Messages

1

iQue Switch / Super Mario Bros. U trial for iQue Switch

« on: December 28, 2020, 02:43:00 PM »

Trust me, even myself have no idea how this works, since last time I checked my dump it's still a total mess that doesn't load.
It's a trial, not full game, so not piracy. Loads on any Switch and also Ryujinx. Have fun.
https://mega.nz/file/D89XBARL#C1_mm7KP8VwczdUGUgjFPiSpOVhMNjPNKhPANcaVQ3ILink downed.
or by IPFS:
https://ipfs.io/ipfs/QmNfoLR2v8zCn56Ct4pdhNP6x6aaYCvWcn8n2uBagwAXyu?filename=0100DEE00F508000.nsp
Also available as torrent.

2

PS Vita / Re: [Release] Virtual mass storage

« on: September 15, 2020, 06:34:45 AM »

Is this essentially just creating a partition from an existing drive (ux0 for example, being my hard drive for my pstv) or would I also need an SD2VITA for my PSTV to be able to use this?

It's possible even on OFW but it doesn't do too much. There is a program called uke-torne in JP PSN. Download it and it would generate a virtual disk in UX0 and that part will be mounted as a USB flash drive when you hook your Vita to a PC or other devices (without the need of CMA/QCMA). So you can carry some files in your Vita this way.

3

iQue Switch / Re: Tutorial: Region Unlock iQue Switch

« on: July 22, 2020, 04:56:21 AM »

I can't just port other console save because the validation is console specific.

So, even international models also got those savefiles ?

4

iQue Switch / Re: Tutorial: Region Unlock iQue Switch

« on: July 21, 2020, 11:02:28 AM »

I don't know which bit is responsible for this, nor the way to fix the CMAC verification manually

Probably no need since NxNandMgr could get it done on itself. You won't have any problem modifing PRODINFO or any partition and injecting it back.
Also, NAND2 hasn't been booted yet at this step. You don't need to even edit the save precisely , just by removing/modding those saves to what it should be like in an international Switch and then it should notice no problem.  There are no things like security processor or hypervisior in Switch, so besides NAND there is nowhere for it to hide information.

5

iQue Switch / Re: Tutorial: Region Unlock iQue Switch

« on: July 21, 2020, 03:54:21 AM »

there's already a homebrew forked from the blawar incognito and modded by an user from the infamous 91wii forum, dedicated to region change the Horizon (Tencent feature to global feature and vise versa).

Wow, that's way faster than I expected. I have thought about making an automatic region changing tool, but I odn't have any knowledge on console programming.

And because you are already Tentcent feature flag active before your (customer) first boot...

I guess it's possible to do it "legally" but that would require another NAND chip.

• Dump the NAND inside the Switch (named NAND1) before its first boot.
• Recover the spare NAND (named NAND2) with that dump externally (by a flash ROM burner etc.)
• Boot up Switch with NAND1 and run lockpick to pick the key.
• Decrypt NAND2 with the key picked, modify its Prodinfo and those saves.
• Replace the NAND on Switch motherboard from NAND1 to NAND2.

And futhermore, I think it's possible to design some kind of Xbox 360 styled multiNAND circuit to swap between NAND1 and NAND2 so you can use both iQue and international eShop.

And probably you don't need 2 NAND chips. Making an emunand before your first boot and modify it may also do the trick ?[/list]

6

iQue Switch / Re: Tutorial: Region Unlock iQue Switch

« on: July 21, 2020, 02:17:47 AM »

So this method of modification is not by any mean legal.

I don't really understand what you are trying to argue about by using the word "not legal".

If you mean "it has break the law by doing this", no, this is totally legal, since the Switch I own is my private property and it's definitely legal for me to chooser how I deal with it, unless the Switch is acquired illegally (stolen, robbed), illegal procedures involved in hacking (using Nintendo confidental data), or the Switch is being used for illegal activities after being hacked (piracy). All of those are not involved in such hacking tutorial.

If you mean "it has violated Nintendo EULA", yes. But remember, for the very moment you disassembled the Switch for installing SX Core, you have already violated Nintendo EULA. That is why I need to warn all of you not to go online with such modified console since Nintendo won't take chance on behaviours that violate EULA.

