Hacking Hardware Picofly - a HWFLY switch modchip

[Danook28]

is this right???

your console is not dead your emmc not dead nx nand manger must show console info.

with voltage read adapter unplog battery and see what volt and am it get. after that plog the battery and conect voltage adapter read then see voltage if it charge meaning it is boot in and alive see is there any short. read A point cmd resistor 4.7k read dat0 point read the 3v3 if only unplog battery coz it is still alive motherboard not want shorts when you touch the motherboard .


if you see the console charge in hekate and voltage up to 30% or 40% you can boot to cfw sysnand if that console is factory mode it will do setup like you buy new console.

 

[detilmalala]

your console is not dead your emmc not dead nx nand manger must show console info.

with voltage read adapter unplog battery and see what volt and am it get. after that plog the battery and conect voltage adapter read then see voltage if it charge meaning it is boot in and alive see is there any short. read A point cmd resistor 4.7k read dat0 point read the 3v3 if only unplog battery coz it is still alive motherboard not want shorts when you touch the motherboard .


if you see the console charge in hekate and voltage up to 30% or 40% you can boot to cfw sysnand if that console is factory mode it will do setup like you buy new console.

i think somethhin is worng with the nand, because it says fw version not found,
how should i proceed

 

[Danook28]

i think somethhin is worng with the nand, because it says fw version not found,
how should i proceed

no bro that is fine...

 

[abal1000x]

I can try to make a backup of the nand. Does anyone know what the picofly does the first time it turns on when it turns on the white light???

View attachment 480395

The white light simply the picofly upload some file to the emmc.
The file that responsible to load the payload on the microsd.

The first time picofly on, it will check couple of thing. And one of it is check whether the 'payload' already exist on emmc. If it is not, then upload the 'payload' hence the white light. Its only happened once.
Kind of forgot, but if the glitch failed couple of time the payload will be uploaded again.

Seems the payload working, since you could boot to hekate.

Post automatically merged: Jan 15, 2025

I can try to make a backup of the nand. Does anyone know what the picofly does the first time it turns on when it turns on the white light???

View attachment 480395

I reread the code, if you bridge (connect) the pin 0 (GP0) and the pin 1 (GP1), it also re upload the payload (the white light).
View attachment 480552




View attachment 480554

If `was_self_reset` true then it will execute `rewrite_payload`
`was_self_reset` will true if `force_button` true.
`force_button` value get by the function `detect_by_pull(1, 0, 1)`
Basically detect_by_pull(a, b, 1) will return true if pin a and b connected (bridged).

 

[detilmalala]

The white light simply the picofly upload some file to the emmc.
The file that responsible to load the payload on the microsd.

The first time picofly on, it will check couple of thing. And one of it is check whether the 'payload' already exist on emmc. If it is not, then upload the 'payload' hence the white light. Its only happened once.
Kind of forgot, but if the glitch failed couple of time the payload will be uploaded again.

Seems the payload working, since you could boot to hekate.

Post automatically merged: Jan 15, 2025

I reread the code, if you bridge (connect) the pin 0 (GP0) and the pin 1 (GP1), it also re upload the payload (the white light).
View attachment 480552




View attachment 480554

If `was_self_reset` true then it will execute `rewrite_payload`
`was_self_reset` will true if `force_button` true.
`force_button` value get by the function `detect_by_pull(1, 0, 1)`
Basically detect_by_pull(a, b, 1) will return true if pin a and b connected (bridged).

Ok, and what consequences would loading the payload have on the emmc, if it were done with the clk point cut, in the place that is marked in green, but not making contact with the cpu, because after that the console stopped working

 

[abal1000x]

Ok, and what consequences would loading the payload have on the emmc, if it were done with the clk point cut, in the place that is marked in green, but not making contact with the cpu, because after that the console stopped working

If its really cut then theres will be no white light, since the sync failed. The clock are the basis of sync in digital world. Without it there will be no digital works. In simple words, picofly cannot communicate with the dat0 at all. You'll get different error. The evidence you see the white light means picofly could read, confirm, then write the payload. And if the glitch works its another evidence that the picofly can communicate with the emmc, since it needs to sniff the dat0 to check whether the glitch works or not. I guess you have another error not on clock. Maybe some component failed. Usually about power component.

 

[detilmalala]

If its really cut then theres will be no white light, since the sync failed. The clock are the basis of sync in digital world. Without it there will be no digital works. In simple words, picofly cannot communicate with the dat0 at all. You'll get different error. The evidence you see the white light means picofly could read, confirm, then write the payload. And if the glitch works its another evidence that the picofly can communicate with the emmc, since it needs to sniff the dat0 to check whether the glitch works or not. I guess you have another error not on clock. Maybe some component failed. Usually about power component.

