The modchip is not a single hack but consists of 3 hacks :
The first hacking method is 'custom data injection'.
The second hacking method is called 'voltage glitching'.
The third hack is circumventing the security measures that normally prevent the execution of unsigned code and providing the homebrew menu.
Before the SX Core/HWFly/Picofly, only the first generation of Switches could be hacked.
For the first Switches (V1 unpatched), the debug mode of the Tegra could be used to load a custom bootloader.
All before the secure environment was started so one would be in full control of the Switch, right from the start.
This is used to hack the OS so that it can execute unsigned code and add the homebrew menu to the Album button (and later many more things).
When the operating system is running with this hack, it does no longer check certificates of the software and can thus run anything.
That was really like leaving the backdoor wide open.
This was a real blunder of epic proportions, not only because of this debug mode left enabled on production devices.
The code enabling resides in ROM inside the CPU so it cannot be patched/fixed.
For the newer generation Switches, this debug mode was disabled so there was no longer a way to start custom code anymore.
The rest of Nintendo's security model was perfect and up until this day no software hack has been found.
Until someone combined voltage glitching with data injection to get control over the boot proces like with the V1 debug mode.
The boot process starts with some code in ROM inside the CPU.
That checks if the bootloader in the emmc is signed with the right encryption key.
If that check fails, the cpu just stops the boot process. Game over.
Since we don't know the encryption key to sign the bootloader, we cannot replace the bootloader in the emmc with our own code.
That would be pretty trivial to do as the emmc has no security whatsoever.
When the custom data injection hack and voltage hack are combined, it allows us to execute a custom boot loader as before.
The modchip replaces data from the emmc with a custom bootloader with a data injection hack.
The cpu thinks it is reading from the emmc but the modchip is providing a custom bootloader.
Normally the cpu would reject this custom bootloader.
This is where the voltage glitch hack comes into play.
A voltage glitch lowers the voltage to the cpu for just a brief moment by shorting the + and - voltage lines with a mosfet.
(That is why the ribbon cable needed to be soldered to the top of the cpu at first. Later someone found a way to do it on the backside.)
This causes the cpu to just completely ignore a command and continue with the next command.
In case of the Switch, the voltage glitch is executed when the CPU needs to make a decision whether the bootloader it loaded is valid or not.
Normally it would go to the section where it terminates the execution of the bootloader.
With the voltage hack, the cpu skips the encryption check and continues as if our custom bootloader was signed with a valid encryption key.
So the custom bootloader is started and this opens the gates to the castle with the third hack.
The moment when to lower the voltage is very critical and this is what the training of the modchip is doing.
Depending on the model of the Switch and the type of emmc used, the timings differ so the timing must be determined for each individual Switch.
The modchip has a way to see if the voltage glitch succeeded or not.
Once it determines the right moment to glitch, it stores this timing and then it just takes an instant to boot the next time.
The modchip is connected to the emmc to disable it so the modchip can inject its own bootloader.
Normally the emmc has 8 datalines but it has a special mode so that it can run in 1 bit mode.
The modchip uses this feature as well so that only 1 wire is needed as a dataline.
That saves soldering 7 other wires.
Finally the reset line is used by the modchip for timing the glitch and to reset the cpu during training mode.
Team Xecuter was the first to come up with a modchip but they just read the detailed paper/blog from Yifan Lu.
She hacked the PSVita in 2018 and Team Xecuter announced their modchip just a few months afterwards :
http://arxiv.org/pdf/1903.08102
Team Xecuter used a low cost cpu with an FPGA to determine the timing of the glitch, glitching the Switch and to do the data injection.
FPGA are (re)programmable custom chips that can easily keep up with fast signals and timings.
Implementing everything inside an FPGA would technically be possible but not very flexible.
To provide flexibility to the modchip, Team Xecuter choose this low cost cpu + fpga set up.
This allowed to store the custom bootloader in the cpu and connect to it over USB.
But Bowser was caught by Nintendo Ninjas and the whole Team Xecuter operation was shut down.
But the designs and code somehow leaked from the Chinese manufacturers of the SX Core and started a second life with the HWFly.
In 2022, someone came up with the idea to use a Raspberry Pi.
A Raspberry Pi is much faster so no FPGA would be needed.
And the RP2040 (Raspberry Pi Pico) is really small so it would fit inside the Switch.
This is what became known as the PicoFly.
The original SX Core source code is here but I recall the FPGA source code was available at the time.
That was just a binary blob.
But you can learn a lot from this.
https://github.com/Spacecraft-NX/firmware
The Picofly code is also available :
https://github.com/Ansem-SoD/Picofly
Before you go out to hack your PS5 with voltage glitching,
some modern CPUs have protective measures against such attacks and even by reordering the code, it is possible to prevent such a hack.
So not everything can be hacked this way.
It's going to be fun to see what the Switch2 will have in store.
I guess Nintendo learned a lesson or 2 with the Switch 1.