Cracked solder joint underneath the RAM. It will need to be reflowed (reballing is better of course, but that's harder and requires specialist equipment)
Possibly the Switch could have been dropped at some point stressing the PCB enough to crack one or more of the solder joints, or if it's one of the bent ones (which seems to be most of them judging by what I have seen) that could also stress the PCB enough over time to crack solder joints.
Still BSOD
--------------------- MERGED ---------------------------
Yeah, if that's the case. Probably best not to as buying the equipment would be far more expensive that the Switch itself. I do however have a heatgun.
--------------------- MERGED ---------------------------
Yes,
I do believe it's probably a cracked solder joint. Buying a probler reflow machine, soldering iron, reballing jig... yeah would be cheaper to just buy an unpatched switch
But maybe if anyone has this problem out of the blue in future. Try that as a solution. But I can inject any payload, just SD card currently throwing errors.
A heat gun or a hot air station? They are not the same thing. Heat gun is meant more for stripping wallpaper than precision jobs like soldering.Still BSOD
--------------------- MERGED ---------------------------
Yeah, if that's the case. Probably best not to as buying the equipment would be far more expensive that the Switch itself. I do however have a heatgun.
--------------------- MERGED ---------------------------
Yes,
I do believe it's probably a cracked solder joint. Buying a probler reflow machine, soldering iron, reballing jig... yeah would be cheaper to just buy an unpatched switch
Hot air station. Sorry, I just call it a heat gun. I could possibly remove the shield, then lightly I guess on something like 300-350C maneuver in circular movements around the chips. Maybe if my SD card slot was working. It was working one day, now it's not. Maybe it's a software thing as the pins on the motherboard look completely fine and nothing looks bent, I could've dumped the NAND and possibly restore it to a working order.
Try it! What have you got to lose? I've reflowed many xbox360's back in the day with standard off the shelf heat gun. Hell I've even used a blow dryer before.
Idea...
Try the "Memloader Test" as I call it.
See if the Minerva Training Cell can work.
Send Memloader... See if it fails or not.
Will give you an idea of whats working and what isn`t. Make sure you use latest memloader with Minerva.
If it fails: With 246400 bytes
I`ve had a few consoles with this fault. It seems to be a hard fault between the Tegra and the RAM.
MAX77620 are functional, fuel gauge, bq, m92, all mosfets are fully working. Ref. Oscillator crystal working... Hekate boots... Correctly built and rebuilt eMMC, I thought "cracked ball under RAM". Reflowed. Nothing. Even reballed a RAM chip(without a jig. Took hours.)
It may be related. Or you may be lucky in that its a cracked joint.
If you can get BIS key 0 and PRODINFO is intact, you can build emmc from scratch, with fresh keyblobs if need be.
Just trying to give a few pointers.
--------------------- MERGED ---------------------------
As Jdbye says, you can indeed remove certs and recalc hashes in PRODINFO, but you will struggle with the Device Cert(ecc-b233) if its missing. Offset 0x480 if I remember correctly
Try the "Memloader Test" as I call it.
See if the Minerva Training Cell can work.
Send Memloader... See if it fails or not.
Will give you an idea of whats working and what isn`t. Make sure you use latest memloader with Minerva.
If it fails: With 246400 bytes
I`ve had a few consoles with this fault. It seems to be a hard fault between the Tegra and the RAM.
MAX77620 are functional, fuel gauge, bq, m92, all mosfets are fully working. Ref. Oscillator crystal working... Hekate boots... Correctly built and rebuilt eMMC, I thought "cracked ball under RAM". Reflowed. Nothing. Even reballed a RAM chip(without a jig. Took hours.)
It may be related. Or you may be lucky in that its a cracked joint.
If you can get BIS key 0 and PRODINFO is intact, you can build emmc from scratch, with fresh keyblobs if need be.
Just trying to give a few pointers.
--------------------- MERGED ---------------------------
As Jdbye says, you can indeed remove certs and recalc hashes in PRODINFO, but you will struggle with the Device Cert(ecc-b233) if its missing. Offset 0x480 if I remember correctly
That is one of the things Incognito wipes so that shouldn't be a problem, as long as online is not a big deal. But PRODINFO contains a lot of calibration data and such that don't seem to be so easy to regenerate.Idea...
Try the "Memloader Test" as I call it.
See if the Minerva Training Cell can work.
Send Memloader... See if it fails or not.
Will give you an idea of whats working and what isn`t. Make sure you use latest memloader with Minerva.
If it fails: With 246400 bytes
I`ve had a few consoles with this fault. It seems to be a hard fault between the Tegra and the RAM.
MAX77620 are functional, fuel gauge, bq, m92, all mosfets are fully working. Ref. Oscillator crystal working... Hekate boots... Correctly built and rebuilt eMMC, I thought "cracked ball under RAM". Reflowed. Nothing. Even reballed a RAM chip(without a jig. Took hours.)
It may be related. Or you may be lucky in that its a cracked joint.
If you can get BIS key 0 and PRODINFO is intact, you can build emmc from scratch, with fresh keyblobs if need be.
Just trying to give a few pointers.
--------------------- MERGED ---------------------------
As Jdbye says, you can indeed remove certs and recalc hashes in PRODINFO, but you will struggle with the Device Cert(ecc-b233) if its missing. Offset 0x480 if I remember correctly
The standard version, yes. Or might be device key. I'm writing from memory. And I'm drunk.
One of the offsets cannot be regenerated.
I'll have to check.
It's ecc encrypted and to my knowledge, without the signing key, you cannot regenerate that. It might be known, unencrypted, but you won't be able to encrypt it without nintys key.
In my messing around with prodinfo and recalcing hashes etc... That was the only stumbling block.
I'll update this post tomorrow after the headache subsides and I've found my notes.txt I made.
That's exactly what I thought!
But if you have 10 mins, have a go at making a prodinfo and getting it to boot. You can delete serials, regen the sha hashes etc... Just the one piece of the puzzle.
It can only be done with this encrypted "key". Like I say, my memory is sketchy at best. Cannot remember exactly which one.
If you run through the sections one at a time, it will become clear.
Unless I'm missing something blindingly obvious, I could replace cal0 stuff, serials, certs even. And the device will boot. But it was that one bit that tripped me up.
Will update tomorrow
The client cert has a hash that needs to be updated.That's exactly what I thought!
But if you have 10 mins, have a go at making a prodinfo and getting it to boot. You can delete serials, regen the sha hashes etc... Just the one piece of the puzzle.
It can only be done with this encrypted "key". Like I say, my memory is sketchy at best. Cannot remember exactly which one.
If you run through the sections one at a time, it will become clear.
Unless I'm missing something blindingly obvious, I could replace cal0 stuff, serials, certs even. And the device will boot. But it was that one bit that tripped me up.
Will update tomorrow
https://github.com/blawar/incognito/blob/master/source/incognito.cpp#L143
Yep there is the client cert hash and the hash over the whole cal0 area.
What I mean is, if trying to repair a brickachu unit for example, the "device cert" will be your stumbling block.
Last edited by mattytrog,
Similar threads