If you mean "your theory/procedure makes no sense", why don't you try it first before drawing conclusion ? The worst result you can get is losing every game and save and probably bricking emunand, just recreate one and it will be okay.

7

iQue Switch / Tutorial: Region Unlock iQue Switch

« on: July 18, 2020, 02:32:26 PM »

Notice: this is old and dirty method. You can just call system settings services "SetT" in order to get this done. This tool will help you : https://github.com/CaiMiao/Tencent-switcher-GUI/releases

P. S. If you want to know more about iQue Switches, read my other articles in the same section as this.
First things first, I am not responsible to any damage dealt to your Switch in this operation process, even you have exactly followed my steps correctly !
The reply I made on GBATemp, saying this is impossible, is wrong ! The reason I failed is injecting modified Prodinfo by Incognito itself, which doesn't really work. Dunno why, but seems the SX Core chip is getting in the way.
A. Before We Start

• You cannot go online multiplayer or use eShop with this unless you want an insta ban, even if you don't use any kind of unlicensed or pirated software. And actually, this will even increase the banning possibility since there will be things that cannot match up in your device identification after such operation, like your device serial will still begin with XKC, which is iQue specific. Wiping out or modify serial and other console-specific data may help out a little, but we don't suggest you doing such operation, since using wrong tools and/or wrong methods while manipulating Prodinfo partition could result in irreversible brick (e.g. incognito module in Tinfoil).
• It's NOT recommended to do this operation on your sysNand since this operation involves dangerous procedures like manipulating Prodinfo partition. Only try it on emuNand.
• You can actually region lock an international version Switch in the same manner, but seems it doesn't make much sense.
• You will lose all your NSP games, updates, DLCs, and game saves in this operation. Please back them up if they are still needed.
• Currently I don't sure if you will gain/lose the ability to run iQue eShop games and iQue cartridges after this operation, for I don't sure if some kind of key derivation process is done in factory reset process, and I have no iQue cartridges, let alone my iQue Switch is banned.  If you found you lost such ability and there is necessity for you to run iQue eShop games and iQue cartridges, you can still boot to your unmodified sysNand and enjoy them. Also, if that do happen, contact me to let me know.

B. How it works
There is a partition called Prodinfo in Switch Nand, and there is a part called CAL0 inside, which contains some device identification information, including region code.  Here is a link for you to know more: https://switchbrew.org/wiki/Calibration

Despite so many weird features and behaviors on iQue Switch OS, what's under the hood is surprisingly simple: On the first boot, it only check the region code in Prodinfo. If it's "CN" (0x04), then it activates iQue Switch features; otherwise, it activates international features. This is quite different compared to its ancestors like iQue 3DS which got major difference in software, and sometimes even in hardware compared to their equivalent international models.

So, we just modify Prodinfo and then get back to first boot status, then we will be able to change region lock status.

0. Software Needed

• Lockpick.nro (not LockpickRCM. that one won't work since there is no way to push payload on Mariko units.)
• Incognito.nro (again, not it's RCM version.)
• GoldLeaf.nro
• CheckPoint.nro/JKSV.nro (this is not required, but definitely useful, since you will lose everything )
• NxNandManager
• HxD

These tools should be easy to get just by Googling their name, so download links are not given out here to make it tidy.
[/list]

1. Pick The Keys

Firstly, get your tools prepared. After you downloaded all those tools, put NxNandManager and HxD on your PC, and everything else goes into the root of the SD card of your Switch.

And then, launch LockPick. It's a homebrew, just click the album and then choose "HOMEBREW" in CFW menu and then click on LockPick.




When you see this, the process is done. Press + to exit. Now you got the key which we need to decrypt the Prodinfo later.

2. Dump Decrypted Prodinfo



Launch Incognito. When you see this menu, press "B" to get prodinfo.bin . When it tells you success (usually in less than 1 second), it's done. Press + to exit.

