Hacking Misc Getting the MIG Switch to load an XCI dump without its original Initial Data

cavv

cavv

New Member
OP
Newbie
Level 1
Joined
Apr 5, 2024
Messages
1
Trophies
0
XP
28
Country
Italy
Hello guys, this is my first post here! I just got a MIG Switch card out of curiosity and I was tinkering with it.
For those who don't know, it's used by placing XCI dumps as well as other game specific bin files in the sd card of the MIG Switch, and are obtained from the original cartridge by using an app like nxdumptool.
Two of these bin files are mandatory to get the game to boot: Initial Data.bin and Certificate.bin. They stay the same for every cartridge of a specific game.
Now, if you want to use an XCI dump from a shady website it's impossible to get it to work without those files. By using the Certificate.bin from another game it has no problem, but this does not count for the Initial Data.bin. So I looked for a way to obtain this Initial Data from an XCI file and read a bit of the XCI file documentation from switchbrew dot org.

Here's what I understood so far:
The Switch checks if the cartridge is valid by doing a challenge–response authentication on the Initial Data.

The Package ID is contained both on the XCI and the Initial Data, on positions 0x110 and 0x0 respectively.
2024-04-05 17_43_53-HxD.png


The Initial Data hash is on the XCI at position 0x160. It is calculated by doing a SHA-256 hash on the full Initial Data content.
2024-04-05 17_48_24-HxD.png


So I was wondering, is there a way to to construct a functional Initial Data file starting from an XCI dump?
I also tried a reverse approach by editing the Package ID in the Initial Data from another game, generating the Initial Data hash and putting it in the XCI file but is not enough to get the Switch believe it's a real game.

Sorry if this may seem stupid but let me know what you think.
 
  • Like
Reactions: peteruk, Exnor, anon730 and 3 others
Sort by date Sort by votes
pharrowking

pharrowking

New Member
Newbie
Level 1
Joined
Mar 30, 2024
Messages
4
Trophies
0
Age
33
XP
22
Country
Canada
i spent alot of time. about 3-4 days testing what you're asking with a partner, and it does not work. the data from initial data thats found within the xci is signed.

according to this structure the signature of signed data is stored in 0x0 to 0x100 of the xci cardheader,
the signed data is everything after: 0x100 to 0x200

CardHeader​


OffsetSizeDescription
0x00x100RSA-2048 PKCS #1 signature over the header (data from 0x100 to 0x200)
0x1000x4Magic ("HEAD")
0x1040x4RomAreaStartPageAddress (in Gamecard page units, which are 0x200 bytes)
0x1080x4BackupAreaStartPageAddress (always 0xFFFFFFFF)
0x10C0x1TitleKeyDecIndex (high nibble) and KekIndex (low nibble)
0x10D0x1#RomSize
0x10E0x1CardHeaderVersion
0x10F0x1#Flags
0x1100x8PackageId (used for challenge–response authentication)
0x1180x4ValidDataEndAddress (in Gamecard page units, which are 0x200 bytes)
0x11C0x4Reserved
0x1200x10Iv (reversed)
0x1300x8PartitionFsHeaderAddress
0x1380x8PartitionFsHeaderSize
0x1400x20PartitionFsHeaderHash (SHA-256 hash of the #PartitionFsHeader)
0x1600x20InitialDataHash (SHA-256 hash of the #InitialData)
0x1800x4#SelSec
0x1840x4SelT1Key (always 2)
0x1880x4SelKey (always 0)
0x18C0x4LimArea (in Gamecard page units, which are 0x200 bytes)
0x1900x70#CardHeaderEncryptedData



changing the data at any point will result in the switch unable to read gamecard.

including using a loaner xci and cloning its entire header to a different xci dump. without the signing keys that was used to sign the cardheader, your out of luck. unless those keys can be found on the switch....im not sure.
 
  • Like
Reactions: peteruk, DSharp, White_Raven_X and 3 others
Upvote 1 Downvote

Site & Scene News

Go to forum More news

Popular threads in this forum

Emulation Homebrew  duckstation for Switch

Can you trade in a banned switch for an unbanned one?

Why is Atmosphere so dominant?

Hacking Misc Tutorial  Eiyuden Chronicle Hundred Heroes save editing

Hacking  Weird findings from that DQ trilogy switch port

Migswitch backups without certificate files

Help a noob with if I need to update CFW to 18.0 or not

Emulation Misc  Is a totk memory editor possible? If so why has no one made one yet?

