Hacking Hardware Picofly - a HWFLY switch modchip

[Piorjade]

Please correct me if I understood you correctly. The gd32 microcontroller stores multiple glitch timings as variables.

During the first boot the fpga glitches the nvidia tegra chip using those supplied timings. My guess is that a restart is sent after trying each unsuccessful timing. It then tries the next one.

How does the fpga determine if the glitch was successful?

As far as I understood the code (I have not read the entire thing, yet), the microcontroller determines if it was successful by receiving the last data (data or commands? I don't know yet) that was sent between the eMMC and the CPU, looking for some sort of pattern

After a successful timing was found the timing is stored and the fpga is only used with this specific timing for the subsequent reads?

AFAIK the microcontroller saves the last couple of successful configurations, subsequent boots try these configurations first and if none of them work it starts to train again.

 

[FruithatMods]

I was having a look here https://github.com/Spacecraft-NX/firmware/blob/master/firmware/src/fpga.c

Correct me if I am wrong but this is just the logic which tells the microcontroller to initialise the fpga chip on the spi pins.

Perhaps glitch.c is more interesting. It sets the config for the fpga with the timings and offsets. Do the timings start from the offset?

glitch.c also receives the glitch state from the fpga. I.e. The fpga determines if the console has been successfully glitched and parses that information to the microcontroller. Since we don't have the code for the fpga we don't actually know how it determines that.

Does anyone have any theories?

 

[Piorjade]

2. Which signal does it use to start counting the time?

Also, this is probably the key question.. I don't know sadly

 

[RexSonic]

How about starting a bounty ?

 

[vittorio]

if not we have to ask balika011 to make payload for raspberry

 

[linuxares]

How about starting a bounty ?

That bounty would be illegal because of the DMCA.
Also the EU got a law about it as well.
Sad but true.

 

[FruithatMods]

That bounty would be illegal because of the DMCA.
Also the EU got a law about it as well.
Sad but true.

Is the DMCA as tricky as RUN DMC?

 

[Piorjade]

Correct me if I am wrong but this is just the logic which tells the microcontroller to initialise the fpga chip on the spi pins.

Correct

Perhaps glitch.c is more interesting. It sets the config for the fpga with the timings and offsets. Do the timings start from the offset?

The glitch pulse starts after <some kind of trigger> + offset, the trigger is probably a specific pattern in the CMDs between CPU and eMMC right after the system boots up.

glitch.c also receives the glitch state from the fpga. I.e. The fpga determines if the console has been successfully glitched and parses that information to the microcontroller. Since we don't have the code for the fpga we don't actually know how it determines that.

Does anyone have any theories?

Damn, you're right. The FPGA actually does determine success by itself, the microcontroller just has extra logic to test if it was a false-positive.
This talk doesn't directly describe what we're looking for, but especially at 27:22 it gets pretty interesting. Note: This talk was when Mariko didn't even exist yet, but AFAIK the boot procedure with the BCTs and stuff are preeeetty similar, except that on Mariko the BCTs themselves get encrypted additionally..

 

[CompSciOrBust]

1. How it identified it the glitch was succesful.

2. Which signal does it use to start counting the time?

If a glitch was successful the chain loader payload will execute. If the glitch is unsuccessful then it doesn't execute. Once the chain loader is running it sends an invalid eMMC command to the NAND, the NAND ignores it since it's invalid but the chip detects it by sniffing the lines and then can use that to tell if the chain loader ran or not.

Here's a list of valid eMMC command numbers:
https://linux.codingbelief.com/zh/storage/flash_memory/emmc/emmc_commands.html

Pick one that isn't there and use that to signal success. Iirc Xecuter used command 82, I'm not sure if HWFly does the same.

Edit: It starts timing after it detects the BCT being read. I think that's the *only* signal you can use since anything before it will have random delays introduced as glitch mitigation on Mariko and anything after it will be too late.

Edit 2: You're also going to want a way to keep the chip awake when requested by the user so that they can update it whithout opening the console. The way it's done on existing chips is by holding vol + and - which sends a different invalid eMMC command signalling the chip to stay awake and look out for more commands for e.g updating the firmware, resetting glitch configs, etc

 

[V800]

That bounty would be illegal because of the DMCA.
Also the EU got a law about it as well.
Sad but true.

