I have found where the unique_id of the current rp2040 is stored in the original firmware:
0x20025978
$1 = 0x20025978 "\346aA\004\003y\247\071W\003"
(gdb) x/8x $r0
0x20025978: 0xe6 0x61 0x41 0x04 0x03 0x79 0xa7 0x39
and this is the output of micropython:
MPY: soft reboot
e6 61 41 4 3 79 a7 39
MicroPython v1.19.1-841-g3446d440f on
Cross Referenced unique_id example code in ghidra with firmware,found where it is,little this and little that and here we are
(rp2040 was live debuged)
0x20025978
$1 = 0x20025978 "\346aA\004\003y\247\071W\003"
(gdb) x/8x $r0
0x20025978: 0xe6 0x61 0x41 0x04 0x03 0x79 0xa7 0x39
and this is the output of micropython:
MPY: soft reboot
e6 61 41 4 3 79 a7 39
MicroPython v1.19.1-841-g3446d440f on
Cross Referenced unique_id example code in ghidra with firmware,found where it is,little this and little that and here we are
(rp2040 was live debuged)
pin 3 and 4 bud, 1 2 5 6 are connected to ground, so dont bridge any of those to 3 and 4
This is the ID of the chip, not stored one for encryption, still finding where its compared
Anyway. the function is at 0x10002608 which is called at boot
Anyway. the function is at 0x10002608 which is called at boot
I've seen this function
Post automatically merged:
if we try to put the keys manually like it says here https://github.com/CTCaer/hekate/issues/559
Post automatically merged:
Post automatically merged:
@Tafty
Last edited by vittorio,
So bridge 3/4 thanks, I'll dig out my lite when I get home and have a play.
Did you just use the fw from this thread?
The sdloader used in this firmware is wrong/bad that’s why it says for Ubuntu. It clears out the keys, that’s why BEK is missing. Someone that understands the firmware better needs to swap out the sdloader code with hwfly or spacecraft sdloader. You cannot patch it with hwfly toolbox because it’s not in the same location
> hekate_keys.ini is not something that hekate actually supports. I don't know what you are talking about.
Also refrain from illegally posting even a single part of the keys.
hekate_keys.ini was used in some shitty closed source cfw packs, because original tx firmware wipes BEK. You should not post thoese keys tho
Does that mean any console that used the original TX firmware without manually backup up first could never be restored to stock?> hekate_keys.ini is not something that hekate actually supports. I don't know what you are talking about.
Also refrain from illegally posting even a single part of the keys.
hekate_keys.ini was used in some shitty closed source cfw packs, because original tx firmware wipes BEK. You should not post thoese keys tho
The keys are stored in bootrom, and normally they will be loaded to keyslot at boot. But TX firmware just wipe keyslot at boot to prevent other CFW to boot(It was their DRM lol), so it is not permanent.
Maybe it will be useful for someone. I trimmed the dump.
Deleted UF2 header. UF2 > BIN.
Added old firmware witch cut UF2 file.
Deleted UF2 header. UF2 > BIN.
Added old firmware witch cut UF2 file.
Don't know how the compiler packs Pico code into .uf2 files, but I couldn't find the HWFLY-NX public key signature (0x69 repeating) in the latest unlocked dump. If the uf2 is uncompressed then this firmware really is using different BCTs, but I guess we can already safely bet on that.
In the meantime, I'm currently writing PIO code to sniff eMMC traffic using an external CLK signal. CMD line is almost done, though I don't know yet how to know when I need to sniff 136 bit packages and when I need to sniff 48bit packages. This protocol is pretty annoying tbh.
I don't think I'll be able to even write a prototype for the glitching part, because I don't have a CPU flex cable to test this whole thing out. I have some MOSFETs (slightly different ones from the one linked here) but they're so damn small that I don't trust myself to solder it on the tiny capacitors on the switch lmao.
In the meantime, I'm currently writing PIO code to sniff eMMC traffic using an external CLK signal. CMD line is almost done, though I don't know yet how to know when I need to sniff 136 bit packages and when I need to sniff 48bit packages. This protocol is pretty annoying tbh.
I don't think I'll be able to even write a prototype for the glitching part, because I don't have a CPU flex cable to test this whole thing out. I have some MOSFETs (slightly different ones from the one linked here) but they're so damn small that I don't trust myself to solder it on the tiny capacitors on the switch lmao.
Probably better to solder some 40AWG enamel magnet wire to the caps and the fets if you don't have super good eyes, steady hands, and/or a microscope.
This is the MCU‘s side. I‘m writing the actual serial connection which originally the FPGA did on the HWFLY. Thank you though.
