****************************************************************************************

Hello there, with all the fuss created by the DCMA plea of the N to iTotalJustice, I think this little compendium will help somebody.

For now the sigpatches for all firmware and Atmosphère can be downloaded from Sigpatches for Atmosphere (Hekate, fss0, fusee & package3) thread here on GBATemp

@mrdude is working on new set of programs running in Windows and will not need Python at all, keep an eye on his thread.
And @dogcsty is working on a Homebrew capable of generate the sigpatches on the console directly.
Booth applications are getting almost end-user maturity.

@mrdude release the Sigpatch IPS Creator New store, allowing to generate any new patches for any firmware and Atmosphère without need of updating the software.

For using the new Sigpatch IPS Creator you need:

Spoiler: Download the Program

1. Download the latest version from github.
   Now is on:
   
   
2. Right click the recent downloaded file, and select properties:
   
   , then unblock the file:
   
   , this is a «security» measure of windows, marking down the downloaded files as insecure even if they are safe.
3. Extract the file to a folder on your hard drive, by example c:\IPSCreator
   

Spoiler: Run the program for the first time

1. At the first run of "IPS_Patch_Creator.exe " you may get a warning:
   
   because is a «unrecognized app» meaning MrDude has not payed thousands of dollars to Microsoft for «authenticate» the app, so you should press «Run anyway» button to run the program. If you don't trust you can use a real antivirus (no defender) and check the file.
2. At the first start of the program, you are welcomed with a few configurations:
   
   By now you can choose the defaults and press «Save» button.
   This configurations are for future firmwares, more explanation on the post by MrDude. After press «Save» you are asked to save the config
   
   press yes to commit the config to disk.

Spoiler: Provide Console encryption Keys

1. The program require you to provide the encryption set of keys for the console. There are several ways to get them:
   1. using Lockpick_RCM, follow the guide:https://gbatemp.net/threads/how-to-get-switch-keys-for-hactool-xci-decrypting.506978/ OR https://nh-server.github.io/switch-guide/user_guide/emummc/making_emummc/
   2. Inside the program on the «Help» -> «Online Information», there are a set of cypher URLs one of them is very useful.
   3. Using web search.
2. When you run the program without the needed keys, it prompts:
   
   , if you press "yes" a KEYS.DAT file is created for you on the tools sub-folder, you can edit the file and put the values or use the KeyData tab to write the values of your PROD.KEYS file:
   
   

You can use the tabs «Loader», «ES», «ES2», «FS» and «NFIM» to create the patches.
On each tab there is a button named «Make Patch», you can use the button to browse for the needed files or folder, also you can drag and drop to that button the files or folder from an explorer window.
On each you can generate a different set of patches:

Loader
On this tab you can generate the patches set for Atmosphère.
Loader Patch are Required for:

• Running NRO Forwarders and Installed homebrews.
• Running Installed XCI games.

Loader patch not required to:

• Run (some) previously installed NSP. (if valid tickets exist)
• Run non installed homebrew.
• Install NSP/XCI - (but will not run these if a valid ticket does not exist).

In order to create the patches, you need to provide the path to fusee-secondary.bin or package3 file. Could be an official one or compiled by yourself.
Only Atmosphère 0.8.5 and newer are supported.

The generated patches are on the folder \atmosphere\kip_patches\loader_patches and the file \bootloader\patches.ini relative to the folder where IPS Patch Creator is run.

ES & ES2
ES patches stand for Eticket Services.
ES Patches are required to:

• These are needed for run and install raw and untouched NSP files either dumped from Nintendo's CDN or someone's console.
• ES patches are additionally needed to run pirated commercial NSPs.

ES Patches are NOT required to:

• Run installed XCI
• Run installed NRO forwarders.
• Run homebrew
• Install XCI files.

For creating the patches, you need to provide the path to the folder with the files of a firmware for console.
Works only for firmware 9.0.1 and above.

Both tabs generate the same sigpatches, using different algorithms, ES uses an algorithm what patches only on a spot, is traditionally know as «Alternate».
ES2 uses the original algorithm which patches on three different spots. Both of them works the same and is up to you which one to use, is more a manner of preference because they are equivalent.

The sigpatches are generated on the sub-folder \atmosphere\exefs_patches\es_patches\ where the IPS Patch Creator is run.

FS
FS is short for fs_nosigchk.
FS Patches required to:

• Run installed XCI/NRO forwarders, and will give a corruption error when trying to run the installed XCI or NRO forwarder if no fs patches are applied or are wrong (you will also need to reinstall the game or nro forwarder if this happens).
• The FS patches allow the usage of converted NSP files, such as homebrew on NSP files or converted XCI files.
• FS patches are required to install/run NSP and XCI (without needing to convert the header) files.