I'm intrigued about the legality of this project. I know for sure that manufacturing/selling/making profit out of Pikofly is against the law but:
1) Is it illegal to solder wires to your switch ans dump keys?
2) Is it against the law to document the original hardware and the means you have used?
3) Once you've found the way to turn Pikofly a reality, how do you spread the word while avoiding a DMCA?

 

[Piorjade]

If a glitch was successful the chain loader payload will execute. If the glitch is unsuccessful then it doesn't execute. Once the chain loader is running it sends an invalid eMMC command to the NAND, the NAND ignores it since it's invalid but the chip detects it by sniffing the lines and then can use that to tell if the chain loader ran or not.

Here's a list of valid eMMC command numbers:
https://linux.codingbelief.com/zh/storage/flash_memory/emmc/emmc_commands.html

Pick one that isn't there and use that to signal success. Iirc Xecuter used command 82, I'm not sure if HWFly does the same.

Edit: It starts timing after it detects the BCT being read. I think that's the *only* signal you can use since anything before it will have random delays introduced as glitch mitigation on Mariko and anything after it will be too late.

Well nevermind you basically explained it. The video I linked paired with your info at least should suffice for the Erista, thank you.

Do you think that Mariko would need extra steps? Or do you think if we use the encrypted BCT provided by HWLFY-NX / Spacecraft-NX (if they really encrypted it using big N's keys) that the procedure is exactly the same because after decrypting the BCT itself, the following procedure is the same as on Erista?

 

[CompSciOrBust]

Well nevermind you basically explained it. The video I linked paired with your info at least should suffice for the Erista, thank you.

Do you think that Mariko would need extra steps? Or do you think if we use the encrypted BCT provided by HWLFY-NX / Spacecraft-NX (if they really encrypted it using big N's keys) that the procedure is exactly the same because after decrypting the BCT itself, the following procedure is the same as on Erista?

In theory it should be the same, although in practice from what I've heard there's a bunch of weird quirks to each model of Switch that makes things that should work not work. That's why first gen HWFly would only work on the Lite consoles if you bought a lite chip, and the HWFly equivalent of the SX Core would only work on OG consoles. I guess they shipped each model with a different FPGA firmware specifically for that model until they unified it. If you get it working on one model it shouldn't be hard to get it working on every other model through trial and error.

I'm not actually sure what the differences are between the models, just that there are some. I imagine it's mainly timing and width. I don't know what else it could be. Maybe how long the timeout is before it resets the SoC if it doesn't detect the success signal? I've only done FI on none-Switch hardware.

 

[FruithatMods]

Is it possible to sniff emmc signals with an rp2040?

Post automatically merged: Feb 1, 2023

Would we need to overclock the rp2040 to 300 - 400mhz?

Post automatically merged: Feb 1, 2023

Update 2: Good news! After having done some research it looks like the pi pico should be capable of sniffing the emmc signals. I have actually run into an online resource which describes an optional feature which I know the original dev of picofly considered in his design based on the limited photos and videos we have of it.

There is a good chance the original dev read the same online resource. I am on the right path!

Now we just need to implement the timings and get them exactly right.

 

[TheSynthax]

Does anyone have a clue what the voltage glitch actually mitigates? On Erista models the BCT is not even encrypted, it's just signed with the given public key (0x69 repeating in HWFLY's case), so what's stopping the payload if we don't do a voltage glitch?

The key used for signature checking of the BCT is stored in the ROM of the Tegra, which becomes read-only once the production fuse is burnt (this also disables JTAG). This key is known as the SBK (secure boot key)

 

[binkinator]

Is it possible to sniff emmc signals with an rp2040?

Post automatically merged: Feb 1, 2023

Would we need to overclock the rp2040 to 300 - 400mhz?

Post automatically merged: Feb 1, 2023

Update 2: Good news! After having done some research it looks like the pi pico should be capable of sniffing the emmc signals. I have actually run into an online resource which describes an optional feature which I know the original dev of picofly considered in his design based on the limited photos and videos we have of it.

There is a good chance the original dev read the same online resource. I am on the right path!

Now we just need to implement the timings and get them exactly right.

Whoah!

https://hackaday.com/2022/03/02/need-a-logic-analyzer-use-your-pico/

I’m back to being glad I bought two of these little guys now.

is a $3 board and Sigrok going to be able to eliminate the need to buy a $500 Salea?

Is that doc you found hush hush? I’d be curious to read it.

 

[Mansi]

By the way @Mansi the BOOT0 dumps you posted were from an Erista model, right? Do you perhaps have the same files but from a Mariko?