General chit-chat
Help Users
  • Quincy @ Quincy:
    Usually when such a big title leaks the Temp will be the first to report about it (going off of historical reports here, Pokemon SV being the latest one I can recall seeing pop up here)
  • K3Nv2 @ K3Nv2:
    I still like how a freaking mp3 file hacks webos all that security defeated by text yet again
  • BigOnYa @ BigOnYa:
    They have simulators for everything nowdays, cray cray. How about a sim that shows you playing the Switch.
  • K3Nv2 @ K3Nv2:
    That's called yuzu
     +1
  • K3Nv2 @ K3Nv2:
    https://www.verizon.com/home/intern...0a82b82a&vendorid=CJM&PID=552179&AID=11365093 can I cancel and keep the switch lol
     +1
  • BigOnYa @ BigOnYa:
    I want a 120hz 4k tv but crazy how more expensive the 120hz over the 60hz are. Or even more crazy is the price of 8k's.
  • K3Nv2 @ K3Nv2:
    No real point since movies are 30fps
  • BigOnYa @ BigOnYa:
    Not a big movie buff, more of a gamer tbh. And Series X is 120hz 8k ready, but yea only 120hz 4k games out right now, but thinking of in the future.
  • K3Nv2 @ K3Nv2:
    Mostly why you never see TV manufacturers going post 60hz
  • BigOnYa @ BigOnYa:
    I only watch tv when i goto bed, it puts me to sleep, and I have a nas drive filled w my fav shows so i can watch them in order, commercial free. I usually watch Married w Children, or South Park
  • K3Nv2 @ K3Nv2:
    Stremio ruined my need for nas
  • BigOnYa @ BigOnYa:
    I stream from Nas to firestick, one on every tv, and use Kodi. I'm happy w it, plays everything. (I pirate/torrent shows/movies on pc, and put on nas)
  • K3Nv2 @ K3Nv2:
    Kodi repost are still pretty popular
  • BigOnYa @ BigOnYa:
    What the hell is Kodi reposts? what do you mean, or "Wut?" -xdqwerty
  • K3Nv2 @ K3Nv2:
    Google them basically web crawlers to movie sites
  • BigOnYa @ BigOnYa:
    oh you mean the 3rd party apps on Kodi, yea i know what you mean, yea there are still a few cool ones, in fact watched the new planet of the apes movie other night w wifey thru one, was good pic surprisingly, not a cam
  • K3Nv2 @ K3Nv2:
    https://www.aliexpress.us/item/3256...acdffdfd18f8a017742186da306980d9cf365d&gclid= lol ali
     +1
  • BigOnYa @ BigOnYa:
    Damn, only $2.06 and free shipping. Gotta cost more for them to ship than $2.06
     +1
  • BigOnYa @ BigOnYa:
    I got my Dad a firestick for Xmas and showed him those 3rd party sites on Kodi, he loves it, all he watches anymore. He said he has got 3 letters from AT&T already about pirating, but he says f them, let them shut my internet off (He wants out of his AT&T contract anyways)
  • K3Nv2 @ K3Nv2:
    That's where stremio comes to play never got a letter about it
  • BigOnYa @ BigOnYa:
    I just use a VPN, even give him my login and password so can use it also, and he refuses, he's funny.
  • BigOnYa @ BigOnYa:
    I had to find and get him an old style flip phone even without text, cause thats what he wanted. No text, no internet, only phone calls. Old, old school.
  • K3Nv2 @ K3Nv2:
    https://youtu.be/z9E_uv5IT-o?si=0qMdVEnRK8mmclzS
  • K3Nv2 @ K3Nv2:
    @BigOnYa, https://m.youtube.com/watch?v=qRJog...com/&source_ve_path=MjM4NTE&feature=emb_title
  • Psionic Roshambo @ Psionic Roshambo:
    @BigOnYa, Lol I bought a new USB card reader thing on AliExpress last month for I think like 87 cents. Free shipping from China... It arrived it works and honestly I don't understand how it was so cheap.
    Psionic Roshambo @ Psionic Roshambo: @BigOnYa, Lol I bought a new USB card reader thing on AliExpress last month for I think like 87...