Search results

  1. B

    Hacking Booting to hekate without eMMC?

    They were not blank but it doesn't matter, in the end you have to do a full restore of the raw nand data. You get the boot0 and boot1 partition for the backup of another nand.
  2. B

    Hacking Booting to hekate without eMMC?

    Reporting back on this after I got a replacement eMMC chip. The Picofly boots to hekate without any issue, and lockpick is able to dump some keys, although it cannot read the eMMC. As expected, among these keys are the BIS keys, and all the device unique keys (which are stored on the CPU ROM)...
  3. B

    Hacking Booting to hekate without eMMC?

    The BIS keys are derived from the device key which is on the tegra chip. I've looked at Lockpick_RCM's code, and it will dump the BIS keys even if the eMMC is dead.
  4. B

    Hacking Booting to hekate without eMMC?

    That's what I was saying, sorry if that was unclear. I want to run RCM lockpick to get the BIS keys from the switch with the dead eMMC, then rebuild an eMMC by decrypting a backup from another switch, and re-encrypting it with the BIS keys from the switch with the dead eMMC.
  5. B

    Hacking Booting to hekate without eMMC?

    Yes it's possible, you can have a look at sthetix guide about doing this.
  6. B

    Hacking Booting to hekate without eMMC?

    I will reconstruct an eMMC from a backup of another console, that's not a problem. But for that, if I understand correctly, I need the BIS keys which are derived from the TSEC key and SBK key, both of which are console-unique and not on the eMMC. SBK can be read from fuses and TSEC can be...
  7. B

    Hacking Booting to hekate without eMMC?

    I have a V2 switch with a dead eMMC. It's completely dead, I've checked with a scope and nothing comes out of DAT0, it stays at 1.8V all the time. I want to boot to hekate to dump the keys and rebuild a sysnand, for which I have ordered the replacement eMMC board (which hasn't arrived yet)...
  8. B

    Console runs hekate fine but won't boot HOS, error 2134-0501

    Patched v1 switch, I installed a picofly and the console boots into hekate with no issue, but will very rarely boot HOS. Symptoms: Most of the time, the battery won't charge in hekate. If I try to boot into Atmosphere (emuMMC or sysMMC), the "switch" logo takes a long time to appear (8-9...
  9. B

    Picofly AIO Thread

    I see in the board_detect code of the firmware that the WaveShare RP2040 Zero board is detected by enabling the pull-up resistor for GPIO 25, and testing if it stays low. Thus I assume that GPIO 25 is grounded on that board, but nothing in the datasheets say so. I also saw some people saying...
  10. B

    Hacking Hardware Picofly - a HWFLY switch modchip

    From the installation guide at https://gbatemp.net/download/a-definitive-picofly-install-guide.37968/download : "If the LED flashes Red once, GREAT, you don't need to do anything special, however, if you see a single Green flash, then you need to permanently bridge the RGB jumper with solder on...
  11. B

    Hacking Hardware Picofly - a HWFLY switch modchip

    Is the rp2040 source code available? I'm not talking about the PIO code (its source was already posted here), but the code of the CPU, i.e. the C or C++ code which sets up all the PIO programs and launches them.
  12. B

    Disc-less hack for original Playstation

    FreePSXBoot 2.0 has been released: Release Version 2.0 (support for slot 2) · brad-lin/FreePSXBoot (github.com) The images are identical to the ones published a few days ago; thanks again for the feedback.
  13. B

    Disc-less hack for original Playstation

    Thanks for this feedback. I have tested saving and loading with a few games and so far all of them work as expected (though strangely MGS will be stuck retrying on slot 2 if it sees no card connected there, but that's not due to FreePSXBoot). The only case it could fail is if a game...
  14. B

    Disc-less hack for original Playstation

    It is now possible to run FreePSXBoot on a memory card on slot 2, and to keep the memory card plugged in while playing a game (the kernel is patched by FreePSXBoot to disable the memory card on slot 2, so games will only see a memory card connected in slot 1). I am (as always :)) looking for...
  15. B

    Disc-less hack for original Playstation

    Thanks for the feedback. Someone reported recently that BIOS version 2.2 (A) was not working, and I had mistakenly assumed that BIOS 2.2 (E) was the same as 2.2 (A), as it's the case for versions 4.1, 4.4, and 4.5. So I've updated again the images, and the BIOS list. There is also a fix which...
  16. B

    Disc-less hack for original Playstation

    Thanks for the feedback. The files are indeed the same, the BIOSes are different but happen to have the same stack pointer value when the exploit triggers, and also allow the same instruction to be overwritten. Nevertheless, if we improve yet again the exploit, the files may end up being different.
  17. B

    Disc-less hack for original Playstation

    Hey, I've released version 1.1 yesterday: see release 1.1 on the github repo; I cannot post a link since I'm a new member. So far it has been confirmed working on BIOS 2,0, 4.1, 4.5. Some feedback would be nice for other BIOS versions. I've also just added support for SCPH-7000 and SCPH-7000W...
General chit-chat
Help Users
    SylverReZ @ SylverReZ: Nope. Not into gaming.