Not exaclty related to the issue, but related to the chip.
I found out that the Nvidea Shield also uses the BCM4356 and the users have issues with their wifi due to the chip apparentely overheating.
Link for info :
https://www.androidheadlines.com/2019/07/nvidia-shield-android-tv-wi-fi-bluetooth.html < change on the chip.
https://www.nvidia.com/en-us/geforc...-with-new-update-disconnecting/?commentPage=2 < comments where they mention that the SHield uses the chip and the overheating situation.The last and the most interesting, I found some gitlab codes related to fix for the chip, i believe they are for the lineage and for the shield.
We can see the whole programming code that will go into the OTP memory.
https://gitlab.incom.co/CM-Shield/p...mmit/815a750bf48aadae872632e99ffc13d7a0afa6ff
And on the gitlab for it seems to be a customer firmware for the Nvidea Shield.
https://gitlab.incom.co/CM-Shield
There is all the files including hetake.
Maybe this might be the right path ?
Someone with more knowledge than me would be able to confirm.I also found this very interesting topic on spinics.net, where the user had issues after updating the firmware, looking at the outputs is pretty similar with want we had.https://www.spinics.net/lists/linux-wireless/msg168487.htmlThere is also a reddit thread where a user of a lenovo Lenovo Thinkpad 10 2nd Gen Running linux mint had issues with the BCM4356 chip !
https://www.reddit.com/r/linux4noobs/comments/adng4s/broadcom_help_pls/Seems that his chip has a lot of firmware issues, and this might be our case.maybe getting hte knowledge of all of those we can get somewhere ?I will see if @H0ppus can run linux on the broken switch and provide me access so i can try some stuff until the rest of the parts arrive.
Also is worth to mention that someone else can also dig into those and try with a broken switch.
Seems that installing lshw ( apt-get install lshw ) we can get a bit more information on it. It was show on the reddit thread.
@GrimDim
I found out that the Nvidea Shield also uses the BCM4356 and the users have issues with their wifi due to the chip apparentely overheating.
Link for info :
https://www.androidheadlines.com/2019/07/nvidia-shield-android-tv-wi-fi-bluetooth.html < change on the chip.
https://www.nvidia.com/en-us/geforc...-with-new-update-disconnecting/?commentPage=2 < comments where they mention that the SHield uses the chip and the overheating situation.The last and the most interesting, I found some gitlab codes related to fix for the chip, i believe they are for the lineage and for the shield.
We can see the whole programming code that will go into the OTP memory.
https://gitlab.incom.co/CM-Shield/p...mmit/815a750bf48aadae872632e99ffc13d7a0afa6ff
And on the gitlab for it seems to be a customer firmware for the Nvidea Shield.
https://gitlab.incom.co/CM-Shield
There is all the files including hetake.
Maybe this might be the right path ?
Someone with more knowledge than me would be able to confirm.I also found this very interesting topic on spinics.net, where the user had issues after updating the firmware, looking at the outputs is pretty similar with want we had.https://www.spinics.net/lists/linux-wireless/msg168487.htmlThere is also a reddit thread where a user of a lenovo Lenovo Thinkpad 10 2nd Gen Running linux mint had issues with the BCM4356 chip !
https://www.reddit.com/r/linux4noobs/comments/adng4s/broadcom_help_pls/Seems that his chip has a lot of firmware issues, and this might be our case.maybe getting hte knowledge of all of those we can get somewhere ?I will see if @H0ppus can run linux on the broken switch and provide me access so i can try some stuff until the rest of the parts arrive.
Also is worth to mention that someone else can also dig into those and try with a broken switch.
Seems that installing lshw ( apt-get install lshw ) we can get a bit more information on it. It was show on the reddit thread.
@GrimDim
Last edited by OniRj,
@ds34
I have attached the output of the lshw command too.
I will swap IC's between motherboards and see if it is going to work this weekend after have received the iphone6 stencil, soldering balls and other minor items to carry the swap.
Also, I have tried to tether my phone's internet connection over Bluetooth and it did not work at all, however, file transfer works flawlessly. Have anyone been able to tether internet over Bluetooth?
Attachments
Last edited by H0ppus,
By the way, where's the difference between the cyw4356 and the bcm4356?
As far as I understood is the cyw4356 based on the bcm4356 and the Cypres company added their own parts, right?
Does the Switch use BCM stock chips or the Cypres ones?
I was told that the chip gets flashed by the Switch everytime it boots up. Is that true?
As far as I understood is the cyw4356 based on the bcm4356 and the Cypres company added their own parts, right?
Does the Switch use BCM stock chips or the Cypres ones?
I was told that the chip gets flashed by the Switch everytime it boots up. Is that true?
If it is recognized by the system it should show up in `lspci` I believe, so if that's not the case in guessing there is a hardware error@ds34
I have attached the output of the lshw command too.
I will swap IC's between motherboards and see if it is going to work this weekend after have received the iphone6 stencil, soldering balls and other minor items to carry the swap.
Also, I have tried to tether my phone's internet connection over Bluetooth and it did not work at all, however, file transfer works flawlessly. Have anyone been able to tether internet over Bluetooth?
Yeah exact same chip, just renamed, says so in the data sheets.
That would make sense as the firmware binary (specific to each chip) always needs to be installed with the driver.
D
Deleted User
Guest
I just installed L4T on my switch and got this output, this is a working switch, I was wondering if there's anyway to dump this firmware/driver and install that on a broken switch with a IC replacement.
