Search results
-
-
Hacking Hardware Picofly - a HWFLY switch modchip
as promised:- flynnsmt4
- Post #2,278
- Forum: Nintendo Switch
-
Hacking Hardware Picofly - a HWFLY switch modchip
re @binkinator if someone wanted to try and run the stage 2 loader you could technically reverse the stage 1 loader firmware and replace the decryption+swd writes with the decrypted bin (and doing the same writes), and if it doesn't check the board ID then it will just work. I'd recommend that...- flynnsmt4
- Post #2,096
- Forum: Nintendo Switch
-
Hacking Hardware Picofly - a HWFLY switch modchip
Here is another firmware as well as its SRAM dump at the second stage loader, plus all of the SWD reads and writes. The person who gave it to me generously allowed me to publish it here. The board ID is E6 61 1C B7 1F 32 68 29, and the bin with the board ID name is the initial flash (loaded at...- flynnsmt4
- Post #2,094
- Forum: Nintendo Switch
-
Hacking Hardware Picofly - a HWFLY switch modchip
AFAIK the only difference is that (other than that one having better eMMC support?) it doesn't check the flash ID; none of them can load Atmosphere. I actually considered just patching it and loading it onto my Pico but I'm glad I didn't given that it executes individual PIO instructions which...- flynnsmt4
- Post #2,092
- Forum: Nintendo Switch
-
Hacking Hardware Picofly - a HWFLY switch modchip
I have to say I'm impressed by your work :-) 1679293967 ..and what my luck to realize a bit later that rehius posted a firmware that deliberately ignores the firwmare ID check--in fact, it even cuts short the XIP flash ID sequence. As far as I remember this was the most recently posted one...- flynnsmt4
- Post #2,089
- Forum: Nintendo Switch
-
Hacking Hardware Picofly - a HWFLY switch modchip
I'm pleased to announce that after significant time working on a cycle-accurate (this is very important) emulator I've finally been able to go past the decryption phase and have dumped the segments of ARM code that is written by the end of the encryption. I have to say, this is the most fun CTF...- flynnsmt4
- Post #2,078
- Forum: Nintendo Switch
-
Hacking Hardware Picofly - a HWFLY switch modchip
Okay, after taking some time off I decided to look at this again and realized that they're most definitely fingerprinting (or rather, changing behaviour) based on the flash ID. They call flash_get_unique_id as part of an init callback (I thought this was some random flash func) and then...- flynnsmt4
- Post #1,632
- Forum: Nintendo Switch
-
Hacking Hardware Picofly - a HWFLY switch modchip
Mostly because of stuff like this: I'm sure it would make sense if I went through it line-by-line but doing that a thousand times starts to get a bit annoying .. This is also a good candidate, how do I know without looking at that massive STR chain that it doesn't overwrite that magic constant...- flynnsmt4
- Post #1,500
- Forum: Nintendo Switch
-
Hacking Hardware Picofly - a HWFLY switch modchip
Not yet, no. I'm not really sure how much further I want to go.- flynnsmt4
- Post #1,498
- Forum: Nintendo Switch
-
Hacking Hardware Picofly - a HWFLY switch modchip
From my limited reversal of this firmware you're probably looking at pico SDK runtime init routines which initialize fplib function pointers; different bootrom versions have differing levels of support for them, like double-precision floating point funcs. I'd recommend compiling your own pico...- flynnsmt4
- Post #1,496
- Forum: Nintendo Switch
-
Hacking Hardware Picofly - a HWFLY switch modchip
Those addresses are documented, every peripheral MMIO page gets three extra pages from the base address for atomic IO; they're all writes to the DBGFORCE register. Specifically, on each core, it writes a data bit in SWDI by triggering a falling edge on SWCLK. The sequence is something like...- flynnsmt4
- Post #1,248
- Forum: Nintendo Switch
- No one is chatting at the moment.
-
-
-
@
BigOnYa:
My wife's doctor prescribed her a ointment for neck and knee pain, that cost $30. We just read the ingredients, and active ingredient is CBD, found exact ingredients in another off brand ointment online, for only $8. Our healthcare system at its finest. -
-
@
Psionic Roshambo:
I always suggest kneepads with wheels to help with knee pain, then I get slapped -
-
-
-
-
-
-
-
@ HiradeGirl:
https://www.youtube.com/watch?v=ntjkwIXWtrc&ab_channel=Apple
I feel uncomfortable from watching this. -
-
-
-
-
-
@
Veho:
I get what they were trying to say but what the ad actually says is "we tried to cram a ton of features into the iPad but all of them got irreparably mangled+1
in the process." -
-
-
-
-
-
