Switch OLED teardown V1/V2

Mena

Mena

Well-Known Member
Member
Level 7
Joined
Oct 5, 2020
Messages
148
Trophies
0
Age
29
XP
1,032
Country
United States
Red will likely be your DAT0. Even without a screen installed you will get a green light. If you get red you have an install issue. I would fix that before continuing
 
Mena

Mena

Well-Known Member
Member
Level 7
Joined
Oct 5, 2020
Messages
148
Trophies
0
Age
29
XP
1,032
Country
United States
https://github.com/Pheeeeenom/payloadchecker/releases/tag/1.0 Made this really simple app to check the payload that's written to your boot0. This will tell you if the chip that's currently installed is a hwfly with spacecraft v1 or v2 payload. Simply open it press the button and select your boot0

If you're testing multiple chips be sure to connect the USB cable and press E on PuTTy or other equivalent Serial COM application.
 
  • Like
Reactions: CompSciOrBust, de9ed, FR0ZN and 2 others
F

FR0ZN

Well-Known Member
Member
Level 13
Joined
Nov 2, 2013
Messages
1,372
Trophies
1
Age
37
XP
3,851
Country
United States
Mena said:
https://github.com/Pheeeeenom/payloadchecker/releases/tag/1.0 Made this really simple app to check the payload that's written to your boot0. This will tell you if the chip that's currently installed is a hwfly with spacecraft v1 or v2 payload. Simply open it press the button and select your boot0

If you're testing multiple chips be sure to connect the USB cable and press E on PuTTy or other equivalent Serial COM application.
Click to expand...

You say "written to your boot0", does this mean that the DAT0 connection is actually used only once to write the modified boot0 to the eMMC? Or is a DAT0 connection necessary for every boot?

I always thought that the chip injects a modified BCT at boot over DAT0 and then again I always wondered why it's not written permanently to the eMMC.
 
Mena

Mena

Well-Known Member
Member
Level 7
Joined
Oct 5, 2020
Messages
148
Trophies
0
Age
29
XP
1,032
Country
United States
FR0ZN said:
You say "written to your boot0", does this mean that the DAT0 connection is actually used only once to write the modified boot0 to the eMMC? Or is a DAT0 connection necessary for every boot?

I always thought that the chip injects a modified BCT at boot over DAT0 and then again I always wondered why it's not written permanently to the eMMC.
Click to expand...
You need it for every boot.
 
  • Like
Reactions: FR0ZN
ZachyCatGames

ZachyCatGames

Well-Known Member
Member
Level 14
Joined
Jun 19, 2018
Messages
3,398
Trophies
1
Location
Hell
XP
4,209
Country
United States
FR0ZN said:
Can you explain what the hack actually does?
My understanding was that it glitches the signature check of BCT.

But it seems that there is more involved, if boot0 is altered as well 🤔
Click to expand...
They write a custom bct and bootloader to boot0 then glitch the bootrom's pubkey hash check to make the bootrom think a custom pubkey in the custom bct is correct/valid.

I'd guess they flash it on each boot because the OS attempts to restore stuff at some points, or maybe they reflash the original package1 for compatibility on each boot after glitching, idk.
 
  • Like
Reactions: CompSciOrBust and FR0ZN
M

Mulanzo

Member
Newcomer
Level 1
Joined
Apr 19, 2019
Messages
23
Trophies
0
Age
56
XP
84
Country
Canada
Mena said:
https://github.com/Pheeeeenom/payloadchecker/releases/tag/1.0 Made this really simple app to check the payload that's written to your boot0. This will tell you if the chip that's currently installed is a hwfly with spacecraft v1 or v2 payload. Simply open it press the button and select your boot0

If you're testing multiple chips be sure to connect the USB cable and press E on PuTTy or other equivalent Serial COM application.
Click to expand...
I’m interested in trying this out. Once I connect the USB cable do I have to power the chip somehow? Or does the USB port power the chip? Also, do I need an application for the computer to recognize the chip or driver or is your app enough?
 
