Giter VIP home page Giter VIP logo

fvi's Introduction

Firmware Version Inspector License

Scans a Nintendo Switch NAND dump and identifies its firmware version and whether exFAT is present based on the names of the .nca files in SYSTEM:/Contents/registered.

Usage

Requires Python 3 with pycryptodome (pycrypto works too):

pip install pycryptodome

FVI uses BIS key 2 if the System partition is still encrypted (i.e. a backup made with Hekate). Get BIS keys with biskeydump and save the output to a text file to pass to FVI via the -b option.

Then run from command line:

python FVI.py [-b=/path/to/biskeyfile] <dumpfile>

 biskeyfile must contain the following lines:
   BIS Key 2 (crypt): <32-digit hex key>
   BIS Key 2 (tweak): <32-digit hex key>
  omit -b if System partition already decrypted (eg. dumped with HacDiskMount)

 dumpfile must be NAND dump (eg. Hekate rawnand.bin dump) or System partition

Tested under Windows 10 with Anaconda Python 3.6.5 and Ubuntu 16.04 LTS with Python 3.5.2.

Theory

Until now, this could only be done by manually checking the files in that folder after mounting with HacDiskMount or memloader then either comparing to an existing list or decrypting and inspecting each .nca file with hactool in search of the System Version Title.

This program consults a hard-coded file list obtained using these techniques. It will be updated as future firmware versions are released to keep it fast and low on dependencies.

Most recent boot time is determined by examining the modify date on the system save 8000000000000060 'SslSave' which my testing showed is modified on every boot.

Note: This script detects exFAT by looking for 010000000000081B which means that a 'hacked' exFAT implementation that only patches 0100000000000819 will not register as a dump containing exFAT. This is by design to keep the script fast and simple by avoiding decryption of system titles.

Credits

crypto.py module is from switchfs under MIT license - it was in turn ported to Python 3 from crypto.py gist by plutooo

Big thanks to the Wikipedia entry on FAT layout :) - being able to read the dump disjointly means FVI only needs to fetch and decrypt a small handful of clusters rather than the entire 2 or 32GB file!

fvi's People

Contributors

shchmue avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.