borntohonk / switch-ghidra-guides Goto Github PK

Hi again, thanks for adding dev keygen. I did notice that the keyhash for dev - master_key_00_key = '59xxx' should be this:

if key_hash != "201d449a1654ed659e9bd9f3546a0609f710d6b8b81eb567fd7c738ff04324fc":

Also to generate dev keys in the temp key file we need to have :

aes_kek_generation_source = 4dxx
aes_key_generation_source = 89xxx
mariko_master_kek_source_11 = e445xxx
master_kek_source_11 = 00045xxx
tsec_root_key_02 = ca99xxx

Do you happen to know what file - master_kek_source_11 lives in (for dev - not prod)? I guess this can be extracted from a file in the same way that mariko_master_kek_source_11 can be as we need to get that to generate the dev keys - or am I missing something?

In lines 19 + 21

subprocess.run(f'hactoolnet --keyset prod.keys -t switchfs {firmware} --title 0100000000000819 --romfsdir 0100000000000819/romfs/', stdout = subprocess.DEVNULL)

and

subprocess.run(f'hactoolnet --keyset prod.keys -t pk11 0100000000000819/romfs/nx/package1 --outdir 0100000000000819/romfs/nx/pkg1', stdout = subprocess.DEVNULL)

This could be adjusted to:

subprocess.run(f'hactoolnet --keyset ' + prod_keys + ' -t switchfs {firmware} --title 0100000000000819 --romfsdir 0100000000000819/romfs/', stdout = subprocess.DEVNULL)

and

subprocess.run(f'hactoolnet --keyset ' + prod_keys + ' -t pk11 0100000000000819/romfs/a/package1 --outdir 0100000000000819/romfs/nx/pkg1', stdout = subprocess.DEVNULL)

Reason, well you already define the path to check in this line: prod_keys = os.path.expanduser('~/.switch/prod.keys')
When the subprocess runs it now looks where you put the prod_keys check in the first place.

Thanks.

Hi, i am studying the key generation scripts and see a difference in the commands for revisions.
V1
hactoolnet --keyset {prod_keys} -t pk11 0100000000000819/romfs/nx/package1 --outdir 0100000000000819/romfs/nx/pkg1
V2
hactoolnet --keyset temp.keys -t pk11 0100000000000819/romfs/a/package1 --outdir 0100000000000819/romfs/a/pkg1

I use key file from public source and for Mariko command work good, but for Erista i only get metadata about package1 to stdout and thats all.

Can you help with my question https://gbatemp.net/threads/how-to-create-your-own-sigpatches.616288/post-10448653

Hi, tell me plz how Loader patches work.As I understand it, package3 is decompressed into several kip files, loader.kip is found > by the hash sum, then we find the offset and replace byte 01 with 00 (cmp w0,w1 to cmp w0,w0). But I still don't understand ?> > what it affects. And why hekate patches offset start after 100 address. And we took hashsum from compressed loader but > patching uncompressed?

I look atmosphere_loader_patch and I'm interested

Mod info, currently with the -k flag we can use our own keyset to generate keys.

Problem - ourr keyset gets overwritten by new keys.

Solution:
Under - prod_keys = "%s" % args.keys add this line:
new_keys = "prod.keys"

Next: comment out line: #os.rename(prod_keys, 'temp.keys')
Under add this: os.popen('cp ' + prod_keys + ' temp.keys')

Nex replace line : with open(prod_keys, 'w') as new_prod_keys:
to this: with open(new_keys, 'w') as new_prod_keys:

This we we can keep our custom keyset and still write a new prod.keys file.

In both keygen files, you need to change to the following:

import argeparse

change to

import argparse

Also in the file: scripts/erista_keygen.py, you have an error on the path on line 21

subprocess.run(f'hactoolnet --keyset prod.keys -t pk11 0100000000000819/romfs/nx/package1 --outdir 0100000000000819/romfs/nx/pkg1', stdout = subprocess.DEVNULL)

Change to:

subprocess.run(f'hactoolnet --keyset prod.keys -t pk11 0100000000000819/romfs/a/package1 --outdir 0100000000000819/romfs/nx/pkg1', stdout = subprocess.DEVNULL)

Modding both files fixes errors - you could also add a python requirements.txt , If not, users should run - "pip install argparse" to install that module to python.

Thanks for the keygens though, they work well.

After the keygen has worked, clean up 0100000000000819 folder and all it's contents:

Solution: Install shutils module - pip install shutils

In keygen file at top add: import shutil
After line: print(f'# Keygen completed and output to {prod_keys}, exiting.')

Add these two lines:
decrypted_bin.close()
shutil.rmtree('0100000000000819')

Now once the keygen has completed its task these temp files will be removed.

Thanks for posting your guide, although you made a slight mistake.

For your windows gradlew.bat to work properly, you need to have gradle version as max version in gradle-wrapper.properties set to this:

distributionUrl=https\://services.gradle.org/distributions/gradle-7.6-milestone-1-bin.zip

This is the maximum gradle version that allows you to have "settings.gradle" work in your batch file. Because of this the max java JDK version that is compatible with that version of gradle needs to be version 19. Currently on a fresh install your script installs gradle version 7.51 (https://github.com/StevensND/Ghidra-Switch-Loader/blob/master/gradle/wrapper/gradle-wrapper.properties). Open Java JDK 21 .0.2 is linked in your guide, this needs to be chaged to a version that is compatible with gradle 7.5.1 otherwise you will get an error trying to run the batch file (gradlew.bat) that's mentioned in your guide.

I am not posting this to be a twat, I am greatful for your guide, but for noobs in it's current form it will not work. This is down to "https://github.com/StevensND/Ghidra-Switch-Loaderr" being almost 2 years old now and things have moved on in java and gradle since then.

python firmware_organizer.py，uncompressed_nifm.nso0 is not output
In 010000000000000F, there are only main and Program.nca