- Joined
- Sep 9, 2019
- Messages
- 904
- Trophies
- 1
- Location
- Switch scene
- Website
- github.com
- XP
- 2,663
- Country
No idea. I guess it just isn't needed and if it isn't needed why add it? Just adds more potential for failure if a wire comes loose. DAT0 lines are finicky enough already on OLED models because the wire is so long. It's susceptible to noise.
Just wondering, eMMC can communicate with just DAT0 too, it's just that the Tegra probably does with all four lines, which is why I'm wondering how the hwfly can still read/write to eMMC with just the first line simultaneously.
Also now I'm wondering if the HWFLY stops the Tegra from booting up until it says so because otherwise the payload and BCT flashing process would interfere with the Tegra trying to load everything
If yes then using only DAT0 makes sense: the eMMC is in 1-bit mode on bootup (I guess), the HWFLY flashes its things, then the HWFLY gives power to the Tegra and then the Tegra switches to 4-bit mode.
Emmc init is Always in 1-bit mode, after the security checks the tegra switched to full speed HS400 mode (8 dat line's)
Attachments
This is why we need to hook up a logic analyser. HWfly is connected in 1 bit mode.Just wondering, eMMC can communicate with just DAT0 too, it's just that the Tegra probably does with all four lines, which is why I'm wondering how the hwfly can still read/write to eMMC with just the first line simultaneously.
Also now I'm wondering if the HWFLY stops the Tegra from booting up until it says so because otherwise the payload and BCT flashing process would interfere with the Tegra trying to load everything
If yes then using only DAT0 makes sense: the eMMC is in 1-bit mode on bootup (I guess), the HWFLY flashes its things, then the HWFLY gives power to the Tegra and then the Tegra switches to 4-bit mode.
You can't have two controllers talking to a single emmc chip at the same time. I would assume the HWFly powers the reset line while it is writing and reading form the emmc to disable the CPU.
It doesn't matter what bit mode our controller uses. This doesn't affect the code or hardware in any shape or form.
Are you talking about the internal bootrom of the cpu?
Why wouldn't it just hold the reset line? Wouldn't that be much simpler?
Post automatically merged:
Also, how do you know this?
Post automatically merged:
P.P.S. I think I purchased about 10-20 dat0 adapters from you over eBay last year!
I don't remember who it was from but it came from the Netherlands The adapters were taped to the inside of the white envelope. Thank you for those adapters if you were the seller!
Last edited by FruithatMods,
We have no acces to the reset line.
And it's not needed.
Ground CMD, CLK or Dat0 and SOC has no access to the emmc and goes do RCM.
Chip can write payload.
=> Done
Reset soc whit =>
Start fancy glitch power.
Right @doom95 ?
Well how do you reset the SoC if there's no access to the reset line?
Was reading through the encrypted binary in hxd (dont know how to decrypt) and saw this
"System clock of %u kHz cannot be exactly achieved"
"System clock of %u kHz cannot be exactly achieved"
you need the reset line of the CPU, you achieve that with the condensers of the SOC.
What is a
What is a condenser?
Post automatically merged:
That doesn't sound very encrypted!
Yes, you are right condenser and capacitor are synonyms, but in USA is more often used the word "capacitor".
in Latin American Spanish we use a lot of "Condensador" which have "Capacitancia" as his measurement! yeah a riddle.
Similar threads
