Let's call it now the switchroot modchip.
Thank you @rehius to bring us this.
Can't wait to finish my switch lite whit this.
Thank you @rehius to bring us this.
Can't wait to finish my switch lite whit this.
This might be a dumb question, but to me, logically, why don't we just use the uf2 we currently have and just overwrite it with the working one, then resale the uf2 after the fact?
I assume there I'd a technical reason why yhag won't actually work
I assume there I'd a technical reason why yhag won't actually work
CYAN = no glitch reaction
MOSFET must be connected very close, very thick wire, or direct solder
on video - very very long very very thin wire. cannot do 20 Amperes
Okay, after taking some time off I decided to look at this again and realized that they're most definitely fingerprinting (or rather, changing behaviour) based on the flash ID. They call flash_get_unique_id as part of an init callback (I thought this was some random flash func) and then continuously copy the unique ID: (lol I initially missed that mov R2, R4)
Based on this data it writes to memory in a specific pattern which is much more complicated to patch out than a simple check; the easiest way to go about this would be if someone dumped a firmware and a unique ID and then emulated it instruction-by-instruction. At the very least it would be helpful to see what they're doing with the 0x110B0 bytes copied from 0x1000297C to the SRAM base (0x20000000). The only problem I see from this would maybe be navigating the function that looks for the sequence on the CMD pin.
I also realized that they probably exit the XIP flash because it runs off of clk_sys which they're changing, because otherwise the dumped firmware.bin would look strange and I don't think the flash would be able to keep up anyways.
For reference, the initially dumped firmware grabs the unique ID in the init routine at 0x10002608, which gets copied into a 256-byte structure at 0x20025868 in the routine at 0x1000070C. Interestingly, the other .uf2s posted here do something slightly different when copying the unique ID, for some reason.
Other than this, I'm basically stuck until someone does what I suggested or if it turns out that binary blob has easy-to-disassemble ARM code.
Based on this data it writes to memory in a specific pattern which is much more complicated to patch out than a simple check; the easiest way to go about this would be if someone dumped a firmware and a unique ID and then emulated it instruction-by-instruction. At the very least it would be helpful to see what they're doing with the 0x110B0 bytes copied from 0x1000297C to the SRAM base (0x20000000). The only problem I see from this would maybe be navigating the function that looks for the sequence on the CMD pin.
I also realized that they probably exit the XIP flash because it runs off of clk_sys which they're changing, because otherwise the dumped firmware.bin would look strange and I don't think the flash would be able to keep up anyways.
For reference, the initially dumped firmware grabs the unique ID in the init routine at 0x10002608, which gets copied into a 256-byte structure at 0x20025868 in the routine at 0x1000070C. Interestingly, the other .uf2s posted here do something slightly different when copying the unique ID, for some reason.
Other than this, I'm basically stuck until someone does what I suggested or if it turns out that binary blob has easy-to-disassemble ARM code.
If you look at the amount of power you are going to use, you can calculate the wire thickness. For this application you don't need anything more than 25 AWG (0.45mm) - that's more than thick enough, so the 0.7mm wire you are using is fine.
For anyone wanting to reverse engineering this, the focus needs to be on getting both a dump and the unique id of the same working chip. Adding a check to verify the unique id is kindergarten stuff, they wouldn't do that. At minimum they would encrypt the rest of the information using the unique id as a key or part of the key.
hello guys, there is a problem, after breaking the capacitor at 3.3 v, I got a blue screen error, I hope it's from the capacitor, because at the same time, it short-circuited the 2 cables I connected the mosfet, so I hope tegra x1 is not broken.
Similar threads
- No one is chatting at the moment.
-
@
Quincy:
Usually when such a big title leaks the Temp will be the first to report about it (going off of historical reports here, Pokemon SV being the latest one I can recall seeing pop up here) -
@
K3Nv2:
I still like how a freaking mp3 file hacks webos all that security defeated by text yet again -
@
BigOnYa:
They have simulators for everything nowdays, cray cray. How about a sim that shows you playing the Switch. -
-
@
K3Nv2:
https://www.verizon.com/home/intern...0a82b82a&vendorid=CJM&PID=552179&AID=11365093 can I cancel and keep the switch lol+1
-
@
BigOnYa:
I want a 120hz 4k tv but crazy how more expensive the 120hz over the 60hz are. Or even more crazy is the price of 8k's.
-
-
@
BigOnYa:
Not a big movie buff, more of a gamer tbh. And Series X is 120hz 8k ready, but yea only 120hz 4k games out right now, but thinking of in the future.
-
-
@
BigOnYa:
I only watch tv when i goto bed, it puts me to sleep, and I have a nas drive filled w my fav shows so i can watch them in order, commercial free. I usually watch Married w Children, or South Park
-
-
@
BigOnYa:
I stream from Nas to firestick, one on every tv, and use Kodi. I'm happy w it, plays everything. (I pirate/torrent shows/movies on pc, and put on nas)
-
-
-
-
@
BigOnYa:
oh you mean the 3rd party apps on Kodi, yea i know what you mean, yea there are still a few cool ones, in fact watched the new planet of the apes movie other night w wifey thru one, was good pic surprisingly, not a cam
-
-
-
@
BigOnYa:
I got my Dad a firestick for Xmas and showed him those 3rd party sites on Kodi, he loves it, all he watches anymore. He said he has got 3 letters from AT&T already about pirating, but he says f them, let them shut my internet off (He wants out of his AT&T contract anyways)
-
-
@
BigOnYa:
I just use a VPN, even give him my login and password so can use it also, and he refuses, he's funny.
-
@
BigOnYa:
I had to find and get him an old style flip phone even without text, cause thats what he wanted. No text, no internet, only phone calls. Old, old school.
-
-
-
@
Psionic Roshambo:
@BigOnYa, Lol I bought a new USB card reader thing on AliExpress last month for I think like 87 cents. Free shipping from China... It arrived it works and honestly I don't understand how it was so cheap.+1
@
Psionic Roshambo:
@BigOnYa, Lol I bought a new USB card reader thing on AliExpress last month for I think like 87...
+1