Hacking Process of the eMMC backup and restore in Hekate? Are backups en-, or decrypted?

T

tomsek68

Well-Known Member
OP
Newcomer
Level 2
Joined
May 19, 2018
Messages
46
Trophies
0
Age
22
XP
233
Country
Hungary
I have a patched switch, which is bricked. I mixed up a few eMMCs during a repair, and one burned an eFuse in this patched switch. I was able to bring the others back to life (since they were unpatched), but not this one. I am literally pulling my hair out.

So, let the fun begin:
I made a NAND backup with a different switch (Hekate, not raw backup). Later, I tried to recreate the eMMC content with the higher firmware that the 12 burnt fuses required. Flashed it (with an unpatched switch), but no charm.

Today I have installed an Sx Core chip in it (because it allows running payloads). Restored the original backup with hekate, but it won't boot. Neither with Atmosphére. I was hoping for that the CFW would skip the fuse check (maybe won't work on patched SoCs?)

Also: 0% of the USB features work in any payload.

So... I fear that my backups are "decrypted". (this would be bad, since another switch was used for the backup process - different bis keys would turn the backup into garbage)
But if they are decrypted, the restore would encrypt it, right? That needs the BIS keys again - which i was not able to retrieve from this console. It just hangs when i try to dump them. Tried to restore with the exact switch the backup was made with, but no success either.

Any ideas?

And again, sorry for my broken english. It may have to do something with sleeping only every other day....
 
scandal_uk

scandal_uk

Not Really There
Member
Level 5
Joined
Oct 3, 2005
Messages
322
Trophies
0
Location
UK
XP
580
Country
United Kingdom
It’s a shame you reflashed that eMMC because CFW wouldn’t have been affected by the fuse count. However, it is what it is - you really need those keys, can you get them to display on-screen in Lockpick_RCM?

Edit: does it even work with SX Core??
 
Last edited by scandal_uk,
T

tomsek68

Well-Known Member
OP
Newcomer
Level 2
Joined
May 19, 2018
Messages
46
Trophies
0
Age
22
XP
233
Country
Hungary
It wont boot with Sx Core either. (Sx logo comes in, boot menu is operational, can boot payloads too) I know, it was a huge mistake to reflash it.
But the question remains: Are the backups decrypted or bit-to-bit perfect from the eMMC?

Also: Low battery and charging icon comes in. IIRC this only happens when using the right eMMC (with the switch specific data on it).

It only boots to Nintendo logo. Sometimes right after rewriting the BOOT0/BOOT1 the SEPT logo comes in. One time, ive seen the Atmosphére logo - but it hanged after that.

With SX Core it shows the low battery/charging screens when the battery is depleted, otherwise it hangs after the Nintendo logo.

EDIT:
Tried Lockpick RCM again. When I start the process, it flashes some info, along with Press Power or Vol +/- to reboot to Sept..., but it goes blank immediately without pressing anything. It just halts.
lprcm.jpg


EDIT2:
Biskeydump throws an error. "Keyblob decrypted using current SBK & TSEC keys NOT VALID!" Is the TSEC key sensitive data? If not, I'll post a pic of the biskeydump final screen.

SBK key is FFFFFFFFFFFFFFFFFFFF... So... Noting...
Where is the SBK key stored?
 
Last edited by tomsek68,
Draxzelex

Draxzelex

Well-Known Member
Member
Level 23
Joined
Aug 6, 2017
Messages
19,029
Trophies
2
Age
29
Location
New York City
XP
13,439
Country
United States
tomsek68 said:
It wont boot with Sx Core either. (Sx logo comes in, boot menu is operational, can boot payloads too) I know, it was a huge mistake to reflash it.
But the question remains: Are the backups decrypted or bit-to-bit perfect from the eMMC?

Also: Low battery and charging icon comes in. IIRC this only happens when using the right eMMC (with the switch specific data on it).

It only boots to Nintendo logo. Sometimes right after rewriting the BOOT0/BOOT1 the SEPT logo comes in. One time, ive seen the Atmosphére logo - but it hanged after that.

With SX Core it shows the low battery/charging screens when the battery is depleted, otherwise it hangs after the Nintendo logo.

