Hacking Hardware Picofly - a HWFLY switch modchip

[realtimesave]

Anyone know an alternate RST point on an Erista? Not on the EMMC board, but somewhere else? The RST point on my EMMC came off.

 

[lightninjay]

Anyone know an alternate RST point on an Erista? Not on the EMMC board, but somewhere else? The RST point on my EMMC came off.

The blue line leads to a tiny pad near the EMMC, but not on it, so you should be able to hit that one.

 

[realtimesave]

View attachment 363113
The blue line leads to a tiny pad near the EMMC, but not on it, so you should be able to hit that one.

Thanks I found the point, as far as I can tell, the little black component on your photo isn't on my board though. Is that any issue?
edit: tried it, still won't show me the chip's boot screen again. Possibly I have another wire that's an issue though. It's just booting straight into OFW.
edit: I'm getting yellow LED and then it goes to OFW. I checked my D0 point it is good on both ends. Not sure what's going on.
edit: RST came off, so.. it's real difficult to hit that point its very small. so I think I'll shelve this til tomorrow. Since I have SP1 and SP2 perfectly soldered, I might just buy a different modchip altogether because this one pretty much gave up on me hehe

 

[Rodel]

NOT tested, so NOT putting into the main post (will be updated once I test everything).

no guarantees, use at your own risk.
for those who can't wait

!!!!PINOUT!!!! (resistors / mosfets are still required)

Common GPIO for all boards:
CMD => 28
CLK => 27
RST => 26

Waveshare 2040-zero / 2040-one (default, floating pins 29, 11, 16):
DAT => 29
CPU => 15

Raspberry Pi Pico (detected by thermal sensor on pin 29):
DAT => 22
CPU => 21

XIAO2040 (detected by LED power on pin 11):
DAT => 29
CPU => 6

Adafruit ItsyBitsy (detected by LED power on pin 16):
DAT => 29
CPU => 24

ChangeLog:
- fixed regulator setup
- firmware update feature (+ rollback to backup in case of non-working fw update)
- multiple boards support (no idea if that works, magic, ensure LED blinks after write! that means detection worked fine!!)
- extended OFW support, should not break BOOT0 anymore, OFW BCT is copied into the unused space

P.S. I need some rest.

Thanks for this my picofly on switch lite works..with fw2.5+unlock my issue is when I power on my switch the light is cyan and boot to ofw..but when I press the reset when switch logo it glitch to green light and boot to hekate.but when I flash this 2.6 it glitch to green no more click in reset and succesfully boot to hekate.i use 2 mosfet.by the way my RP2040 is like this and the version I see inside when I flash is v3.0. so 2.6 is the firmware compatible.the 2.5 seems have a bug to this R2040 v3.0

 

[SQc04]

Anyone know an alternate RST point on an Erista? Not on the EMMC board, but somewhere else? The RST point on my EMMC came off.

 

[rehius]

is this okay for a magnetic reed switch incase for future reset?

can be reset through toolbox. usually reset is not required, even badly learned it boots within seconds

 

[Crypto]

Can I use picofly to inject lockpick, etc. without emmc or does picofly only work with mounted emmc?

 

[rehius]

Can I use picofly to inject lockpick, etc. without emmc or does picofly only work with mounted emmc?

you need any eMMC installed. it can be empty or even different size, but it must have 4MB BOOT partition

Post automatically merged: Apr 5, 2023

what does this mean/do? im gonna remove usbc, both buttons and 3v3 regulator

That is an onboard console voltage regulator setup that caused unstable glitch results (like @Rodel had).

 

[Arakon]

NOT tested, so NOT putting into the main post (will be updated once I test everything).

no guarantees, use at your own risk.
for those who can't wait

!!!!PINOUT!!!! (resistors / mosfets are still required)

Common GPIO for all boards:
CMD => 28
CLK => 27
RST => 26

Waveshare 2040-zero / 2040-one (default, floating pins 29, 11, 16):
DAT => 29
CPU => 15

Raspberry Pi Pico (detected by thermal sensor on pin 29):
DAT => 22
CPU => 21

XIAO2040 (detected by LED power on pin 11):
DAT => 29
CPU => 6

Adafruit ItsyBitsy (detected by LED power on pin 16):
DAT => 29
CPU => 24

ChangeLog:
- fixed regulator setup
- firmware update feature (+ rollback to backup in case of non-working fw update)
- multiple boards support (no idea if that works, magic, ensure LED blinks after write! that means detection worked fine!!)
- extended OFW support, should not break BOOT0 anymore, OFW BCT is copied into the unused space

P.S. I need some rest.

Seems to work like a charm. Trained for 3 seconds the first time, then instantly glitches since.

 

[Crypto]

can anyone tell me, what component this is (the 3,3v point)? my ripped off.

