but you had hwfly on the switch?wont let you fails, and trying to overwrite the sdloader loader with the hwfly one DOES work, but after reboot the switch fails to to glitch.
but you had hwfly on the switch?wont let you fails, and trying to overwrite the sdloader loader with the hwfly one DOES work, but after reboot the switch fails to to glitch.
the toolbox, not the actual firmware.....but you had hwfly on the switch?
Which pin on the flex is it wired to? 3rd?lockpick rcm doesnt load at all.
and its wired to both sp1 and sp2, its bridged on the flex.
the original photo on page 1 is setup the same way hence why i did it this way aswell.
pin 3 and 4 bud, 1 2 5 6 are connected to ground, so dont bridge any of those to 3 and 4Which pin on the flex is it wired to? 3rd?
I've seen this functionThis is the ID of the chip, not stored one for encryption, still finding where its compared
Anyway. the function is at 0x10002608 which is called at boot
pin 3 and 4 bud, 1 2 5 6 are connected to ground, so dont bridge any of those to 3 and 4
> hekate_keys.ini is not something that hekate actually supports. I don't know what you are talking about.I've seen this function
Post automatically merged:
if we try to put the keys manually like it says here https://github.com/CTCaer/hekate/issues/559
Post automatically merged:
Post automatically merged:
@Tafty
Does that mean any console that used the original TX firmware without manually backup up first could never be restored to stock?> hekate_keys.ini is not something that hekate actually supports. I don't know what you are talking about.
Also refrain from illegally posting even a single part of the keys.
hekate_keys.ini was used in some shitty closed source cfw packs, because original tx firmware wipes BEK. You should not post thoese keys tho
The keys are stored in bootrom, and normally they will be loaded to keyslot at boot. But TX firmware just wipe keyslot at boot to prevent other CFW to boot(It was their DRM lol), so it is not permanent.Does that mean any console that used the original TX firmware without manually backup up first could never be restored to stock?
Don't know how the compiler packs Pico code into .uf2 files, but I couldn't find the HWFLY-NX public key signature (0x69 repeating) in the latest unlocked dump. If the uf2 is uncompressed then this firmware really is using different BCTs, but I guess we can already safely bet on that.
In the meantime, I'm currently writing PIO code to sniff eMMC traffic using an external CLK signal. CMD line is almost done, though I don't know yet how to know when I need to sniff 136 bit packages and when I need to sniff 48bit packages. This protocol is pretty annoying tbh.
I don't think I'll be able to even write a prototype for the glitching part, because I don't have a CPU flex cable to test this whole thing out. I have some MOSFETs (slightly different ones from the one linked here) but they're so damn small that I don't trust myself to solder it on the tiny capacitors on the switch lmao.
https://github.com/hwfly-nx/firmware/blob/master/firmware/src/mmc_sniffer.cDon't know how the compiler packs Pico code into .uf2 files, but I couldn't find the HWFLY-NX public key signature (0x69 repeating) in the latest unlocked dump. If the uf2 is uncompressed then this firmware really is using different BCTs, but I guess we can already safely bet on that.
In the meantime, I'm currently writing PIO code to sniff eMMC traffic using an external CLK signal. CMD line is almost done, though I don't know yet how to know when I need to sniff 136 bit packages and when I need to sniff 48bit packages. This protocol is pretty annoying tbh.
I don't think I'll be able to even write a prototype for the glitching part, because I don't have a CPU flex cable to test this whole thing out. I have some MOSFETs (slightly different ones from the one linked here) but they're so damn small that I don't trust myself to solder it on the tiny capacitors on the switch lmao.
This is the MCU‘s side. I‘m writing the actual serial connection which originally the FPGA did on the HWFLY. Thank you though.