Not exaclty related to the issue, but related to the chip.
I found out that the Nvidea Shield also uses the BCM4356 and the users have issues with their wifi due to the chip apparentely overheating.
Link for info :
https://www.androidheadlines.com/2019/07/nvidia-shield-android-tv-wi-fi-bluetooth.html < change on the chip.
https://www.nvidia.com/en-us/geforc...-with-new-update-disconnecting/?commentPage=2 < comments where they mention that the SHield uses the chip and the overheating situation.The last and the most interesting, I found some gitlab codes related to fix for the chip, i believe they are for the lineage and for the shield.
We can see the whole programming code that will go into the OTP memory.
https://gitlab.incom.co/CM-Shield/p...mmit/815a750bf48aadae872632e99ffc13d7a0afa6ff
And on the gitlab for it seems to be a customer firmware for the Nvidea Shield.
https://gitlab.incom.co/CM-Shield
There is all the files including hetake.
Maybe this might be the right path ?
Someone with more knowledge than me would be able to confirm.I also found this very interesting topic on spinics.net, where the user had issues after updating the firmware, looking at the outputs is pretty similar with want we had.https://www.spinics.net/lists/linux-wireless/msg168487.htmlThere is also a reddit thread where a user of a lenovo Lenovo Thinkpad 10 2nd Gen Running linux mint had issues with the BCM4356 chip !
https://www.reddit.com/r/linux4noobs/comments/adng4s/broadcom_help_pls/Seems that his chip has a lot of firmware issues, and this might be our case.maybe getting hte knowledge of all of those we can get somewhere ?I will see if @H0ppus can run linux on the broken switch and provide me access so i can try some stuff until the rest of the parts arrive.
Also is worth to mention that someone else can also dig into those and try with a broken switch.
Seems that installing lshw ( apt-get install lshw ) we can get a bit more information on it. It was show on the reddit thread.
@GrimDim
I found out that the Nvidea Shield also uses the BCM4356 and the users have issues with their wifi due to the chip apparentely overheating.
Link for info :
https://www.androidheadlines.com/2019/07/nvidia-shield-android-tv-wi-fi-bluetooth.html < change on the chip.
https://www.nvidia.com/en-us/geforc...-with-new-update-disconnecting/?commentPage=2 < comments where they mention that the SHield uses the chip and the overheating situation.The last and the most interesting, I found some gitlab codes related to fix for the chip, i believe they are for the lineage and for the shield.
We can see the whole programming code that will go into the OTP memory.
https://gitlab.incom.co/CM-Shield/p...mmit/815a750bf48aadae872632e99ffc13d7a0afa6ff
And on the gitlab for it seems to be a customer firmware for the Nvidea Shield.
https://gitlab.incom.co/CM-Shield
There is all the files including hetake.
Maybe this might be the right path ?
Someone with more knowledge than me would be able to confirm.I also found this very interesting topic on spinics.net, where the user had issues after updating the firmware, looking at the outputs is pretty similar with want we had.https://www.spinics.net/lists/linux-wireless/msg168487.htmlThere is also a reddit thread where a user of a lenovo Lenovo Thinkpad 10 2nd Gen Running linux mint had issues with the BCM4356 chip !
https://www.reddit.com/r/linux4noobs/comments/adng4s/broadcom_help_pls/Seems that his chip has a lot of firmware issues, and this might be our case.maybe getting hte knowledge of all of those we can get somewhere ?I will see if @H0ppus can run linux on the broken switch and provide me access so i can try some stuff until the rest of the parts arrive.
Also is worth to mention that someone else can also dig into those and try with a broken switch.
Seems that installing lshw ( apt-get install lshw ) we can get a bit more information on it. It was show on the reddit thread.
@GrimDim
Last edited by OniRj,
@ds34
I have attached the output of the lshw command too.
I will swap IC's between motherboards and see if it is going to work this weekend after have received the iphone6 stencil, soldering balls and other minor items to carry the swap.
Also, I have tried to tether my phone's internet connection over Bluetooth and it did not work at all, however, file transfer works flawlessly. Have anyone been able to tether internet over Bluetooth?
Attachments
Last edited by H0ppus,
By the way, where's the difference between the cyw4356 and the bcm4356?
As far as I understood is the cyw4356 based on the bcm4356 and the Cypres company added their own parts, right?
Does the Switch use BCM stock chips or the Cypres ones?
I was told that the chip gets flashed by the Switch everytime it boots up. Is that true?
