Hacking Hardware Picofly - a HWFLY switch modchip

[jkyoho]

Okay, so let's go.

Where to find this resistor to put it in place?
Is it because of him that the glitch is not working?

Hmm, surprisingly even without that 47k ohm resistor, my v2 board could still turn on. I guess your glitching failed will be something else.

 

[revsgrow]

Hmm, surprisingly even without that 47k ohm resistor, my v2 board could still turn on. I guess your glitching failed will be something else.

so this resistor has the value of 47k ohm?
I also found it strange, because the board connects normally to the original nand. It just doesn't rise or crash.

 

[jkyoho]

I tried this new AON7524 Vgs=2.5v mosfet on the back of this v2 board, it works with 3x47 ohm rp2040 setup.
Can't say how this mosfet glitch compared to 8342 or normal Vgs=4.5v mosfet yet, I will need some time turning on and off then switch back to 8432 then do the same thing,

Update: using back 8342 with same 0.5mm copper loaded with tin ," ==*" error code/glitch failed. Pretty sure is not soldering issue or lack of D or S solder.
AON7524 gives me averagely glitching around 3.5s (occasionally 5s+), from PSU measured it draws [email protected] when glitching and successes at [email protected] when picofly logo shows(bare board, you get the idea).

 

[roxzii]

Yes, rename Lockpick to payload and see if you could run

Post automatically merged: Jul 12, 2023

No, I dont think boot0/1 can be mount on those software,I confirm error is normal.

Post automatically merged: Jul 12, 2023

https://switch.homebrew.guide/usingcfw/manualchoiupgrade.html

this guide here show how etcher can overwire Boot0/1, you just skip the hekate part and do the ums-loader way to mount the partition you want to rebuild

Okay, I forgot to reply to this, sorry. No, Lockipck won't run, just ums-loader, so no prod.keys. I'm going to search for a way to build a boot0/1 and try to flash with etcher, but not sure if there's any way to do that without prod.keys. If anyone knew about this, help would be appreciated.

But I also don't think that will solve the overall problem.
I have cut the lobe from de dat0 adapter and tried to place it as far drom dat1 as possible, but NX Nand Manager still can't read boot 0 and boot 1 (GPP works perfectly). I'm going to assume that's because the partitions have already been corrupted and can't be read even if dat0/1 isn't shorting anymore and try this.

But I also think the result will be the same and this is somehow RAM related, since even with short and boot0/1 corruption hekate should still launch.

 

[jkyoho]

Okay, I forgot to reply to this, sorry. No, Lockipck won't run, just ums-loader, so no prod.keys. I'm going to search for a way to build a boot0/1 and try to flash with etcher, but not sure if there's any way to do that without prod.keys. If anyone knew about this, help would be appreciated.

But I also don't think that will solve the overall problem.
I have cut the lobe from de dat0 adapter and tried to place it as far drom dat1 as possible, but NX Nand Manager still can't read boot 0 and boot 1 (GPP works perfectly). I'm going to assume that's because the partitions have already been corrupted and can't be read even if dat0/1 isn't shorting anymore and try this.

But I also think the result will be the same and this is somehow RAM related, since even with short and boot0/1 corruption hekate should still launch.

Very true, myself only seen once Blue screen when booting into OFW after picofly installed back to v2.5x FW I believe. And I was able to go into maintenance mode update OFW through wifi. At that time Hekate definitely running ok.

FYI, I remember Boot0/1 can be shared as long as on same OFW

 

[roxzii]

Very true, myself only seen once Blue screen when booting into OFW after picofly installed back to v2.5x FW I believe. And I was able to go into maintenance mode update OFW through wifi. At that time Hekate definitely running ok.

FYI, I remember Boot0/1 can be shared as long as on same OFW

Even between Erista and Mariko? I have an unpatched switch and I never use it online. Because by luck they are both on 16.0.3. Would flashing that boot0/1 work? (Also, I have AutoRCM in my unpatched switch, I assume I would need to turn it off before the backup of boot0.)

 

[abal1000x]

So I say low melt is not good for MOSFET soldering?

i think its good.

i dont meet a problem using low melt on mosfet.

Post automatically merged: Jul 15, 2023

Wooow,
actually soldering the wrong capacitor. But now I switched to the right capacitor and the same error code continued.
Will it never work? I am sad.

Error code ==*

See images bellow.

Thaaaanks!

View attachment 383413For enameled wire this could lead to problem. That sharp edge easily ripped the enameled off hence make short with pin no 14.

 

[Seco_Gobbo2]

Hello everybody.

I had a lot of work so it took me a while to give a feedback here.

