Before We Start: | 开始之前
Disclaimer: | 声明:
This is only for advanced user only, EVERY time you modify your system, there is always the potential for an UNRECOVERABLE brick even though is very rare. I assume no responsibility if anything happened to your console.
小白用户退让,并且任何对原系统修改的尝试都有成砖的可能仅管非常少见。我不对你的任何行为及损失负责。
What is Custom Firmware? | 什么是第三方固件
Custom Firmware (“CFW”) enables you to use more advanced things that userland homebrew can’t easily do. For instance, running homebrew applications.
第三方固件比官方固件拥有更强大的功能,比如说运行第三方程序等。
Currently, all Nintendo Switches sold before July 2018 can run custom firmware. Switches sold after this point may only be exploitable if they are on firmware 4.1.0. This guide will include checking if your system is vulnerable.
目前,所有在2018年7月以前售卖的Switch都可以运行第三方固件,在这之后售卖的机器只有一部分可能能够运行且固件版本必须在4.1.0以下。本篇教程将包含教你如何查询自己的机器是否能够运行第三方固件。
What do I need to know before starting? | 开始前需要什么?
- Switch
- Windows PC | Windows 电脑
- USB A to USB C cable | A转C数据线
- 64GB or more SD card | 64GB以上储存卡
Although a Mac, Android or IOS device will also do, it’s not in the scope of this guide. Let me know if you want this part.
仅管一台Mac电脑,安卓手机,IOS手机也可以进行操作,但是不在本次的讨论范围内,有需要再完善。
Getting Started | 开始
Finding your serial number | 找到你的机器序列号
This number can be found on the bottom of your Switch adjacent to the USB-C port, or in the Settings applet at System -> Serial Information.
序列号可以在机器底部充电口的旁边或者系统设置 → 序列号信息中查看
System -> Serial Information
bottom of your Switch
Determining if your Switch is vulnerable | 确定你的机器是否可运行第三方固件
| Serial Numbers | Unpatched | Potentially patched | Patched |
|---|---|---|---|
| XAW1 | XAW10000000000 to XAW10074000000 | XAW10074000000 to XAW10120000000 | XAW10120000000 and up |
| XAW4 | XAW40000000000 to XAW40011000000 | XAW40011000000 to XAW40012000000 | XAW40012000000 and up |
| XAW7 | XAW70000000000 to XAW70017800000 | XAW70017800000 to XAW70030000000 | XAW70030000000 and up |
| XAJ1 | XAJ10000000000 to XAJ10020000000 | XAJ10020000000 to XAJ10030000000 | XAJ10030000000 and up |
| XAJ4 | XAJ40000000000 to XAJ40046000000 | XAJ40046000000 to XAJ40060000000 | XAJ40060000000 and up |
| XAJ7 | XAJ70000000000 to XAJ70040000000 | XAJ70040000000 to XAJ70050000000 | XAJ70050000000 and up |
| XKW1 | N/A | N/A | XKW10000000000 and up |
| XKJ1 | N/A | N/A | XKJ10000000000 and up |
| XJW1 | N/A | N/A | XJW01000000000 and up |
| XWW1 | N/A | N/A | XWW01000000000 and up |
如果你的机器序列号落在绿色区间内,说明你的机器可以运行,如果在黄色区间内,说明可能可以,如果在红色区间内,则一定不行。
If your serial number is on this list as “potentially patched”, follow the guide and see if your system works.
如果你的序列号在黄色区间内,你可以跟着教程走,进一步确认是否可行。
RCM | 恢复模式
For the best choice, this guide will only guide you through setting up EmuNand, if you want to use SysNand, this guide is not for you.
鉴于择优原则,本教程将只会指导如何设置运行EmuNand第三方固件,如果你希望试用SysNand第三方固件,请自行查询其它教程。
Pros of using emuNAND over sysNAND CFW: | EmuNand比SysNand运行第三方固件好在哪里:
Installing game cartridge dumps without “dirtying” sysNAND, allowing sysNAND to be used online without ban risk.
保证原系统的”干净“,允许原系统联网而没有被Ban的风险
Entering RCM | 进入恢复模式
Power off the Switch and use one of the methods listed below to short the pins on the right joycon rail.
Hold Volume Up and press the Power button.
Switch关机,短接右侧右侧Joycon导轨上的引脚
按住音量+键不放之后再按电源键
For beginners, I only recommend you use a RCM jig. If you want to use other methods to short the pins on the right joycon rail, do as you wish.
对于初学者,我只建议你使用RCM夹具,如果你想使用其它方法去短接,请自愿。
RCM jig
short the pins on the right joycon rail
Hold Volume Up and press the Power button
If your Switch displays the Nintendo logo and boots normally or immediately shuts down, you didn’t successfully enter RCM and should try again. Otherwise, if your console did not turn on normally, and the screen remained black with no backlight, your Switch is in RCM.
