I've only updated (sysNAND) OFW a handful of times with the chip install but I've never had that happen to me. It always reflashes the bootloader and then retrains. That's with both an official SX Core and a HWFly chip.
Well the rumour at the moment is that the author has sold the code to a company in china and funnily enough the China factories are ramping up production of the actual 2040 ic.
If this is true its possible we can still make our own. We will see
My theory is that the "picofly" was never a full jailbreak in itself - it could only perform the voltage glitch after the timing parameters are found with "training" from the hwfly.
How would this scenario look like? Is it possible to somehow read back the timings from the hwfly chip once they have been found? Where are those stored? Can they be read through putty and the debug mode?
How would this scenario look like? Is it possible to somehow read back the timings from the hwfly chip once they have been found? Where are those stored? Can they be read through putty and the debug mode?
Could you explain for me in training glitch process with orange light, why BOOT0 need to be written a payload? If we update switch OWF, will Boot0 change and makes hwfly chip malfunction and requires to reflash the chip as @kylum said?
Could you explain for me in training glitch process with orange light, why BOOT0 need to be written a payload? If we update switch OWF, will Boot0 change and makes hwfly chip malfunction and requires to reflash the chip as @kylum said?
I was wrong by the way. The scenario I mentioned did not cause the chip needing to be reflashed. Rather reset. The newer Hwfly-nx firmware didn’t have this problem.
I was wrong by the way. The scenario I mentioned did not cause the chip needing to be reflashed. Rather reset. The newer Hwfly-nx firmware didn’t have this problem.
I see some people comment still have this problem with 0.7.1 and they have to retrain (link ). I have no idea what causes this problem and why hwfly chip need to write payload to Boot0.
My theory is that the "picofly" was never a full jailbreak in itself - it could only perform the voltage glitch after the timing parameters are found with "training" from the hwfly.
Depending on the emmc that is used in the Switch a slightly different timing might be needed.
Finding the timing when to voltage glitch is possible with the spacecraft-nx code and a simple mpu/cpu.
Hard part is the injection of the altered code after the glitch.
They seem to be using a bit more components but maybe most of that is not needed.
(I recall seeing an Amiibo emulator with an mpu and just 2 capacitors powering itself from the RFID antenna signal).
The hard part to me seem like the code injection that needs to happen at the emmc bus speed.
An RP2040 can natively interface with an emmc.
Question is how to sync the bus speed with the Switch.
Maybe this is as simple as using the CLK signal from the emmc on the Switch.
Ok actually tbf he does claim these chips are from China, in DMs he told me that the Chinese were independently making their own glitch chip based on the same hardware but with their own software solution.
So if what he has is that then it wouldn't match what the Pikofly dev has built.
I'm still sceptical though. I know a lot of people who deal with mod chips and if China had one working I'm fairly sure I'd be hearing about it from one of those guys first and not some random dude who showed up on GBAtemp 3 days ago.
Ok actually tbf he does claim these chips are from China, in DMs he told me that the Chinese were independently making their own glitch chip based on the same hardware but with their own software solution. View attachment 347836
So if what he has is that then it wouldn't match what the Pikofly dev has built.
I'm still sceptical though. I know a lot of people who deal with mod chips and if China had one working I'm fairly sure I'd be hearing about it from one of those guys first and not some random dude who showed up on GBAtemp 3 days ago.
the rest is probably just FF padding of the rest of the flash space. If this was just a dump of flash space it would be huge in comparison with the bulk being a lot of empty space.
….like the Trinket payloads.
Post automatically merged:
Some idiot is going to have to take one for the team and just inject this into their switch and see what catches fire…
Picofly has nothing to do with the glitch from the Chinese. This is a different developer.
Dump was read from the board from the Chinese as is.
Large size is due to the dump program itself.
The dump needs to be reduced in a hex editor.
The fact that I registered 3 days ago does not mean that I am a troll, I am trying to help and tell my story with rp2040 from another supplier. Believe me or not, your choice.
Picofly has nothing to do with the glitch from the Chinese. This is a different developer.
Dump was read from the board from the Chinese as is.
Large size is due to the dump program itself.
The dump needs to be reduced in a hex editor.
The fact that I registered 3 days ago does not mean that I am a troll, I am trying to help and tell my story with rp2040 from another supplier. Believe me or not, your choice.
agreed. truncated it’s only 85k. An Average firmware is around 110k. It’s in the ballpark. How did you test it? Did you just inject the firmware or did you wire it all up and put it in a rp2040 and everything?
agreed. truncated it’s only 85k. An Average firmware is around 110k. It’s in the ballpark. How did you test it? Did you just inject the firmware or did you wire it all up and put it in a rp2040 and everything?