Site & Scene News
New Hot Discussed
-
-
17K views
Pokemon Platinum PC port gets a surprise release
Seemingly out of nowhere a PC port for Pokemon Platinum has surfaced online, bundled alongside the source code for those interested in building and developing it for... -
11K views
Steam Deck gets a major price bump, more than 40% increase for US buyers
With very little in the way of announcement, Valve has today increased the price of the Steam Deck but some fairly considerable margins. Both of the available models... -
9K views
Nintendo president Shuntaro Furukawa explains Switch 2 price increases in recent Financial Results Briefing
As a part of their Financial Results Briefing for the previous year, Nintendo president Shuntaro Furukawa took to the floor to answer key questions around the Switch... -
9K views
Sony announces PlayStation Plus price increase for new customers starting May 20
Earlier this year, Sony announced major price increases for the PS5, PS5 Pro, and PlayStation Portal. Now the company is raising prices again, this time for... -
8K views
Forza Horizon 6 leaks online after Steam preload data was uploaded without encryption
We are once again here to tell you about a game leaking before its release, but for once, it's not one published by Nintendo. The game files for Microsoft's upcoming... -
8K views
Pokémon Crystal gets a PC port titled "suiCune" based on C/C++ language
Continuing with the great news of Pokémon Platinum getting a native unofficial PC port just a few days ago, today, yet another classic title from the franchise has... -
7K views
Paper Mario PC recompilation "ReCut" gets its first pre-release build
The latest in a growing number of native PC ports, Paper Mario ReCut got its first pre-release build earlier this week. Based on the N64 recompilation toolchain, the... -
6K views
Low-level 3DS emulator 3Beans released alongside setup tutorial video
When you talk about 3DS emulation, most people would jump to Citra. As the defacto choice since its first release it's seen tremendous success, and even after its... -
5K views
PlayStation State of Play June 2, 2026 broadcast - new God of War announced
A whole hour of PlayStation content is on the way, thanks to the latest State of Play showcase. Headlining the stream will be Marvel's Wolverine, alongside a... -
4K views
Call of Duty: Modern Warfare 4 to launch on Nintendo Switch 2 in October
For the first time in 13 years, the Call of Duty series will again return to Nintendo's consoles. Set to launch on the 23rd of October, the latest release, Modern...
-
-
-
171 replies
Steam Deck gets a major price bump, more than 40% increase for US buyers
With very little in the way of announcement, Valve has today increased the price of the Steam Deck but some fairly considerable margins. Both of the available models... -
113 replies
Nintendo Direct June 9, 2026 roundup - Ocarina of Time remake announced, Kingdom Hearts IV trailer
Nintendo's expected Summer showcase is here, offering up plenty of new announcements and exciting reveals. Let's see what they have in store in the latest Nintendo... -
102 replies
Pokemon Platinum PC port gets a surprise release
Seemingly out of nowhere a PC port for Pokemon Platinum has surfaced online, bundled alongside the source code for those interested in building and developing it for... -
92 replies
Sony announces PlayStation Plus price increase for new customers starting May 20
Earlier this year, Sony announced major price increases for the PS5, PS5 Pro, and PlayStation Portal. Now the company is raising prices again, this time for... -
89 replies
What do you want to see in the next Nintendo Direct?
With rumours circulating about a Nintendo Direct in the coming days and weeks, fans are left speculating and hoping as to what might be included. At the centre of all... -
83 replies
Nintendo president Shuntaro Furukawa explains Switch 2 price increases in recent Financial Results Briefing
As a part of their Financial Results Briefing for the previous year, Nintendo president Shuntaro Furukawa took to the floor to answer key questions around the Switch... -
73 replies
Paper Mario PC recompilation "ReCut" gets its first pre-release build
The latest in a growing number of native PC ports, Paper Mario ReCut got its first pre-release build earlier this week. Based on the N64 recompilation toolchain, the... -
71 replies
Nintendo Direct to air on the 9th of June, set to feature 50 minutes of Switch and Switch 2 games launching this year
After much speculation and rumour, the fabled Nintendo Direct is upon us. Set to go live tomorrow, the 9th of June, at 3pm in the UK, it'll feature 50 minutes of... -
71 replies
PlayStation State of Play June 2, 2026 broadcast - new God of War announced
A whole hour of PlayStation content is on the way, thanks to the latest State of Play showcase. Headlining the stream will be Marvel's Wolverine, alongside a... -
63 replies
Call of Duty: Modern Warfare 4 to launch on Nintendo Switch 2 in October
For the first time in 13 years, the Call of Duty series will again return to Nintendo's consoles. Set to launch on the 23rd of October, the latest release, Modern...
-
