Recent content by renoob
-
R
Hacking Hardware Picofly - a HWFLY switch modchip
This is practically useless without context. Anyone who needs that info will open Ghidra or IDA to see disassembly also. On its own meaningless- renoob
- Post #1,486
- Forum: Nintendo Switch
-
R
Hacking Hardware Picofly - a HWFLY switch modchip
Someone should try unlocked fw on normal pico / pico w. It should behave the same except no led (zero uses rgb on pin 16 while normal uses standard led on pin 25). But wiring ws2812 led on pin 16 should do the trick. Anyway normal pico has SWD output which is not present on Zero, pins are...- renoob
- Post #1,471
- Forum: Nintendo Switch
-
R
Hacking Hardware Picofly - a HWFLY switch modchip
We agreed to never speak of it again. Sent from my Switch Pikofly modded firmware from page 32- renoob
- Post #1,453
- Forum: Nintendo Switch
-
R
Hacking Hardware Picofly - a HWFLY switch modchip
Will leave it here if someone else needs it. This clears all the flash memory. Reflashing firmwares keeps some left overs- renoob
- Post #1,387
- Forum: Nintendo Switch
-
R
Hacking Hardware Picofly - a HWFLY switch modchip
Maybe unrelated to this issue you guys are trying to figure out but if rp2040 was flashed couple of times with different firmware try to nuke it it first (erase whole flash). There is uf2 called flash_nuke.uf2 on official pico site. I've seen flash memory not being completely erased when...- renoob
- Post #1,348
- Forum: Nintendo Switch
-
R
Hacking Hardware Picofly - a HWFLY switch modchip
Maybe silly question but is there anywhere online how ubuntu payload looks like (hex pattern)?- renoob
- Post #1,277
- Forum: Nintendo Switch
-
R
Hacking Hardware Picofly - a HWFLY switch modchip
Ok, modified the call and now and there is no additional data, same as non inject- renoob
- Post #1,257
- Forum: Nintendo Switch
-
R
Hacking Hardware Picofly - a HWFLY switch modchip
Yeah first 8 bytes are correct (the ID), but its kinda odd that the additional data appears only when id is injected. Reading full 16 bytes as hex gives first 8 as ID and next 8 as 00 when there is no injection, but after injection last 8 are not 00 anymore- renoob
- Post #1,255
- Forum: Nintendo Switch
-
R
Hacking Hardware Picofly - a HWFLY switch modchip
Still pursuing unique id. Managed to debug the actual get_unique_id call in the main function and it seems if ID is altered (at least the way I did it) it adds additional data to it: INJECTED ID 0x10000718 in ?? () (gdb) x/s $r0 0x20041fa0: "\346a\034\267\037\062h)\bG\003\265P\002" vs...- renoob
- Post #1,252
- Forum: Nintendo Switch
-
R
Hacking Hardware Picofly - a HWFLY switch modchip
Yeah I've used that to debug zero https://github.com/majbthrd/pico-debug But you need to build official OpenOCD to make it work or you will have an error- renoob
- Post #1,247
- Forum: Nintendo Switch
-
R
Hacking Hardware Picofly - a HWFLY switch modchip
The program simply continues till the chip dies, I cannot read the registers. It does not stop on the breakpoint- renoob
- Post #1,242
- Forum: Nintendo Switch
-
R
Hacking Hardware Picofly - a HWFLY switch modchip
@KAAAsS Cant trigger that breakpoint at that address- renoob
- Post #1,240
- Forum: Nintendo Switch
-
R
Hacking Hardware Picofly - a HWFLY switch modchip
Isn't that memory (SDRAM) address? I dont see any references in ghidra regarding that address anywhere. @KAAAsS Anyway you wont get much with the chip on its own. It seems that rest of the functions are called when it receives some signal. For example it does not call get_unique_id function at...- renoob
- Post #1,238
- Forum: Nintendo Switch
-
R
Hacking Hardware Picofly - a HWFLY switch modchip
This above is not firmware (for the switch) if you are referring to that. Its a micropython. Not sure why he even posted that- renoob
- Post #1,234
- Forum: Nintendo Switch
-
R
Hacking Hardware Picofly - a HWFLY switch modchip
... removed- renoob
- Post #1,222
- Forum: Nintendo Switch