Skip to content

ruje0504/deviceid-exosphere-builder

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

28 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

DeviceID Exosphere Builder

Dockerized tool to build a custom Exosphere binary that spoofs the DeviceID. This can be used to boot Horizon with Atmosphere in a Nintendo Switch with transplanted PRODINFO/PRODINFOF partitions

How to transplant PRODINFO/PRODINFOF and recreate the other EMMC partitions from scratch

WARNING

This procedure is only meant to be able to boot the console back into Horizon, after losing the contents of PRODINFO/PRODINFOF partitions. THIS IS NOT MEANT TO UNBAN YOUR CONSOLE. If you try doing that, the most likely outcome is that you will end up with another banned console. Avoid any kind of piracy from now on and DON'T USE the transplanted console online

Requirements:

  • Windows
  • A working console full EMMC backup (Console A), or that console running latest Hekate, connected to the PC
  • A console with working hardware, but without a working EMMC backup (Console B)
  • NxNandManager
  • HackDiskMount
  • BIS keys for Console A and B
  • Docker
  • Latest Hekate
  • Latest Atmosphere

Steps

  1. Open the EMMC from Console A or its backup with NxNandManager, using Console A BIS keys.
  2. Write down the DeviceID, without the initial NX and the -0 (or whatever there is) at the end, skipping the first two digits. For instance, if it says: NX1122334455667788-0, the part you need to write down would be: 22334455667788.
  3. Dump and decrypt PRODINFO and PRODINFOF partitions from Console A.
  4. Close NxNandManager.
  5. Open the EMMC from Console B with NxNandManager, using Console B BIS keys. It may say that it has BAD CRYPTO. This is expected on a nuked EMMC.
  6. Restore the decrypted PRODINFO and PRODINFO partitions from Console A into Console B.
  7. Close NxNandManager.
  8. Follow this guide to recreate the rest of the EMMC partitions, BOOT0 and BOOT1 on Console B using Console B BIS keys, UP TO AND INCLUDING, STEP 12. DO NOT ATTEMPT TO BOOT THE CONSOLE YET.
  9. On the SYSTEM partition, delete all the files/folders of the save folder except the one ending in 120. Not doing this may end up in the console freezing during boot or Atmosphere showing an error while booting.
  10. Put the latest version of Hekate and Atmosphere on your SD card.
  11. Create the custom Exosphere binary to spoof the DeviceID.
  12. Boot the console using fusee-primary.bin or chainload it from Hekate.

How to create the custom Exosphere binary with Docker

This tool requires a volume mounted to the /output directory of the container, and the DEVICEID environment variable, with the DeviceID to spoof.

Either build the docker image locally or use the prebuilt image from Dockerhub, replacing the DEVICEID value with your DeviceID (keep the 00 before your DeviceID. If the output from NxNandManager was NX1122334455667788-0, the value to use should be: 0x0022334455667788. ):

(if you want to use a specific Atmosphere version, change the latest docker tag with the Atmosphere version number, like 0.14.4)

mkdir -p ./output
docker pull pablozaiden/deviceid-exosphere-builder:latest
docker run -ti --rm -e DEVICEID=0x0022334455667788 -v "$PWD"/output:/output pablozaiden/deviceid-exosphere-builder:latest

After it finishes building, copy the output/deviceid_exosphere.bin file to the Atmosphere directory of your SD card, and add the following entries to BCT.ini:

[stage2]
exosphere = Atmosphere/deviceid_exosphere.bin

If booting via Hekate (without fusee-primary.bin), add this to the boot configuration to pick up the custom exosphere binary:

secmon=Atmosphere/deviceid_exosphere.bin

How to create the custom Exosphere binary without Docker

To build the same Exosphere custom binary without using the Docker image, you have to do the following manual steps first (for more details, just follow what is being done in the Dockerfile):

  • Install DevKitPro
  • Install the required libraries to build Atmosphere
  • Clone Atmosphere into the commit/tag/branch you want
  • Copy the deviceid.patch file from this repo into the Atmosphere directory
  • Run the following command, to modify the DeviceId value in the patch and apply the patch (tested only on linux):
    export DEVICEID=0x0022334455667788
    sed -i "s/###DEVICEID###/$DEVICEID/g" deviceid.patch
    
    git am deviceid.patch
  • Go to the exosphere directory, inside the repo
  • Build exosphere:
    make -j$(nproc) exosphere.bin
  • Copy exosphere.bin to the Atmosphere directory in your SD card and follow the steps to configure it from the dockerized build.

Considerations

  • Important. Do not share your dumps and personalized builds. The deviceid_exosphere.bin is tied to a specific DeviceID and must not be shared. The same applies for the PRODINFO/PRODINFOF dumps. You may end up with a banned console.
  • Doing this will potentialy leave you with more than one console with the same MAC address. Trying to connect both of them at the same time, to the same wireless network may result in an unexpected behavior. To modify your MAC address, edit the decrypted PRODINFO and modify the 0x6 bytes starting at 0x210 and use the CRC16 method described here to properly fill the next 0x2 bytes.

Acknowledgements:

  • shchmue, Jan4V and SciresM for all the patience answering questions and all the info about this and the full nand transplant options.

About

Create a custom Exosphere binary to spoof the DeviceId

Resources

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Dockerfile 71.1%
  • Shell 28.9%