Hacking Hardware Picofly - a HWFLY switch modchip

roxzii

roxzii

Well-Known Member
Newcomer
Level 3
Joined
Nov 11, 2022
Messages
47
Trophies
0
Age
27
XP
248
Country
Portugal
jkyoho said:
Can you at least screenshot what you have?
Are you mounting GPP with ums-loader?
Click to expand...
Yes, mounting GPP with ums-loader! I can post the error with boot0/1 in a bit, doing a user partition backup and it's taking a while.
In the background it's possible to see the contents of GPP, and in the other screenshot there's all the contents of GPP (except user.bin which is still doing).

Thanks for the response!

EDIT: Just tried mounting boot0/1 through HacDiskMount on my unpatched switch, same error, says it's not a full eMMC backup and confirms to open, and then throws an error. So I guess this still isn't an indication of dat0/1 short.
 

Attachments

  • Sem título.png
    Sem título.png
    494.7 KB · Views: 52
  • Sem título1.png
    Sem título1.png
    60.1 KB · Views: 27
  • Sem título4.png
    Sem título4.png
    54.9 KB · Views: 22
  • Sem título3.png
    Sem título3.png
    58.7 KB · Views: 50
Last edited by roxzii,
  • Like
Reactions: Danook28
jkyoho

jkyoho

Well-Known Member
Member
Level 10
Joined
Sep 2, 2020
Messages
1,312
Trophies
0
Age
39
Location
TORONTO
Website
form.jotform.com
XP
2,255
Country
Canada
roxzii said:
Yes, mounting GPP with ums-loader! I can post the error with boot0/1 in a bit, doing a user partition backup and it's taking a while.
In the background it's possible to see the contents of GPP, and in the other screenshot there's all the contents of GPP (except user.bin which is still doing).

Thanks for the response!
Click to expand...
Have you dumped your own prod.key and rebuild your boot0/1 and rest partition?
 
  • Like
Reactions: Danook28 and roxzii
jkyoho

jkyoho

Well-Known Member
Member
Level 10
Joined
Sep 2, 2020
Messages
1,312
Trophies
0
Age
39
Location
TORONTO
Website
form.jotform.com
XP
2,255
Country
Canada
roxzii said:
For that I would need to launch Lockpick right?
Click to expand...
Yes, rename Lockpick to payload and see if you could run
Post automatically merged:

roxzii said:
Just tried mounting boot0/1 through HacDiskMount on my unpatched switch, same error, says it's not a full eMMC backup and confirms to open, and then throws an error
Click to expand...
No, I dont think boot0/1 can be mount on those software,I confirm error is normal.
Post automatically merged:

https://switch.homebrew.guide/usingcfw/manualchoiupgrade.html

this guide here show how etcher can overwire Boot0/1, you just skip the hekate part and do the ums-loader way to mount the partition you want to rebuild
 
Last edited by jkyoho,
  • Like
Reactions: roxzii
roxzii

roxzii

Well-Known Member
Newcomer
Level 3
Joined
Nov 11, 2022
Messages
47
Trophies
0
Age
27
XP
248
Country
Portugal
jkyoho said:
Yes, rename Lockpick to payload and see if you could run
Click to expand...

jkyoho said:
Yes, rename Lockpick to payload and see if you could run
Post automatically merged:


No, I dont think boot0/1 can be mount on those software,I confirm error is normal.
Post automatically merged:

https://switch.homebrew.guide/usingcfw/manualchoiupgrade.html

this guide here show how etcher can overwire Boot0/1, you just skip the hekate part and do the ums-loader way to mount the partition you want to rebuild
Click to expand...
Yeah, but I never made a boot0/1 backup since I never got to hekate. And besides, how can I know the blue screen is caused by a corrupt boot0/1. Since GPP is good doesn't it mean the dat0/1 are not shorting?
 