Fs Patches not required to:

• Run installed NSP files with valid tickets.
• Run Homebrew
• Install NSP/XCI - (with a valid header)

Only firmware 9.0.1 and above is supported.

The generated IPS files are on the sub-folder \atmosphere\kip_patches\fs_patches and the file \bootloader\patches.ini

NFIM
The NFIM patches, know as nfim_ctest, where «ctest» is short for Connection Test, are patches for skip the internet connection test, So you can play on a LAN without being online.
All current firmware versions are supported.

The patches are generated on the sub-folder \atmosphere\exefs_patches\nfim_ctest\

Once all the patches you want are generated, you can copy the folders atmosphere and bootloader to the root of your SD Card.

A very helpful feature is the possibility of upload the patches to your console using FTP, before you can use, you need to config the connection data:

,

,

once you put the correct IP address of your console and the user/password to connect you can push "save".

Then use the ftp feature to send the patches:

.



If you like to generate the patches directly on the console, @dogcsty is working on a Homebrew for that.

----To Do: add steps for the Homebrew ----



****************************************************************************************

With these new applications the use of the Old Python scripts is deprecated and useful only for historians

If you really want run the scripts you can use the

Spoiler: Old Python Scripts

This steps help you to build a new version of sigpatches if new firmware or Atmosphère is released or if you compile Atmosphère from source and make changes like add a new bootlogo @binkinator explain us how to do that on https://gbatemp.net/threads/custom-boot-logo-for-switch.569031/post-9839714

First at all thank you very much to @mrdude for his hard work, really to him belong all the credit.

On the thread Info on SHA-256 hashes on FS patches mrdude explain how the patches are created and share with all of us his work and his scripts to create new sigpatches.

For that scripts works you need Python, first step get python:

Spoiler: Installing Python

Download and install Python, for Windows you can use https://www.python.org/downloads/, but be sure of select the option «Add Python 3.XX to PATH».

After you have a Python environment working, open a command line (CMD.EXE) and execute the next commands, in order to get the prerequisites of the scripts:

python.exe -m pip install --upgrade pip
pip install bitstring

Download the latest version of the scripts on the thread (https://gbatemp.net/threads/info-on-sha-256-hashes-on-fs-patches.581550/post-9783677) for now they are on the post # 205.

Uncompress the file «AutoIPS-Patcher.zip» on a local folder, for example, «C:\AUTOIPS», must look like:

Then copy your prod.keys file to the folder «c:\AutoIPS\scripts\» and rename it «keys.dat» IMPORTANT IF YOU USE EXPLORER BE SURE THE EXTENSIONS AREN'T HIDDEN, SO YOU DON'T END WITH keys.dat.keys file instead of keys.dat

Tip from @User154 , you can get your prod.keys files using Lockpick_RCM, follow the guide: https://nh-server.github.io/switch-guide/user_guide/emummc/making_emummc/

Get the files for the firmware you want to create, darthsternie it's you pal, or you can use NXDumpTool, TegraExplorer or GoldLeaf to dump the current firmware to the SD Card on your console. Extract all files to a local path, by example, «C:\FW1412», your folder must look like:

Download the latest Atmosphère files from https://github.com/Atmosphere-NX/Atmosphere/releases , and extract «atmosphere\package3» to a local path, by example: «C:\ATM132».

On a command line go to the folder where you extract AutoIPS and execute the command «Python MENU.PY»:

C:\AutoIPS>python menu.py
=========================================================================
Make sure you have keys.dat in the scripts folder. Menu/Scripts by MrDude
=========================================================================
1.Make Atmosphere-NX Loader Patch
2.Make ES Patch and FS Patches
3.Make ES Patch
4.Make Alt Beta ES Patch
5.Make ES NFIM Patch
6.Make FS Patches
7.Toggle Debug info
8.NCA info
9.Exit/Quit

What would you like to do?

I recommend to select the option «7» in order to enable information on screen.

Then you can select the option «1» to generate sigpatches for Atmosphère, when asked for the «fusee-secondary.bin or package3» files, write down the path where Atmosphère was extracted, on this example: «c:\ATM132\package3».

You can use the option «2» to generate sigpatches for the firmware, when asked for the firmware path, use the one where you extract firmware files, on this example: «C:\FW1412».

Tip from @masagrator, also you can drag from a File Explorer window the folder of firmware and the package3 file to the command line window, then the full path is written for you on the command line, avoiding typos.

For Windows 10 and Windows 11 this ONLY works if you start the CMD as normal user, if your CMD.EXE was started as Administrator, do not work because explorer ALWAYS run as standard user and a standard user window can not send data to a Administrator one.

Tip from @subcon959 : if you put package3 in the scripts folder and then put the firmware files in a folder called firmware and put that in the scripts folder too, then you can just press enter when the menu asks for them instead of dragging or typing anything.

