Hacking Hardware Picofly - a HWFLY switch modchip

[HackMan37]

About the emmc corruption, @abal1000x seems the most knowledgeable in emmc stuff (sorry if I'm wrong, haven't been active here for long).
Even with dat0/1 short shouldn't hekate boot? I have the bad adapter, is it even worth it to remove it and cut the lobe from the dat1 side like you suggest if I have constant sucessful glitch? I can mount GPP, not sure if there's any way to verify if there's boot0/1 corruption using ums-loader.
Btw I'm using @floxcap version of ums-loader that has some changes to the code to test emmc and it says my mmc is ok.

Is there any way to test DRAM? Any way to just confirm that it is the problem?

@floxcap did you ever made the changes to ums-loader to test DRAM read/write?
@HackMan37 any luck modding ums-loader?

Thanks in advance!

For me, no success, i was trying to modify the hekate, but just get the "basic" version "working", but have the screen "bugged", so just "works" to reboot into rcm, or try to boot without checking the fusses, that can be made with a modded version of ums-loader

 

[[Truth]]

Search on github, its hekate whose created it.
View attachment 383102

Theres also on atmosphere -> fusee
View attachment 383101

Thx, but whats the purpose?

 

[rehius]

Thx, but whats the purpose?

Required to properly wake up the NS from sleep. When you use emuNAND, CPU fuses might become desynced with your bootloader. This file contains all the information to boot the CPU.
When you update the original system, it is necessary to update this file by booting to OFW using hekate menu (not the "Reboot/OFW" but the another one, "More Configs" -> "Full Stock" in some famous sets)

 

[abal1000x]

Thx, but whats the purpose?

Not too sure.

You might open new thread, or goes to hekate thread or github issue, and asking them for the purposes.

I read the code slightly (not seriously read), its about checking the fuse count, if the fuse count incorrect, the sleep wont work. So its kind of patching that, so the sleep still working.
I might wrong, you need to ask in their issue, to be sure.

 

[[Truth]]

Required to properly wake up the NS from sleep. When you use emuNAND, CPU fuses might become desynced with your bootloader. This file contains all the information to boot the CPU.
When you update the original system, it is necessary to update this file by booting to OFW using hekate menu (not the "Reboot/OFW" but the another one, "More Configs" -> "Full Stock" in some famous sets)

Thanks!

You mean via
fss0=atmosphere/package3 stock=1 emummc_force_disable=1
in hekate config?

 

[rehius]

Thanks!

You mean via
fss0=atmosphere/package3 stock=1 emummc_force_disable=1
in hekate config?

Yes

 

[CarlosCruz]

One mosfet oled

 

[FXDX]

Picofly soldered on Oled with mosfet on the back pcb. I took the mosfet from the defective connection ribbon of one Hwfly. I used some thin copper wire to solder on the capacitor and loaded it with more tin. Excellent glitch time.

 

[revsgrow]

Hi, good evening,
I'm new here in forum and i need your help.

I bought a very cheap Switch V2, when i was unlocking, I realized that it already had passed in other hands.
The Caps and Pads of the positive points SP1 and SP2 on the APU was removed.
Is there a way of recover these Pads or any other alternative points to unlock it???

Looking this topic I saw it's possible to install MOSFET on the OLED's back. Can i install it on V2?
Thanks for your attention.

See the images bellow.

 

[lightninjay]

Hi, good evening,
I'm new here in forum and i need your help.

I bought a very cheap Switch V2, when i was unlocking, I realized that it already had passed in other hands.
The Caps and Pads of the positive points SP1 and SP2 on the APU was removed.
Is there a way of recover these Pads or any other alternative points to unlock it???

Looking this topic I saw it's possible to install MOSFET on the OLED's back. Can i install it on V2?
Thanks for your attention.

See the images bellow.

v2 (From @raksmey1231)
View attachment 381313

 

[FreeLander]

Picofly soldered on Oled with mosfet on the back pcb. I took the mosfet from the defective connection ribbon of one Hwfly. I used some thin copper wire to solder on the capacitor and loaded it with more tin. Excellent glitch time.

Nice work. What's your glitch time?

 

[revsgrow]

Excuse me, but doing what was indicated I was not successful.

Am I using a different firmware than the one indicated for this installation?

I'm using firmware 2.73.

Thanks!!

 

[abal1000x]

Excuse me, but doing what was indicated I was not successful.

Am I using a different firmware than the one indicated for this installation?

I'm using firmware 2.73.

Thanks!!

In summary, majority problem is the installation.

Show us the video of the error light.
Some picture of the works, the mosfet, dat0, clk, cmd, reset, rp2040 board, so we could help to confirm it.

 

[revsgrow]

In summary, majority problem is the installation.

Show us the video of the error light.
Some picture of the works, the mosfet, dat0, clk, cmd, reset, rp2040 board, so we could help to confirm it.

the error code shown when starting the switch is ==* (two long pulses and one short pulse)

According to the error code, I mean this is not mosfet!

but I redid the installation twice and was unsuccessful.

Remembering that my APU does not have SP2 or SP2 points.
So I'm looking for alternative points to solder the mosfet and pull the GATE to the picofly.

Tomorrow I will send the pictures.

Thanks.

 

[twins333]

Nice work. What's your glitch time?

Boots to hekate in less than a second. Sysmmc/atmosphere boot is normal, no lag.

 

[revsgrow]

In summary, majority problem is the installation.

Show us the video of the error light.
Some picture of the works, the mosfet, dat0, clk, cmd, reset, rp2040 board, so we could help to confirm it.

I was checking the installation scheme image and realized where I could be going wrong.

I realized that from the Source to the Gate of the mosfet IR8242 there is a capacitor/resistor (I couldn't identify) that I didn't put in my installation.

Could you tell me what component this is, what is its value and where can I find it?

thanks!

 

[abal1000x]

I was checking the installation scheme image and realized where I could be going wrong.

I realized that from the Source to the Gate of the mosfet IR8242 there is a capacitor/resistor (I couldn't identify) that I didn't put in my installation.

Could you tell me what component this is, what is its value and where can I find it?

thanks!

I don't quite understand with your meaning.

If you mean the pulldown resistor, its not mandatory.
The glitch will work without the pulldown resistor.

 

[revsgrow]

Picofly soldered on Oled with mosfet on the back pcb. I took the mosfet from the defective connection ribbon of one Hwfly. I used some thin copper wire to solder on the capacitor and loaded it with more tin. Excellent glitch time.

I don't quite understand with your meaning.

If you mean the pulldown resistor, its not mandatory.
The glitch will work without the pulldown resistor.

I realize that my installation is not the same as this one.
Because this is missing a component that is connected from the source to the gate of the mosfet.

I would like to know what component this is, along with the value so that I can put it in my installation.

remembering that I'm not using the NP2040 mosfet, I'm using the IR8242.

 

[abal1000x]

I realize that my installation is not the same as this one.
Because this is missing a component that is connected from the source to the gate of the mosfet.

I would like to know what component this is, along with the value so that I can put it in my installation.

remembering that I'm not using the NP2040 mosfet, I'm using the IR8242.

That is pull down resistor, its not mandatory.
Without it the glitching still works.

Take a photo on your works, if there are probable mistakes we might point it out.

 

[FXDX]

Nice work. What's your glitch time?

Exactly as @twins333 said, the glitch time is excellent to hekate in less than a second and Sysmmc/atmosphere boot is normal, no lag