Toggle sidebar

Hacking Hardware Picofly - a HWFLY switch modchip

  • Thread starter Thread starter mathew77
  • Start date Start date
  • Views Views 3,675,024
  • Replies Replies 17,052
  • Likes Likes 15
FreeLander said:
I have, but I didn't know it would matter if I didn't keep part of pin 26 ( I removed It completely). Got a spare one and will try again.
Click to expand...
oh, that is not the pad that matters, I meant you were too close to the oscillator, there are important traces and vias close to the pad 20 that you could cut or short
 
  • Like
Reactions: FreeLander
FreeLander said:
Nice. What AWG/MM Did you use?
Post automatically merged:


Hi Dee. Been a minute

I have, but I didn't know it would matter if I didn't keep part of pin 26 ( I removed It completely). Got a spare one and will try again.

Thanks, my man.
Click to expand...
well how far it matters but there are some close traces are still needed so just get as close as its on the diagramm
 
  • Like
Reactions: FreeLander
rehius said:
Latest firmware here

ChangeLog:

v2.0 + Active MMC communication
v2.1 + Toshiba support
v2.2 + Fix Toshiba boot fail
v2.3 + SanDisk support
v2.4 + Faster Toshiba boot
v2.5 + fix OFW boot
v2.6 + software update, xiao & itsy support
v2.61 + Instinct-NX sdloader, bug fixes
v2.62 + Make 16.0.1 happy (fix OFW boot)
v2.63 + roll back some 2.62 boot speed tricks
v2.64 + enable back the board detection
v2.65 + RP Pico support, double reset removed
v2.66 + Bypass to OFW after update for proper fuse burning

must be RED after USB write. if you see green, set "RGB mode" jumper

WHITE = eMMC write
BLUE = glitch
PURPLE = eMMC boot failure, check CMD / CLK
PINK = NS eMMC init fails, inoperative eMMC ?
YELLOW = eMMC write failure, check D0 / unsupported eMMC
CYAN = no reaction to glitch, check mosfet wire
GREEN = success

View attachment 357132
View attachment 363821
View attachment 364242
View attachment 364990
View attachment 357133
View attachment 357135
View attachment 357134
View attachment 357136

View attachment 357137
View attachment 357138
View attachment 360187
View attachment 363817
View attachment 357139
View attachment 357140
View attachment 360186
View attachment 364818

Q: What is supported?
A: Erista (v1), Mariko (v2, Lite, OLED)

Q: eMMC types support?
A: Tested on Hynix, Samsung, Toshiba, SanDisk

Q: rp2040 boards support
A: WaveShare 2040-zero/one, xiao-rp2040, adafruit itsybitsy (Pi Pico is not supported for now)

Q: GREEN, but instant reset
A: Clean flux near the RST point

Q: Do I really need 47 Ohm resistors?
A: You can skip them, however in this case you will have to use emuMMC due to the line interference, sysNAND would not boot (sysNAND data can be damaged).

Q: Does the firmware has learning? How to reset statistics
A: Short pin 0 to either 1 or GND during start for chip reset. The statistics is collected each boot. The more you start it - the better it boots.

Q: open source?
A: no

Q: why you made it?
A: to prove it possible!

Q: run Atmosphere?
A: no piracy

v2.5 firmware had a bug with BOOT0 corruption. To recover it:
- boot "Full Stock" using hekate
- update to the latest official firmware over Wi-Fi

- boot "Full Stock" using hekate
- perform a full system reset

- show firmware information
- update firmware from SD card (place update.bin into the root folder)
- rollback to the backup firmware slot
- reset learning statistics
- dump / write sdloader

if you have an rp2040-zero from waveshare/ali then it has a neopixel. It is used for diagnosing proper firmware flashes as well as console glitching. If you plug it in, and flash the uf2 firmware to it and immediately see a red light after flashing (this is not the same as flashing, then unplugging and replugging), then no rgb jumper needs to be made. If on the other hand, you get one quick green flashing light, then you need to bridge the jumper pads indicated to swap the LED colors for proper diagnoses capability.
Click to expand...
Hello, is it possible to use the Flex cable from V2 (mariko) in v1 (erista)?
 
Hello. I've tried 3 different MOSFET types, and two different wires (0.1mm and 0.3mm). I just won't get a CPU value on diode mode.

I've tried the close GND ground and tried two MOSFETs at once. Same thing.


Any advice? Thank you.
IMG_B892466071F5-1.jpeg
 
Adran_Marit said:
while it is possible I would just get a v1 flex
Click to expand...

FueledSamantha said:
I had seen someone do it, its pretty sketchy and even they recommended against it.
Trying to remember who did it and where I saw it.thanks, if you remember where you saw it please let me know, I'm interested to know
Click to expand...
Post automatically merged:

FueledSamantha said:
I had seen someone do it, its pretty sketchy and even they recommended against it.
Trying to remember who did it and where I saw it.
Click to expand...
thanks, if you remember where you saw it please let me know, I'm interested to know
 
Is it me or does it seem that sk hynix switches glitching is not as consistent as the other ones with the pico?
 
