****************************************************************************************

Hello there, with all the fuss created by the DCMA plea of the N to iTotalJustice, I think this little compendium will help somebody.

For now the sigpatches for all firmware and Atmosphère can be downloaded from Sigpatches for Atmosphere (Hekate, fss0, fusee & package3) thread here on GBATemp

@mrdude is working on new set of programs running in Windows and will not need Python at all, keep an eye on his thread.
And @dogcsty is working on a Homebrew capable of generate the sigpatches on the console directly.
Booth applications are getting almost end-user maturity.

@mrdude release the Sigpatch IPS Creator New store, allowing to generate any new patches for any firmware and Atmosphère without need of updating the software.

For using the new Sigpatch IPS Creator you need:

Spoiler: Download the Program

1. Download the latest version from github.
   Now is on:
   
   
2. Right click the recent downloaded file, and select properties:
   
   , then unblock the file:
   
   , this is a «security» measure of windows, marking down the downloaded files as insecure even if they are safe.
3. Extract the file to a folder on your hard drive, by example c:\IPSCreator
   

Spoiler: Run the program for the first time

1. At the first run of "IPS_Patch_Creator.exe " you may get a warning:
   
   because is a «unrecognized app» meaning MrDude has not payed thousands of dollars to Microsoft for «authenticate» the app, so you should press «Run anyway» button to run the program. If you don't trust you can use a real antivirus (no defender) and check the file.
2. At the first start of the program, you are welcomed with a few configurations:
   
   By now you can choose the defaults and press «Save» button.
   This configurations are for future firmwares, more explanation on the post by MrDude. After press «Save» you are asked to save the config
   
   press yes to commit the config to disk.

Spoiler: Provide Console encryption Keys

1. The program require you to provide the encryption set of keys for the console. There are several ways to get them:
   1. using Lockpick_RCM, follow the guide:https://gbatemp.net/threads/how-to-get-switch-keys-for-hactool-xci-decrypting.506978/ OR https://nh-server.github.io/switch-guide/user_guide/emummc/making_emummc/
   2. Inside the program on the «Help» -> «Online Information», there are a set of cypher URLs one of them is very useful.
   3. Using web search.
2. When you run the program without the needed keys, it prompts:
   
   , if you press "yes" a KEYS.DAT file is created for you on the tools sub-folder, you can edit the file and put the values or use the KeyData tab to write the values of your PROD.KEYS file:
   
   

You can use the tabs «Loader», «ES», «ES2», «FS» and «NFIM» to create the patches.
On each tab there is a button named «Make Patch», you can use the button to browse for the needed files or folder, also you can drag and drop to that button the files or folder from an explorer window.
On each you can generate a different set of patches:

Loader
On this tab you can generate the patches set for Atmosphère.
Loader Patch are Required for:

• Running NRO Forwarders and Installed homebrews.
• Running Installed XCI games.

Loader patch not required to:

• Run (some) previously installed NSP. (if valid tickets exist)
• Run non installed homebrew.
• Install NSP/XCI - (but will not run these if a valid ticket does not exist).

In order to create the patches, you need to provide the path to fusee-secondary.bin or package3 file. Could be an official one or compiled by yourself.
Only Atmosphère 0.8.5 and newer are supported.

The generated patches are on the folder \atmosphere\kip_patches\loader_patches and the file \bootloader\patches.ini relative to the folder where IPS Patch Creator is run.

ES & ES2
ES patches stand for Eticket Services.
ES Patches are required to:

• These are needed for run and install raw and untouched NSP files either dumped from Nintendo's CDN or someone's console.
• ES patches are additionally needed to run pirated commercial NSPs.

ES Patches are NOT required to:

• Run installed XCI
• Run installed NRO forwarders.
• Run homebrew
• Install XCI files.

For creating the patches, you need to provide the path to the folder with the files of a firmware for console.
Works only for firmware 9.0.1 and above.

Both tabs generate the same sigpatches, using different algorithms, ES uses an algorithm what patches only on a spot, is traditionally know as «Alternate».
ES2 uses the original algorithm which patches on three different spots. Both of them works the same and is up to you which one to use, is more a manner of preference because they are equivalent.

The sigpatches are generated on the sub-folder \atmosphere\exefs_patches\es_patches\ where the IPS Patch Creator is run.

