I don't know yet, as I'd need to virtualize the code myself first to know what it's even attempting to do.
I don't know yet, as I'd need to virtualize the code myself first to know what it's even attempting to do.
- Joined
- Sep 13, 2022
- Messages
- 7,533
- Trophies
- 3
- Location
- The Wired
- Website
- m4x1mumrez87.neocities.org
- XP
- 21,422
- Country
This sounds very interesting. Hopefully someone out there could decrypt the dump if possible.
Chucked this thing on an rp2040-zero I had (not soldered into any switch sadly, I am NOT even remotely that good at soldering) and it definitely looks to be doing something. Plugging it into a USB-C port makes the LED go blue, then rapidly switch to green then turn off, I don't have a clue what it's actually doing, but if it's doing what it's thought to be then I'm gonna seriously consider looking around for people in my local area with actual soldering skill to see if I can get it in a console. Consider my interest piqued.
I have some info about PicoFly so i'll share it with you.
1) Yes, it's really exist.
2) Yes, it can glitch (at least it definetely works with Switch Lite and Switch Oled).
3) Yes, you still need a cpu ribbon cable (V2 or higher).
4) The firmware is unique for each chip. Each chip has its own ID, and the firmware uses it for verification.
Example ID - Flash ID: D6 28 60 B8 1C 55 6A 25
5) You need three resistors (probably for protection?), ~45 ohm each.
Switch lite Solder scheme is attached (yes, it's low quality, but who cares?)
1) Yes, it's really exist.
2) Yes, it can glitch (at least it definetely works with Switch Lite and Switch Oled).
3) Yes, you still need a cpu ribbon cable (V2 or higher).
4) The firmware is unique for each chip. Each chip has its own ID, and the firmware uses it for verification.
Example ID - Flash ID: D6 28 60 B8 1C 55 6A 25
5) You need three resistors (probably for protection?), ~45 ohm each.
Switch lite Solder scheme is attached (yes, it's low quality, but who cares?)
Attachments
Also, using the attached file you can get your RP-2040-Zero unique Flash ID.
Connect rp-2040-zero to the PC. Look at the COM port of the chip in the device manager.
Just drug-and-drop .uf2 to your chip and then connect to the COM port using PuTTY or KiTTY (or whatever you use). Strings with a Flash ID of your chip will appear in the console (Flash ID: XX XX XX XX XX XX XX XX).
Last edited by PicoPro,
Given the talk of encryption in the firmware, I'm assuming you can't just hex edit the flash dump to put your own flash ID in and make it work.
No
I'm still trying to enable debugging. I'm sure it's possible to patch the firmware and allow the debugger to connect, but I don't know how. This is my first arm debugging experience, never had any problems on x86/64)
No! You need encrypt 2nd stage firmware with new key (generated with unique Flash ID)
Post automatically merged:
I'm still trying to enable debugging. I'm sure it's possible to patch the firmware and allow the debugger to connect, but I don't know how. This is my first arm debugging experience, never had any problems on x86/64)
Last edited by ByteFun,
do you have the source code of this, I really start to learning hoy to code this bugger, and is fun.
I think this is the right one
https://github.com/raspberrypi/pico-examples/blob/master/system/unique_board_id/unique_board_id.c
the code is on C, I am not getting there yet.
If somebody likes, this is my code on Arduino:
C-like:
#include "pico/unique_id.h"
String cadena;
String cadenaHex;
void setup() {
Serial.begin(115200);
while (!Serial) {
; // wait for serial port to connect. Needed for native USB port only
}
// send an intro:
Serial.println("\n\nPico Unique Board ID example:");
Serial.println();
pixels.begin();
}
void loop() {
pico_unique_board_id_t board_id;
pico_get_unique_board_id(&board_id);
cadena = "";
cadenaHex = "";
for (int i = 0; i < PICO_UNIQUE_BOARD_ID_SIZE_BYTES; ++i) {
//Serial.write(board_id.id[i]);
//Serial.write(13);
//Serial.write(10);
cadena += " ";
cadena += board_id.id[i];
cadenaHex += " ";
cadenaHex += String(board_id.id[i], HEX);
}
Serial.println("Flash ID (int): " + cadena);
Serial.println("Flash ID (hex): " + cadenaHex);
delay(250);
}I am using Raspberry Pi Pico/RP2040 https://github.com/earlephilhower/arduino-pico board library on the Arduino IDE, that have the unique_id.h file.
Last edited by impeeza,
Similar threads
- No one is chatting at the moment.
-
-
-
-
-
-
-
-
-
@
BakerMan:
plus there's thunder and lightning outside, and it'll rain soon, there's somehow no tornado watch tho -
@
BakerMan:
and to make it worse, the heat didn't sway my brother away from wanting to spend some time swimming on his birthday tomorrow
-
-
-
-
-
-
@
BakerMan:
if you have a habitable basement, the heat shouldn't be down there and that's where you should hang out
-
-
-
-
-
-
-
-
-
