Hacking Hardware Picofly - a HWFLY switch modchip

[abal1000x]

.

 

[BlueBeans]

The best one using 0.3mm, fast glitching, smooth, but its difficult to solder, and need to kapton tape, because when the shield closed, always failed similar with your cases. Try 0.1mm didn't work. Try 0.2mm work, but not good enough. All using single line. The last one, use double line (U-shaped), seems stable. I playing games while heat, then reboot the glitch still works (3-4 seconds).

Post automatically merged: Jun 10, 2023

Beautiful

Is the wire enameled? Is that what you’re using for the other points as well?

 

[AceCuba]

Ok guys i need help . I just install a pico in a mariko fw 16.0.3 Samsung mcc fw 1.74 . 4 resistors for dat0 and cmd and still slow mode . If i instala another resistor to clock the glich fail

Enviado desde mi Redmi Note 8 mediante Tapatalk

 

[AceCuba]

Im runing a nand backup . Can i just leave It like That ? with slow mode . What are the real consecuences ? . If i use emunand, does slow mcc mode stop being a problem?

Enviado desde mi Redmi Note 8 mediante Tapatalk

 

[AceCuba]

I can boot to atmosphere no issue un the sysnand . But hekake says slow emcc

Enviado desde mi Redmi Note 8 mediante Tapatalk

 

[abal1000x]

.

 

[provato]

Is there a discord server for help with picofly installing?

 

[BlueBeans]

All enameled.

For other than mosfet, use 0.1mm enameled (including the 3.3V and GND). Using flex in the mosfet is the safest method. The reason using 0.1mm is to reduce the probability of the pad on the pcb ripped. Small diameter, small mechanical force its exerted, when accidentally pulled.

The GND is risky to take off, so if you want to be more secure, connect 2 gnd point to the picofly, for precaution. If the GND disconnected, then the G supplied to the mosfet is unexpected. The same with the CMD/CLK/D0 that goes to the emmc. The worst case scenario, emmc, cpu, and the pico burned.

Enameled is difficult, need to kapton tape to make sure its not short circuit.
If you want to be easier just use the isolated one, around 34awg.

I use enameled because its cheap. I don't use flex because its cheaper using copper. But this required the person to be experienced on micro soldering.

Great thank you for all the info. I wanted to let you know I pulled the flex out of that switch lite and installed a single mosfet. Works flawlessly. I used 0.1 enameled wire, looped, and twisted together. I was so excited I forgot to take a pic. Will take one tomorrow. I did have to instal SDA and SCL but that seems like every time I install a pico. Maybe it’s the 0.1 wire. Anyways. It’s up and running which is amazing!

 

[cgtchy0412]

Great thank you for all the info. I wanted to let you know I pulled the flex out of that switch lite and installed a single mosfet. Works flawlessly. I used 0.1 enameled wire, looped, and twisted together. I was so excited I forgot to take a pic. Will take one tomorrow. I did have to instal SDA and SCL but that seems like every time I install a pico. Maybe it’s the 0.1 wire. Anyways. It’s up and running which is amazing!

So the culprit is the flex after all?

Post automatically merged: Jun 10, 2023

so what would you say is a good price? I've been Quoting $100 USD for parts and labor. including installing the software mod

I say 1 week worth of meal is the ideal..

Post automatically merged: Jun 10, 2023

Ok guys i need help . I just install a pico in a mariko fw 16.0.3 Samsung mcc fw 1.74 . 4 resistors for dat0 and cmd and still slow mode . If i instala another resistor to clock the glich fail

Enviado desde mi Redmi Note 8 mediante Tapatalk

hey hey, where that beatifull one again.

 

[provato]

after flashing the firmware 2.74 to the rp2040, I get a single green flash instead of a yellow one before the window closes. Is that normal successful flashing?

 

[abal1000x]

.

 

[RatchetRussian]

Thank you so very much @abal1000x for helping me diagnose the corrupt emmc black screen.

I resoldered everything including a permanent dat0 adapter and not only did this fix it, but it boots INSTANTLY

 

[kronicbowlz]

here the info of the nand, I clarify that without the chip it starts perfectly, with the chip only the hekate works, neither original mode nor atmosphere works

Same thing happened to me when I had the wrong resistors check that they are 47ohm

 

[Dee87]

120 seems a bit low for oled if 100 for v2 is the reference. The oled takes quite a bit more time, effort and risk.

Oled takes 10 -15min longer

 

[AspenFTW]

Hi what does this led indicator mean? My switch oled v2.74pico boots to OFW and not on hekate.

Not sure if this is;

=*
Or
=*=*


Usually I wait for 20mins if this happens then restart my switch then it will boot to hekate.

 

[FreeLander]

Some news for those with dead lite

I noticed that hekate "works" changing the on the bdk/memory_map.h, #define IPL_STACK_TOP 0x4003ff00 // 0x83100000 with this doesn't "boot".

After turn on, when the backlight is reduced a bit, then you can select the Reboot to OFW or RCM Mode.

Steps to reproduce:

1-Turn on.
2-If the backlight is reduced, the hekate it's "working"
3-Press 4 times volume -
4-Press power button for "Reboot to OFW"

I have the bootloader folder on the sd, but i think that hekate doesn't recognize it.

Maybe it's possible to do the same with LockPick_RCM?

The time will say it.

I'm getting 3 Lites to install Pico, this made me worried. I did one Lite and is working perfectly. What's with this screen on Lite? has a new issue on the lite installation been noticed?

 

[abal1000x]

.

 

[Takezo-San]

I'm getting 3 Lites to install Pico, this made me worried. I did one Lite and is working perfectly. What's with this screen on Lite? has a new issue on the lite installation been noticed?

The one lite that worked, what was the emmc manufacturer?

 

[Dee87]

So the culprit is the flex after all?

there are a few good distrubitors of the flex cable but there are also alot ones who send out trash cables , we have seen alot of people having issues.
after installing mosfets without flex the issue where gone.

its the same with those crappy dat0 adapters.

so like i say use mosfets and save that money u pay and waiting time for the flex and be done with it

 

[AspenFTW]

Its
=* D0 is not connected

Thank you