Toggle sidebar

Hacking Hardware Picofly - a HWFLY switch modchip

  • Thread starter Thread starter mathew77
  • Start date Start date
  • Views Views 3,675,746
  • Replies Replies 17,052
  • Likes Likes 15
I have an eMMC low voltage adapter, shouldn't be too difficult to insert the payload and bct manually. Don't think any of my card readers would see eMMC boot partitions though.
 
Nagaa said:
No never i received it today to try this

All solder point good, good reading and triple checked under microscope
(i made a lot of modchip install on all switch model and even some install with OLED Chip on lite wich is the same wiring has rp2040 so i'm pretty confident)

i have some hwfly chip to test the theory can try tomorrow
Click to expand...
can you let us know what happens when you install the hwfly...if your install is good, that should train then glitch without issue. if it doesnt then we know its install related...if hwfly does boot first time, can you then retest the rp and see what happens
 
  • Like
Reactions: Nagaa
I have a virgin Switch Lite I built just for this project (no bullshit).
I have a Pico 2040 zero and a HWFLY Lite kit both in hand.

I was in the process of tinning my cables when I floated all the components off my flex cable (not paying attention to what was underneath.) I have the resistors I believe I need and I‘m about to repair the flex cable.

Can someone confirm the resistor values I’m about to replace?

08FE11D2-6055-4481-8023-60C80C6461E5.jpeg

Then I can help test too!
 
  • Wow
  • Like
Reactions: overcode and impeeza
RexSonic said:
Has there been any meaningful progress yet?
Click to expand...
Not really
There are currently three paths being or that have been explored:
- Reverse engineer the first locked .uf2 file so it runs on any RP2040, currently at a road block
- Reverse engineer the current semi-working .uf2 file to fix it so it can boot CFW, as far as I understood the file it must be doing some sketchy encryption/compression so we can't replace the sdloader/BCTs and thus it seems like this is a dead end aswell
- Rewrite an open-source version completely from scratch, I myself don't believe to be able to do that so I only look into this whole thing for fun. I don't know anyone who actually does something in that direction.
 
  • Like
Reactions: ron2797k, FruithatMods, superxoi and 1 other person
Tafty said:
can you let us know what happens when you install the hwfly...if your install is good, that should train then glitch without issue. if it doesnt then we know its install related...if hwfly does boot first time, can you then retest the rp and see what happens
Click to expand...
Well, I’ve already made that on my first try to install rp2040. I had lite with Sx lite. Wired the rp2040 to the solder points as it was on diagram, used already installed cpu flex (Sx orig) - nothing. -> several diode mode readings, resoldering, getting rid of Sx smal upper flex (for emmc and rst points) - nothing. -> just soldered back Sx lite (on wires) - boots like a charm. I thought that may be sx chip is bringing some TX shit code to boot0, and swapped chip to hwfly 4.2 with latest firmware - boots like a charm (with the same wires as it was on rp2040 install). Next I thought that may be I need a virgin console, unsoldered hwfly and updated sysnand to latest firmware (15.0.1). -> soldered rp2040 - nothing. Tested with V2 hwfly flex - nothing. Tested with bare mosfet (from hwfly flex) soldered by wires without removing vertical cap as it was on diagram - nothing. Took another rp2040 - same result… and that was the point were I decided to give up and try later :).
P.S. Again, the only thing that I believe could have affected this install is thin and relatively long 36awg wires on cpu mosfet controlling point.
 
Last edited by achm3t,
  • Like
Reactions: derfreaker and FruithatMods
achm3t said:
Well, I’ve already made that on my first try to install rp2040. I had lite with Sx lite. Wired the rp2040 to the solder points as it was on diagram, used already installed cpu flex (Sx orig) - nothing. -> several diode mode readings, resoldering, getting rid of Sx smal upper flex (for emmc and rst points) - nothing. -> just soldered back Sx lite (on wires) - boots like a charm. I thought that may be sx chip is bringing some TX shit code to boot0, and swapped chip to hwfly 4.2 with latest firmware - boots like a charm (with the same wires as it was on rp2040 install). Next I thought that may be I need a virgin console, unsoldered hwfly and updated sysnand to latest firmware (15.0.1). -> soldered rp2040 - nothing. Tested with V2 hwfly flex - nothing. Tested with bare mosfet (from hwfly flex) soldered by wires without removing vertical cap as it was on diagram - nothing. Took another rp2040 - same result… and that was the point were I decided to give up and try later :).
P.S. Again, the only thing that I believe could have affected this install is thin and relatively long 36awg wires on cpu mosfet controlling point.
Click to expand...
It is actually quite possible that the rp2040 pico is bad at filtering out noise and interference on the SD wires since those are high speed signals. Much shorter and thicker wires will give a clue if that is a problem.