FS
FS is short for fs_nosigchk.
FS Patches required to:

• Run installed XCI/NRO forwarders, and will give a corruption error when trying to run the installed XCI or NRO forwarder if no fs patches are applied or are wrong (you will also need to reinstall the game or nro forwarder if this happens).
• The FS patches allow the usage of converted NSP files, such as homebrew on NSP files or converted XCI files.
• FS patches are required to install/run NSP and XCI (without needing to convert the header) files.

Fs Patches not required to:

• Run installed NSP files with valid tickets.
• Run Homebrew
• Install NSP/XCI - (with a valid header)

Only firmware 9.0.1 and above is supported.

The generated IPS files are on the sub-folder \atmosphere\kip_patches\fs_patches and the file \bootloader\patches.ini

NFIM
The NFIM patches, know as nfim_ctest, where «ctest» is short for Connection Test, are patches for skip the internet connection test, So you can play on a LAN without being online.
All current firmware versions are supported.

The patches are generated on the sub-folder \atmosphere\exefs_patches\nfim_ctest\

Once all the patches you want are generated, you can copy the folders atmosphere and bootloader to the root of your SD Card.

A very helpful feature is the possibility of upload the patches to your console using FTP, before you can use, you need to config the connection data:

,

,

once you put the correct IP address of your console and the user/password to connect you can push "save".

Then use the ftp feature to send the patches:

.



If you like to generate the patches directly on the console, @dogcsty is working on a Homebrew for that.

----To Do: add steps for the Homebrew ----



****************************************************************************************

With these new applications the use of the Old Python scripts is deprecated and useful only for historians

If you really want run the scripts you can use the

Spoiler: Old Python Scripts

This steps help you to build a new version of sigpatches if new firmware or Atmosphère is released or if you compile Atmosphère from source and make changes like add a new bootlogo @binkinator explain us how to do that on https://gbatemp.net/threads/custom-boot-logo-for-switch.569031/post-9839714

First at all thank you very much to @mrdude for his hard work, really to him belong all the credit.

On the thread Info on SHA-256 hashes on FS patches mrdude explain how the patches are created and share with all of us his work and his scripts to create new sigpatches.

For that scripts works you need Python, first step get python:

Spoiler: Installing Python

Download and install Python, for Windows you can use https://www.python.org/downloads/, but be sure of select the option «Add Python 3.XX to PATH».

After you have a Python environment working, open a command line (CMD.EXE) and execute the next commands, in order to get the prerequisites of the scripts:

python.exe -m pip install --upgrade pip
pip install bitstring

Download the latest version of the scripts on the thread (https://gbatemp.net/threads/info-on-sha-256-hashes-on-fs-patches.581550/post-9783677) for now they are on the post # 205.

Uncompress the file «AutoIPS-Patcher.zip» on a local folder, for example, «C:\AUTOIPS», must look like:

Then copy your prod.keys file to the folder «c:\AutoIPS\scripts\» and rename it «keys.dat» IMPORTANT IF YOU USE EXPLORER BE SURE THE EXTENSIONS AREN'T HIDDEN, SO YOU DON'T END WITH keys.dat.keys file instead of keys.dat

Tip from @User154 , you can get your prod.keys files using Lockpick_RCM, follow the guide: https://nh-server.github.io/switch-guide/user_guide/emummc/making_emummc/

Get the files for the firmware you want to create, darthsternie it's you pal, or you can use NXDumpTool, TegraExplorer or GoldLeaf to dump the current firmware to the SD Card on your console. Extract all files to a local path, by example, «C:\FW1412», your folder must look like:

Download the latest Atmosphère files from https://github.com/Atmosphere-NX/Atmosphere/releases , and extract «atmosphere\package3» to a local path, by example: «C:\ATM132».

On a command line go to the folder where you extract AutoIPS and execute the command «Python MENU.PY»:

C:\AutoIPS>python menu.py
=========================================================================
Make sure you have keys.dat in the scripts folder. Menu/Scripts by MrDude
=========================================================================
1.Make Atmosphere-NX Loader Patch
2.Make ES Patch and FS Patches
3.Make ES Patch
4.Make Alt Beta ES Patch
5.Make ES NFIM Patch
6.Make FS Patches
7.Toggle Debug info
8.NCA info
9.Exit/Quit

What would you like to do?

