Hacking Hardware Picofly - a HWFLY switch modchip

[Piorjade]

first try success, bek still missing

rehius is not the dev. The dev uses a custom-made BCT and sdloader and probably blocks BEK on purpose.

I honestly doubt that the dev will ever release the source code or even release a .uf2 that boots Atmosphere for free.

You can't even dump the newest v2.1 .uf2 with picotool anymore

 

[leerz]

yes, I understand this from reading all the 78 pages
i wish mena/phenom could dropby this thread also


also forewarning, anyone attempting to try this.

backup your nand first, boot0,boot1 from a normal chip (hwfly or sx)
I did some stuff earlier and switch won't boot hos even with the pico is not connected

1. first install success, can get to hekate, get boot hos by pressing reboot to ofw
2. dumped boot0, boot1 with picofly
3. restored a mariko (lite) boot0, boot1 i had from a donor
4. picofly took a few seconds longer to glitch and call hekate
5. tried to reboot to ofw (normally it would start ofw) but now it is = BLUESCREEN
6. restored boot0, boot1 that i dumped from pico, no more bluescreen BUT
7. switch will boot hekate fine, but will blackscreen when restart to ofw, or even if the chip /picofly is removed
will put back a hwfly chip and restore boot0, boot1 from there maybe it will be fixed

i'm calling it softbrick for now, boots hekate, but no longer boots ofw even if the chip is removed.
so again, warning to all, do not trust the boot0/boot1 dump or any other dump made from picofly , will install a hwfly chip tomorrow (it's 11PM here +PST)

 

[ghjfdtg]

I have not mentioned it before but something is fishy about these leaked firmwares. Why would anyone without commercial interests cripple the firmware so much and obfuscate it?

 

[Piorjade]

I have not mentioned it before but something is fishy about these leaked firmwares. Why would anyone without commercial interests cripple the firmware so much and obfuscate it?

Because he maybe has commercial interest.
Theoretically you guys are all free testers, with disabled BEK he can test the glitching part, the rest of it (atmosphere, hekate, whatever) is already open source anyway.

When he's done he could re-enable the keys, start manufacturing pre-flashed RP2040 boards that fit better into every switch (again, you can't even dump the v2.1 uf2 with picotool anymore) and sell it on aliexpress for like 10$ less than HWFLY lmao


But I don't want to accuse the dev of it, he might also have the intention of not booting Atmosphere because for example he doesn't want people to pirate Switch games? Idk might be a possibility.

Post automatically merged: Mar 4, 2023

The thing that speaks for the commercial theory, to me, is that A: apparently the debug port is disabled and B: v2.1 even disabled picotool dumping

 

[MusicCanKill]

Actually picotool can save it fine . Just tested...
I believe that the dev just wanted to prove that people lie when saying that they want emulators as now emulators are possible and still people are asking for HOS booting which is illegal as it is bypassing software security

 

[TheSynthax]

Actually picotool can save it fine . Just tested...
I believe that the dev just wanted to prove that people lie when saying that they want emulators as now emulators are possible and still people are asking for HOS booting which is illegal as it is bypassing software security

booting HOS is perfectly legal. Using and distributing sigpatches is not.

 

[MusicCanKill]

booting HOS is perfectly legal. Using and distributing sigpatches is not.

I wouldn't be so sure about that but that is not the case here in my opinion!
It is almost sure that 95% of the people who ask for more, want it mostly for not so legal reasons...
I will not say no to a version that allows HOS to run , all i say is that i feel why the dev doesn't want his/her name in the same phrase as security bypassing which will allow pirated games to run one way or another..

 

[TheSynthax]

I wouldn't be so sure about that but that is not the case here in my opinion!
It is almost sure that 95% of the people who ask for more, want it mostly for not so legal reasons...
I will not say no to a version that allows HOS to run , all i say is that i feel why the dev doesn't want his/her name in the same phrase as security bypassing which will allow pirated games to run one way or another..

If the act of booting Horizon from a custom bootloader were illegal, Atmosphere and Hekate both would have been DMCA'd into a crater years ago.

 

[MusicCanKill]

If the act of booting Horizon from a custom bootloader were illegal, Atmosphere and Hekate both would have been DMCA'd into a crater years ago.

The keys weren't compromised by hekate or atmosphere in any form or case , it was the tegra glitch that allowed the bypass which is not a mod device ,and as you may have seen, all standalone payload launchers have been targeted because of that...
I will not start an argument on that subject as it doesn't really matter.
The dev should already know the limits by the move he/she done..
I m sure the community will figure a way to bypass his/her keyslot delete move by populating somehow the slots again sooner or later..