It is not like that, in more than one console it has happened to me that I have placed the chip with the clk cut off and the white light does appear, my assumption is that it corrupts the nand, I am going to see if I fix it using the sthetix level unbrick method 2

 

[abal1000x]

It is not like that, in more than one console it has happened to me that I have placed the chip with the clk cut off and the white light does appear, my assumption is that it corrupts the nand, I am going to see if I fix it using the sthetix level unbrick method 2

View attachment 480708

If the white appear, then the clk definitely not cut off. Its certainty.
Its the synchronization beat in digital world.
To communicate (sending/receive 1 or 0) to the emmc you need to be synchronize.

 

[detilmalala]

If the white appear, then the clk definitely not cut off. Its certainty.
Its the synchronization beat in digital world.
To communicate (sending/receive 1 or 0) to the emmc you need to be synchronize.

I can assure you that if you cut the clk track and connect the chip on the opposite side of the cpu, the white light appears and the console is useless, only the hekate works, I'm going to try with a donated nand to see if I fix it

 

[abal1000x]

I can assure you that if you cut the clk track and connect the chip on the opposite side of the cpu, the white light appears and the console is useless, only the hekate works, I'm going to try with a donated nand to see if I fix it

View attachment 480789

If you clk trace between emmc and the cpu got cut, not even the cpu could read your emmc, there will be nothing shown, hekate wont run, since the cpu couldn't read the emmc, hence the payload to boot the hekate. There will be only black screen.

 

[snaker]

If you clk trace between emmc and the cpu got cut, not even the cpu could read your emmc, there will be nothing shown, hekate wont run, since the cpu couldn't read the emmc, hence the payload to boot the hekate. There will be only black screen.

But he assures you...

 

[detilmalala]

But he assures you...

If you think I'm wrong you can try it on an OLED and you will see that it is like that, and then the console will not work, as I said it has happened to me more than once and I have installed more than 1000 chips

 

[snaker]

If you think I'm wrong you can try it on an OLED and you will see that it is like that, and then the console will not work, as I said it has happened to me more than once and I have installed more than 1000 chips

View attachment 480836

I may not have installed 1,000 modchips, but I can confidently assure you that if the CLK signal is interrupted or the trace is cut, the screen will remain black—modchips or no modchips. I've repaired around five consoles with cut CLK tracks (tracing under the eMMC), and in every single case, the result was a black screen. Even without those repair experiences, anyone familiar with the function of the CLK signal would understand this fundamental point. The fact is, your CLK trace was simply not cut

 

[detilmalala]

I may not have installed 1,000 modchips, but I can confidently assure you that if the CLK signal is interrupted or the trace is cut, the screen will remain black—modchips or no modchips. I've repaired around five consoles with cut CLK tracks (tracing under the eMMC), and in every single case, the result was a black screen. Even without those repair experiences, anyone familiar with the function of the CLK signal would understand this fundamental point. The fact is, your CLK trace was simply not cut

i think you did not understand, only firs time was cut, pico show with light, then i fixed the clk track, but console does not work, only hekate

 

[snaker]

i think you did not understand, only firs time was cut, pico show with light, then i fixed the clk track, but console does not work, only hekate

This could be a corrupted NAND issue for various reasons. Rebuild your NAND to confirm, and then test it. If the issue persists, there may be another hardware problem with the console.

 

[abal1000x]

i think you did not understand, only firs time was cut, pico show with light, then i fixed the clk track, but console does not work, only hekate

If you cut it the first time, it will be black screen and no white light.

The picofly couldn't communicate with the emmc since theres no clk signal, hence no white light.
And the cpu couldn't even run any code since it cannot fetch the code from the emmc, hence black screen.

If its really the data corruption it might occured from various reason, but almost certainly its not because the clk trace got totally cut off.

Since hekate working, you might try install ubuntu (switchroot) just to make sure theres no hardware failure.

 

[DumbMJ]

Get an old unpatched V1.

Or start practicing with a soldering iron and rework station.
This is how most of us got started.
For $30 you can get a brand new Chinese knock-off rework station with soldering iron.
Enough electronics in the dumpster to take apart and practice on.
This might also land you a nice engineering job in the future.

Hi, don't know if you will ever see this, but my dad got his good friend to hardmod my switch. Thanks for replying to me back then.

 

[Endracion]

Maybe someone here will know, since we open so many switches - what is this and where does it go (Switch V2)? Was loose in the back.

 

[thesjaakspoiler]

Maybe someone here will know, since we open so many switches - what is this and where does it go (Switch V2)? Was loose in the back.

Not everything found inside customers devices actually belongs in there : (I won't post the roach infested PS4 pics).

 

[naldo29]

I’ve done this mod so many times that it muscle memory at this point I’ve genuinely looked around the board to see if i could see any chip cracks or any caps shorted and nothing, the console is stuck at 0.4 amps and does not power on. When everything was set and done i turned it on and nothing happened the chip didn't light up. I looked around the areas where i couldve ruined a trace and couldnt find anything. Any tips on what i should try next? Thank you!