I have a V2 switch with a dead eMMC. It's completely dead, I've checked with a scope and nothing comes out of DAT0, it stays at 1.8V all the time.
I want to boot to hekate to dump the keys and rebuild a sysnand, for which I have ordered the replacement eMMC board (which hasn't arrived yet). I've already installed a picofly on the switch.
I wanted to boot to hekate without the eMMC to get going, but the picofly cannot do that. I've checked the code of the firmware and it depends on the activity from the eMMC chip to glitch at the right time. So no glitching possible without eMMC. As far as I know this can be done with unpatched consoles through RCM.
It should be technically possible to modify the picofly firmware to simulate the eMMC and get the console to glitch and boot to hekate. While I'm waiting for the replacement eMMC, I'd like to try that. Maybe it's already been done? Any information is welcome.
I want to boot to hekate to dump the keys and rebuild a sysnand, for which I have ordered the replacement eMMC board (which hasn't arrived yet). I've already installed a picofly on the switch.
I wanted to boot to hekate without the eMMC to get going, but the picofly cannot do that. I've checked the code of the firmware and it depends on the activity from the eMMC chip to glitch at the right time. So no glitching possible without eMMC. As far as I know this can be done with unpatched consoles through RCM.
It should be technically possible to modify the picofly firmware to simulate the eMMC and get the console to glitch and boot to hekate. While I'm waiting for the replacement eMMC, I'd like to try that. Maybe it's already been done? Any information is welcome.