.aliexpress.us/item/3256...acdffdfd18f8a017742186da306980d9cf365d&gclid= lol ali
     +1
  • BigOnYa @ BigOnYa:
    Damn, only $2.06 and free shipping. Gotta cost more for them to ship than $2.06
  • BigOnYa @ BigOnYa:
    I got my Dad a firestick for Xmas and showed him those 3rd party sites on Kodi, he loves it, all he watches anymore. He said he has got 3 letters from AT&T already about pirating, but he says f them, let them shut my internet off (He wants out of his AT&T contract anyways)
  • K3Nv2 @ K3Nv2:
    That's where stremio comes to play never got a letter about it
  • BigOnYa @ BigOnYa:
    I just use a VPN, even give him my login and password so can use it also, and he refuses, he's funny.
  • BigOnYa @ BigOnYa:
    I had to find and get him an old style flip phone even without text, cause thats what he wanted. No text, no internet, only phone calls. Old, old school.
  • K3Nv2 @ K3Nv2:
    https://youtu.be/z9E_uv5IT-o?si=0qMdVEnRK8mmclzS
  • K3Nv2 @ K3Nv2:
    @BigOnYa, https://m.youtube.com/watch?v=qRJog...com/&source_ve_path=MjM4NTE&feature=emb_title
    K3Nv2 @ K3Nv2: @BigOnYa...