如果你的机器出现Nintendo的Logo并且正常开机或者立即关机,你没有成功进去RCM模式,需要重新尝试。如果你的机器没有开机并且屏幕保持黑屏,说明你已经成功进入RCM模式。
Sending a Payload | 注入Payload
What you need | 你需要的工具
- The latest release of TegraRcmGUI | 最新版的TegraRcmGUI (https://github.com/eliboa/TegraRcmGUI/releases)
- The latest release of Hekate | 最新版的Hekate (either from hekate_ctcaer or Kosmos)
- The latest release of TegraExplorer | 最新版的TegraExplorer (https://github.com/suchmememanyskill/TegraExplorer/releases)
How to inject a payload | 如何注入payload文件
- Install and run TegraRcmGUI. | 安装并运行 TegraRcmGUI
- Navigate to the Settings tab, then press Install Driver and follow the on-screen instructions. | 选择设置窗口,并点击安装驱动
- Connect your Switch in RCM to your PC using the USB cable. | 将处于RCM模式的Switch连接电脑
- Navigate to the Payload tab of TegraRcmGUI. | 重新回到payload窗口
- Your Switch should be shown as detected in the bottom left corner. | 你的Switch应该会被显示已检测到并且红色的No RCM会显示为绿色的RCM OK.
- Press the file button next to Inject payload, and navigate to and select your payload .bin file. | 选择注入payload旁的文件图标并且找到选择你的payload文件
- Click Inject payload to launch the payload you selected. | 选择注入payload文件
TegraRcmGUI Software
Partitioning the SD Card | SD卡分区
Before we start, if you are using a microSD card already as a storage device for your games, you will want to back up your Nintendo folder that is on the root of your microSD card to a safe place on your computer. This folder contains your downloaded games and game updates.
在开始之前,如果你已经用SD卡作为游戏储存了话,你最好备份好SD卡内的Nintendo文件夹,这文件夹包含了所有你已下载的游戏和更新
- Inject the TegraExplorer payload with your 64GB (or larger) SD card inserted into your Switch. | 将TegraExplorer注入到含64GB以上SD卡的Switch上
- If you forgot how to do this, re-read the sending payload section of the guide. | 如果你忘了怎么注入,请参考上面的教程
- Navigate to SD Format and press the power button to enter the SD format menu. | 用音量上下键选择SD Format选项,并按电源按钮进入
- Navigate to Format for EmuMMC setup and press the power button to confirm. | 选择Format for EmuMMC选项并且按电源键确认
- Read the warning, and press power after 10 seconds to format your SD card. | 通读警告,等待10秒后确认格式化
- Note: This will delete all data on your SD card. Make sure you backed up your Nintendo folder! | 这会擦除你SD卡上的所有内容,确保你备份好了自己的Nintendo文件夹
- Press any button to return to the main menu. | 待完成后按任意键返回
- Navigate to Exit and press the power button to enter the Exit menu. | 选择退出
- Navigate to Reboot to RCM and press the power button to reboot to RCM. It’s now safe to eject your sd card for the next part of the guide. | 选择Reboot to RCM并按电源键确认,现在你可以安全的拿出你的SD卡为后续工作准备了
If you get the issue that Windows says the SD card is unreadable and wants to format it, do not format! This is likely your emuMMC partition.
如果你格式化后的储存卡连接电脑后,Windows提示你SD卡不可读,需要格式化,千万不要选择格式化!提示不可读的部分大概率是为后面我们EmuMMC分区做准备的
If your console’s screen remains black after you’ve sent Hekate, it’s possible your payload was corrupted, or that your console is patched. If your payload injector program shows that 0 bytes were sent, then it is definitely patched, so you’ll be unable to proceed with the rest of the guide.
如果你的机器在你注入payload后仍然保持黑屏,那说明你的payload文件有问题或者你的机器是已经修复过漏洞的了。如果TegraRcmGUI显示发送了0字节,那么说明你机器100%是修复过漏洞的机器,也即是表明你的机器是无法运行第三方固件的。你可以长按电源键12秒关机并重启机器了,下面的教程将对你无任何作用。
SD Preparation | SD卡内容准备
- Go to https://www.sdsetup.com | 访问此网站
- Select Nintendo Switch | 选择 Switch
- Select the “Kosmos Defaults” package | 选择 Kosmos Default 选项
- If you think you know what you are doing, you can choose whatever CFW and options you wish.
- 如果你知道你在做什么并且需要什么,你可以自定义选择任何你想要的选项
- Select “Download your ZIP” | 选择下载压缩包
- This can take a while depending on your Internet speed and latency. Be patient. | 下载可能会需要一些时间,速度慢的自行代理
- Extract the ZIP file from SDSetup to a folder on your PC. | 将压缩包解压到电脑上
- The ‘sd’ folder contains all of the files that should go on your SD card. Copy all of the contents of this folder to the root of your SD card. | sd文件夹包含了所有需要放到你SD卡上的文件,拷贝里面的所有内容到你的SD卡
- After copying the SD card files to your SD card, insert it back into your Switch. | 完成后重新将SD卡放到机器上
Your sd card should look like this | 你的sd卡内结构应该和此图类似
Safety Precautions | 保险措施
If you think you know what you are doing, you can skip if you want.