As far as I understood is the cyw4356 based on the bcm4356 and the Cypres company added their own parts, right?
Does the Switch use BCM stock chips or the Cypres ones?
I was told that the chip gets flashed by the Switch everytime it boots up. Is that true?
If it is recognized by the system it should show up in `lspci` I believe, so if that's not the case in guessing there is a hardware error@ds34
I have attached the output of the lshw command too.
I will swap IC's between motherboards and see if it is going to work this weekend after have received the iphone6 stencil, soldering balls and other minor items to carry the swap.
Also, I have tried to tether my phone's internet connection over Bluetooth and it did not work at all, however, file transfer works flawlessly. Have anyone been able to tether internet over Bluetooth?
Yeah exact same chip, just renamed, says so in the data sheets.
That would make sense as the firmware binary (specific to each chip) always needs to be installed with the driver.
D
Deleted User
Guest
I just installed L4T on my switch and got this output, this is a working switch, I was wondering if there's anyway to dump this firmware/driver and install that on a broken switch with a IC replacement.
I did some digging and found that Wifi firmware is embedded inside the wlan module itself (0100000000000016), and those firmware files used for L4T seem to be dumped from the OFW files.
The BT module and its firmware is found on 010000000000001B,
Maybe it's possible to disable the check from the WLAN module itself.
I also came across the git report that has a script to dump the wlan firmwares used for L4T.
https://github.com/perillamint/nx-fwextract/blob/master/index.js
Last edited by ,
Well I finally did it!! I had already given up hope to ever boot HorizonOS again, because I noticed yesterday that I must have ripped off about 20 pads on the BGA, probably while I was cleaning the pads with my shitty iron and the solder braid was getting stuck to the board. You can see it here where all the brown spots are:
Still gave it another go today, my cleanest transplant to date (tip: reballing with solder paste is a lot faster, and using a minimal amount of flux when soldering the chip back on makes it so it doesn't swim around once positioned and the heat is applied). And voila, it's booting again!!!
Incredibly, both wifi and bluetooth are still working so I guess those pins were non-essential
Next I'm gonna try to dump the otp.
Still gave it another go today, my cleanest transplant to date (tip: reballing with solder paste is a lot faster, and using a minimal amount of flux when soldering the chip back on makes it so it doesn't swim around once positioned and the heat is applied). And voila, it's booting again!!!
Incredibly, both wifi and bluetooth are still working so I guess those pins were non-essential
Next I'm gonna try to dump the otp.
Thanks, this is very interesting information @Joonie86 .
View attachment 203864
I just installed L4T on my switch and got this output, this is a working switch, I was wondering if there's anyway to dump this firmware/driver and install that on a broken switch with a IC replacement.
I did some digging and found that Wifi firmware is embedded inside the wlan module itself (0100000000000016), and those firmware files used for L4T seem to be dumped from the OFW files.
The BT module and its firmware is found on 010000000000001B,
Maybe it's possible to disable the check from the WLAN module itself.
I also came across the git report that has a script to dump the wlan firmwares used for L4T.
https://github.com/perillamint/nx-fwextract/blob/master/index.js
Hey i think i'm in the same boat as some of you. the strange behavior of my switch was, that it was slowly dying, in the end it only booted sometimes when i left it on the shelf for some days.
Currently it's disassembled because i wanted to replace the bcm with a new one from zedslab. (no air solder atm)
But after reading this thread i think i'll wait and offer me as an test subject.
thx @joonie86 for pointing me to this thread.
Currently it's disassembled because i wanted to replace the bcm with a new one from zedslab. (no air solder atm)
But after reading this thread i think i'll wait and offer me as an test subject.
thx @joonie86 for pointing me to this thread.
Right, if you are able to get your hands on a broken motherboard you should be able to fix it by swapping the chip. Otherwise, it's not clear atm why new chips (reportedly) don't work.
You need to go to the network icon dropdown and use the blutooth connection
https://www.fossmint.com/connect-ubuntu-to-android-wifi/
use this
Here is some usefull data for the BCM chips.
https://blog.quarkslab.com/reverse-engineering-broadcom-wireless-chipsets.html
How to optain the firmware and how to flash it all explaind.
https://blog.quarkslab.com/reverse-engineering-broadcom-wireless-chipsets.html
How to optain the firmware and how to flash it all explaind.
Amazing find @acidcoolxxx!!
I'm reading through it right now and will update this post with what I find.
