Have you asked all 8 billion to make sure?there is no one rewriting the firmware
Have you asked all 8 billion to make sure?there is no one rewriting the firmware
it seems to me that no one is interestedHave you asked all 8 billion to make sure?
Oops I forgot to do this earlier... I will start it nowWe will know more as soon as someone updates to HOS16 with a working pi pico mod.
I can ensure you there is multiple people at least looking at firmware, I'm in touch with multiple devs who I won't name who are trying to figure this outit seems to me that no one is interested
Why? There would be no differences. The problem is the corruption of the keyblob,Why no one use a emummc to test this?
Basically the sdloader it writes disables access to the BEK and stuffI didn't check the firmware progress because is very out of my the firmware in the page 34 is also encrypted? All the progress I see about the investigation of the firmware is about the one with the serial.
Ok maybe I don't understand something right.Why? There would be no differences. The problem is the corruption of the keyblob,
It doesn't work that way. The keys are stored in Tegra Fuses, and will be loaded to keyslots by bootrom at boot.Ok maybe I don't understand something right.
A theoretical question:
If I dump the (unmodified) emmc whit a reader including Boot0/1, install the rp2040 boot to hekate write the dumped emmc back create a emmummc from this and try to boot the emummc. (Maybe create keys whit lockpick)
what happens then?
Bek error?
Can someone please tell me ?
Perhaps it's possible to read the fuses directly after the bootrom is run? Or is this only something the boot coprocessor is capable of doing and won't do again until next boot?It doesn't work that way. The keys are stored in Tegra Fuses, and will be loaded to keyslots by bootrom at boot.
The issue is that modchip firmware(sdloader) messes up the keyslots.
https://switchbrew.org/wiki/Fuses#Mariko
I forgot when exactly the fuses get locked down but I think it's when the bootloader gets run (aka the code where the BCTs point to)Perhaps it's possible to read the fuses directly after the bootrom is run? Or is this only something the boot coprocessor is capable of doing and won't do again until next boot?
Samsung eMMCKnown working eMMC is Tafty's SKhynix H26M62002JPR
Mine doesn't boot, it has a Kioxia THGBMHG8C2LBAIL
@Nagaa Which eMMC does your non-booting console use?
Could this be it? Does the pi Pico only boot if it is run on a skhynix switch?
And why is that?I highly doubt it, we will probably know soon.
No offense taken.And why is that?
Post automatically merged:
I don't mean to out you as being thick, I am sure you can put one and one together, but if the injection only works on skhynix chips then your whole theory of all emmc chips using the same protocol and thus being the same is wrong.
If this is indeed the case a new sdloader will have to be injected into the firmware or the firmware should be rewritten from scratch.