They just sent a glitch, I switched to bootsel mode and counted through picotool. Firmware size may vary depending on code and compiler. There is a debug in hwfly, it is not in rp2040, here you save space)
Well... There are many other things in code you can remove and save memory.
Lots of nuances.
a pity, too much drama over it, though as i see it it will be released uncredited from a chinese company locked and not open source. scene nowadays is becoming dramatic.
A new Nintendo Switch firmware update is here. System software version 18.0.1 has been released. This update offers the typical stability features as all other...
As each year passes, retro games become harder and harder to play, as the physical media begins to fall apart and becomes more difficult and expensive to obtain. The...
While rumors had been floating about rampantly as to the future plans of Nintendo, the President of the company, Shuntaro Furukawa, made a brief statement confirming...
TheFlow has done it again--a new kernel exploit has been released for PlayStation 4 consoles. This latest exploit is called PPPwn, and works on PlayStation 4 systems...
Nintendo might just as well be a law firm more than a videogame company at this point in time, since they have yet again issued their now almost trademarked usual...
Nintendo has officially announced that a successor to the beloved Switch console is on the horizon. As we eagerly anticipate what innovations this new device will...
Another video game prototype has been found and preserved, and this time, it's none other than the game that spawned an entire franchise beloved by many, the very...
Anbernic is back with yet another retro handheld device. The upcoming RG28XX is another console sporting the quad-core H700 chip of the company's recent RG35XX 2024...
DOOM is well-known for being ported to basically every device with some kind of input, and that list now includes the old retro game console in Persona 5 Royal...
Two classic titles join the Nintendo Switch Online Expansion Pack game lineup. Available starting April 24th will be the motorcycle racing game Extreme G and another...
Nintendo has officially announced that a successor to the beloved Switch console is on the horizon. As we eagerly anticipate what innovations this new device will...
While rumors had been floating about rampantly as to the future plans of Nintendo, the President of the company, Shuntaro Furukawa, made a brief statement confirming...
Nintendo might just as well be a law firm more than a videogame company at this point in time, since they have yet again issued their now almost trademarked usual...
As each year passes, retro games become harder and harder to play, as the physical media begins to fall apart and becomes more difficult and expensive to obtain. The...
Ubisoft has today officially revealed the next installment in the Assassin's Creed franchise: Assassin's Creed Shadows. This entry is set in late Sengoku-era Japan...
A new Nintendo Switch firmware update is here. System software version 18.0.1 has been released. This update offers the typical stability features as all other...
TheFlow has done it again--a new kernel exploit has been released for PlayStation 4 consoles. This latest exploit is called PPPwn, and works on PlayStation 4 systems...
After rumour got out about an upcoming NES Edition release for the famed Nintendo World Championships, Nintendo has officially unveiled the new game, titled "Nintendo...
DOOM is well-known for being ported to basically every device with some kind of input, and that list now includes the old retro game console in Persona 5 Royal...
The number of layoffs and cuts in the videogame industry sadly continue to grow, with the latest huge layoffs coming from Microsoft, due to what MIcrosoft calls a...
Eventhough the New 3DS XL is more powerful, I still feel like the DS Lite was a more polished system. It's a real shame that it never got an XL variant keeping the GBA slot. You'd have to go on AliExpress and buy an ML shell to give a DS phat the unofficial "DS Lite" treatment, and that's the best we'll ever get I'm afraid.
@Jayro, I don't see whats so special about the DS ML, its just a DS lite in a phat shell. At least the phat model had louder speakers, whereas the lite has a much better screen.
@SylverReZ if you could find a v5 DS ML you would have the best of both worlds since the v5 units had the same backlight brightness levels as the DS Lite unlockable with flashme
A woman with no arms and no legs was sitting on a beach. A man comes along and the woman says, "I've never been hugged before." So the man feels bad and hugs her. She says "Well i've also never been kissed before." So he gives her a kiss on the cheek. She says "Well I've also never been fucked before." So the man picks her up, and throws her in the ocean and says "Now you're fucked."
You can buy drm free games / music / ebooks, and if you keep backups of your data (like documents and family photos etc), then you shouldn't lose the game. but with a disk, your toddler could put it in the toaster and there goes your $60