This passage is already interesting :
"Firmwares used by these chips are split in two parts: one part is written into the ROM and cannot be modified, the other part is uploaded by the driver into the chip's RAM. By doing so the vendor is able to add new features or write updates for their chips, just by changing the RAM portion of the firmware."
---
While it details how to dump the ROM from RAM, it's not clear how it can written to the chip (assuming it is still blank) . But still it would be great to see if factory chips have a pre-programmed ROM or not, and if so whether it differs from the ROM on nintendo chips.
Last edited by GrimDim,
I purchased a broken version 2 switch off ebay. It booted to 2nd Logo and that was it. I replaced all the chips but nothing Changed. It would only charge at .41 amps. V2 console would not allow me to inject Heckate so I thought it was toast. Purchased some .25mm solder balls and pulled the WiFi chip off a donor board. Reballed the chip by hand and replaced it on the board. To my suprise the console booted right into its firmware then WiFi and bluetooth work perfect. I am so happy and it's because of the info from Grimdim and Mattytrog. Both of you are legends. Thank you!!
Nice to hear that, now i want to try that with my switch too.
My problem is that i don't have an air solder / smd rework station...
Maybe someone around Vienna is reading this and can help me out.
My problem is that i don't have an air solder / smd rework station...
Maybe someone around Vienna is reading this and can help me out.
Infrared Station is a laser-like focus solder flow station. It heats only the area desired, with very little (if any) collateral damage to surrounding components. You can watch some reball and reflow videos on YouTube and some of the professional fix-it shops have these to fix phones and game systems.
--------------------- MERGED ---------------------------
I think I will try this as well, then. I have a V1 that just wont get past ANY boot screen, OFW and CFW. I wish it was a pinned chip instead of BGA, since these seem to fail so often.
Similar threads
- No one is chatting at the moment.
-
-
-
-
@
TwoSpikedHands:
yall im torn... ive been hacking away at tales of phantasia GBA (the USA version) and have so many documents of reverse engineering i've done -
@
TwoSpikedHands:
I just found out that the EU version is better in literally every way, better sound quality, better lighting, and there's even a patch someone made to make the text look nicer
-
@
TwoSpikedHands:
Do I restart now using what i've learned on the EU version since it's a better overall experience? or do I continue with the US version since that is what ive been using, and if someone decides to play my hack, it would most likely be that version?
-
@
Sicklyboy:
@TwoSpikedHands, I'll preface this with the fact that I know nothing about the game, but, I think it depends on what your goals are. Are you trying to make a definitive version of the game? You may want to refocus your efforts on the EU version then. Or, are you trying to make a better US version? In which case, the only way to make a better US version is to keep on plugging away at that one -
@
Sicklyboy:
I'm not familiar with the technicalities of the differences between the two versions, but I'm wondering if at least some of those differences are things that you could port over to the US version in your patch without having to include copyrighted assets from the EU version
-
@
TwoSpikedHands:
@Sicklyboy I am wanting to fully change the game and bend it to my will lol. I would like to eventually have the ability to add more characters, enemies, even have a completely different story if i wanted. I already have the ability to change the tilemaps in the US version, so I can basically make my own map and warp to it in game - so I'm pretty far into it!
-
@
TwoSpikedHands:
I really would like to make a hack that I would enjoy playing, and maybe other people would too. swapping to the EU version would also mean my US friends could not legally play it
-
@
TwoSpikedHands:
I am definitely considering porting over some of the EU features without using the actual ROM itself, tbh that would probably be the best way to go about it... but i'm sad that the voice acting is so.... not good on the US version. May not be a way around that though
-
-
@
The Real Jdbye:
@TwoSpikedHands just switch, all the knowledge you learned still applies and most of the code and assets should be the same anyway -
@
The Real Jdbye:
and realistically they wouldn't
be able to play it legally anyway since they need a ROM and they probably don't have the means to dump it themselves -
-
-
-
-
@
Karma177:
do y'all think having an sd card that has a write speed of 700kb/s is a bad idea?
trying to restore emunand rn but it's taking ages... (also when I finished the first time hekate decided to delete all my fucking files
) -
-
-
-
@
Karma177:
@The Real Jdbye it hasn't given me any error trying to write things on it so I don't really think it's faulty (pasted 40/50gb+ folders and no write errors)
-
-
@
DinohScene:
when SD cards/microSD write speeds drop below a meg a sec, they're usually on the verge of dying
@
DinohScene:
when SD cards/microSD write speeds drop below a meg a sec, they're usually on the verge of dying