Yep, im used erista model

 

[linuxares]

I'm intrigued about the legality of this project. I know for sure that manufacturing/selling/making profit out of Pikofly is against the law but:
1) Is it illegal to solder wires to your switch ans dump keys?
2) Is it against the law to document the original hardware and the means you have used?
3) Once you've found the way to turn Pikofly a reality, how do you spread the word while avoiding a DMCA?

@Ericzander do you know?

 

[Mansi]

GNU (GPL) v3, no?

 

[binkinator]

IANAL
(12 year old me always wants to add a heart_emoji between the first I and A.)

I'm intrigued about the legality of this project. I know for sure that manufacturing/selling/making profit out of Pikofly is against the law but:

1) Is it illegal to solder wires to your switch ans dump keys?

not illegal to do stuff to hardware you own. Sharing the things you find will get you in trouble if they are someone else’s IP. Likely outcome would be a takedown notice. You can see how well that works by searching for prod.keys On the Internet. Tough to find, huh?

2) Is it against the law to document the original hardware and the means you have used?

There are tons of documents that talk about the details of the hardware and how it works. Documenting ways to get around protection measures gets you closer to the grey areas but there are DefCON presentations for example that go into great detail. Based on events surrounding things like RCMLoader and Dragon Injector I would say if you built tools to make use of the exploits you document you’re likely to attract the Ninjas.

3) Once you've found the way to turn Pikofly a reality, how do you spread the word while avoiding a DMCA?

…while avoiding DMCA.

Ungh. I don’t think it will be possible to avoid a C&D. It’s very likely this threat is why the original Dev noped tf out. Spreading the word and getting it out in the wild is certainly possible, but setting up a storefront with a traceable address in a country that respects Intellectual copyright? Naw dawg.

Better to follow my 3 step plan:
1 be Chinese citizen
2 ???
3 profit (by selling on AliExpress)

Again, we have the successful shuttering of DragonInjector as a prior demonstration of what Ninty will do.

https://static.wiidatabase.de/DragonInjector-Abmahnung.pdf

It was the circumvention of TPM that brought the Ninjas. This caused collateral damage to other project such as DragonMMC.

My unqualified opinion?
It will be hard to shut down casual sharing of howto information (see exploits available for…heck, EVERYTHING!). As long as you don’t set up shop and start selling from a storefront with a business address and a money trail you should be fine.

tried my best to reference other real world actions (except for the last paragraph) but again…IANAL

Let’s wait for @Ericzander to bring the facts.

 

[V800]

IANAL
(12 year old me always wants to add a heart_emoji between the first I and A.)


not illegal to do stuff to hardware you own. Sharing the things you find will get you in trouble if they are someone else’s IP. Likely outcome would be a takedown notice. You can see how well that works by searching for prod.keys On the Internet. Tough to find, huh?

There are tons of documents that talk about the details of the hardware and how it works. Documenting ways to get around protection measures gets you closer to the grey areas but there are DefCON presentations for example that go into great detail. Based on events surrounding things like RCMLoader and Dragon Injector I would say if you built tools to make use of the exploits you document you’re likely to attract the Ninjas.

…while avoiding DMCA.

Ungh. I don’t think it will be possible to avoid a C&D. It’s very likely this threat is why the original Dev noped tf out. Spreading the word and getting it out in the wild is certainly possible, but setting up a storefront with a traceable address in a country that respects Intellectual copyright? Naw dawg.

Better to follow my 3 step plan:
1 be Chinese citizen
2 ???
3 profit (by selling on AliExpress)

Again, we have the successful shuttering of DragonInjector as a prior demonstration of what Ninty will do.

https://static.wiidatabase.de/DragonInjector-Abmahnung.pdf

It was the circumvention of TPM that brought the Ninjas. This caused collateral damage to other project such as DragonMMC.

My unqualified opinion?
It will be hard to shut down casual sharing of howto information (see exploits available for…heck, EVERYTHING!). As long as you don’t set up shop and start selling from a storefront with a business address and a money trail you should be fine.

tried my best to reference other real world actions (except for the last paragraph) but again…IANAL

Let’s wait for @Ericzander to bring the facts.

Thank you so much for clarifying how it works. I can barely understand the ideas shared in this thread and that's OK since I'm not computer savvy. Even so, I'm afraid the nearer we get to something, the more we should worry about attracting Ninjas.