Hacking [RCM Payload] Hekate - CTCaer mod

[Al79gigs]

hello been out of the scene a bit, now back wolud like to link with someone with more understanding iam on fw 7.0.1 tryed new card and get [fatfa] error EXBMM - !!!!!HELP!!!!!
old sd tell me no main can t copy or delete from old sd

 

[BaamAlex]

Your card should be mbr formatted. Not gpt.

--------------------- MERGED ---------------------------

And Fat32 with 32k cluster size.

 

[Zap Rowsdower]

The new FatFS seems to have introduced some critical timing problems with any mSD extension cabling adapters. Just a heads up I guess.

 

[CTCaer]

The new FatFS seems to have introduced some critical timing problems with any mSD extension cabling adapters. Just a heads up I guess.

Can you explain?

 

[Zap Rowsdower]

It's not that important and I'm sure a rare setup, but TF extension cabling like this one have worked fine with any FAT32 up until this new FAT FS implementation. System either now crashes or wildly misreports free space when accessing the card where 4.9.1 works perfectly fine booting and through ams Horizon. Hekate is just the first instance of it I've come across, and all it means is that I won't have the convenience of that anymore.

 

[CTCaer]

Strange setup, but whatever.

Do you have a discord?
If yes PM me.

 

[CTCaer]

hekate v4.10.1 is released!

This is a hotfix version that rectifies the following:

• Reverted 204MHz SD device clock
  Some U1 sd cards with Sandisk microcontroller misbehaved in this speed.
• Some small QoL changes

Check OP or HERE for changelog or more..[/SIZE]

 

[Nazosan]

I don't suppose, by any chance, you might consider including builds of flashable UF2 files for the various "modchips" (Trinket M0, SwitchMe, etc -- most, if not all, are essentially the same, so one file would fit most devices)? There's a pretty significant delay on getting updates. I realize it can chainload an update from a file on the SD card on every startup, but there are sometimes some important updates I really want built in even if the memory card becomes corrupted/is removed/etc. (Plus I'll admit it's a little bit an OCD thing that I want it to go straight into the current version rather than starting an older one and then loading the newer one from there.)

 

[CTCaer]

I don't suppose, by any chance, you might consider including builds of flashable UF2 files for the various "modchips" (Trinket M0, SwitchMe, etc)? There's a pretty significant delay on getting updates. I realize it can chainload an update from a file on the SD card on every startup, but there are sometimes some important updates I really want built in even if the memory card becomes corrupted/is removed/etc. (Plus I'll admit it's a little bit an OCD thing that I want it to go straight into the current version rather than starting an older one and then loading the newer one from there.)

I also have that and I update my modchip. But no I can't do that.
It's a pain to maintain every single one. Best scenario is to learn how you can create these images, after which you can just run a script and create a new image.

 

[Nazosan]

Well, I added an edit, but anyway, aren't the greater majority of those chips really just one basic chip? Eg, wouldn't it be one UF2 for almost all of them? I'm sure there's one or two that are different, but it isn't that big of a deal to just do the most common one.

Honestly, I tried before and failed. Maybe there's a better source, but for now I've been having to go to the SwitchMe GitHub where they have UF2s, but they are always a bit behind.

 

[CTCaer]

Well, I added an edit, but anyway, aren't the greater majority of those chips really just one basic chip? Eg, wouldn't it be one UF2 for almost all of them? I'm sure there's one or two that are different, but it isn't that big of a deal to just do the most common one.

Honestly, I tried before and failed. Maybe there's a better source, but for now I've been having to go to the SwitchMe GitHub where they have UF2s, but they are always a bit behind.

The chip is the same. Not the board and pinout cfg. Plus any tweaks.

If only chip would matter, we would have L4T in switch since ever.
So no. There's no "one fit all" solution. Neither I have the time to invest on finding what the differences are.

 

[Nazosan]

Oh no, I think there is some misunderstanding? With the UF2 files it's the same regardless of the PCB. All it does is give it instructions on a payload to deliver (and most are really the same chip more or less, so same instructions and nothing special needed in the payload on a per-chip basis.) For instance, I've personally used the same one on both the Trinket M0 and the SwitchMe. A number of those "modchips" are almost literally the same thing with the biggest differences really just being that the SwitchMe doesn't have a USB port to have to remove and has nice easy solder points instead of having to use the legs for the USB port.

EDIT: I guess maybe there are more than I thought. I honestly think Trinket is probably the most common -- it's certainly one of the most available and cheap on its own, plus of course there's the Switchme -- but I could be wrong.