I recommend to select the option «7» in order to enable information on screen.

Then you can select the option «1» to generate sigpatches for Atmosphère, when asked for the «fusee-secondary.bin or package3» files, write down the path where Atmosphère was extracted, on this example: «c:\ATM132\package3».

You can use the option «2» to generate sigpatches for the firmware, when asked for the firmware path, use the one where you extract firmware files, on this example: «C:\FW1412».

Tip from @masagrator, also you can drag from a File Explorer window the folder of firmware and the package3 file to the command line window, then the full path is written for you on the command line, avoiding typos.

For Windows 10 and Windows 11 this ONLY works if you start the CMD as normal user, if your CMD.EXE was started as Administrator, do not work because explorer ALWAYS run as standard user and a standard user window can not send data to a Administrator one.

Tip from @subcon959 : if you put package3 in the scripts folder and then put the firmware files in a folder called firmware and put that in the scripts folder too, then you can just press enter when the menu asks for them instead of dragging or typing anything.

TESTED AND WORKS LIKE A CHARM!


The next examples shows the result of the executions:

If everything goes well you end with the folder «c:\AutoIPS\scripts\output» inside that folder should be a folder named «Atmosphere» that folder should be copied to the root of your SD card; and a file called «patches.ini» which goes to the «SD:/BOOTLOADER» path of your SD Card.

Its possible to see a bunch of Warnings «[WARN]» about to match key, some like:

are WARNINGS and you need no to worry about that, it's just you have more keys on the Keys.dat file than needed so ignore them.

If you get errors, verify the location of the «KEYS.DAT» file and the path you give for the Atmosphère files and firmware folder. DO NOT ADD EMPTY SPACES AT END OF THE PATHS.

-Edit 1:-
Correcting a typo and adding suggestions from other users; the great of this community!
And trying to be sure the credit goes to @mrdude him is the one what make the hard work and investigation.

-Edit 2-
add a video of dragging names and UAC restriction. and the good news from MrDude.

-Edit 3-
Adding new homebrew app.

-Edit 4-
Creating steps for the new App., To do: steps for console homebrew.

 

[ZenkigodASCII]

hey guys. just wanna say that if this actually allow us to get the needed sigpatches itll help me grab a key for scarlet/violet and FE engage on my own. but ive hit a snag. maybe im just being paranoid but when i get the program in the github, firefox downloader alerted me that it contains virus or malware. just making sure its really clean and wont fuck me over.

 

[binkinator]

hey guys. just wanna say that if this actually allow us to get the needed sigpatches itll help me grab a key for scarlet/violet and FE engage on my own. but ive hit a snag. maybe im just being paranoid but when i get the program in the github, firefox downloader alerted me that it contains virus or malware. just making sure its really clean and wont fuck me over.

It’s good to be wary and not just trust randos on the internet. you will need to make your own decision. many of the flags are because this code actual patches files. That’s something malware would do and raises red flags. Heck, it includes hactool.exe which itself causes red flags. Look, you are hacking things. This is not normal behavior of your typical Windows user. there are a few things you can do:

1) accept the risk and run the program anyway
2) audit the code and build it yourself.
3) run the program inside a disposable VM or Sandboxie.
4) just download the premade Sigpatches from this thread https://gbatemp.net/threads/sigpatches-for-atmosphere-hekate-fss0-fusee-package3.571543/
5) get back on the straight and narrow and get out of the shady business of hacking.

to appease your curiosity, I initially chose option 3, moved on to option 2 and eventually migrated to option 1 but sometimes I’m lazy and just do option 4 but have pondered option 5, but of course that won’t help you because I’m just another rando on the internet and your personal experience may vary.

now that you are informed, you have to make your own decision and accept the results of your actions.