Thanks for the information, I apologize if my questions were bothersome and silly, I managed to install picofly with just one mosfet (irh8342) on the back of my switch model V1 and it is working perfectly.

I used a very thin double-sided tape to fix the mosfet on the board to help solder and also avoid any future problem of the solder breaking due to impact, I also used UV mask to protect, isolate and better fix the wires and solders. It wasn't as pretty as I had hoped, but it was pretty safe.

I'm going to leave pictures of how my work turned out, I hope it can help others, I'm also going to leave picofly's "flash-nuke", I had trouble finding it, I think it's interesting to share.

Again, thanks to everyone who replied.

 

[raksmey1231]

Hello everyone, I broke my switch oled screen connector. is there any hope to repair this?

 

[Takezo-San]

Hello everyone, I broke my switch oled screen connector. is there any hope to repair this?

The ribbon that comes from the screen or the connector soldered on the motherboard?

 

[raksmey1231]

The ribbon that comes from the screen or the connector soldered on the motherboard?

the connector pad on the motherboard

 

[Takezo-San]

the connector pad on the motherboard

You can replace that. Hot air station needed though. BTW you have a pic? What's the damage?

 

[raksmey1231]

You can replace that. Hot air station needed though. BTW you have a pic? What's the damage?

I have lost 5 of the pads on the motherboard

 

[Dee87]

I have lost 5 of the pads on the motherboard

i think those pads are unused so u should be fine , take a hot air station and solder it back on but be carefull ur gonna have to solder from underneath, and the emmc is sitting right there.

or u can try to solder leg by leg

 

[raksmey1231]

i think those pads are unused so u should be fine , take a hot air station and solder it back on but be carefull ur gonna have to solder from underneath, and the emmc is sitting right there.

or u can try to solder leg by leg

Ohh I'll try when the connector arrives. Thank you

 

[Seco_Gobbo2]

I have lost 5 of the pads on the motherboard

I can't say for sure by the photo, but they look like pads that don't have a connection in the circuit. Maybe just soldering a new connector will do the trick.
But like I said, you can't be sure from the picture.

Post automatically merged: Jul 15, 2023

Ohh I'll try when the connector arrives. Thank you

Using an aluminum tape to protect the connector, a medium air flow and the temperature between 350 to 400°C, you will be able to solder from the top. But it requires some practice with the hot air station to not damage the new connector.

 

[Danook28]

Hello everybody.

I had a lot of work so it took me a while to give a feedback here.

Thanks for the information, I apologize if my questions were bothersome and silly, I managed to install picofly with just one mosfet (irh8342) on the back of my switch model V1 and it is working perfectly.

I used a very thin double-sided tape to fix the mosfet on the board to help solder and also avoid any future problem of the solder breaking due to impact, I also used UV mask to protect, isolate and better fix the wires and solders. It wasn't as pretty as I had hoped, but it was pretty safe.

I'm going to leave pictures of how my work turned out, I hope it can help others, I'm also going to leave picofly's "flash-nuke", I had trouble finding it, I think it's interesting to share.

Again, thanks to everyone who replied.

GND 3v3 wier type?????

 

[chronoss]

Hi

Is this for use with Picofly ?

 

[twins333]

Hi

Is this for use with Picofly ?

Hi. From the comments it looks like they work with the picofly. For more info on the mosfet specs you can check @QuiTim's and @abal1000x's posts here:

.

Post automatically merged: Jul 8, 2023

The AON6554 has only one G terminal the other 3 below it are S so as long as you did not bridge the 3 and 4 together you should be OK as far as wiring goes (see picture).
I am assuming that this is the orientation, so 1st pin bottom right (please check since I cannot see the mark on the mosftet from the picture)
Anyway, I think there is something else at play here.
The mosfets that work (tested by me) example IRF8342 has a total gate charge Qg of 4.2; AON7506 Qg 4.3; AON7518 Qg 6.9; IRF8714 Qg 8.1 while the one you are using AON6554 has the Qg of 21.3
@abal1000x what are your thoughts about this?

I think The mosfet already an okay . The rds is around 3-4mohms which already suitable for the glitch.
I agreed, from the picture i can't confirm wether the 1st pin is the right bottom or left top.

Also because the transistor flipped down, we couldn't solder to the center pad. Its important for the D to be soldered as wide as possible.

 

[RiotRetroGaming]

Ohh I'll try when the connector arrives. Thank you

If you can't do it, send it to me.
Done a few oled connectors now.
People have come to me in emergency via this forum to help.
I'm in Surrey.

Ant

Post automatically merged: Jul 15, 2023

@rehius

Do you have a donation link?
I paid my last months rent off selling chipped Switches... this is the least I can do for your efforts.