That depends. Have your antidepressants kicked in yet?
Post automatically merged:
0.1mm works great for this size soldering. Do make sure that your soldering tip is the right size, most people try to do this type of soldering work with an iron tip that is WAY too big, and solder that is awful for the task. Use some thin lead or bismuth solder, something with a low enough melting point that you won't risk knocking other components off the board if you're not super good. Your solder should melt low enough that you can easily solder non-ground points at 280-300 Celsius. Invest in paste or no-clean flux.
my ISP connections)
4-bit
4-bit
Post automatically merged:
can you show the source code of the project?
Attachments
yes and no
current fw boots hekate, linux, android
current fw retuns error when launching hos
Hello everyone.
I follow the feed very closely and so far, we can boot in Hekate, and from this can create a emunad with atmosphere, is that right?!
And to boot in HOS can press vol-&vol+ to skip pico and boot to HOS, is that right?!
Given the seeming lack of context before it being posted and the very obvious pico ID in the file name, I'd hazard a guess it's meant for the ID in question.
im fully aware...but no doubt people where going to ask me anyway and for the sake of spending 2 minutes to test...
Fair enough; I don't know offhand what people do and don't know and it's hard enough trying to parse info out of here.
Considering 'original' here, I'd assume this is that the "Ubuntu-only" firmware bypasses running a payload if the combination is held? I'm very unsure what to take away from this but that's the best I can try to grasp.
Well since this is the ID of the chip, maybe it can be spoofed now (really out of my knowledge scope).
In this FW chip id is stored in 0x200259c8 address:
As you see thats my pico id. The address is always the same and this happens at boot process.
Later when get_unique_id() is called it justs reads that address.
Function is at 0x10002608, and its called "_retrieve_unique_id_on_boot".
It allocates that memory address and puts data from "flash_get_unique_id" function in it
You can compile unique_id from pico-examples and cross reference it (.dis file)
unique_id example - dissasembly file
Which is identical to function 0x10002608
In GDB I examined "10002614 c8 59 02 20 undefined4 200259C8h"
address which spit out chip id
If its possible to inject this id into that address (someone with arm asm knowledge would need to do it) maybe it will run.
In this FW chip id is stored in 0x200259c8 address:
Code:
0x100012c2 in ?? ()
(gdb) x/s 0x200259C8
0x200259c8: "\346aA\004\003y\247\071W\003"
(gdb) x/8x 0x200259C8
0x200259c8: 0xe6 0x61 0x41 0x04 0x03 0x79 0xa7 0x39
(gdb)Later when get_unique_id() is called it justs reads that address.
Function is at 0x10002608, and its called "_retrieve_unique_id_on_boot".
It allocates that memory address and puts data from "flash_get_unique_id" function in it
You can compile unique_id from pico-examples and cross reference it (.dis file)
unique_id example - dissasembly file
Code:
100043c4 <_retrieve_unique_id_on_boot>:
100043c4: b510 push {r4, lr}
100043c6: 4802 ldr r0, [pc, #8] ; (100043d0 <_retrieve_unique_id_on_boot+0xc>)
100043c8: f000 f80c bl 100043e4 <flash_get_unique_id>
100043cc: bd10 pop {r4, pc}
100043ce: 46c0 nop ; (mov r8, r8)
100043d0: 20000628 .word 0x20000628
100043d4 <pico_get_unique_board_id>:
100043d4: b510 push {r4, lr}
100043d6: 2208 movs r2, #8
100043d8: 4901 ldr r1, [pc, #4] ; (100043e0 <pico_get_unique_board_id+0xc>)
100043da: f7ff fd43 bl 10003e64 <__wrap___aeabi_memcpy>
100043de: bd10 pop {r4, pc}
100043e0: 20000628 .word 0x20000628Which is identical to function 0x10002608
Code:
undefined FUN_10002608() -- _retrieve_unique_id_on_boot
undefined r0:1 <RETURN>
FUN_10002608+1 XREF[0,1]: 10016b48(*)
FUN_10002608
10002608 10 b5 push {r4,lr}
1000260a 02 48 ldr r0,[DAT_10002614] = 200259C8h
1000260c 00 f0 0c f8 bl FUN_10002628 undefined FUN_10002628()
10002610 10 bd pop {r4,pc}
10002612 c0 46 mov r8,r8
DAT_10002614 XREF[1]: FUN_10002608:1000260a(R)
10002614 c8 59 02 20 undefined4 200259C8h <-- ID IS STORED HERE!
**************************************************************
* FUNCTION *
**************************************************************
undefined FUN_10002618() -- pico_get_unique_board_id
undefined r0:1 <RETURN>
FUN_10002618 XREF[1]: FUN_100169bc:10000714(c)
10002618 10 b5 push {r4,lr}
1000261a 08 22 movs r2,#0x8
1000261c 01 49 ldr r1,[DAT_10002624] = 200259C8h
1000261e ff f7 9f fe bl FUN_10002360 undefined FUN_10002360()
10002622 10 bd pop {r4,pc}
DAT_10002624 XREF[1]: FUN_10002618:1000261c(R)
10002624 c8 59 02 20 undefined4 200259C8h <-- ID IS READ HERE!In GDB I examined "10002614 c8 59 02 20 undefined4 200259C8h"
address which spit out chip id
If its possible to inject this id into that address (someone with arm asm knowledge would need to do it) maybe it will run.
Last edited by renoob,
Similar threads
- No one is chatting at the moment.
-
@
Skelletonike:
I'll be picking up my Zelda LE after work. <3+1
The store did not let me down this time
. -
-
-
-
-
-
@
Skelletonike:
Pondered about the switch, but had bought the pokemon one not long ago and I don't really need two switches (gave my previous one to a cousin).
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