 

[angelo_]

Hello,

I am new to the Switch hacking scene and I still have some doubts.
Is it possible to the Switch always to boot to the Hekate menu without needing an external payload sender?

 

[Hayato213]

Hello,

I am new to the Switch hacking scene and I still have some doubts.
Is it possible to the Switch always to boot to the Hekate menu without needing an external payload sender?

Only if you installed an internal modchip.

 

[angelo_]

Only if you installed an internal modchip.

Do you think in the future it will be possible without a modchip?

 

[Hayato213]

Do you think in the future it will be possible without a modchip?

With the Modchip and AutoRCM, when the unit cold boot it boots the switch into RCM, with Hekate as the payload on the chip it loads up Hekate. When there is a permanent CFW you can reboot from CFW into the Hekate, the bootloader. There are warm boot exploit coming for the patched unit, if they managed to turn that into a permanent CFW then it would give you access to Hekate.

 

[angelo_]

With the Modchip and AutoRCM, when the unit cold boot it boots the switch into RCM, with Hekate as the payload on the chip it loads up Hekate. When there is a permanent CFW you can reboot from CFW into the Hekate, the bootloader. There are warm boot exploit coming for the patched unit, if they managed to turn that into a permanent CFW then yes.

I am thinking on doing the following:
- Install a modchip with hekate
- Install atmosphere when emunand comes out
- Make it always boot to hekate, so I can choose
- Stock fw for online play
- CFW for emulators

 

[Hayato213]

I am thinking on doing the following:
- Install a modchip with hekate
- Install atmosphere when emunand comes out
- Make it always boot to hekate, so I can choose
- Stock fw for online play
- CFW for emulators

If you are good at soldering, then go ahead go for it, look for the Trinket M0 Chip if you got an unpatched unit. Anyway about the permenant CFW I meant once they figure out how to get that, you wouldn't need a dongle to boot into CFW. A mod chip is somewhat coldboot as it boot up hekate, and you have autoboot set it boot the specified CFW.

 

[Nazosan]

I would definitely recommend the SwitchMe (or if there are any other official Switch "modchips" like it one of the others is probably fine too as they're probably all about the same.) If you get a Trinket M0 you have to remove the USB port to fit it inside the case which is quite a lot of trouble if you don't have a full desoldering station (I don't and I'm willing to bet you quite a lot of money that this person does not either.) As I was saying earlier, it uses the same chip as the Trinket M0 (a lot of devices use that same chip) so you can use the same files, just it has no USB port on it and has really huge easy to get to solder points.

Do you think in the future it will be possible without a modchip?

There is a software exploit, but you're jumping through a bunch of hoops every time you boot the system to get it to CFW and it has a lot of disadvantages. If your system can do RCM this is the best possible way to do it. I don't know if permanent CFW is really on the horizon. The system's own boot signature checks aren't actually bypassed by any existing methods -- RCM just manually bypasses the system's normal boot method. But as long as you're using RCM to do it you have to have something send a payload. A completely different exploit than any we're currently using would be needed to do something equivalent to the 3DS' B9S or A9LH (though I would definitely love it if someone out there is actually working on such a thing, to the best of my knowledge none have been found at this time -- and if they have they probably won't release the info for a long time to ensure the maximum number of units possible are exploitable.)

All that said, if you do a "modchip" it won't make a whole lot of difference to you. It's almost as convenient as having a true permanent CFW. There are only a few minor disadvantages like that if you have a USB cord plugged in on startup it may not deliver the payload properly to the system, so you have to disconnect it and reset the chip (push in on the case where the chip's reset switch is assuming it hasn't been removed for some reason) or force the Switch off (hold power for quite a few seconds) and back on.


Anyway, the internal chip is actually really easy to install if you get properly small wires to do it with. Just get magnet coil wire which is really thin and has a sort of painted on insulation and then it's really easy to work as long as your iron has a decent fine tip. I suggest using a bit of double-sided tape to hold the wire along a fairly fixed path so they don't move around. (I'll admit I'm a bit paranoid about that super thin insulation, but probably there's nothing to worry about there. That said though, if the wire moves around a lot it could potentially break loose or get into something such as the cooling fan over a long enough period of time. So I put down a bit of tape and run the wire fairly carefully to make sure it will hold up a good long time.)

 

[almmiron]

i'm on 8.0.1. Bought from a friend a second hand unpatched unity <july 2018 and was never hacked before. So, i've bought the dongle rcm loader from xkit, and downloaded hekate payload but it wont inject. Hekate allegedly supports 8.0.1, but i dont see hekate screen loading up when it should