3. Modify Prodinfo

Eject the SD card in your Switch, get it in a reader and hook it up to your PC. You will find a prodinfo.bin file in sdcard:/backup . copy that file to somewhere safe in case something went wrong later on. Open HxD, and open that prodinfo.bin . Press Ctrl+G, type in "3510", and then enter, since what we gonna modify is at offset 0x3510 (also 0x351E) . Notice these two values shown in the picture:



Left one is at offset (you can think that offset is just a fancy name of "location") 0x3510, and the right one is at offset 0x351E. That "03 00" is the region code, while "63 3B" is the checksum. You can change them to these values :

Code: [Select]

0x3510 0x351E Region
00 00 66 FF JP
01 00 66 3E US
------------------------------
04 00 63 3B iQue
For those who have never used a hex editor: click directly on the number you want to modify and then key in the number. Don't type anything in that "dotty" area. The content in the "dotty" area may change when you are keying in numbers on the left, no need to worry.

Actually which region code doesn't really matter. It only cares whether it's iQue or not. Notice that 0x3510 and 0x351E must match up or you will get a brick !

After you are done, press "save" and then exit HxD.

4. Inject Modified Prodinfo Into Emunand

Notice: this is assuming you save your Emunand as files. If you save your Emunand as a hidden partition, you may have take extra steps to unhide the partition and assign it a drive letter before continuing. This is kinda complex and off topic so I don't want to talk about it too much; Google is your friend.

Open NxNandMgr, and click Options - Configure Keyset, since we need to set up our keys first. Click "import keys from file", then select your prod.keys file. It's under sdcard:/switch . Then those empty boxes will be filled up automatically. Then you can close that window. If it tells you that it failed to parse the key file, close NxNandMgr, right click on its icon, and select "run as administrator", then try again.



Click File - Open File, then select your Emunand part 0, which is in sdcard:/sxos/emunand/full.00.bin, (if your emunand is saved as partition, then you should click File - Open drive, then select your emunand partition.) then click "PRODINFO". Click "Restore from file", and then select your modified prodinfo.bin, which is under sdcard:/backup/prodinfo.bin . Click OK in the pop up window and when it's done, close NxNandManager.



5. Send Switch Back to First Boot

You will lose all your game saves by doing this ! Backup them with Checkpoint/JKSV first !

Put the SD card back into Switch and turn it on. Run Goldleaf and select "Explore Content - Console Memory(System) ," and then focus the cursor on "save" folder. Press Y button and then select "Delete". then do the same with "savemeta" folder. You may find that "save" folder is still there, but all the contents inside are gone. This is as expected.

And then, Exit GoldLeaf by pressing +, then go to system settings and do a factory reset. You may find your Switch suddenly turn off very short after it begin to factory reset: this is as expected. Just turn it back on, and you got a region unlocked iQue Switch.

Z. Thanks

• zestiva, for purposing such procedure as as idea on GBATemp.
• HenryMin, for confirming such procedure is possible, and pointed out why my first few attempts failed.
• CBPS, for running the form I post this tutorial on.
• TX, I mean both TX, both for creating weird and fun hardware for us to research on.

We are free, We are free !

8

iQue Switch / Review of hacked iQue Switch

« on: June 24, 2020, 03:31:39 PM »

Okay, now I got my iQue Switch hacked by using Xecuter SX Core product.
This review could be much shorter than you expected since I won't show the exact same things as regular Switches.

1.Game booting splash

Every Switch user will know that there is a splash screen shown when Switch is starting a game, which contains a Nintendo logo (top left corner) and a Switch logo (bottom right corner). According to Nintendo Homebrew Discord server, this splash is stored in game executive files. However, what's in the iQue Switch has exceed what we have known about the booting splash.

When starting any NSP or legit eShop games (no matter what the game region is, and even applies to NSP that are not games e.g. Tinfoil installed as a game), it shows a boot splash containing 3 parts: a Nintendo logo (top left corner) , a Switch logo (bottom right corner), and a "notice about healthy gaming" in the middle.