TESTED AND WORKS LIKE A CHARM!


The next examples shows the result of the executions:

If everything goes well you end with the folder «c:\AutoIPS\scripts\output» inside that folder should be a folder named «Atmosphere» that folder should be copied to the root of your SD card; and a file called «patches.ini» which goes to the «SD:/BOOTLOADER» path of your SD Card.

Its possible to see a bunch of Warnings «[WARN]» about to match key, some like:

are WARNINGS and you need no to worry about that, it's just you have more keys on the Keys.dat file than needed so ignore them.

If you get errors, verify the location of the «KEYS.DAT» file and the path you give for the Atmosphère files and firmware folder. DO NOT ADD EMPTY SPACES AT END OF THE PATHS.

-Edit 1:-
Correcting a typo and adding suggestions from other users; the great of this community!
And trying to be sure the credit goes to @mrdude him is the one what make the hard work and investigation.

-Edit 2-
add a video of dragging names and UAC restriction. and the good news from MrDude.

-Edit 3-
Adding new homebrew app.

-Edit 4-
Creating steps for the new App., To do: steps for console homebrew.

 

[binkinator]

I have installed a modchip in my switch myself (trinket) and provided it with a preboot loader (mattytrogs method).
I have dumped my keys with lockpick and this is not the first time I have done this .

But this should do the trick, my dump file (prod.keys) has no _0e part.

https://gbatemp.net/threads/how-to-create-your-own-sigpatches.616288/post-9968464

i'll try it out later.

Edit: the obviously never version of lockpick_rcm.bin creates a prod.keys dump which ist 14 instead of 13 kilobytes in size and the _0e part is also included, the ips creator works now as expected. thank you @binkinator and @mrdude.

my old lockpick_rcm binary was the one from here https://github.com/shchmue/Lockpick_RCM/releases/tag/v1.9.8.

Trinket Squad!

Glad you’re sorted.

thanks to @impeeza for sharing the link to the updated Lockpick_RCM. The official one has not been updated to FW15.0.0 (yet).

 

[Purple_Heart]

Do you have the _0e keys? Double check inside the prod.keys to be sure it’s not just _0d keys.

If not, grab this version of Lockpick_RCM and dump agin to see if that gives you a different file with _0e lines this time.

redownloaded the program now it works somehow.

 

[impeeza]

Trinket Squad!

Glad you’re sorted.

thanks to @impeeza for sharing the link to the updated Lockpick_RCM. The official one has not been updated to FW15.0.0 (yet).

Dezem put a Pull Request to shchmue repo. the PR was accepted 6 days ago but no new release yet. you can clone the original https://github.com/shchmue/Lockpick_RCM repo and compile and will generate the latest version with FW 15 support

 

[hippy dave]

Has anyone had contact with @dogcsty - is he still working on his homebrew sigpatch generator or has he scrapped it?

 

[linuxares]

Dezem put a Pull Request to shchmue repo. the PR was accepted 6 days ago but no new release yet. you can clone the original https://github.com/shchmue/Lockpick repo and compile and will generate the latest version with FW 15 support

Just a correction, right URL is https://github.com/shchmue/Lockpick_RCM/

 

[linuxares]

I've built a lockpick_rcm version from the official git if anyone is willing to try.

 

[BeckysFootSlave]

Trinket Squad!

Glad you’re sorted.

thanks to @impeeza for sharing the link to the updated Lockpick_RCM. The official one has not been updated to FW15.0.0 (yet).

Yes that's right!
Original is updated in source but not compiled because he wants to improve something in case of Modchip (if I'm right)

Think release is incoming next days/week!

 

[Noander]

Just curious question fist of nice But why would you want this? There's always very fast new sigpatch

 

[Draxzelex]

Just curious question fist of nice But why would you want this? There's always very fast new sigpatch

Because Nintendo issued a DMCA for the sites that distribute patches so no one is allowed to link patches anymore. If you see any post that links a site with patches, then its going to be removed very shortly. Patches are probably still being made fast because a tutorial like this exists so as soon as a new firmware comes out, anybody can make them.

 

[Deleted member 523475]

Because Nintendo issued a DMCA for the sites that distribute patches so no one is allowed to link patches anymore. If you see any post that links a site with patches, then its going to be removed very shortly. Patches are probably still being made fast because a tutorial like this exists so as soon as a new firmware comes out, anybody can make them.

They are all uploaded to gbatemp here: https://gbatemp.net/threads/sigpatches-for-atmosphere-hekate-fss0-fusee-package3.571543/
And based on their comment, it sounds like the already found the site that always has new patches up within minutes, anyway.

 

[HelloShitty]

IS there any option for Linux users to create Sigpatches?

 

[binkinator]

IS there any option for Linux users to create Sigpatches?