 

[ZenkigodASCII]

It’s good to be wary and not just trust randos on the internet. you will need to make your own decision. many of the flags are because this code actual patches files. That’s something malware would do and raises red flags. Heck, it includes hactool.exe which itself causes red flags. Look, you are hacking things. This is not normal behavior of your typical Windows user. there are a few things you can do:

1) accept the risk and run the program anyway
2) audit the code and build it yourself.
3) run the program inside a disposable VM or Sandboxie.
4) just download the premade Sigpatches from this thread https://gbatemp.net/threads/sigpatches-for-atmosphere-hekate-fss0-fusee-package3.571543/
5) get back on the straight and narrow and get out of the shady business of hacking.

to appease your curiosity, I initially chose option 3, moved on to option 2 and eventually migrated to option 1 but sometimes I’m lazy and just do option 4 but have pondered option 5, but of course that won’t help you because I’m just another rando on the internet and your personal experience may vary.

now that you are informed, you have to make your own decision and accept the results of your actions.

thnks for that informative reply friend. for now i dont HAVE to build my own sigpatches since as it turns out, i did everything right when installing the premade sigpatches made by our very talented communiy. whats wrong is that ive updated my OFW to 15.0.0, but not my CFW. it stayed at 13.0.0/atm... so all i have to do is update my CFW which took alot from me since im a newbie at this, im more comfortable hacking psp but it has been solved now. now my only problem is my tesla overlay and edizon seems to stopped working. i wont bother you for another answer for that. this is cheating matter and ill handle it on my own. again thanks for at least responding. for me maybe ill stick to option 1 and option 4. option 5 is never an option for me... call me miser or whatever its fine for me...

 

[binkinator]

thnks for that informative reply friend. for now i dont HAVE to build my own sigpatches since as it turns out, i did everything right when installing the premade sigpatches made by our very talented communiy. whats wrong is that ive updated my OFW to 15.0.0, but not my CFW. it stayed at 13.0.0/atm... so all i have to do is update my CFW which took alot from me since im a newbie at this, im more comfortable hacking psp but it has been solved now. now my only problem is my tesla overlay and edizon seems to stopped working. i wont bother you for another answer for that. this is cheating matter and ill handle it on my own. again thanks for at least responding. for me maybe ill stick to option 1 and option 4. option 5 is never an option for me... call me miser or whatever its fine for me...

This will fix your Edizon issue: https://gbatemp.net/threads/after-t...and-i-cannot-open-tesla.621963/#post-10001862

 

[impeeza]

This is now the RTFM thread

 

[binkinator]

This is now the RTFM thread

Yeah, sorry my friend. Don’t mean to poop in your thread. Trying to make off topic responses short and sweet but yeah, eventually all threads devolve into a mini Switch n00b’s Paradise…

 

[ZenkigodASCII]

thats what happens when a device gets jailbroken. everyone that needs it goes to forums like this. as noob as we are, were still users here.

 

[impeeza]

Yeah, sorry my friend. Don’t mean to poop in your thread. Trying to make off topic responses short and sweet but yeah, eventually all threads devolve into a mini Switch n00b’s Paradise…

nahh, On the contrary thank you very much, you have the Saint Job's patience, to answer several times the same, without your help, this community will not be the great what it is.

Thaaaaaaank you!

Post automatically merged: Jan 20, 2023

By the way, I don't know why I stop to receive notifications about this thread was only luck what I see the last messages.

 

[Nameless_Mofo]

So I just discovered this thread and I'm loving MrDude's tool, thank you so much! Very stoked that there's another solution for patches after iTotalJustice's repo got nuked by n.

So just to recap, if I want to have a patch repo of my own as complete as possible:
1. ES - firmware >= 9.0.1 from the tool (although it seemed 9.0.0 worked for me as well), older take from ITJ's old repo. For me some of the older firmwares (like 9.x.x/10.x.x.) had mismatches with the tool-generated ones, I guess the old ITJ patches were the ES2 type?
2. NFIM - any firmware from the tool. I found them to all match ITJ's ones.
3. FS - same as ES. Again some old firmwares (9.x.x I think) didn't match, could it also be due to MrDude's method being improved over the old one?
4. Loader - atmosphere >= 0.8.5 from the tool, older ones also from ITJ's repo. I think the tool generated ones after about 0.15.0 match ITJ's ones.

I used darthstenie's firmware archive to get all the firmwares I made the patches from.

 

[Stinkweed]

Hi everyone. Is this method still valid? I noticed no one has posted here in a long time.

Edit: Besides Mr Nameless yesterday

Edit: I would like to ask questions about creating my own sig patches but first i need to know if this method is still current and valid.