Let's talk a little more about that "notice about healthy gaming". It's required by law that all video games legally released in China mush show such notice in game (wherever though, on loading screen, on intro screen, even in ingame chats, at the favor of developers.), very similar to "Winners Don't Use Drugs" in arcade machines back in 1990s. I guess that's why iQue Switch just baked it into the OS and affect every NSP since every game will need one. The content of that notice is :

Code: [Select]

Protest against vulgur games and say no to pirated games.
Take care to self-protections and avoid being scammed ingame.
Casual gaming is good for brain while gaming addiction is bad for health.
Plan your time wisely and enjoy a healthy life.

However, when starting XCI games or foreign cartridges (I haven't tried iQue cartridges or XCIs dumped from them), it just shows a regular boot splash.



So, there are two things quite new to us:
1. The boot splash could contain more than 2 parts and it's customizable at least in some extent;
2. The boot splash doesn't always come from game executive files, at least for iQue Switch.

2. Language Fallback Issues

Some games are multilingual, which means it can change to different languages automatically according to what language and region you have selected in your OS. However there are always times that you selected a language that the game doesn't support, so it will display in its "default language" , usually English, and that's "language fallback".

All games (including XCI and NSP) will display in simplified Chinese if they support. However, since there is no language or region settings on iQue Switch, if they don't support simplified Chinese, they will fallback to usually English even if they provide similar language like traditional Chinese and users will have no control on this, unless it provides a dedicated language selector ingame.

For games that are not multilingual, they will still run normally and display in their original language.

3. NES/SNES online
A pretty surprising thing is, NES/SNES online on iQue Switch could be played totally offline, with all games accessable. However, NES/SNES online is not in iQue eShop so piracy is required. On regular Switches, you need an Nintendo Account, an membership subscripion and get online to play NES/SNES online. You could bypass the Nintendo account, but the game would hang up on game selection page, with no games shown.

4. A little extra: Super Mario Bros. U trial for iQue Switch

Actually this should be in the part of that OFW review. But when I realized that there is the trial version of Super Mario Bros. U trial for iQue Switch, I have already packed my Switch up and ready to mail it to the pirate for modification.

I have said I would like to dump such trial game to let you guys try it yourself, but unfortunately, none of the tools (including Tinfoil, SX Dumper and LockPick) could dump iQue eShop titles properly. According to Team Xecuter, iQue Switch use different titleKey format to encrypt eShop games, which those tools are not adapted to.

Download the game is the same process as regular Switch, so not so much to talk about.



Loading screen. You can see they translated "Now Loading...". And this is not because they think someone would not understand what's "Now Loading". It's actually because of the video game censorship rules in China: Anything could be written in simplified Chinese must be written in simplified Chinese.  Using unnecessary amounts of foreign language (which finally turned into do use unnecessary amounts of Chinese) in game will decrease the chance for it to pass censorship. Also using traditional Chinese in game is prohibited since it's the language for Taiwan or HongKong which is capitalism.

Intro screen of the game. The name of the game definitely needs to be translated.



Only 6 levels are playable in this trial version: 3 from Super Mario Bros. U and another 3 from Super Luigi Bros. U.



They also translated level names.



The gameplay is the same as regular version. But there is a little but quite a shocking difference: They translated "1UP" into "加1" which means "+1". I dunno that even such a little thing is in the scope of censorship. It happened too fast and I don't have time to capture it though. Even commies will know what is "1UP" without someone translate it for them; remember we are grown up with Dendy.



Well, that's all. Thanks for your reading. In this hot summer, chill yourself with a cold war.

9

iQue Switch / Probably the first iQue Switch review in the west

« on: June 15, 2020, 02:03:46 PM »

Well, as probably the only commie here, I got an iQue Switch (actual name is Tencent-Nintendo Switch) at the price of about $211.45 . And I am probably the first guy to actually review such thing to western public.

"In this hot summer, chill yourself with a cold war."

Looking

Well, what can I say. It's a Switch, just like any Switch. Even it's a Tencent product, it's still named "Nintendo Switch" on it's back.
The model number is HAC-001(-01), that means it's a Mariko. Since the iQue Switch hit the market so late (probably at least Dec. 2019), all of them are Marikos.


It got a serial number beginning with "XKC". For this, I have to post a pull request for Nintendo Homebrew Discord server's KurisuBot, for its serial number checker doesn't even think "XKC" is a valid serial number back then.


