Fuseless firmware update.
IMPORTANT DISCLAIMER:
Gbatemp community or me IS NOT responsible if you BRICK your console or EVEN if you are banned. We still don't know if Nintendo will ban consoles having executed any custom code, and as you know, things are moving fast.
You will need a dumped firmware, and there will be no link here for that. The firmware you want to install has to be an official one not a leaked one (Like 6.0.0-4.0), be careful. The A4-A5 Section will help you to dump your own.
This tutorial to restore your dump restore also your save and isn't always safe to operate, ask someone who knows if you went ouf of boundaries of it.
This tutorial will make you install AutoRCM which force you to be able to load a payload for booting your switch from power OFF state.
Purpose:
This tutorial will teach you how to use Hekate, backup/restore Nand and how to update your switch without burning fuses to play Online and keep the possibility to downgrade, FROM SCRATCH AND FOR NEWBIES.
Another, more exhaustive and more complicated tutorial exists >> here << made by @rajkosto , many thanks to him and to all the devs around switch hacking. His tutorial covers this whole tutorial but is a bit outdated. The goal here is to have a total noob friendly tutorial that we can use from scratch and that will bring you to a full updated Switch that you can play Online while still being able to downgrade.
If you have errors, you may want to look that link, at the whole Switch forum or even ask!
If you have SX OS, you may want to not follow this tutorial at all as I don't have one and I don't know about it!
I'm sorry but I may add, this thread will not support SX OS. The goal of this thread is to do that the more Open Source way. Having someone executing code against your hardware IS NOT nice.
One of the goal of this tutorial is to get people to understand what Switch hacking is about and not spreading knowledge about people hiding their code.
You shouldn't use SX OS as it is not required, and if you want things faster, go out there on wikis and git reporsitories there is TONS of infos and nice things to do with you Switches!
Requirements:
1) A Switch.
Hardware compatibility: Check here.
Firmware compatibility: Potentially all, search for people who have already tested if not sure. I will try to test them. (tested from a stock 3.0.0 to 6.0.0 and a stock 4.0.1 to 6.0.0/6.0.1)
2) USB-A to USB-C cable.
2) A MicroSD card (I recommend 64GB to make sure your nand fit)
3) An other MicroSD card (1 GB is okay) if your original firmware is non-exFAT (it means you have the "Unable to access SDcard" prompt when trying to read exFAT card on your switch)
NOTE: If you don't have a second MicroSD, you may want to check A3) Section.
4) A MicroSD card reader on your computer
5) A Windows computer (sorry, Linux later, MacOs never from me)
6) I highly recommend to have fight mode ON, automatic system update disabled and report disabled before beginning this guide. The state of your switch before this tutorial will be the state of your switch after restoring. So I recommend setting up your switch like that to avoid any accidental update.
7) A lot of patience, some coffee/tea
Downloads:
1) Archive with content for your SDcardV3
-A raw copy of Hekate ctcaer v4.2 without the bin from >>>here<<<. (at archive:/)
-A raw copy of atmosphere from rajNX available >>>here<<<. (at archive:/)
-A raw copy of hbl.nsp from rajNX (at archive:/rajNX/)
-A raw copy of sm.kip, loader.kip and pm.kip from rajNX. (at archive:/cfw/)
-A raw copy of hbmenu.nro from rajNX. (at archive:/)
-A raw copy of ChoixduJourNX from >>>here<<<. (at archive:/switch/)
-An empty /stock_FW_update/ where you will put your official firmwares update folder. (at archive:/)
-A modified hekate_ipl.ini. (at archive:/bootloader/) to avoid getting lost which contains:
[config]
autoboot=0
bootwait=0
customlogo=0
verification=2
hbTitleId=010000000000100D
hbTitleName=Album
hbKeyCombo=!R
{-------- Stock -------}
[Stock]
[Stock (Prevent GC access)]
kip1patch=nogc
{-- Custom Firmwares --}
[AtmoHB]
kip1=cfw/loader.kip
kip1=cfw/sm.kip
kip1=cfw/pm.kip
[AtmoHB (Prevent GC access)]
kip1=cfw/loader.kip
kip1=cfw/sm.kip
kip1=cfw/pm.kip
kip1patch=nogc
# edited from hekate - CTCaer mod v3.0 .ini template from https://github.com/CTCaer/hekate/blob/master/res/hekate_ipl_template.ini
-A raw copy of memloader's sample content's folder from >>>here<<< (at archive:/)
2) Archive with content for your windows PC V2
-A raw copy of Hekate ctcaer v4.2 bin from >>>here<<<. (at archive:/)
-A raw copy of guiformat from >>>here<<<. (at archive:/)
-A raw copy of TegraRcmGui from >>>here<<< (at archive:/)
New files added on 11/10/2018 for dumping your own update. (WIP)
-A raw copy of memolader.bin from >>>here<<< (at arhive:/)
-A raw copy of TegraRcmSmash from >>>here<<< containing itself a raw copy of biskeydump.bin from th same place. (at arhive:/)
-Both folders of memloader and biskeydump with readmes and licenses.