Can someone please tell me what voltage the RST point needs to be when checking it to ground? I'm getting around 3.5v...is that normal on a switch lite? Thanks!
 
calishooter said:
Can someone please tell me what voltage the RST point needs to be when checking it to ground? I'm getting around 3.5v...is that normal on a switch lite? Thanks!
Click to expand...
rst line 1.8v
Post automatically merged:

calishooter said:
Can someone please tell me what voltage the RST point needs to be when checking it to ground? I'm getting around 3.5v...is that normal on a switch lite? Thanks!
Click to expand...
rst line 1.8v
 
  • Like
Reactions: calishooter
FreeLander said:
Hello. I've tried 3 different MOSFET types, and two different wires (0.1mm and 0.3mm). I just won't get a CPU value on diode mode.

I've tried the close GND ground and tried two MOSFETs at once. Same thing.


Any advice? Thank you.
View attachment 366932
Click to expand...
"Both capacitors should be connected at the point."。
 

Attachments

  • S__35815429.jpg
    S__35815429.jpg
    1.9 MB · Views: 126
  • S__35823618.jpg
    S__35823618.jpg
    1.9 MB · Views: 166
  • S__35823620.jpg
    S__35823620.jpg
    2 MB · Views: 121
rehius said:
Hello @FreeLander, looks like you found the dangerous incorrect diagram by sthetix where the 3.3v point is actually direct 4.2v right from the battery. Be careful, such overvoltage may fry your RP Pico and the console. Please use the proper 3.3v point here:
View attachment 366724
Click to expand...
i'm curious where that 4.2v is? XD i've always used the 3.3v
 
POPOLO said:
"Both capacitors should be connected at the point."。
Click to expand...
Hello, POPO. Thank you.
I did this and I'm still getting zero on diode mode. I can't tell what is it I'm doing wrong.
I even removed the caps entirely and soldered to the pads directly, but still no luck, and even worse, the console wouldn't boot.
Thankfully, @rehius anticipated noobs like me would do this, so I did his trick by salvaging the caps off an rp2040 and re-soldering them to the console. Now it boots fine, but I'm still determined to figure out how to get a successful glitch with MOSFETs.

I followed every step. 0.2mm enameled, two MOSFETs, short wires, close grounds.

IMG_6792.JPG
 
FreeLander said:
Hello, POPO. Thank you.
I did this and I'm still getting zero on diode mode. I can't tell what is it I'm doing wrong.
I even removed the caps entirely and soldered to the pads directly, but still no luck, and even worse, the console wouldn't boot.
Thankfully, @rehius anticipated noobs like me would do this, so I did his trick by salvaging the caps off an rp2040 and re-soldering them to the console. Now it boots fine, but I'm still determined to figure out how to get a successful glitch with MOSFETs.

I followed every step. 0.2mm enameled, two MOSFETs, short wires, close grounds.

View attachment 366978
Click to expand...
since its runing fine now with the 2 caps stollen from the rp go ahead and reinstall the pico with the caps on it should work
 
FreeLander said:
Hello, POPO. Thank you.
I did this and I'm still getting zero on diode mode. I can't tell what is it I'm doing wrong.
I even removed the caps entirely and soldered to the pads directly, but still no luck, and even worse, the console wouldn't boot.
Thankfully, @rehius anticipated noobs like me would do this, so I did his trick by salvaging the caps off an rp2040 and re-soldering them to the console. Now it boots fine, but I'm still determined to figure out how to get a successful glitch with MOSFETs.

I followed every step. 0.2mm enameled, two MOSFETs, short wires, close grounds.

View attachment 366978
Click to expand...

Do you have a clearer photo of your firsts? Also have you tried the flex?
 
Dee87 said:
since its runing fine now with the 2 caps stollen from the rp go ahead and reinstall the pico with the caps on it should work
Click to expand...
Hello, Dee.
Okay, but shouldn't I be getting a 0.6- 0.9.0v diode reading on the G point?
Post automatically merged:

Adran_Marit said:
Do you have a clearer photo of your firsts? Also have you tried the flex?
Click to expand...
Wil try to do a better pic. I have not tried the flex on it since it's a v1 experimental console, I'm kind of hesitant about wasting a cable on it. I'm interested in doing MOSFETs moving forward, that's why I'm experimenting with this v1. I guess my question is, shouldn't I be getting a diode reading on G point?
 

Site & Scene News

Go to forum More news

Popular threads in this forum

Dusk for switch (TLoZ Twilight Princess port)

Homebrew  Full List of N64 Recompilation Switch ports

Homebrew  New Homebrew "Foil Server"?

Hacking  WiFi chip failing and can't boot. is it possible to enable Airplane Mode by editing system save files directly?

Homebrew Tutorial Translation Project  CS2SX — Write Nintendo Switch Homebrew in C#

Homebrew Homebrew game Project  So... Dan didn't want to reveal his Vulkan, so I made mine.

Homebrew  Sonic Unleashed Recompiled (Homebrew Port)

Is it fixable