Toggle sidebar

Hacking Hardware Picofly - a HWFLY switch modchip

  • Thread starter Thread starter mathew77
  • Start date Start date
  • Views Views 3,658,728
  • Replies Replies 17,050
  • Likes Likes 15
abal1000x said:
Since you could watch it, i assume you already opened it right.
You might check the RST line.

I remember in the Q&A:
Q: GREEN, but instant reset
A: Clean flux near the RST point
Click to expand...
I managed to boot luckily to hekate out of pure luck. Instantly rolled back to 2.67 and never again gonna update. Never opened my switch again. Dont want to mess shit up. I was hoping the update would all be software. If i had to tinker hardware again, im going to pass on that.
 
  • Like
Reactions: abal1000x
abal1000x said:
You might do this on your own risk:
View attachment 378816
Thats already correct to modify the circle point. With that original shape, highly probable it will short circuit the D1.

When you insert it exactly like the guide line, you will get the value, means its connected maybe to d0 only or short d0 and d1. Now shift it little bit right, and check again the diode mode, repeat until you find it zero. That is the edge.

Now you approach it from the edge to the left, slowly until it shows a value. That will be the most probable d0 point without shorting to d1. Do this while you take the power off (battery connector plug off).

And if you're confident, you might try to power it on, to test wether the glitch work or not. And turn it off immediately after it failed (by pressing the power button 20sec or shorting the power pin to gnd for 20sec). Dont forgot to plug off the battery connector, after it.

And if your hunch feels is incorrect, then trust your hunch. Usually experience made our body have a reflex, about something is not right, even thouh our brain cannot find the logical explanation. That what usually happened to me.

Again i warn, this is dangerous only do it on your own risk. I recommend you read the datasheet to understand a gist about it.
Click to expand...
Solid info. The weird thing about this adaptor is the guide line is offset. The cutout shape (that goes around all the BGA pins) forces the lines on the left to go under the EMMC, as you can see here. Cutting where you showed would let me push it even more to the right.

I'll be honest; I don't feel confident shooting in the dark. I'll just try to get an actual emmc adaptor once I've got the screen working again.
 

Attachments

  • emmc.jpg
    emmc.jpg
    207 KB · Views: 84
  • Like
Reactions: Danook28 and abal1000x
abal1000x said:
Yupz, if it aint broken don't fix it.
Thats the golden rule for everything.

My hunch telling me that the installation is not stable.

Here is my analyze:
The more logical explanation is the installation are unstable. Since the firmware already open. Everyone can read it. And i could tell that theres nothing in the firmware update which could hinder the pico from resetting the cpu. Its just sending the low signal to reset. If the clock mismatch for example because of the OC. Still the cpu will reset on a skewed time of reference. The most probable explanation is the pico already send the low voltage signal, but it got dispersed. Because of dielectric material around it (flux, water, etc) or because the connection is unstable such as a cold joint solder.
Click to expand...
I had that v2.74 boot straight into OFW as well when I was updating from 2.73. It didn't show 2.74 on toolbox after I tried 2x update from toolbox, but eventually 3rd time I reboot to OFW right after pickfly fw update and shutdown from OFW. Then toolbox shows 2.74 info.
For the boot straight into OFW, for me it was the 1k ohm GATE resistor add-on, after I remove the resistor, issue solved.(But now I have the 33k ohm there for testing, so far so good).
FYI, any rp2040 wiring/circuit related change I recommend reset training data, and do manual training few times for best glitching result.
 
  • Like
Reactions: Switxh and abal1000x
abal1000x said:
I see. Noted, thank you.


I see the horizontal line guide still on outside. Maybe you not insert it to maximum length.
Or maybe its just the picture parallax. You should insert it until it cannot goes anymore.
Click to expand...
That's the maximum insertion without really forcing it. I actually think in that install the contact point wasn't going around the BGA because of the Ω shape... these adaptors are so many levels of trash.
 
