Tutorial  Updated

How to flash the HWFLY Clone chips

See below for updates.

IF YOU BREAK YOUR BOOT0 PIN. DO NOT DM ME ASKING FOR HELP. THAT'S IT. YOU BREAK THAT PIN AND YOU CANT FLASH. YOUR CHIP IS STUCK WITH WHATEVER HWFLY PUT ON IT


Pre-requisites:




  • Raspberry Pi Zero W
    • You may use another flasher if you desire.
  • Pinout Diagram
  • Modchip Diagram
  • FULL_CHIP_STOCK.bin
  • Modchip Diagram, find the PA9(TX) and the PA10(RX) pins on your modchip, and do the following:
    • Connect GPIO14(TX) on your Raspberry Pi Zero W to the PA10(RX) pin on your modchip.
    • Connect GPIO15(RX) on your Raspberry Pi Zero W to the PA9(TX) pin on your modchip.

  1. Solder a wire to each of the following pinouts on the Raspberry Pi Zero W:
    • 3.3V
    • Ground
    • GPIO 14 (UART TX)
    • GPIO 15 (UART RX)
  2. Do the following to prepare the modchip:
    1. Lift pin 44 (also known as BOOT0).
    2. You will need a way to power the chip, so you need to find two 3.3v points. It can be on a MOSFET, but it will differ based on the revision of the modchip.
    3. Connect Ground on your Raspberry Pi Zero W to the Ground pin on your modchip.
    4. Check the Modchip Diagram, find the PA9(TX) and the PA10(RX) pins on your modchip, and do the following:
      • Connect GPIO14(TX) on your Raspberry Pi Zero W to the PA10(RX) pin on your modchip.
      • Connect GPIO15(RX) on your Raspberry Pi Zero W to the PA9(TX) pin on your modchip.
  3. Boot your Raspberry Pi Zero W and do the following:
    1. In the terminal, type the following command, and press enter:
      Bash:
      sudo nano /boot/config.txt
    2. Add the following line to the end of the file:
      INI:
      dtoverlay=pi3-miniuart-bt
    3. Press CTRL + X to save and exit the editor.
    4. In the terminal, type the following command, and press enter:
      Bash:
      sudo nano /boot/cmdline.txt
    5. Remove the following line from the file:
      INI:
      console=serial0,115200
    6. Press CTRL + X to save and exit the editor.
    7. Restart your Raspberry Pi with this command
      Bash:
      sudo /sbin/reboot
    8. In the terminal, type the following commands, and press enter after each command:

      Bash:
      git clone https://github.com/Pheeeeenom/stm32flash.git
      cd stm32flash
      sudo make install
  4. Now you will flash the modchip.
    Note: This will remove read protection, and the modchip will wipe itself (that is what we want).
    1. In the terminal, type the following command, and press enter:
      Bash:
      stm32flash -k /dev/serial0
    2. Now to flash Spacecraft-NX Version 0.2.0, type the following, and press enter:
      Bash:
      stm32flash -v -w ./FULL_CHIP_STOCK.bin /dev/serial0
  5. Once you're done flashing your modchip, remove the wiring from the modchip, and restore the 3.3v pin on the modchip to its original position.

Please post pictures of your work here to further the identification of the different board revisions!


UPDATE: So it seems like stitching the spacecraft bootloader and firmware together from the repo causes unstable glitching behaviors. For now, consistent glitching behavior works with this bootload/firmware combo.
This is the original file on the OLED variant chip which has 0.2.0 spacecraft. As for glitching, I'll figure it out, give me some time...unless someone else wants to hop in and reverse the differences.

For now, this at least solves the 0.1.0 HWFLY gen 3 issue. More to come.

UPDATE 2: This is only going to work on some HWFLY chips. Older ones use higher protection than the new revisions that seem to use the QFN FPGA.

UPDATE 3: This should fully work on OLED modchips with the QFN FPGA. https://github.com/Pheeeeenom/firmware
 
Last edited by Mena,

Dean_

Well-Known Member
Member
Joined
Sep 11, 2014
Messages
684
Trophies
0
XP
712
Country
The firmware.bin attached above is vanilla spacecraft + the edits to make it work with their FPGA bitstream. The way they do things is different. They sync up with the FPGA, tie it pin 37? I think. There's not much difference. It's not KazushiMe's mod at all though.
Oh, I see the point. Now we have all the information about the chinese clones except for FPGA thing. And I don't have to use a suspicious chinese firmware. Thank you.
 