-A raw copy of HacDiskMount from >>>here<<< (at archive:/)
-A Created bat file that uses then TegraRcmSmash/biskeydump command to dump your BIS keys containing:
TegraRcmSmash.exe -w -r biskeydump.bin
pause
NOTE: archives' password is "RajIsAwesome" without the quotes.
Where to start:
If you never did a backup go to P) then Step I).
If you ever did a backup (DON'T SKIP IT!!!) and you never executed any unofficial code since your last restore to a clean nand then go to Step II).
If you ever did a backup (DON'T SKIP IT!!!) and you ever executed any unofficial code since your last restore to a clean nand then go to Step AI) then Step II).
About Step A1): If you stay in the bounds of this tutorial, I know you can restore as you want, but if you did other things, check with someone that knows!!!
/!\ You will lose all data on that drive so BE CAREFUL with that.
a) Put MicroSD card, in your MicroSD card reader
b) Go to Start>>Computer>>(Right click) on SD card letter>>Format.
c) The file system size should be exFAT and the allocation unit size should be 128k, let it like that, then click "Start".
d) Put the content of the archive 1) at the root of your exFAT sdcard.
e) [exFAT users] Fill the /stock_FW_update/ folder with the folder containing firmware update's content.
NOTE: If you don't have a second MicroSD, you may want to check A3) Section.
3) [non-exFAT user] If your original FW is non-exFAT, Prepare your FAT32 MicroSDcard (the small one) for choixdujourNX:
/!\ You will lose all data on that drive so BE CAREFUL with that.
a) Put your FAT32 MicroSD card, in your MicroSD card reader
b) Go to Start>>Computer>>(Right click) on MicroSD card letter>>Format.
c) The file system and the allocation unit size should respectively be FAT32 and 32k, let it like that, then click "Start".
d) Put the /atmosphere/, /bootloader/, /cfw/, /rajNX/, /switch/, /stock_FW_update/ and hbmenu.nro folders and file from the archive 1) at the root of your FAT32 sdcard.
e) Fill the /stock_FW_update/ folder with the folder containing firmware update's content.
NOTE: If you don't have a second MicroSD, you may want to check A3) Section.
3) [non-exFAT user] If your original FW is non-exFAT but you can't format to FAT32 because windows don't let you do so:
/!\ You will lose all data on that drive so BE CAREFUL with that.
a) Find guiformat.exe in the /fat32format/ in the archive 2) and unpack it wherever you want.
b) Double click "guiformat.exe", and select the letter of your MicroSDcard.
c) The allocation unit size should be 32768, let it like that, then click "Start".
d) Put the /atmosphere/, /bootloader/, /cfw/, /rajNX/, /switch/, /stock_FW_update/ and hbmenu.nro folders and file from the archive 1) at the root of your FAT32 sdcard
e) Fill the /stock_FW_update/ folder with the folder containing firmware update's content.
2) Boot in RCM, Tutorials >>>in this big thread<<.
NOTE: your computer should start seeing an APX device.
NOTE: TegraRCMGUI.exe will tell you RCM DETECTED if you have the right setup.
NOTE: In Hekate, don't mess around, it's your recovery and you can break things fast.
6) Then choose Tools...>>Backup..>>Backup eMMC BOOT0/1, this one is fast.
NOTE: Hekate will create /backup/your_switch_id/BOOT0.bin and /backup/your_switch_id/BOOT1.bin.
NOTE: Hekate will create /backup/your_switch_id/rawnand.bin.
/!\ Don't Skip Verify.
/!\ Make sure the Switch has enough battery or is in charge.
/!\ This backup is your ULTIMATE FALLBACK don't loose it !
NOTE: If you don't have a second MicroSD, you may want to check A3) Section.
1) Start Hekate by repeating Step I) 1-4) but non-exFAT users have to do it with their FAT32 MicroSDcard.
NOTE: If you don't have a second MicroSD, you may want to check A3) Section.
2) Choose Launch...>>AtmoHB.
3) Once your firmware is started, choose the Album button to start HBmenu.
4) Choose ChoixduJourNX.
5) Choose /stock_FW_update/ Folder.
6) Choose the folder where you extracted your firmware's update.
7) Click Choose, let it analyse and follow the prompt, if you have NCAs errors, search for a better update source.
WARNING WARNING WARNING: Running a FIRMWARE >= 4.0.0 WITHOUT REPLACEMENT FS_XXX_nogc.kip1 ACTIVE WILL MAKE YOUR CARTRIDGE PORT UNUSABLE ON EARLIER FIRMWARES. forwarded from @rajkosto's post
1) Transfer BOOT0.bin, BOOT1.bin, rawnand.bin in the (exFAT)sd:/backup/your_switch_id/restore/ folder.