Another possibility is the SD card itself.
Perhaps the content of the SD card is wrong? Does anyone have a copy of the SD Card image @Tafty is using?
That way we can at least rule out the SD card data being bad.
It is also possible that the SD card driver is only accepting certain size cards or cards from certain manufacturers.
 
  • Like
Reactions: Tafty
TheSynthax said:
No, and we're delaying one week every time someone asks instead of reading the most recent few pages.
Click to expand...
I'm glad someone finally said it. I've been following this thread silently and it's slowly starting to feel like an iOS jailbreak "eta wen" situation. Y'all are doing amazing work, I just wish I could help as well.
 
  • Haha
  • Like
Reactions: SUPERBANEN, binkinator and TheSynthax
TheSynthax said:
I have an eMMC low voltage adapter, shouldn't be too difficult to insert the payload and bct manually. Don't think any of my card readers would see eMMC boot partitions though.
Click to expand...
You will need a 1bit capable sd reader if your low voltage adapter is wired for 1 bit.
All publicly known usb sd readers which can access boot0 are not capable of 1 bit mode.
You only need a low voltage adapter if you would like to read/write from the emmc while it is still connected to the switch. The nand chips on their own will happily run on 3.3v
 
FruithatMods said:
You will need a 1bit capable sd reader if your low voltage adapter is wired for 1 bit.
All publicly known usb sd readers which can access boot0 are not capable of 1 bit mode.
You only need a low voltage adapter if you would like to read/write from the emmc while it is still connected to the switch. The nand chips on their own will happily run on 3.3v
Click to expand...
Don't feel like desoldering the eMMC from my Lite, so I'll be leaving it attached. I have a weird obscure SD reader that works great for the boot partitions on my Tesla's eMMC, but I'm not sure if they use the eMMC boot partition function or not.
 
  • Like
Reactions: FruithatMods
FruithatMods said:
If your SD card content is good try using 30AWG wires. Keep the wires as short as possible!
Click to expand...
Tafty's boots to a "no SD" screen without a card inserted, so it mustn't be the card. Even extremely short and quite thick wires aren't working, so we're pretty sure it isn't able to prepare the eMMC, the Ubuntu version was just too early in development.
 
  • Like
Reactions: Nagaa and FruithatMods
binkinator said:
I have a virgin Switch Lite I built just for this project (no bullshit).
I have a Pico 2040 zero and a HWFLY Lite kit both in hand.

I was in the process of tinning my cables when I floated all the components off my flex cable (not paying attention to what was underneath.) I have the resistors I believe I need and I‘m about to repair the flex cable.

Can someone confirm the resistor values I’m about to replace?
Click to expand...
sorry please take a note, i already measure the middle one is 0.0ohm the rest 2.2k
 
Last edited by malgamer,
malgamer said:
same value 470 ohm
Click to expand...
binkinator said:
I have a virgin Switch Lite I built just for this project (no bullshit).
I have a Pico 2040 zero and a HWFLY Lite kit both in hand.

I was in the process of tinning my cables when I floated all the components off my flex cable (not paying attention to what was underneath.) I have the resistors I believe I need and I‘m about to repair the flex cable.

Can someone confirm the resistor values I’m about to replace?

View attachment 354957

Then I can help test too!
Click to expand...
Where are you getting 470? I just measured on my flex, they're 1.1K resistors. Maybe different revisions used different values?
 
  • Love
Reactions: binkinator
  • Love
Reactions: impeeza and FruithatMods
  • Like
Reactions: binkinator
FruithatMods said:
All publicly known usb sd readers which can access boot0 are not capable of 1 bit mode.
Click to expand...
This is a Linux driver problem.
I asked Ctcaer for another project and he confirmed this.

On switch lite we can solder 4dat lines to read the emmc content.
On OLED we can use a FT232H and postal to read all the data in 1bit mode.
 

Attachments

  • Screenshot_20230223-075350-059.png
    Screenshot_20230223-075350-059.png
    67.8 KB · Views: 137
  • image0.png
    image0.png
    5.8 MB · Views: 161
  • Like
  • Wow
  • Love
Reactions: impeeza, Blavla, FruithatMods and 1 other person

Site & Scene News

Go to forum More news

Popular threads in this forum

Dusk for switch (TLoZ Twilight Princess port)

Homebrew  Full List of N64 Recompilation Switch ports

Homebrew  New Homebrew "Foil Server"?

Hacking  WiFi chip failing and can't boot. is it possible to enable Airplane Mode by editing system save files directly?

Homebrew Tutorial Translation Project  CS2SX — Write Nintendo Switch Homebrew in C#

Homebrew Homebrew game Project  So... Dan didn't want to reveal his Vulkan, so I made mine.

Homebrew  Sonic Unleashed Recompiled (Homebrew Port)

Is it fixable