leerz

Well-Known Member
Member
Joined
Jan 11, 2015
Messages
752
Trophies
0
Age
36
Location
Makati
Website
leerz25.sitesled.com
XP
2,158
Country
The firmware.bin attached above is vanilla spacecraft + the edits to make it work with their FPGA bitstream. The way they do things is different. They sync up with the FPGA, tie it pin 37? I think. There's not much difference. It's not KazushiMe's mod at all though.
will this ultimately make the hwfly flashable by usb lest even by the sdcard? or any futher updates will need to use an external flasher (rpi) aside from the benefits of getting scv3
 

Mena

Well-Known Member
OP
Member
Joined
Oct 5, 2020
Messages
148
Trophies
0
Age
29
XP
1,032
Country
United States
will this ultimately make the hwfly flashable by usb lest even by the sdcard? or any futher updates will need to use an external flasher (rpi) aside from the benefits of getting scv3
once the changes on the bitstream in the FPGA are accounted for...yes. You'll be able to just replace the GD32 or flash it. I know so far on the QFN FPGA it's a matter of syncing and there's a magic value they read as an arbitrary lock.

uint32_t fpga_read_magic() { uint8_t buf[5]; buf[0] = 0xEE; gpioa_clear_pin4(); spi0_spi_transfer_buffer(buf, sizeof(buf)); gpioa_set_pin4(); return *(uint32_t *)(buf + 1); }


in main -> pa3_voltage < 1496 && fpga_read_magic() == 0x4D56492E <= "MVI." in ASCII. Whatever that means

typically spacecraft is just pa3_voltage < 1496

in their new firmware I attached on the last page it's 1596 along with the magic value lockout.
 
Last edited by Mena,

free4u

New Member
Newbie
Joined
Jan 22, 2022
Messages
1
Trophies
0
Age
38
XP
54
Country
Korea, South
@Mena
I always turn on the RED LED, but how can I turn on the YELLOW LED?The same results for cable inspection and my other PC.... (Of course, flash is impossible.) Soldering is OK, and booting also fine.
 

Attachments

  • TEST.jpg
    TEST.jpg
    444.8 KB · Views: 143
Last edited by free4u,

Mena

Well-Known Member
OP
Member
Joined
Oct 5, 2020
Messages
148
Trophies
0
Age
29
XP
1,032
Country
United States
@Mena
I always turn on the RED LED, but how can I turn on the YELLOW LED?The same results for cable inspection and my other PC.... (Of course, flash is impossible.) Soldering is OK, and booting also fine.
Apparently, there are some that do this and need SWD to flash them.
 

urherenow

Well-Known Member
Member
Joined
Mar 8, 2009
Messages
4,716
Trophies
2
Age
48
Location
Japan
XP
3,593
Country
United States
I've figured out the random crashing thanks to a friend. It's the SD card. You need to train it without an SD card inserted.
Umm... wow. I don't have mine yet, but I have the (single page) instructions. It lists on the top: "Required Items", "Recommended Tools", and "Crack Description". The very first thing under "Crack Description" ->

1) Please do not insert microSD card when starting up for the first time

:blink::wacko:

(@Mena the confused & eye-rolling emojis aren't directed at you. They are for all the people who have problems just because they don't RTFM)
 

fragged

Well-Known Member
Member
Joined
Jun 19, 2018
Messages
229
Trophies
0
Age
38
XP
1,249
Country
United States
Umm... wow. I don't have mine yet, but I have the (single page) instructions. It lists on the top: "Required Items", "Recommended Tools", and "Crack Description". The very first thing under "Crack Description" ->

1) Please do not insert microSD card when starting up for the first time

:blink::wacko:

(@Mena the confused & eye-rolling emojis aren't directed at you. They are for all the people who have problems just because they don't RTFM)
They are distributors, not technically proficient in what they are actually selling from everything I've seen.
Anything talked about here is way over their heads sadly.
 

JaRocker

Well-Known Member
Member
Joined
May 3, 2018
Messages
341
Trophies
0
XP
1,486
Country
Jamaica
The Chinese seem to have released an update for the OLED chip with the USB header. I can tell you right now that this update does a couple of things.

1.) It disables debugging completely, if you try and connect to PuTTy you will get an error.
2.) They modified SD Loader so my payload checker will report an unknown payload. I don't know the changes that they've made. It seems like they merged kazushime's update for compatibility into it. Added some text on the bottom right-hand corner. The OLED chip came with 0.2.0 so I wouldn't assume they went back to 0.1.0 for any reason considering all the backlash.

Currently, the state of the RE'ing done on their firmware is:

I have a working build that does a successful glitch, but it crashes sometimes during training. I've gotten it to not crash on my OLED but I had a friend test it and it made their modchip crash. This looks like "infinite glitching" in reality....it's not glitching and the FPGA has hanged/crashed. I need to figure out the differences there before an official open-source release.