EDIT:
Tried Lockpick RCM again. When I start the process, it flashes some info, along with Press Power or Vol +/- to reboot to Sept..., but it goes blank immediately without pressing anything. It just halts.
View attachment 216756

EDIT2:
Biskeydump throws an error. "Keyblob decrypted using current SBK & TSEC keys NOT VALID!" Is the TSEC key sensitive data? If not, I'll post a pic of the biskeydump final screen.

SBK key is FFFFFFFFFFFFFFFFFFFF... So... Noting...
Where is the SBK key stored?
Click to expand...
Lockpick_RCM was updated so give it another shot.
 

Site & Scene News

Go to forum More news

Popular threads in this forum

Paper Mario TTYD 60fps patch?

Paper Mario Thousand Year Door got leaked

Hacking Misc Tutorial  Eiyuden Chronicle Hundred Heroes save editing

TTYD patch for AMD black screen sewer issue?

Hacking  Weird findings from that DQ trilogy switch port

Help a noob with if I need to update CFW to 18.0 or not

Paper Mario TTYD Resolution Patch?

Hacking Feedback Gaming Hardware Tutorial  Xenoblade Chronicles 3 Mod

General chit-chat
Help Users
  • K3Nv2 @ K3Nv2:
    I honestly just download movies on my phone put them on my card reader then on my tv so much better than wireless transfer bs
  • K3Nv2 @ K3Nv2:
    Glad I bought a card reader type c and usb A makes life easy
  • Xdqwerty @ Xdqwerty:
    Yawn
  • RedColoredStars @ RedColoredStars:
    i download movies on my PC that is connected to my living room tv.
  • RedColoredStars @ RedColoredStars:
    Monitors are too small for my bad eyesight so I use my main tv and wirelss keyboard and wireless trackball mouse.
  • RedColoredStars @ RedColoredStars:
    I tried wireless transfer on phone before and yes, it's garbage. lol. So sloooooooooowwwwww.
  • BigOnYa @ BigOnYa:
    New south park was not really that funny.
  • Xdqwerty @ Xdqwerty:
    @BigOnYa, i heard modern south park is too serious
  • K3Nv2 @ K3Nv2:
    Did it hurt your feelings?
     +1
  • BigOnYa @ BigOnYa:
    Some are still funny, but they always try to use a subject matter related to something going on today.
  • K3Nv2 @ K3Nv2:
    All you need is one dose of Lizzo to make yourself feel better
     +1
  • RedColoredStars @ RedColoredStars:
    Wrong
  • RedColoredStars @ RedColoredStars:
    lol
  • Xdqwerty @ Xdqwerty:
    Who tf is lizzo
  • K3Nv2 @ K3Nv2:
    They always make valid points on that show and it goes over people's heads over sensitivity reasons
     +1
  • The Real Jdbye @ The Real Jdbye:
    @BigOnYa i mean south park did that way back in the day too
     +2
  • The Real Jdbye @ The Real Jdbye:
    remember the Michael Jackson episodes?
  • K3Nv2 @ K3Nv2:
    Or blaming the only jew in the show on 9/11 or having the police shoot the only black kid during a school shooting or saying Kanye a gay fish list goes on
     +2
  • The Real Jdbye @ The Real Jdbye:
    the gay fish thing was funny as fuck
     +1
  • The Real Jdbye @ The Real Jdbye:
    and i don't even follow or care about kanhye
     +1
  • BigOnYa @ BigOnYa:
    Everytime i hear that real song, i think of that episode, "I'm a Gay fish yal."
     +1
  • K3Nv2 @ K3Nv2:
    So was the way they showed how messed up the American health system was to get anything done
  • Xdqwerty @ Xdqwerty:
    i dont watch south park that much
  • BigOnYa @ BigOnYa:
    Old people driving was a funny one, like cars up on 2nd/3rd floors in houses. Had to shut down old country buffet to stop them.
  • K3Nv2 @ K3Nv2:
    https://youtu.be/VAfy26xs6e0?si=EuGdWe_Y25-rfmms accurate
    K3Nv2 @ K3Nv2: https://youtu.be/VAfy26xs6e0?si=EuGdWe_Y25-rfmms accurate