D

Dee87

Well-Known Member
Member
Level 9
Joined
Mar 19, 2023
Messages
1,139
Trophies
1
XP
1,589
Country
Germany
roxzii said:
Okay, small update, the switch is back from the dead and I have display. I used HacDiskMount instead of DiskGenius, but I got GPP to mount and made a copy of all files just to be sure. Boot0/1 won't mount though. Is that an indication of Dat0/1 short?

I'm basically back to square one, no sd card screen appears, the only payload that I can launch is UMS-Loader. Trying OFW still gives blue screen and trying hekate either doesn't work or gives black screen. Checked all the traces between APU and DRAM and as far as I can see there's nothing wrong there.

Sorry to tag you, but @Dee87, @abal1000x, @Takezo-San, any ideas what I should test? Really out of ideas here, all help appreciated.
Click to expand...
srry cant help u there , i also have a oled laying around with the same issue basicly the same issue as u have i got it from a customer , could do an further investigation since i havent found any hardware issues yet.

i was also thinking it boot0/1 issue but i talked with a few people they said its probally a ram issue orso. i can also use ums loader but nothing else


i did order a stencil for the ram so i could reball one from another switch and see if that helps but my stencil never arrived and went with my 100€ order back to aliexpress, still fighting for the chargebacks so i guess that was my last ali order
 
  • Like
Reactions: Takezo-San and roxzii
vulp_vibes

vulp_vibes

Well-Known Member
Member
Level 9
Joined
Mar 13, 2013
Messages
104
Trophies
1
XP
1,585
Country
United States
vulp_vibes said:
dat0 running through that alignment indicator circle is a very convenient visual marker. though, being in between other lines makes me a little wary of potential damage to the surrounding traces. I looked at the board scans and found that the dat0 line also comes out into a via pad beneath two ground layers near the cmd resistor, with fewer small traces surrounding it. would be interesting to see if this point is possible as well

View attachment 382849
Click to expand...

can officially say I modded my first oled the hard way

Untitled-1.jpg





 
  • Like
  • Love
Reactions: thaikhoa, superxoi, chronoss and 4 others
Takezo-San

Takezo-San

Well-Known Member
Member
Level 3
Joined
May 3, 2023
Messages
261
Trophies
0
Age
39
XP
349
Country
Seychelles
Dee87 said:
srry cant help u there , i also have a oled laying around with the same issue basicly the same issue as u have i got it from a customer , could do an further investigation since i havent found any hardware issues yet.

i was also thinking it boot0/1 issue but i talked with a few people they said its probally a ram issue orso. i can also use ums loader but nothing else


i did order a stencil for the ram so i could reball one from another switch and see if that helps but my stencil never arrived and went with my 100€ order back to aliexpress, still fighting for the chargebacks so i guess that was my last ali order
Click to expand...
@roxzi yep same issue here with my Lite. I had to call it and use it now as a donor board. Was either an emmc corruption or something else but way over my head because I too didn't get far enough to make a back up of the nand yet.
 
  • Like
Reactions: roxzii
roxzii

roxzii

Well-Known Member
Newcomer
Level 3
Joined
Nov 11, 2022
Messages
47
Trophies
0
Age
27
XP
248
Country
Portugal
Takezo-San said:
@roxzi yep same issue here with my Lite. I had to call it and use it now as a donor board. Was either an emmc corruption or something else but way over my head because I too didn't get far enough to make a back up of the nand yet.
Click to expand...
About the emmc corruption, @abal1000x seems the most knowledgeable in emmc stuff (sorry if I'm wrong, haven't been active here for long).
Even with dat0/1 short shouldn't hekate boot? I have the bad adapter, is it even worth it to remove it and cut the lobe from the dat1 side like you suggest if I have constant sucessful glitch? I can mount GPP, not sure if there's any way to verify if there's boot0/1 corruption using ums-loader.
Btw I'm using @floxcap version of ums-loader that has some changes to the code to test emmc and it says my mmc is ok.