TL;DR I need more testers
It’s not flashing is the chip bricked or something. Also can this fw work on the lite chip
 

Attachments

  • 822F8944-0F03-467E-80C2-7A1668607D5A.jpeg
    822F8944-0F03-467E-80C2-7A1668607D5A.jpeg
    1.2 MB · Views: 105
  • 1FDBA767-D383-43A7-9D40-AA1FE5986BBC.jpeg
    1FDBA767-D383-43A7-9D40-AA1FE5986BBC.jpeg
    6.4 MB · Views: 119

james194zt2

Well-Known Member
Newcomer
Joined
Jan 4, 2022
Messages
57
Trophies
0
Age
42
XP
165
Country
United Kingdom
Noob Can’t we just pay someone to make a FPGA from scratch? If not if is because of Legal reason. https://mdpi-res.com/d_attachment/e...46/article_deploy/electronics-07-00246-v2.pdf
It just might be being worked on.... Tearing down these chips as well as working out their inner workings is being done by several people right now.

FPGA is not an easy thing to just reproduce, that and worse still it is also quite dangerous for whoever produces it as they might face the wrath of Nintendo whereas an open source project with multiple possibly anonymous people might fair a little better.
 

JaRocker

Well-Known Member
Member
Joined
May 3, 2018
Messages
341
Trophies
0
XP
1,486
Country
Jamaica
It just might be being worked on.... Tearing down these chips as well as working out their inner workings is being done by several people right now.

FPGA is not an easy thing to just reproduce, that and worse still it is also quite dangerous for whoever produces it as they might face the wrath of Nintendo whereas an open source project with multiple possibly anonymous people might fair a little better.
Ok thanks got it the. Just thought that if the software was separate from the chip that it wouldn’t be a problem, example of Xbox 360 Mod chips. They come blank and you flash them after you get them
 

FR0ZN

Well-Known Member
Member
Joined
Nov 2, 2013
Messages
1,362
Trophies
1
Age
37
XP
3,818
Country
United States
The Chinese seem to have released an update for the OLED chip with the USB header. I can tell you right now that this update does a couple of things.

1.) It disables debugging completely, if you try and connect to PuTTy you will get an error.
2.) They modified SD Loader so my payload checker will report an unknown payload. I don't know the changes that they've made. It seems like they merged kazushime's update for compatibility into it. Added some text on the bottom right-hand corner. The OLED chip came with 0.2.0 so I wouldn't assume they went back to 0.1.0 for any reason considering all the backlash.

Currently, the state of the RE'ing done on their firmware is:

I have a working build that does a successful glitch, but it crashes sometimes during training. I've gotten it to not crash on my OLED but I had a friend test it and it made their modchip crash. This looks like "infinite glitching" in reality....it's not glitching and the FPGA has hanged/crashed. I need to figure out the differences there before an official open-source release.

TL;DR I need more testers

Where do they release the FW updates for their modchips?
 

Mena

Well-Known Member
OP
Member
Joined
Oct 5, 2020
Messages
148
Trophies
0
Age
29
XP
1,032
Country
United States

0x3000027E

Well-Known Member
Member
Joined
Mar 14, 2018
Messages
341
Trophies
0
Age
43
XP
1,374
Country
United States
I don't know, this was given to me by a friend.

to be clear here: this has issues. "infinite glitching" still happens
'firmware_spacecraft_mod.bin'....Is this the most recent/updated firmware? I just want to check if its what I should flash to SX Lite
 

lufeig

Well-Known Member
Member
Joined
Oct 22, 2009
Messages
306
Trophies
1
Age
45
Location
São Paulo, Brazil
XP
1,057
Country
Brazil
your friend that goes by the name of Sthetix?

just like him calling a “friend” but never mentioning Mena or Pheeeeenom. 😉

anyway, thank you very much for the contributions of both of you.
 
  • Like
Reactions: doom95

mocthulang

Member
Newcomer
Joined
Jan 21, 2022
Messages
13
Trophies
0
Age
42
XP
100
Country
Vietnam
help me. i messed up my modchip when flashing without dig deep. I need full dumb file of HWFLY lite like below image. if possible someone can help me. thank you
 

Attachments

  • D9595CE3-E659-402D-AD6C-4F7D5B25403E.png
    D9595CE3-E659-402D-AD6C-4F7D5B25403E.png
    111.9 KB · Views: 115

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
    SylverReZ @ SylverReZ: @salazarcosplay, Morning