 

[binkinator]

I wouldn't be so sure about that but that is not the case here in my opinion!
It is almost sure that 95% of the people who ask for more, want it mostly for not so legal reasons...
I will not say no to a version that allows HOS to run , all i say is that i feel why the dev doesn't want his/her name in the same phrase as security bypassing which will allow pirated games to run one way or another..

I‘m in the 5%.

I only want it so I can better serve Jesus.

I promise I will take my hacked Switch to orphanages to play game backups I personally own with parentless children I find there and tell them about what’s his name.

 

[Piorjade]

Well, I guess we will find out whether he‘s a good samaritan or if he‘s developing yet another overpriced modchip on AliExpress..

 

[impeeza]

Well, I guess we will find out whether he‘s a good samaritan or if he‘s developing yet another overpriced modchip on AliExpress..

If you believe on the poll, will be the light anytime

 

[TheStonedModder]

Well, I guess we will find out whether he‘s a good samaritan or if he‘s developing yet another overpriced modchip on AliExpress..

If it works as advertised I wouldn’t say it’s overpriced

Supply and demand. If I was the only one able to get progress made on this firmware I’d consider selling it too

Especially with all the “eta wen” kids who don’t even do the minimum to help in the community (answering support questions)

Plus time isn’t free everyone needs to live. Yes it would be cool and nice to see something shared, but if you think from a logical standpoint no one really has anything to gain from sharing for free

 

[Tafty]

If it works as advertised I wouldn’t say it’s overpriced

Supply and demand. If I was the only one able to get progress made on this firmware I’d consider selling it too

Especially with all the “eta wen” kids who don’t even do the minimum to help in the community (answering support questions)

Plus time isn’t free everyone needs to live. Yes it would be cool and nice to see something shared, but if you think from a logical standpoint no one really has anything to gain from sharing for free

I understand your logical but there is a group of people(myself included) who are actively giving up our free time to get this working and open sourced for everyone in the community.

 

[TheStonedModder]

I understand your logical but there is a group of people(myself included) who are actively giving up our free time to get this working and open sourced for everyone in the community.

That’s much different, and I wish you all the best of luck. You’re much smarter than I am

My response I guess was more directed at everyone complaining about there not being a feee solution yet, so I was hoping maybe that would explain things a bit more.

Nothing wrong with open sourcing, even if there are modchips activly being sold. There’s never anything wrong with more (and cheaper) options if anything it’s amazing because it also gives others an opportunity to learn and hopefully make anything like this a bit easier in the future

 

[dingusamingus]

If it works as advertised I wouldn’t say it’s overpriced

Supply and demand. If I was the only one able to get progress made on this firmware I’d consider selling it too

Especially with all the “eta wen” kids who don’t even do the minimum to help in the community (answering support questions)

Plus time isn’t free everyone needs to live. Yes it would be cool and nice to see something shared, but if you think from a logical standpoint no one really has anything to gain from sharing for free

they arent the only ones making progress

 

[Magnus Hydra]

Questions to those that have it installed.
Do you get a no sd screen without a sd card? Also can u press both the volumes to boot stock?

 

[TheSynthax]

Questions to those that have it installed.
Do you get a no sd screen without a sd card? Also can u press both the volumes to boot stock?

Yes, there's a "no sd" screen, but if you aren't getting that screen then pressing both buttons will not boot stock as it requires the payload to have executed on the switch for that option to function.

 

[xHR]

UPD: v2.3 + SanDisk support

Cool, works well on Samsung. Thank you

 

[Doodka]

Because he maybe has commercial interest.
Theoretically you guys are all free testers, with disabled BEK he can test the glitching part, the rest of it (atmosphere, hekate, whatever) is already open source anyway.

When he's done he could re-enable the keys, start manufacturing pre-flashed RP2040 boards that fit better into every switch (again, you can't even dump the v2.1 uf2 with picotool anymore) and sell it on aliexpress for like 10$ less than HWFLY lmao


But I don't want to accuse the dev of it, he might also have the intention of not booting Atmosphere because for example he doesn't want people to pirate Switch games? Idk might be a possibility.

Post automatically merged: Mar 4, 2023

The thing that speaks for the commercial theory, to me, is that A: apparently the debug port is disabled and B: v2.1 even disabled picotool dumping

More like his trying to defend against N, we know how harsh Japanese corporations are