Software

It's quite long so I will seperate it into different sections.
Before you ask: No, it's not hacked for now. But sooner or later. If kept unhacked it's literally garbage, you will know why soon.

1. First-time-setup

Boot screen is the same as regular Switch.


The very beginning of the setup is kinda different: You won't get the screen to set up language, and you will get jumped directly to EULA. iQue Switch doesn't support other language except Chinese. And, when you begin to setup account, things will get interesting:



It doesn't even support Nintendo Account. All it support is Wechat account. When you choose that, a QR will pop up and you need to scan it in Wechat on your Cellphone.



After scanning:



It says Nintendo Switch has been successfully registered.
After that it recommend you to subscribe to Tencent's Switch official Wechat channel. You can just skip it.



And after few steps just like regular Switch, it's finally done.
Main menu is the same as regular Switch so no point to show it here.

2. eShop
iQue Switch got a cripped eShop, or to say, "e商店", which still means "e Shop". They even made a new logo for it.



There are only 5 games in the eShop due to strict game censorship rules in China. Stop complaining. Better than nothing isn't it.
Also for anyone who got an international Switch, tell me if Shio and Rainbow Fallen (the 1st tile shown in the image) are iQue exclusive games.



You can't directly buy games on the iQue Switch for you cannot bind any payment methods (credit cards, Paypal, Alipay, whatever) to your account. You have to buy it on your cellphone. When you choose to buy a game it shows this QR:



You scan this QR on the phone with Wechat to pay for it. I don't know what will happen after payment though; I don't want to buy crippled games due to censorship (Yeah they even managed to get Mario Kart crippled. "Pirate hat" has been removed.)

3. Channels

It's really surprising that even there are only 5 games in the eShop, Tencent is still making shitpost news in the channels. The iQue Switch got only a few channels though, just like it's eShop.



4. System Settings

I will only show differences and interesting spots.

The webpage for customer supports has been changed. It use an independent website (nintendoswitch.com.cn) rather than Nintendo's main website.



Surprisingly, the parental control settings are still there. There is no point for this in China, since the regulations require all games must be rated at most equal to ESRB T to be sold legally. I feel I am lacking some settings here. If you have an international Switch, tell me what this page should look like.



Cannot change language or region. You are trying to betray your glorious Soviet motherland ?



5. Conclusion

As AVGN said, "this game sucks." nope, this console sucks. But remember one thing: it's relatively not easy for commies to get smuggled consoles here and even if you, you gonna pay almost double the price for that. And now Xec guys are able to hack Mariko... Yeah maybe this thing is okay. :yarrthink: No. We never care about intellectual property. That's capitalism dogs do.

My Switch friend code is SW-3314-4020-8061. Make sure you add it with another iQue Switch: iQue friend codes cannot be added on regular Switches and vice versa.

10

N GBA / Some iQue GBA Prototype games

« on: February 05, 2020, 09:56:24 AM »

Shhh... Let's not leak our hard work!!
These are some iQue GBA games prototype that never released. Most of them are in playable state on both real GBA and emulators since iQue GBA has no any difference than regular ones.
https://mega.nz/#!rxVBSKQS!aYYEc9fYmWpW_wIY8oVl1_yDZ-sofyE6Vl6S1mDOobQ

Advance_Wars  陆海空大战  高级战争
Densetsu_no_Stafy  斯塔非传说  传说的斯塔非
Densetsu_no_Stafy2  斯塔非传说2  传说的斯塔非2
DK_King_of_Swing  摇摆森喜钢  大金刚摇摆之王
Famicom_Mini_Collection  红白机合集
Fire_Emblem  火纹战记封印之剑  火焰之纹章封印之剑
Kuru_Kuru_Kuruin  转转棒  咕噜咕噜滚滚棒
Kuruin_Paradise  转转棒天堂
Mario_Kart_Super_Circuit  马力欧卡丁车超级赛道 马里奥赛车超级巡回赛
Mario_Luigi_Super_Star_Saga  马力欧与路易吉RPG
Polarium_Advance  通勤一笔
Tomato_Adventure  番茄大冒险  西红柿王国大冒险