Hacking [RCM Payload] Hekate - CTCaer mod

[XaneTenshi]

You kept it on usb? If that's the case and you powered off through hekate, it normally stays off until it detects a power change on USB.
Also if the autoboot delay is low, you can just keep holding VOL- even before injecting. As long as you are in RCM mode.
Anyway, when you power off from hekate. You need to press PWR once to go into RCM (when using AutoRCM). Otherwise the trinket/dongle can't inject anything.

Lastly, pressing power for 12s is your friend.
Sometimes the injecting can go wrong (happened sometimes to me on reboot (RCM) and injecting right away) and stuck at a hang state.


Have you checked the code or you just think I'm just a simple user here?
Or should I point out all the code in the main folder that the relevant copyright is missing and has only Reisyukaku on it?


To both: I don't partake on this war, so please don't bring it here.

Thanks man! Yes I did keep it on USB and powered off through Hekate. So even if you have AutoRCM on, the Switch won't boot into RCM if you choose to shut it down through Hekate? That is awesome. it was my impression that AutoRCM would make it automatically go into RCM even if you shut down the Switch, which meant it would still consume battery, and more so than in sleep mode.

Anyway, I managed to fix it by charging the Switch for a few hours (thank god). So either the Switch really did die because of AutoRCM (unlikely given what you said I guess) or the problem was that I needed to press PWR once, I didn't know that. Boot time was set at 5 seconds, so that wasn't a problem. I'll try to remember the 12 second rule, I probably forgot about it because I panicked a little...

 

[Quicksilver88]

Thanks man! Yes I did keep it on USB and powered off through Hekate. So even if you have AutoRCM on, the Switch won't boot into RCM if you choose to shut it down through Hekate? That is awesome. it was my impression that AutoRCM would make it automatically go into RCM even if you shut down the Switch, which meant it would still consume battery, and more so than in sleep mode.

Anyway, I managed to fix it by charging the Switch for a few hours (thank god). So either the Switch really did die because of AutoRCM (unlikely given what you said I guess) or the problem was that I needed to press PWR once, I didn't know that. Boot time was set at 5 seconds, so that wasn't a problem. I'll try to remember the 12 second rule, I probably forgot about it because I panicked a little.

Ok so you were able to restore your Nand successfully?

 

[Quicksilver88]

I kinda feel paranoid that something will mess up my backup when I join it together, or that it won't be "perfect" in some way.
I think I'm gonna do it all over again at some point for my own peace of mind.

When you do your second dump/join then run a md5 hash on both and makesure the checksum comes up the same. I have historically done that as its the safest way to be sure your dump is Ok.Man when I did the original jtag hack and used the parrallel port you had to do it in parts and it was nerve wracking as noise in the LPT bus could corrupt the transfer. So you had to do it in small parts, dump every oart twice, compare, and redump if no match. Anywyas I had an old dual xeon workstaiom that had a really well made mboatd and it ended up being the madhine I dumped a bunch of peoples X360 Nands with...ahh good times

 

[BloodRose]

When you do your second dump/join then run a md5 hash on both and makesure the checksum comes up the same. I have historically done that as its the safest way to be sure your dump is Ok.Man when I did the original jtag hack and used the parrallel port you had to do it in parts and it was nerve wracking as noise in the LPT bus could corrupt the transfer. So you had to do it in small parts, dump every oart twice, compare, and redump if no match. Anywyas I had an old dual xeon workstaiom that had a really well made mboatd and it ended up being the madhine I dumped a bunch of peoples X360 Nands with...ahh good times

Just as nerve wracking was extracting the key from a 360 DVD drive with a probe before formatting the drive's firmware chip completely.

 

[XaneTenshi]

Ok so you were able to restore your Nand successfully?

Yes, it works. I haven't had too much time to play around with my Switch as of lately, but things seem to be working and I am going to use it more later today and really start getting into HomeBrew etc. Then we'll see but for now there are no more issues.

