/deviceid-exosphere-builder

Create a custom Exosphere binary to spoof the DeviceId

Primary LanguageDockerfile

DeviceID Exosphere Builder

Dockerized tool to build a custom Exosphere binary that spoofs the DeviceID. This can be used to boot Horizon with Atmosphere in a Nintendo Switch with transplanted PRODINFO/PRODINFOF partitions

How to transplant PRODINFO/PRODINFOF and recreate the other EMMC partitions from scratch

WARNING

This procedure is only meant to be able to boot the console back into Horizon, after losing the contents of PRODINFO/PRODINFOF partitions. THIS IS NOT MEANT TO UNBAN YOUR CONSOLE. If you try doing that, the most likely outcome is that you will end up with another banned console. Avoid any kind of piracy from now on and DON'T USE the transplanted console online

Requirements:

  • Windows
  • A working console full EMMC backup (Console A), or that console running latest Hekate, connected to the PC
  • A console with working hardware, but without a working EMMC backup (Console B)
  • NxNandManager
  • HackDiskMount
  • BIS keys for Console A and B
  • Docker
  • Latest Hekate
  • Latest Atmosphere

Steps

  1. Open the EMMC from Console A or its backup with NxNandManager, using Console A BIS keys.
  2. Write down the DeviceID, without the initial NX and the -0 (or whatever there is) at the end, skipping the first two digits. For instance, if it says: NX1122334455667788-0, the part you need to write down would be: 22334455667788.
  3. Dump and decrypt PRODINFO and PRODINFOF partitions from Console A.
  4. Close NxNandManager.
  5. Open the EMMC from Console B with NxNandManager, using Console B BIS keys. It may say that it has BAD CRYPTO. This is expected on a nuked EMMC.
  6. Restore the decrypted PRODINFO and PRODINFO partitions from Console A into Console B.
  7. Close NxNandManager.
  8. Follow this guide to recreate the rest of the EMMC partitions, BOOT0 and BOOT1 on Console B using Console B BIS keys, UP TO AND INCLUDING, STEP 12. DO NOT ATTEMPT TO BOOT THE CONSOLE YET.
  9. On the SYSTEM partition, delete all the files/folders of the save folder except the one ending in 120. Not doing this may end up in the console freezing during boot or Atmosphere showing an error while booting.
  10. Put the latest version of Hekate and Atmosphere on your SD card.
  11. Create the custom Exosphere binary to spoof the DeviceID.
  12. Boot the console using fusee-primary.bin or chainload it from Hekate.

How to create the custom Exosphere binary with Docker

This tool requires a volume mounted to the /output directory of the container, and the DEVICEID environment variable, with the DeviceID to spoof.

Either build the docker image locally or use the prebuilt image from Dockerhub, replacing the DEVICEID value with your DeviceID (keep the 00 before your DeviceID. If the output from NxNandManager was NX1122334455667788-0, the value to use should be: 0x0022334455667788. ):

mkdir -p ./output
docker run -ti --rm -e DEVICEID=0x0022334455667788 -v "$PWD"/output:/output pablozaiden/deviceid-exosphere-builder:latest

After it finishes building, copy the output/deviceid_exosphere.bin file to the Atmosphere directory of your SD card, and add the following entries to BCT.ini:

[stage2]
exosphere = Atmosphere/deviceid_exosphere.bin

If booting via Hekate (without fusee-primary.bin), add this to the boot configuration to pick up the custom exosphere binary:

secmon=Atmosphere/deviceid_exosphere.bin

How to create the custom Exosphere binary without Docker

To build the same Exosphere custom binary without using the Docker image, you have to do the following manual steps first (for more details, just follow what is being done in the Dockerfile):

  • Install DevKitPro
  • Install the required libraries to build Atmosphere
  • Clone Atmosphere into the commit/tag/branch you want
  • Go to the exosphere directory, inside the repo
  • Run the following command, to modify the GetDeviceId method, replacing the DEVICEID value the same way that was done in the dockerized build (tested only on linux):
DEVICEID=0x0022334455667788 sed -i "/u64 GetDeviceId() {/ s/$/ return $DEVICEID;/" ../libraries/libexosphere/source/fuse/fuse_api.cpp
  • Build exosphere:
make -j$(nproc) exosphere.bin
  • Copy exosphere.bin to the Atmosphere directory in your SD card and follow the steps to configure it from the dockerized build.

Considerations

  • Important. Do not share your dumps and personalized builds.. The deviceid_exosphere.bin is tied to a specific DeviceID and must not be shared. The same applies for the PRODINFO/PRODINFOF dumps. You may end up with a banned console.
  • Doing this will potentialy leave you with more than one console with the same MAC address. Trying to connect both of them at the same time, to the same wireless network may result in an unexpected behavior.

Acknowledgements:

  • shchmue, Jan4V and SciresM for all the patience answering questions and all the info about this and the full nand transplant options.