如果你完全清楚你在做什么,你可以跳过。
Backing up your NAND and BIS keys | 备份你的NAND和BIS密钥
By backing up your NAND (the Switch’s internal memory), you will later be able to restore it in the event that anything goes wrong, essentially rewinding it back to a previous state.
通过备份你的现有Nand(Switch内部储存),你能够在出现意外的情况下进行恢复操作
- In Hekate, select ‘Tools > Backup eMMC > eMMC BOOT0 & BOOT1’ | 在Hekate内,选择Tools ‘Tools > Backup eMMC > eMMC BOOT0 & BOOT1’
- When finished, close this tab and select ‘eMMC RAW GPP’ | 完成之后再选择eMMC RAW GPP
- It will cost about 32GB storage. Once finished remove your SD card (you don’t need to shutdown Hekate) and copy the ‘backup’ folder off of your SD card and put it in a safe location on your PC. Delete the ‘backup’ folder on your SD card and put SD card back | 这会消耗大概32GB左右的空间,请确保SD卡有足够的储存空间。完成后,将SD卡拔出(你不需要关闭hekate)并将backup文件夹拷贝到电脑上保存好并重新将SD卡放回机器内
- Close the Backup menu, go back to the Home tab and tap ‘Reboot > RCM’ | 关闭backup菜单,返回Home菜单并选择Reboot > RCM重新启动进RCM
- Send the “Lockpick_RCM.bin” payload provided in the SDSetup download to your Switch (if you do not have this payload, you can obtain it from GitHub. | 使用TergaRCMGUI重新注入Lockpick_RCM(在你之前下载的SDsetup文件夹中的payload内)
- Choose to backup your key in sysnand | 选择备份你的sysnand机器密钥
- Lockpick_RCM should now inform you that your keys have been saved to /switch/prod.keys on the SD card. | Lockpick_RCM之后会通知你的keys保存在SD卡/switch/prod.keys
- Press any button to return to the main menu. | 按任何键返回主菜单
- Navigate to ‘Power off’ with the volume buttons and select it with the power button. | 选择Power off选择并确认
- Insert your SD card into your PC. | 将你的SD卡插入电脑
- Copy prod.keys from the switch folder on your SD card to a safe location on your PC (it is suggested to copy it to the same place that you copied your NAND backup to). | 再将你的prod.keys放到电脑上安全的地方保存
Making the emuMMC | 配置emuMMC
Before you start, boot your switch normally, and delete all the wifi networks. You can add them back to your sysnand after completing this guide, NEVER connect to the internet when you are in CFW unless you know how to use incognito CFW or 90DNS.
在你开始设定emuMMC之前,正常启动你的switch并且删除所有wifi网络,并开启飞行模式(这是为了防止在你设置好emuMMC并且进入CFW之后自动联网并被老任检测而ban掉;你可以在设置完emuNand之后在原系统内开启wifi,第三方系统必须保持飞行模式除非你知道如何使用incognito CFW 或 90DNS)
1. Enter RCM and inject the Hekate payload | 机器进入RCM模式并注入Hekate Payload
2. Use the touch screen to navigate to emuMMC | 触屏选择emuMMC选项
3. Tap on Create emuMMC, then select SD Partition | 选择Create emuMMC选项并选择SD partition
4. Tap on Continue. It will start making the emummc now. After it’s done return to the emuMMC menu using the Close buttons | 选择Continue继续,当完成后通过Close返回
5. Tap on Change emuMMC, then SD RAW 1 | 选择Change emuMMC之后选择SD RAW1
6. Go back to the main menu | 完成后返回主界面
Launching CFW | 运行CFW
You should keep your emuMMC(emunand) offline (or with 90dns) at all times. Not doing this will likely result in a ban
你应该保证你的emuMMC固件始终保持离线(除非你会使用90DNS或者incognito CFW),不遵循这样很可能导致被ban
- Power on your Switch into RCM, and inject the Hekate payload | 机器进入RCM模式并注入Hekate Payload
- Navigate to Launch using the touch screen | 触屏选择Launch
- Find CFW EmuMMC and launch it | 选择CFW-EmuMMC启动
If you want to boot into stock rom, just select stock-sysnand, NEVER select CFW-sysNand, it will “dirty” your original Nand system.
如果你想要使用原系统,只需选择stock-sysNand启动,永远不要选择CFW-sysNand启动,这将污染你的原系统
Once you successfully boot into the system, under system update, you should look like picture below. | 当你成功启动并进入系统后,在系统更新选项下,应该有如下类似的版本号
Resource | 资源相关
TegraExplorer
GithubTegraRCM GUI
GithubSDSetup
Website视频教程
Youtube
Bilibili
转载请注明原文链接:Complete Guide on How to Set Up EmuNand CFW on Nintendo Switch | 任天堂Switch设置EmuNand第三方Atmosphere固件最全教程