 

[CTCaer]

When you do your second dump/join then run a md5 hash on both and makesure the checksum comes up the same. I have historically done that as its the safest way to be sure your dump is Ok.Man when I did the original jtag hack and used the parrallel port you had to do it in parts and it was nerve wracking as noise in the LPT bus could corrupt the transfer. So you had to do it in small parts, dump every oart twice, compare, and redump if no match. Anywyas I had an old dual xeon workstaiom that had a really well made mboatd and it ended up being the madhine I dumped a bunch of peoples X360 Nands with...ahh good times

If you enter even once in HOS, between the 2 backups, that MD5 will be different though.

 

[Zorcher]

You might want to change this firmware to NOT load a default configuration if no SD card is present like RajNX. I updated my NAND from 3.0.0 to 5.1.0 and now my gamecard controller firmware has been updated to the latest because the default configuration doesn't load the nogc patch. Based on tutorials I've read, it seems like there is nothing I can do to revert my gamecard controller firmware back to version 3?

 

[Rabbid4240]

is it true that you can enable "debug mode" on the consloe by putting "debugmode=1" in the .ini file? if so, what does it do?

 

[CTCaer]

You might want to change this firmware to NOT load a default configuration if no SD card is present like RajNX. I updated my NAND from 3.0.0 to 5.1.0 and now my gamecard controller firmware has been updated to the latest because the default configuration doesn't load the nogc patch. Based on tutorials I've read, it seems like there is nothing I can do to revert my gamecard controller firmware back to version 3?

There is a way to actually revert the GC firmware.
Myself, I missed the chance to dump the old fw before being updated.

Anyway, what you suggested is already upstream since july 10 https://github.com/CTCaer/hekate/co...af#diff-799c7cc4c061751437d68637b5d9ae27R1767
And will be included in next release.

It's also summer and it doesn't help me a lot with doing things in a timely fashion

is it true that you can enable "debug mode" on the consloe by putting "debugmode=1" in the .ini file? if so, what does it do?

Yes. kernel debug mode.

 

[Draxzelex]

There is a way to actually revert the GC firmware.

*hype intensifies*

So does this mean we can finally say goodbye to nogc?

 

[CTCaer]

Not so easy. Because the fw can be forced updated, it doesn't mean that the whole process is already REd.
But you never know..

 

[8BitWonder]

There is a way to actually revert the GC firmware.
Myself, I missed the chance to dump the old fw before being updated.

Would dumping/restoring of the GC firmware be something do-able from RCM-mode, or is that restricted to a hard-mod?

 

[pandavova]

Ok... Ehm... I did a Backup on a 64 GB Fat32 SD, i cant restore it, right?
Cause my Switch is currently "bricked", its stuck on the boot logo. (https://gbatemp.net/threads/my-switch-is-stuck-on-the-boot-logo-what-can-i-do.514648/#post-8211730)
I wanted to restore my Nand but i read that its currently not possible, because its partial?
F*ck.

If i would restore boot0/ boot1 only, i guess it would break something cause i upgraded my switch trough
ChoiDujour and HacDiskMount.

Would love any help, cause im scared...

Edit: Should i try to flash boot0/boot1 again like at step 8.2 and 8.3 on this guide?
And how could i save my 30h+ Octopath Traveler save? Trough HacDiskMount? Trough that "bricked" Nand Backup that i made?

 

[XaneTenshi]

Ok... Ehm... I did a Backup on a 64 GB Fat32 SD, i cant restore it, right?
Cause my Switch is currently "bricked", its stuck on the boot logo. (https://gbatemp.net/threads/my-switch-is-stuck-on-the-boot-logo-what-can-i-do.514648/#post-8211730)
I wanted to restore my Nand but i read that its currently not possible, because its partial?
F*ck.

If i would restore boot0/ boot1 only, i guess it would break something cause i upgraded my switch trough
ChoiDujour and HacDiskMount.

Would love any help, cause im scared...

