I have found where the unique_id of the current rp2040 is stored in the original firmware:
0x20025978
$1 = 0x20025978 "\346aA\004\003y\247\071W\003"
(gdb) x/8x $r0
0x20025978: 0xe6 0x61 0x41 0x04 0x03 0x79 0xa7 0x39
and this is the output of micropython:
MPY: soft reboot
e6 61 41 4 3 79 a7 39
MicroPython v1.19.1-841-g3446d440f on
Cross Referenced unique_id example code in ghidra with firmware,found where it is,little this and little that and here we are
(rp2040 was live debuged)
0x20025978
$1 = 0x20025978 "\346aA\004\003y\247\071W\003"
(gdb) x/8x $r0
0x20025978: 0xe6 0x61 0x41 0x04 0x03 0x79 0xa7 0x39
and this is the output of micropython:
MPY: soft reboot
e6 61 41 4 3 79 a7 39
MicroPython v1.19.1-841-g3446d440f on
Cross Referenced unique_id example code in ghidra with firmware,found where it is,little this and little that and here we are
(rp2040 was live debuged)
pin 3 and 4 bud, 1 2 5 6 are connected to ground, so dont bridge any of those to 3 and 4
I've seen this function
Post automatically merged:
if we try to put the keys manually like it says here https://github.com/CTCaer/hekate/issues/559
Post automatically merged:
Post automatically merged:
@Tafty
Last edited by vittorio,
So bridge 3/4 thanks, I'll dig out my lite when I get home and have a play.
Did you just use the fw from this thread?
The sdloader used in this firmware is wrong/bad that’s why it says for Ubuntu. It clears out the keys, that’s why BEK is missing. Someone that understands the firmware better needs to swap out the sdloader code with hwfly or spacecraft sdloader. You cannot patch it with hwfly toolbox because it’s not in the same location
> hekate_keys.ini is not something that hekate actually supports. I don't know what you are talking about.
Also refrain from illegally posting even a single part of the keys.
hekate_keys.ini was used in some shitty closed source cfw packs, because original tx firmware wipes BEK. You should not post thoese keys tho
Does that mean any console that used the original TX firmware without manually backup up first could never be restored to stock?> hekate_keys.ini is not something that hekate actually supports. I don't know what you are talking about.
Also refrain from illegally posting even a single part of the keys.
hekate_keys.ini was used in some shitty closed source cfw packs, because original tx firmware wipes BEK. You should not post thoese keys tho
The keys are stored in bootrom, and normally they will be loaded to keyslot at boot. But TX firmware just wipe keyslot at boot to prevent other CFW to boot(It was their DRM lol), so it is not permanent.
Maybe it will be useful for someone. I trimmed the dump.
Deleted UF2 header. UF2 > BIN.
Added old firmware witch cut UF2 file.
Deleted UF2 header. UF2 > BIN.
Added old firmware witch cut UF2 file.
Don't know how the compiler packs Pico code into .uf2 files, but I couldn't find the HWFLY-NX public key signature (0x69 repeating) in the latest unlocked dump. If the uf2 is uncompressed then this firmware really is using different BCTs, but I guess we can already safely bet on that.
In the meantime, I'm currently writing PIO code to sniff eMMC traffic using an external CLK signal. CMD line is almost done, though I don't know yet how to know when I need to sniff 136 bit packages and when I need to sniff 48bit packages. This protocol is pretty annoying tbh.
I don't think I'll be able to even write a prototype for the glitching part, because I don't have a CPU flex cable to test this whole thing out. I have some MOSFETs (slightly different ones from the one linked here) but they're so damn small that I don't trust myself to solder it on the tiny capacitors on the switch lmao.
In the meantime, I'm currently writing PIO code to sniff eMMC traffic using an external CLK signal. CMD line is almost done, though I don't know yet how to know when I need to sniff 136 bit packages and when I need to sniff 48bit packages. This protocol is pretty annoying tbh.
I don't think I'll be able to even write a prototype for the glitching part, because I don't have a CPU flex cable to test this whole thing out. I have some MOSFETs (slightly different ones from the one linked here) but they're so damn small that I don't trust myself to solder it on the tiny capacitors on the switch lmao.
Probably better to solder some 40AWG enamel magnet wire to the caps and the fets if you don't have super good eyes, steady hands, and/or a microscope.
This is the MCU‘s side. I‘m writing the actual serial connection which originally the FPGA did on the HWFLY. Thank you though.
Similar threads
-
Xdqwerty
what are you looking at? -
Sicklyboy
-
K3Nv2
-
Psionic Roshambo
-
NinStar
-
@
Sicklyboy:
I'm planning to start building it back up though. Plus, Usenet automation around music downloading has gotten so much better since then
-
@
Psionic Roshambo:
I used to use high end headphones and speakers JBL back when they made good speakers lol X-Fi Fatality edition sound card on PCI with XP back when Windows had good sound....
-
-
@
Sicklyboy:
I use AKG K7XX headphones for daily use, but Meze 99 Classics when I want to *enjoy* the music+1
-
@
Psionic Roshambo:
I mean built in sound on mobo's has gotten way better but still XP handled sound better and X-Fi was still better than onboard audio even to this day
-
@
Psionic Roshambo:
Hell not sure what was going on but for like a few weeks MP3's sounded muffled, some driver or Windows update fixed it. Thank god lol
-
-
@
Sicklyboy:
Oh boy Massdrop has $1100 IEMs. Want, but not at that price lmao. https://drop.com/buy/campfire-audio-andromeda-emerald-sea-iem
-
@
Sicklyboy:
I'd sooner buy the Meze 109 Pro if I was dropping that much on headphones. I don't even like buds/IEMs
-
@
Sicklyboy:
I got the Google Pixel Pro buds, they're good enough for when I need portable audio. And some really cheap IEMs that Dankpods recommends, I think the KZ ZSN Pro+1
-
@
K3Nv2:
I'd stick with cheapo Chinese $10 ones quality is actually becoming on pair with name brand since name Brand usually quads the price up anyway loose one bud that's another $200
-
@
Sicklyboy:
My Pixel Pro buds shit the bed a month or two ago. My wireless charger (which they do support Qi charging) absolutely COOKED them. Caused some problem that caused the case to heat up to 180F+
-
@
Sicklyboy:
They were like 9 months out of warranty but I hit up Google support anyway and told them how hot they were getting and they replaced them with new ones because they wanted these for failure analysis lol
-
-
-
-
-
@
Sicklyboy:
Apparently the case has a problem with >15W wireless chargers. Google design fault, that one.
-
-
-
-
-
-
@
Sicklyboy:
@Xdqwerty, power through a coil of wire causes an electromagnetic field to be generated. Another coil of wire can be set up to harness the power from that electromagnetic field and turn it into usable energy for charging a device
-