  • Like
Reactions: abal1000x
jkyoho said:
I had that v2.74 boot straight into OFW as well when I was updating from 2.73. It didn't show 2.74 on toolbox after I tried 2x update from toolbox, but eventually 3rd time I reboot to OFW right after pickfly fw update and shutdown from OFW. Then toolbox shows 2.74 info.
For the boot straight into OFW, for me it was the 1k ohm GATE resistor add-on, after I remove the resistor, issue solved.(But now I have the 33k ohm there for testing, so far so good).
FYI, any rp2040 wiring/circuit related change I recommend reset training data, and do manual training few times for best glitching result.
Click to expand...
Can I ask what you mean by manually training? I know about resetting the training data in picofly toolbox but I'm not sure what you mean by manual training after. Is that just turning it on and then turning it off after Hetake comes up a bunch of times?
 
snaker said:
Hello guys. Is this the cheapest method to backup, restore boot0, boot1 and raw of oled emummc using linux?
https://www.aliexpress.com/item/
I also found this but it is out of stock and it was much cheaper
https://www.tindie.com
Click to expand...
Yes, I think this is the cheapest tool for the job at this time. I think it's based on the design from Tindie model but we were late to the party on that one :/
 
  • Love
Reactions: snaker
cicci084 said:
Yesterday I did several installations.
Among these is a dispute that I don't know how it works (after replacing the display) despite the bent mainboard.

There is also an oled made with Reballing, if it can serve for some ideas, I also used new connections for the mosfet.

Photo release (The photos are mixed up).
I'm continuing to use FW 2.67 which in my opinion is fast, stable, reliable. What am I getting into by not using the new FW?
Post automatically merged:


As for this problem, I carried out the unbrick level 1 and 2 procedures, after adding resistors (actually I redid the whole installation (the one carried out by the customer independently was disastrous by my standards).
Now I don't get slow memory error anymore, and in emummc everything works, even waking up.
I can't get into OFW though, after the black screen nintendo logo.
What guides can I follow?
I can download the keys without error, it takes like 190 or so.
Click to expand...
Hi guys, solution for this?

Hi guys, today I received a switch victim of an incorrect picofly DIY installation.
I immediately identified the problem (it was very evident) as the CPU cable was shorted to ground.
The console did not turn on.
I just partially got it working again.
The current conditions are as follows:
1) The console can start hekate but it doesn't start in OFW, Nintendo appears and then black screen. To start hekate again, I have to disconnect the battery.
2) I get slow emmc error, but I think it's an EMMC hardware error, as I can backup boot0,1 and also all emmc. However, I cannot save the keys, I receive an error (photo attached).
3) I created emummc and it starts up, but it doesn't wake up from rest mode.
My question is is there any way to reset mmc? (I have a donor switch, in case I could use the mmc.)
Can I wake from sleep in emummc?
I attach all the photos.
Thanks for your support.

EDIT:
after trying to restore the nand with sthetix videos, now everything works in EMUnand, even waking up.

In OFW it does not start, black after the writing nintendo.

How is it possible that in emunand it works?
I created emuNand from the switch when the switch itself wouldn't boot in OFW, so it's probably not corrupted?
Could it be some resistor on the cmd lines/other?
 
Last edited by cicci084,
abal1000x said:
You might do this on your own risk:
View attachment 378816
Thats already correct to modify the circle point. With that original shape, highly probable it will short circuit the D1.

When you insert it exactly like the guide line, you will get the value, means its connected maybe to d0 only or short d0 and d1. Now shift it little bit right, and check again the diode mode, repeat until you find it zero. That is the edge.

Now you approach it from the edge to the left, slowly until it shows a value. That will be the most probable d0 point without shorting to d1. Do this while you take the power off (battery connector plug off).

And if you're confident, you might try to power it on, to test wether the glitch work or not. And turn it off immediately after it failed (by pressing the power button 20sec or shorting the power pin to gnd for 20sec). Dont forgot to plug off the battery connector, after it.

And if your hunch feels is incorrect, then trust your hunch. Usually experience made our body have a reflex, about something is not right, even thouh our brain cannot find the logical explanation. That what usually happened to me.

Again i warn, this is dangerous only do it on your own risk. I recommend you read the datasheet to understand a gist about it.
Click to expand...
How about cutting on the red line? So he won't need to find the new position, and if the connection has no problem, maybe the big fat right side stuck between dat0 and NC pin will make the contact more stable.
oato.jpg
 
  • Like
Reactions: Xowin and Danook28

Site & Scene News

Go to forum More news

Popular threads in this forum

Dusk for switch (TLoZ Twilight Princess port)

Homebrew  New Homebrew "Foil Server"?

Homebrew  Full List of N64 Recompilation Switch ports

Hacking  WiFi chip failing and can't boot. is it possible to enable Airplane Mode by editing system save files directly?

Homebrew Tutorial Translation Project  CS2SX — Write Nintendo Switch Homebrew in C#

Is it fixable

Homebrew  Sonic Unleashed Recompiled (Homebrew Port)

Hacking Emulation  Switch Prod Keys downloading from sites okay?