Is there any way to test DRAM? Any way to just confirm that it is the problem?

@floxcap did you ever made the changes to ums-loader to test DRAM read/write?
@HackMan37 any luck modding ums-loader?

Thanks in advance!
 
Last edited by roxzii,
abal1000x

abal1000x

Well-Known Member
Member
Level 8
Joined
Jun 5, 2022
Messages
1,070
Trophies
0
XP
1,400
Country
Gaza Strip
I bought the nintendo switch solely because of this thread.
I am not too fond with gaming.

But i love embedded device. I've known nvidia jetson for so long.
The problem is the price. Its the best portable embedded device for an ai project.
Its only 10 watt, and you could run yolo, and do some realtime object recognition.

And luckily the mass production of ns made the nvidia tegra price goes low.
Using modded nintendo switch, you could run Ubuntu and do lot of embedded project better than raspberry pi, you could run android, and if you bored, you could run hos to play games.

With the price of new raspberry pi, i could get 2nd hand nintendo switch. With the bonus of nfc, lot of button, alc (audio system) + headphone + double speaker, ir camera, bluetooth, wifi, usb otg, lcd/oled + touchscreen, hdmi capability, cheap sparepart and good availability, good battery, easy to repair, no lock on emmc, ram or whatever, you could upgrade any hardware component as you wish. Good documentation from nvidia tegra. You could take it off the board, and make a robot, a drone, name it.

In ubuntu all peripheral are supported except the nfc. How good it is.

We could also stream the playstation game to the modded ns. The Q sony new device is useless, since i could do the same thing using NS.
 
Last edited by abal1000x,
  • Like
Reactions: hippy dave and some1ne
floxcap

floxcap

Well-Known Member
Newcomer
Level 3
Joined
May 21, 2023
Messages
69
Trophies
0
XP
281
Country
Australia
roxzii said:
About the emmc corruption, @abal1000x seems the most knowledgeable in emmc stuff (sorry if I'm wrong, haven't been active here for long).
Even with dat0/1 short shouldn't hekate boot? I have the bad adapter, is it even worth it to remove it and cut the lobe from the dat1 side like you suggest if I have constant sucessful glitch? I can mount GPP, not sure if there's any way to verify if there's boot0/1 corruption using ums-loader.
Btw I'm using @floxcap version of ums-loader that has some changes to the code to test emmc and it says my mmc is ok.

Is there any way to test DRAM? Any way to just confirm that it is the problem?

@floxcap did you ever made the changes to ums-loader to test DRAM read/write?
@HackMan37 any luck modding ums-loader?

Thanks in advance!
Click to expand...
Nice to hear that someone is able to make use of my update to ums-loader. :)

For me - a DRAM check proved pointless - I started tinkering with other payloads to see if I could get the keys for my broken lite and any time I tried to do anything with DRAM it crashed - so I concluded it wasn't going to work.

In the meantime lessons learnt - have now done two lites successfully and two V2s successfully (i.e. no more broken devices)...

And - I believe I found the issue for my dead lite - it has a cracked MAX77812 - so I'm waiting on new chips to arrive to replace and see how that goes.

It seems that power supply issues can cause a device to be able to semi-boot but have issues running.
 
  • Like
Reactions: roxzii

Site & Scene News

Go to forum More news

Popular threads in this forum

Paper Mario TTYD 60fps patch?

Paper Mario Thousand Year Door got leaked

Hacking Misc Tutorial  Eiyuden Chronicle Hundred Heroes save editing

TTYD patch for AMD black screen sewer issue?

Hacking  Weird findings from that DQ trilogy switch port

Help a noob with if I need to update CFW to 18.0 or not

Paper Mario TTYD Resolution Patch?

Hacking Feedback Gaming Hardware Tutorial  Xenoblade Chronicles 3 Mod

General chit-chat
Help Users
    AncientBoi @ AncientBoi: 📚 🗒️ ✏️ 🤓 +1