First things first, I should start by saying that if you have an OLED-specific clone chip you're fine.

Anyways, all HWFLY Lite chips come with Spacecraft v1. For those that don't know, Spacecraft v1 sets certain pins to 5V that shouldn't be set to that on an OLED.

You can find more info in the readme of my application here: https://github.com/Pheeeeenom/payloadchecker

All this application does is check the payload that's currently written and checks it to verified hashes stored in the program.

Steps to follow are:

Boot hekate
Dump BOOT0
Check it on application

If you have a genuine modchip, update it to the latest Spacecraft v2 before you install it into an OLED.

The OLED-specific modchip also comes with broken USB debugging, if you want to fix this issue you will need to write this repaired firmware binary.

 

[james194zt2]

Don't know, never tried tbh

Worth a try I suppose, I assume we know the chip in use? Mine are all laser etched off on my chip so cannot get the ID. Anybody know it? I have the tools to swap it and don't mind giving it a go, what's the worse that happens I need to swap it back to the original.

 

[Mena]

mine v1

I believe he meant the "OLED" specific chip that doesn't have a USB port, not a HWFLY Lite v3

 

[Mena]

Worth a try I suppose, I assume we know the chip in use? Mine are all laser etched off on my chip so cannot get the ID. Anybody know it? I have the tools to swap it and don't mind giving it a go, what's the worse that happens I need to swap it back to the original.

GD32F350C8T6

You will need an ST-Link or a GD-Link

 

[sean222]

Ahhh I'm so stressed out over this...I've logged over 250 hours of handheld playtime on my OLED with a HWFLY Lite with SpaceCraftNX 1.0

How much damage has been done and what got damaged

I'll report back once it dies (if it does after I swap out of the HWFLY Lite for a SX Core)

 

[james194zt2]

GD32F350C8T6

You will need an ST-Link or a GD-Link

Just before you sent that I was having a look around for unlocking the GD32, assuming it is locked.

Have you seen this, coincidentally when you sent me the above it is also about the same chip. https://github.com/EFeru/hoverboard-sideboard-hack-GD/issues/3

They have successfully unlocked and flashed new firmware to the chip, maybe it would work? I know obviously not great for everybody but if you have a flasher it might give you the ability to get Spacecraft V2 on to a Lite. Plus a cheap Chinese flasher is way less expensive than a new HWFly modchip!

I have a few different flashers here, ST/GD Link sadly is not one, so will get my hands on one as I want to play!

 

[allenhori]

Is there any chance op could please share the original bootloader/firmware files on the oled modchip somewhere?

 

[Bradle6]

Just before you sent that I was having a look around for unlocking the GD32, assuming it is locked.

Have you seen this, coincidentally when you sent me the above it is also about the same chip. https://github.com/EFeru/hoverboard-sideboard-hack-GD/issues/3

They have successfully unlocked and flashed new firmware to the chip, maybe it would work? I know obviously not great for everybody but if you have a flasher it might give you the ability to get Spacecraft V2 on to a Lite. Plus a cheap Chinese flasher is way less expensive than a new HWFly modchip!

I have a few different flashers here, ST/GD Link sadly is not one, so will get my hands on one as I want to play!

Would be alot cheaper if we could flash the lite hopefully it becomes a thing

 

[james194zt2]

Would be alot cheaper if we could flash the lite hopefully it becomes a thing

Might work with core as well, would be good to give them the update ability as well. I don't see why an MCU swap out wouldn't work as you can then program what you want and it won't be locked, much harder to do swapping that chip is not going to be for the faint of heart, I am just ordering up what I need now to try as I have the gear here to swap it just not the chip and the required programmer.

I believe we already have the bootloader, and the firmware dumped so just load them on without it being locked

 

[Mena]

Is there any chance op could please share the original bootloader/firmware files on the oled modchip somewhere?

 

[allenhori]

GD32F350C8T6

You will need an ST-Link or a GD-Link

CB or C8? It looks like a B. Here’s a comparison between the 2. Can’t find any other pics atm.

The upper “ring” of 8 is smaller than the bottom part. Just saying, not questioning. Waiting for my oled chip without usb to arrive.

 

[james194zt2]

Out of interest, the FPGA of the SX wasn't dumped was it? I assume the HWFly creators either have access to it (TX leak maybe?) or logic analysed and built their own. It is this FPGA where the timing is done isn't it? I am assuming also it is where it is read only so can't store back the unique timing values for the console the chip is in.

 

[Mena]

Just before you sent that I was having a look around for unlocking the GD32, assuming it is locked.

Have you seen this, coincidentally when you sent me the above it is also about the same chip. https://github.com/EFeru/hoverboard-sideboard-hack-GD/issues/3

They have successfully unlocked and flashed new firmware to the chip, maybe it would work? I know obviously not great for everybody but if you have a flasher it might give you the ability to get Spacecraft V2 on to a Lite. Plus a cheap Chinese flasher is way less expensive than a new HWFly modchip!

I have a few different flashers here, ST/GD Link sadly is not one, so will get my hands on one as I want to play!