 

[ibbanez]

I figured it out, but I just want to leave this here in case anyone else is having an idiot moment like myself


OK, i have a question, and maybe I'm just an idiot, but when I compare everything that is inside the folders when I generate the patiches, versus when I run it myself, there is way more patches from the predownloaded ones. Does this app simply generate the newest patches, and you are supposed to simply add to your already total set from previous sigpatches? If that is the case, how would I generate all of them?

Some examples of what I mean:

My patch file count:
atmosphere->exefs_patches->es_patches : 1 files
->nfim_ctest : 1 files
atmosphere->kip_patches->fs_patches : 2 files
atmosphere->kip_patches->loader_patches : 1 files
bootloader : patches.ini only has the 16.2 patch


Predownloaded patch file count:
atmosphere->exefs_patches->es_patches : 24 files
->nfim_ctest : 23 files
atmosphere->kip_patches->fs_patches : 49 files
atmosphere->kip_patches->loader_patches : 48 files
bootloader : patches.ini only has all the firmwares and also something called Atmosphere loader for all the different versions.

Do you have to run it on each firmware from 1.0 up to current to get them all? How do you get the atmosphere loader added in the pathces.ini? Im just curious about building them all from scratch if I wanted to is all.

Edit - Nevermind, I see where the atmosphere loader stuff comes from. I see you basically have to run it on each version of atmosphere and Firmware in order to get all the files. Interesting, guess I will try that soon and see if they match. I didn't see the loader stuff because the program was calling it slightly different, but I see it now.

Thanks.

 

[StrmSrg]

When starting this process, I realized that my switch product keys don't have any entries for
package1_key_00 - package1_key_05.

My key entries just go from master_key_source to package2_key_00

Is this normal? I'm using a TOTK OLED switch if that helps.

 

[impeeza]

you need to generate your own keys.

 

[StrmSrg]

you need to generate your own keys.

Oh, I dumped my own prod.keys with lockpick. I just didn't want to show my keys in the pictures for everyone to see.

I have hexadecimal strings for every other category that the ips patch creator asks for, like master_key and package2_key.

I just don't have any entries for:

package1_key_00
package1_key_01
package1_key_02
package1_key_03
package1_key_04
package1_key_05

Was wondering if that's normal for certain models of switch (I'm using OLED). I checked the prod.keys for another switch (my unpatched v1 switch) and it does have its own package_1_key entries.

Can I still make my own sig patches without those entries?

 

[impeeza]

using IPS Patch Creator you can go Help - Online Information:

the read the information and use the base64 decoder and you will find some useful information:

This is the more we can help you.

 

[Nameless_Mofo]

I would re-dump keys from whichever switch using the latest version of lockpick.

At first I thought dumping keys was a one-time thing, but it's not. Whenever there is a new major firmware release, it introduces new keys. So you need to update your version of lockpick_rcm and re-dump the keys to keep them up to date.

 

[impeeza]

I would re-dump keys from whichever switch using the latest version of lockpick.

At first I thought dumping keys was a one-time thing, but it's not. Whenever there is a new major firmware release, it introduces new keys. So you need to update your version of lockpick_rcm and re-dump the keys to keep them up to date.

yeah, you are right but for now, there is no need to update. and I can bet you the scene will give us something like the code needed for the upgrade to the source so any body can build the payload at home (yeah, homebrew) or a repo outside usa will become a new thing.

so far you can use any of the replicated repos and payloads available on the net even on the archived one.

 

[StrmSrg]

Update: The problem was that I treated the keys.dat template as exactly what my prod.keys should look like. After I just copied all my key data to dat.keys, the sig patches were made and I know that they work because for the first time ever, I can play my digital copy of TOTK that I installed from my game cartridge, and Tinfoil launched succesfully.

 

[Jayro]

I feel like a fully-automated python script would be a much simpler solution to generate the files. Just double click, select your SD card, and click GO! Get a dialogue box telling you you're done, and have that be the end of it.

 

[impeeza]

I feel like a fully-automated python script would be a much simpler solution to generate the files. Just double click, select your SD card, and click GO! Get a dialogue box telling you you're done, and have that be the end of it.

The keys are not stored on the SD Card, they are on a protected area of the console hardware, so you need total hardware access in order to generate, even on Mariko there are some keys you can extract you can extract the hashes and then use a PC program to brute force attack using that hashes.