3) Choose Tools...>>Restore...>>Restore eMMC RAW GPP (exFAT only).
/!\ Don't Skip Verify.
/!\ Make sure the Switch has enough battery or is in charge.
4) Choose Tools...>>Restore...>>Restore eMMC BOOT0/1.
/!\ This will disable Auto-RCM make sure you have a jig and your firmware will correspond to your fuses.
/!\ Don't Skip Verify.
/!\ Make sure the Switch has enough battery or is in charge.
2) Use choixdujourNX to update your switch Step II)
3) Repeat after any unofficial code.
/!\ It will also restore your save so you will loose progression, and I've no solution for now, probably later.
SOME KNOWLEDGE: For backup you are forced to use exFAT. You can't have a 32Go file on a FAT32 card.
Hekate act at the Bootloader level of the console and it doesn't require any driver to work with exFAT even if your Horizon OS (so the Switch's firmware) doesn't have exFAT support.
You have to backup your Nand with an exFAT card even on non-exFAT system.
HOW TO:
2) First you backup (Step I) with the exFAT one
3) Then you use ChoixdujourNX (Step II) with the FAT32 one
2) First you backup (Step I) with your only SDcard as exFAT
3) Then you put that MicroSDcard back in your computer to backup your nand backups (still make sense?) (end of Step I)
4) Format it as FAT32 with Step P)3) [non-exFAT users]
5) You re-prepare this MicroSDcard with the same archive and add your update in the (FAT32)sd:/stock_FW_update/ (end of Step P)3) [non-exFAT users])
6) Finally you use ChoixdujourNX (Step II) with the same and only card but as FAT32
2) Find in the new Windows' archive /TegraRcmSmash/xxx/ShowMykeys.bat
NOTE: Your command prompt will show you your bis keys.
/!\ Don't show it to anyone
4) Push POWER button to turn of you switch then copy that keys.txt file at the root of your SDCard (exFAT/FAT32 doesn't matter here).
NOTE: These keys, will allow you to read (and write, but we will not here) your nand by USB with HacDiskMount
NOTE: It means files are on your Switch which is waiting your confimation to update /!\ Don't Confirm and turn off you Switch
NOTE: TegraRCMGUI.exe will tell you RCM DETECTED if you have the right setup.
NOTE: Memloader is really powerful and will allow you to mount your Nand's partition if you provided it your BIS keys(keys.txt from A4 at the root of you SDcard).
NOTE: Memloader controls' are the same as Hekate's, VOL UP for UP, VOL DOWN for DOWN and POWER to CONFIRM.
NOTE: Your Switch's screen should turn black while still being backlighted.
/!\ From there windows will prompt MULTIPLE TIMES you to format volume that it can't read, NEVER DO IT
/!\ If at some point you want to unplug your switch after doing that ALWAYS safely eject "USB download gadget"
/!\ I ask you to be EXTRA CAREFUL with this software, YOU CAN MESS EVERYTHING UP AND RUIN YOUR DAY IN BUNCH OF CLICKS.
/!\ Stay in the Boundaries of this Tutorial and nothing bad can happen.
/!\ If you go out of it I will not be able to support you.
NOTE: It need Admin Right to mount and manage volumes.
NOTE: You can see the partition list of your switch.
NOTE: A property menu should appear, asking you for BIS 2 keys.
10) Go to your SYSTEM's drive letter that you just set, and find the Content folder.
11) Copy that content folder to your computer and rename it to what you want (possibly the firmware version you're trying to install)
12) Unmount your SYSTEM in HacDiskMount, then in HacDiskMount again "File>>Exit", and safely eject "USB download gadget".
12) Take back your MicroSD to your computer then copy that renamed folder to your (FAT32 for non-exFAT users) sd:/stock_FW_update/
13) Go back to II) to install the new update.
Future update(s)
* things as I find time.
Thanks To:
* @rajkosto for his cool exhaustive tutorial and his dedication to the scene.
* Devs around cfws, SDFiles, and Switch hacking in general.
* All users from both @rajkosto 's threads who explained lot of stuff about switch hacking.
* All developers creating tools to make those operation easier.
* All people that have been waiting silently and patiently for a good exploit on Switch without complaining (That's my personnal add, because they need to be thanked).
* DarckCrystale for the template of this post.
Changelog
22/10/2018: make SDFilesV3 to add an option to prevent GC access on cfw.
10/10/2018: Add Section A4 and A5 to dump your keys and dump your own updates, and updated archives with V2.
10/10/2018: Add forgotten archives' password in 'Downloads' section. Add section A3) for 1 MicroSD setup. Tested on 6.0.1
09/10/2018: Original post.
NOTE: the changelog date format is dd/mm/yyyy.