Edit: Should i try to flash boot0/boot1 again like at step 8.2 and 8.3 on this guide?
And how could i save my 30h+ Octopath Traveler save? Trough HacDiskMount? Trough that "bricked" Nand Backup that i made?

For starters, don't panic. You have a Nand backup, so you will most likely be fine. It's true that you currently cannot do a partial restore, but you can join the files together to get your full rawnand.bin.

All you have to do then, is backup all the contents of your SD Card and reformat it as exfat (Hekate can work with exfat, even if you don't have the exfat update on your Switch). Exfat is needed because otherwise no files larger than 4GB can be transferred to the SD card. Once you have a completed Nand backup and an exfat formatted SD Card, place the "Backup" folder in the root of your SD Card and move the rawnand.bin and the boot files to /backup/restore. Then you can use Hekate to restore the Switch.

EDIT. To join the partial backup files together, you can use something like fjoiner or something else.

 

[pandavova]

For starters, don't panic. You have a Nand backup, so you will most likely be fine. It's true that you currently cannot do a partial restore, but you can join the files together to get your full rawnand.bin.

All you have to do then, is backup all the contents of your SD Card and reformat it as exfat (Hekate can work with exfat, even if you don't have the exfat update on your Switch). Exfat is needed because otherwise no files larger than 4GB can be transferred to the SD card. Once you have a completed Nand backup and an exfat formatted SD Card, place the "Backup" folder in the root of your SD Card and move the rawnand.bin and the boot files to /backup/restore. Then you can use Hekate to restore the Switch.

How can i join the files together of my clean NandBackup?

(Im currently moving everything from the SD to my SSD to format my SD to exFat. Should i take another Nand Backup of my "bricked" Switch after i have the ExFat SD? Want to save my Octopath Traveler Save.)

 

[yacepi15]

How can i join the files together of my clean NandBackup?

(Im currently moving everything from the SD to my SSD to format my SD to exFat. Should i take another Nand Backup of my "bricked" Switch after i have the ExFat SD? Want to save my Octopath Traveler Save.)

https://github.com/CTCaer/hekate/releases/download/v3.2/joiner_scripts_for_windows_linux_macos.zip

You must copy every part to a folder in your pc and use the script for you (there is one if you have 1GB parts and another for 2GB). Remember to copy the script to the same folder the nand backup parts are. It will generate a rawnand.bin. After that, backup your entire microSD, format it in exfat, and copy your rawnand.bin.
Also, just in case, i would backup the console as-is, even if it is bricked.

Good luck!

 

[pandavova]

Also, just in case, i would backup the console as-is, even if it is bricked.

Already done that, but with Fat32. It would be the same if i join the files together or if i would make another backup but on the exFat SD, right?

Thanks!

 

[XaneTenshi]

Already done that, but with Fat32. It would be the same if i join the files together or if i would make another backup but on the exFat SD, right?

Thanks!

Yes, that would give the same results. The only difference is that you won't have to join the files together, and backing up your Nand using an exfat formatted Card is faster than with fat32.

 

[pandavova]

Yes, that would give the same results. The only difference is that you won't have to join the files together, and backing up your Nand using an exfat formatted Card is faster than with fat32.

Ok. Im currently creating the rawnand.bin out of these 14 files.
If i want to restore Boot1/0 i need to move it to the Restore Folder aswell, right?

 

[XaneTenshi]

Ok. Im currently creating the rawnand.bin out of these 14 files.
If i want to restore Boot1/0 i need to move it to the Restore Folder aswell, right?

"Restore eMMC BOOT0/1 (Dangerous!):
Do not use that if you don't know what you are doing! No one is responsible for messing with your device.
You have a 10 second mandatory wait time before letting you start restore by pressing POWER.
This let's you restore your eMMC BOOT0 and BOOT1 partitions.
It will only restore the files at /Backup/Restore/BOOT0 and /Backup/Restore/BOOT1.
If a file does not exists, it will be skipped."

Yes, exactly