The issue here is that this requires at least SWD functionality. We don't even get that

 

[james194zt2]

They really didn't want us playing did they over in China!!

How about trying to exploit it? I wish I had a programmer now, looks like I need to order from China so going to be 10 agonising days!! Scratch that, pre 1PM delivery from Amazon tomorrow for the win

https://medium.com/@LargeCardinal/how-to-bypass-debug-disabling-and-crp-on-stm32f103-7116e7abb546

Different chip but same family I believe

 

[Infinitum8t]

CB or C8? It looks like a B. Here’s a comparison between the 2. Can’t find any other pics atm.

The upper “ring” of 8 is smaller than the bottom part. Just saying, not questioning. Waiting for my oled chip without usb to arrive.

Your picture on the left appears to be CBT6. If you look at the next line it is BK418A. (so there is a "B" and an "8" to help us compare)

Your picture on the right appears clearly as C8T6. With the next line being BK2489.

The digit "8" appears pear shaped.

 

[james194zt2]

Thanks for the firmware above, do we have the firmware for the Lite or core version that is locked? I am assuming not as no SWD means no ability to dump I believe? Thinking doing a comparison would be good if possible.

 

[zakwarrior]

Excuse me.... Do any of you guys have the Electronic diagram of the SX core or hwfly??? Cause I have and I' mm in electronics for more then 20 years and repairing since 12. Any low level electronicien would say that both ICE40 & GD32 chip are volted with 3,3v , there is no way these chips could output any upper voltage then the max power voltage. There input voltages are 3,3 from emmc, regulated to 1,8 - 2,5 & 1,2 . Nothing else. This complete BS, sorry to say. To have anything more then 3,3v you would need a higher voltage to go into the chip circuit and there is not! Only 5v going in is from the reprogramming USB cable when you connect this to a USB port. Gpio high or low means it will take the max voltage of the chip or gnd. Chip cannot output 5v when receiving a max voltage of 3,3v. If anything in can passthru the voltage existing from the motherboard but not increase it, neither the programming code or the chip itself can give this. And just so you know I'm a specialist on fpga and got a diploma in vhdl & verilog coding. I've done the xbox360 chips from scratch with Gligli (the one that released all the initale reset glitch on Xbox), I made my own chips and coding for these chips and I was the one to explain how to hack the new motherboard xbox360 corona working with the new emmc system. All this to say that i know my sh#t

 

[Bradle6]

Excuse me.... Do any of you guys have the Electronic diagram of the SX core or hwfly??? Cause I have and I' mm in electronics for more then 20 years and repairing since 12. Any low level electronicien would say that both ICE40 & GD32 chip are volted with 3,3v , there is no way these chips could output any upper voltage then the max power voltage. There input voltages are 3,3 from emmc, regulated to 1,8 - 2,5 & 1,2 . Nothing else. This complete BS, sorry to say. To have anything more then 3,3v you would need a higher voltage to go into the chip circuit and there is not! Only 5v going in is from the reprogramming USB cable when you connect this to a USB port.

So are you saying there isn't 5v being applied from the chip?

 

[james194zt2]

So are you saying there isn't 5v being applied from the chip?

Sounds like it, I mean technically that could be correct unless there is a step up voltage regulator or similar in the circuit to bump up the voltage to 5V but if the circuit input is 3.3v then in theory how else would it up it to 5v.

@zakwarrior do you have the circuit diagrams you could share?

 

[zakwarrior]

So are you saying there isn't 5v being applied from the chip?

There is no 5v input in this chip..... NADA only if you plug it to a computer to reflash it and this comes from the 5v USB and ANYWAY this 5v is regulated to 3,3v for the circuit. But again this 5v only comes in if plugged to a USB tona computer for reflash

 

[MichiS97]

Fellow electrical engineer chiming in here. 5V hasn't been used in microcontrollers neither as a supply voltage nor for any logic busses in about two decades. Not saying this absolutely has to be complete BS but I'd be surprised if this actually turns out to be legit.
Especially the claim in the original post that OP has already seen a lot of dead OLED Switches because of this seems weird to me. First, I don't think there even are "a lot" of modded Aulas out there, yet, and secondly, even if this modchip would supply 5v to some pins that are only supposed to receive 3.3v I would be surprised if that would actually cause any issues before half a year of usage or something.

I do a lot of Game Boy modding and this 3.3 vs. 5 Volts topic is discussed there as well. For example, the Game Boy and Game Boy Color still use 5V everywhere, the GB being released in the 1980s and the GBC in the 1990s. The Game Boy Advance, however, already uses controllers that operate on 3.3 V (except if it is working in GB(C) mode).
There are some Chinese flashcards which use 3.3V even on the GB and GBC because it's hard to find microcontrollers that are still using 5V and designing the cards with level shifters to "convert" the voltage from 5 V to 3.3 V vice versa would mean increased production cost. It is commonly accepted that using these flashcards will damage your Game Boy and flashcard over time because the voltages essentially don't match, however, people are still using them and there doesn't seem to be a huge influx of broken devices because of that.