 

[Assidefok]

NOT tested, so NOT putting into the main post (will be updated once I test everything).

no guarantees, use at your own risk.
for those who can't wait

!!!!PINOUT!!!! (resistors / mosfets are still required)

Common GPIO for all boards:
CMD => 28
CLK => 27
RST => 26

Waveshare 2040-zero / 2040-one (default, floating pins 29, 11, 16):
DAT => 29
CPU => 15

Raspberry Pi Pico (detected by thermal sensor on pin 29):
DAT => 22
CPU => 21

XIAO2040 (detected by LED power on pin 11):
DAT => 29
CPU => 6

Adafruit ItsyBitsy (detected by LED power on pin 16):
DAT => 29
CPU => 24

ChangeLog:
- fixed regulator setup
- firmware update feature (+ rollback to backup in case of non-working fw update)
- multiple boards support (no idea if that works, magic, ensure LED blinks after write! that means detection worked fine!!)
- extended OFW support, should not break BOOT0 anymore, OFW BCT is copied into the unused space

P.S. I need some rest.

You fucking rock!

 

[Phantomas77]

View attachment 363083
That's great, it worked!

Love the new logo

 

[Jopa777]

You need to run the unlock.bin via hekate but backup Boot0 first


Sent from my iPhone using Tapatalk

Hi, thanks- worked but know I can't boot OFW- black screen and in CFW I have that sleep mode issue. Was checking hints and it says that a full system reset would resolve it. How do I do that if I can't boot into OFW? Thanks again

 

[meha]

Hi, thanks- worked but know I can't boot OFW- black screen and in CFW I have that sleep mode issue. Was checking hints and it says that a full system reset would resolve it. How do I do that if I can't boot into OFW? Thanks again

it says "backup boot0 first" so i believe you must have done so.

mount sdcard, go to where backup is, move backup files to 'restore' folder.
boot into hekate, and restore boot partitions

 

[rehius]

Hi, thanks- worked but know I can't boot OFW- black screen and in CFW I have that sleep mode issue. Was checking hints and it says that a full system reset would resolve it. How do I do that if I can't boot into OFW? Thanks again

now restore the boot0 backup.

OFW can be boot with hekate (More Config - Full Stock). full reset would fix sleep mode, OFW update would fix it completely (in case you have no BOOT0 backup)

 

[Arakon]

My stock OS is still 4.0.1, and while I can boot to that just fine from Hekate, if I press the Power Button (to sleep mode), the console yellow screens and has to be force shutdown. I never ran the unlock.bin.

Anyway.. all done now.

 

[nqtal]

Friends, I need your help. This component broke when I unsuccessfully soldered 3.3V line (switch lite). Where can I find it (what is it) or replace it with an analogue?

 

[Jopa777]

now restore the boot0 backup.

OFW can be boot with hekate (More Config - Full Stock). full reset would fix sleep mode, OFW update would fix it completely (in case you have no BOOT0 backup)

Thanks,

now restore the boot0 backup.

OFW can be boot with hekate (More Config - Full Stock). full reset would fix sleep mode, OFW update would fix it completely (in case you have no BOOT0 backup)

Thanks, restored boot0 and boot1. Tried to launch stock but receive message attached

 

[Kiuxn]

no update.bin file to update via picofly toolbox?

 

[Adran_Marit]

Whats brokeded on it?

is that blue th green or cyan ? can really see what excatly it is

if its cyan check ur mosfet cable if thats not the issue install a second mosfet

Post automatically merged: Apr 4, 2023

nice
its looking good :-)
if u need someone for testing hit me up

Post automatically merged: Apr 4, 2023

how bad is it broken probaly fixable ?
or u think its a total Rip aslong as the apu isnt dead it should be fixable

Leftmost pad for emmc clk ripped off, breaking the connection to soc

NOT tested, so NOT putting into the main post (will be updated once I test everything).

no guarantees, use at your own risk.
for those who can't wait

!!!!PINOUT!!!! (resistors / mosfets are still required)

Common GPIO for all boards:
CMD => 28
CLK => 27
RST => 26

Waveshare 2040-zero / 2040-one (default, floating pins 29, 11, 16):
DAT => 29
CPU => 15

Raspberry Pi Pico (detected by thermal sensor on pin 29):
DAT => 22
CPU => 21

XIAO2040 (detected by LED power on pin 11):
DAT => 29
CPU => 6

Adafruit ItsyBitsy (detected by LED power on pin 16):
DAT => 29
CPU => 24

ChangeLog:
- fixed regulator setup
- firmware update feature (+ rollback to backup in case of non-working fw update)
- multiple boards support (no idea if that works, magic, ensure LED blinks after write! that means detection worked fine!!)
- extended OFW support, should not break BOOT0 anymore, OFW BCT is copied into the unused space

P.S. I need some rest.

Take rest. Remind me to update aio thread when full release is out