I did some digging and found that Wifi firmware is embedded inside the wlan module itself (0100000000000016), and those firmware files used for L4T seem to be dumped from the OFW files.
The BT module and its firmware is found on 010000000000001B,
Maybe it's possible to disable the check from the WLAN module itself.
I also came across the git report that has a script to dump the wlan firmwares used for L4T.
https://github.com/perillamint/nx-fwextract/blob/master/index.js
Last edited by ,
Well I finally did it!! I had already given up hope to ever boot HorizonOS again, because I noticed yesterday that I must have ripped off about 20 pads on the BGA, probably while I was cleaning the pads with my shitty iron and the solder braid was getting stuck to the board. You can see it here where all the brown spots are:
Still gave it another go today, my cleanest transplant to date (tip: reballing with solder paste is a lot faster, and using a minimal amount of flux when soldering the chip back on makes it so it doesn't swim around once positioned and the heat is applied). And voila, it's booting again!!!
Incredibly, both wifi and bluetooth are still working so I guess those pins were non-essential
Next I'm gonna try to dump the otp.
Still gave it another go today, my cleanest transplant to date (tip: reballing with solder paste is a lot faster, and using a minimal amount of flux when soldering the chip back on makes it so it doesn't swim around once positioned and the heat is applied). And voila, it's booting again!!!
Incredibly, both wifi and bluetooth are still working so I guess those pins were non-essential
Next I'm gonna try to dump the otp.
Thanks, this is very interesting information @Joonie86 .
View attachment 203864
I just installed L4T on my switch and got this output, this is a working switch, I was wondering if there's anyway to dump this firmware/driver and install that on a broken switch with a IC replacement.
I did some digging and found that Wifi firmware is embedded inside the wlan module itself (0100000000000016), and those firmware files used for L4T seem to be dumped from the OFW files.
The BT module and its firmware is found on 010000000000001B,
Maybe it's possible to disable the check from the WLAN module itself.
I also came across the git report that has a script to dump the wlan firmwares used for L4T.
https://github.com/perillamint/nx-fwextract/blob/master/index.js
Hey i think i'm in the same boat as some of you. the strange behavior of my switch was, that it was slowly dying, in the end it only booted sometimes when i left it on the shelf for some days.
Currently it's disassembled because i wanted to replace the bcm with a new one from zedslab. (no air solder atm)
But after reading this thread i think i'll wait and offer me as an test subject.
thx @joonie86 for pointing me to this thread.
Currently it's disassembled because i wanted to replace the bcm with a new one from zedslab. (no air solder atm)
But after reading this thread i think i'll wait and offer me as an test subject.
thx @joonie86 for pointing me to this thread.
Right, if you are able to get your hands on a broken motherboard you should be able to fix it by swapping the chip. Otherwise, it's not clear atm why new chips (reportedly) don't work.
You need to go to the network icon dropdown and use the blutooth connection
https://www.fossmint.com/connect-ubuntu-to-android-wifi/
use this
Here is some usefull data for the BCM chips.
https://blog.quarkslab.com/reverse-engineering-broadcom-wireless-chipsets.html
How to optain the firmware and how to flash it all explaind.
https://blog.quarkslab.com/reverse-engineering-broadcom-wireless-chipsets.html
How to optain the firmware and how to flash it all explaind.
Amazing find @acidcoolxxx!!
I'm reading through it right now and will update this post with what I find.
This passage is already interesting :
"Firmwares used by these chips are split in two parts: one part is written into the ROM and cannot be modified, the other part is uploaded by the driver into the chip's RAM. By doing so the vendor is able to add new features or write updates for their chips, just by changing the RAM portion of the firmware."
---
While it details how to dump the ROM from RAM, it's not clear how it can written to the chip (assuming it is still blank) . But still it would be great to see if factory chips have a pre-programmed ROM or not, and if so whether it differs from the ROM on nintendo chips.
Last edited by GrimDim,
I purchased a broken version 2 switch off ebay. It booted to 2nd Logo and that was it. I replaced all the chips but nothing Changed. It would only charge at .41 amps. V2 console would not allow me to inject Heckate so I thought it was toast. Purchased some .25mm solder balls and pulled the WiFi chip off a donor board. Reballed the chip by hand and replaced it on the board. To my suprise the console booted right into its firmware then WiFi and bluetooth work perfect. I am so happy and it's because of the info from Grimdim and Mattytrog. Both of you are legends. Thank you!!
Nice to hear that, now i want to try that with my switch too.
My problem is that i don't have an air solder / smd rework station...
Maybe someone around Vienna is reading this and can help me out.
My problem is that i don't have an air solder / smd rework station...
Maybe someone around Vienna is reading this and can help me out.
Infrared Station is a laser-like focus solder flow station. It heats only the area desired, with very little (if any) collateral damage to surrounding components. You can watch some reball and reflow videos on YouTube and some of the professional fix-it shops have these to fix phones and game systems.
--------------------- MERGED ---------------------------
I think I will try this as well, then. I have a V1 that just wont get past ANY boot screen, OFW and CFW. I wish it was a pinned chip instead of BGA, since these seem to fail so often.
Similar threads
-
ButterScott101
-
Xdqwerty
what are you looking at?
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
@
RedColoredStars:
There is an actual trailer with footage too. lol. Going to watch it tonight. Grabbed it from... a place. -
-
@
SylverReZ:
@Psionic Roshambo, JonTron's back yet again until he disappears into the void for another 6 or so months.+1 -
-
-
-
-
-
-