The apps is windows only. You can compile the tools in @impeeza ’s guide for Linux. I think the whole stack and this the process would be reproducible but you would be on your own to piece it together. That’s current state of the union. Perhaps you could write a Linux tut after you’re done?

e: look under OP for: Spoiler: Old Python Scripts

i believe the only thing outside modifying some simple Python code would be a working hactool executable on Linux.

 

[seany1990]

Can somebody please screenshot their config for 15.0. I used the default but it is throwing errors for es patches

 

[binkinator]

Can somebody please screenshot their config for 15.0. I used the default but it is throwing errors for es patches
View attachment 336799

Did you dump your keys with the latest lockpick_RCM?

Please check that you have a _0e key (and not just a _0d)

More info here: https://gbatemp.net/threads/switch-noob-paradise-ask-questions-here.488277/post-9990139

 

[seany1990]

Did you dump your keys with the latest lockpick_RCM?

Please check that you have a _0e key (and not just a _0d)

More info here: https://gbatemp.net/threads/switch-noob-paradise-ask-questions-here.488277/post-9990139

Okay I've gone horrendously wrong but thank you, that has been a big help

Post automatically merged: Nov 11, 2022

Okay so I have all patches except nfim_ctest
this is the error I get:
Unable to find the NFIM nca file.

It's possible that you need to update keys.dat with the latest key to decrypt the file.

edit: I havent done anything to the firmware folder and Im using the same prod.key which I used for the other patches
edit2: I am dumping my sysnand key (through lockpick_rcm) because my emunand attempt also threw errors. I do use emunand and I don't know if daybreak updates both so maybe thats the reason.

 

[urherenow]

The problem with not locating dec-Loader.bin is back. hactool is not found if I try to run it from cmd, so that's not the problem.

EDIT: Damn. All sorted. Found the answer by reading my own post in the other sigpatches thread. This thing does NOT like keys in your profile's .switch folder. Mental note: I renamed the files there, so hactool wouldn't find them. This takes care of the decrypting issues, which is still a bug IMHO, because before finding my old post and renaming them, I overwrote keys.dat with the exact one from /tools.

 

[mrdude]

The problem with not locating dec-Loader.bin is back. hactool is not found if I try to run it from cmd, so that's not the problem.

EDIT: Damn. All sorted. Found the answer by reading my own post in the other sigpatches thread. This thing doesn NOT like keys in your profile's .switch folder. Mental note: I renamed the files there, so hactool wouldn't find them. This takes care of the decrypting issues, which is still a bug IMHO, because before finding my old post and renaming them, I overwrote keys.dat with the exact one from /tools.

That's down to hactool, that's where it checks for your keyfile - you can mod hactool source code and build it yourself to remove the check .switch folder. It's not a bug, you should read hactool docs.

 

[urherenow]

That's down to hactool, that's where it checks for your keyfile - you can mod hactool source code and build it yourself to remove the check .switch folder. It's not a bug, you should read hactool docs.

but again, the keyfile was the exact file in both places. There is no reason why it shouldn't work correctly. It was you who modified the hactool that comes with the patch creator. I'm not going to slam you or your tool, because it works and I'm extremely grateful, but it is a bug, and you created that bug (somehow). I simply haven't seen the same issue with other things that use official hactool.

 

[mrdude]

but again, the keyfile was the exact file in both places. There is no reason why it shouldn't work correctly. It was you who modified the hactool that comes with the patch creator. I'm not going to slam you or your tool, because it works and I'm extremely grateful, but it is a bug, and you created that bug (somehow). I simply haven't seen the same issue with other things that use official hactool.

Mod code in hactool - Utils.c - https://github.com/SciresM/hactool/blob/master/utils.c

go to line 262 and look at the routine for loading key files, as I said - it's down to hactool source. You can mod this yourself to skip where hactool looks for keys. I only modded hactool to make it faster by ommiting some output, by adding an extra command line option. I didn't mess with where it checks for keys.

 

[urherenow]

Mod code in hactool - Utils.c - https://github.com/SciresM/hactool/blob/master/utils.c

go to line 262 and look at the routine for loading key files, as I said - it's down to hactool source. You can mod this yourself to skip where hactool looks for keys. I only modded hactool to make it faster by ommiting some output, by adding an extra command line option. I didn't mess with where it checks for keys.

Edit: As a result of me dumping keys from both emmc and emuemmc, I had a few duplicate keys in title.keys, and this was causing hactool to hang.

Using hactoolnet has no such issue. I only tried the loader patch just now... I suppose everything else will work too without whatever modifications you made to hactool? Now I'm wondering why you include a modified hactool, instead of simply using (or telling us to use) hactoolnet.

Edit2: So loader patches work with hactoolnet, but currently ES patches only work with hactool. Darn.