D

doom95

Well-Known Member
Member
Level 6
Joined
Aug 12, 2019
Messages
303
Trophies
0
Age
24
XP
785
Country
Netherlands
No, you dump BOOT0/BOOT1 to SD card using Hekate, then load BOOT0 from your computer into the application.
 
heinrich_frei

heinrich_frei

Well-Known Member
Newcomer
Level 6
Joined
Dec 5, 2021
Messages
52
Trophies
0
Age
23
XP
805
Country
Russia
Hello there, maybe someone will help in this topic. After installing modchip SX Lite in switch oled, the fan stopped spinning, joycons do not charge. Switch works fine. Joycons are detected and work without bluetooth. On switch V1-V2, pu chip was responsible for charging the joycons and the fan, but I can't find it on switch oled.
 
Mena

Mena

Well-Known Member
Member
Level 7
Joined
Oct 5, 2020
Messages
148
Trophies
0
Age
29
XP
1,032
Country
United States
heinrich_frei said:
Hello there, maybe someone will help in this topic. After installing modchip SX Lite in switch oled, the fan stopped spinning, joycons do not charge. Switch works fine. Joycons are detected and work without bluetooth. On switch V1-V2, pu chip was responsible for charging the joycons and the fan, but I can't find it on switch oled.
Click to expand...
your fan doesn't work and your joycons don't charge? they likely don't detect either. i would do voltage injection on the fan circuit.
 
T

TheUnknownOne

Well-Known Member
Newcomer
Level 3
Joined
May 29, 2021
Messages
86
Trophies
0
Age
37
XP
333
Country
United States
Mena said:
your fan doesn't work and your joycons don't charge? they likely don't detect either. i would do voltage injection on the fan circuit.
Click to expand...

I ordered an oled specific chip, I'm hearing that we shouldn't use the 3.3v off of bridging the 2 capacitors. Why is this? And if it's true what point should we use?
 
heinrich_frei

heinrich_frei

Well-Known Member
Newcomer
Level 6
Joined
Dec 5, 2021
Messages
52
Trophies
0
Age
23
XP
805
Country
Russia
Mena said:
your fan doesn't work and your joycons don't charge? they likely don't detect either. i would do voltage injection on the fan circuit.
Click to expand...
Joycons are detected and work as usual, but are not charged. The power supply is 0v in the fan circuit, but there is no short circuit to the ground
 
CompSciOrBust

CompSciOrBust

🤔
Member
Level 11
Joined
Sep 9, 2019
Messages
904
Trophies
1
Location
Switch scene
Website
github.com
XP
2,663
Country
Korea, North
ZachyCatGames said:
They write a custom bct and bootloader to boot0 then glitch the bootrom's pubkey hash check to make the bootrom think a custom pubkey in the custom bct is correct/valid.

I'd guess they flash it on each boot because the OS attempts to restore stuff at some points, or maybe they reflash the original package1 for compatibility on each boot after glitching, idk.
Click to expand...
Don't the chips sniff DAT0 to synchronize the timing since Mariko has the random delays?
 
S

SmallBoss

New Member
Newbie
Level 1
Joined
Jan 5, 2022
Messages
3
Trophies
0
Age
39
XP
25
Country
Canada
TheUnknownOne said:
I ordered an oled specific chip, I'm hearing that we shouldn't use the 3.3v off of bridging the 2 capacitors. Why is this? And if it's true what point should we use?
Click to expand...
yes, if anyone has an explanation to this , i also want to know. some tap off from the 2 caps for 3.3v, some tap off from the cap near EMMC for 3.3v , whats the difference?
 

Site & Scene News

Go to forum More news

Popular threads in this forum

The MIG Switch Thread

Kingdom Come Deliverance Nswitch MOD

Homebrew Tutorial  Building Pagascape from source to running Self Hosted mode on Windows and MSYS

mig switch not working/updating??

Hacking Homebrew Tutorial  Portable PegaScape (Win32)

Hacking Misc  Getting the MIG Switch to load an XCI dump without its original Initial Data

Fusee.bin with the new Pre-release of Atmoshere 1.7.0

DBI language error

General chit-chat
Help Users
    HoTuan @ HoTuan: how to mod switch ?