Hacking Raspberry PI Pico Dongle?

cracker · Apr 18, 2022

I haven't messed around with my Picos yet, but I would think it would be trivial to include the binaries in a static array to stream via USB. If M0 boards can do it, I don't see why the Pico couldn't.

mrdude · Apr 18, 2022

oranga said:
The amount of flash storage available is 16kb in total and 253 bytes per block. unfortunately, even the smallest payload is around 65kb[bin compressed]

source: https://kalumajs.org/docs/boards/rp2

The Pico flash size is 2Mb - ram is 264kB - If you only have 16kb left in your flash you shouldn't be using a java interpreter that's taking up all the flash, you should look at the current Arduino code that's available for the Trinket M0, You could adapt that code to fit your needs.

Also you don't even need to store the payload in flash - you can store it on the micro sd card in the switch and stream it from there to the switch's memory - that's what argon-nx does, just 1 byte at a time if you want.

hippy dave · Apr 18, 2022

mrdude said:
Also you don't even need to store the payload in flash - you can store it on the micro sd card in the switch and stream it from there to the switch's memory - that's what argon-nx does, just 1 byte at a time if you want.

That's once you've already sent the argon payload itself from your payload pusher tho.

mrdude · Apr 18, 2022

hippy dave said:
That's once you've already sent the argon payload itself from your payload pusher tho.

Yep but the the principle is still the same, you can read part of a file from the sd card - store it in a buffer and then send that to switch memory, then clear the buffer and read the file from x offset, store that in a buffer and then send - keep doing that until the file has run out of bytes to read and the switch ram has the contents of that file - then execute it.

hippy dave · Apr 18, 2022

mrdude said:
Yep but the the principle is still the same, you can read part of a file from the sd card - store it in a buffer and then send that to switch memory, then clear the buffer and read the file from x offset, store that in a buffer and then send - keep doing that until the file has run out of bytes to read and the switch ram has the contents of that file - then execute it.

The dongle can't read from the SD card, argon can only read from the SD card because it is a payload itself that's already been pushed to the Switch and is running there.

mrdude · Apr 18, 2022

hippy dave said:
The dongle can't read from the SD card, argon can only read from the SD card because it is a payload itself that's already been pushed to the Switch and is running there.

FRAM from Adafruit - has 256Kb, I already posted a link, there's no reason the payload couldn't be stored and read from that.

https://learn.adafruit.com/adafruit-i2c-fram-breakout/wiring-and-test

You can also read write to and from micro sd:

You could store as many payloads as you want then and send whatever you wanted.

oranga · Apr 20, 2022

hippy dave said:
The dongle can't read from the SD card, argon can only read from the SD card because it is a payload itself that's already been pushed to the Switch and is running there.

even dragonboot requires an sd card ?
yeah with arduino it's very much possible and possibly even trivial since i saw the trinketm0 code [https://github.com/atlas44/sam-fusee-launcher/blob/master/src/main.cpp] and it would be possible for me to port it for the pico but the usb.h module isn't supported by the pico rp2040 yet

there's tinyusb third party library but that is missing packages

mrdude · Apr 21, 2022

oranga said:
even dragonboot requires an sd card ?
yeah with arduino it's very much possible and possibly even trivial since i saw the trinketm0 code [https://github.com/atlas44/sam-fusee-launcher/blob/master/src/main.cpp] and it would be possible for me to port it for the pico but the usb.h module isn't supported by the pico rp2040 yet

there's tinyusb third party library but that is missing packages

Maybe try this:
https://github.com/hathach/tinyusb

mrdude · Apr 23, 2022

Here you go, tinyusb - arduino friendly:

https://github.com/adafruit/Adafruit_TinyUSB_Arduino

It should work with rp2040 - read the porting guide on that page for adding into your header files, you could mod the samd21 code that's been posted in this forum.

Also an example that reads/writes external sd card or flash memory.
https://github.com/adafruit/Adafrui...al_flash_sdcard/msc_external_flash_sdcard.ino

ghjfdtg · Apr 23, 2022

The flash is memory mapped so you don't even need any special read code. Just point the code sending the payload to it and it will directly read from flash.

weatMod · Apr 23, 2022

would a pico fit inside of a switch housing either with or without the type C port?
same question for the tiny2040,

mrdude · Apr 23, 2022

weatMod said:
would a pico fit inside of a switch housing either with or without the type C port?
same question for the tiny2040,

No idea - but samd21 bare chip does, so does the Adafruit trinketm0, there's a few others - but if making a dongle the pico could possibly work.

Un_ · Jun 5, 2022

I'm not sure if i should reply to this forum post (considering its age) but i discovered this tool just a few minutes ago
github com rajkosto memloader (bin at files sshnuke net memloaderv3.zip) it only measures about 121.8 kb when compiled and should be able to fit on the pico's ram. if you can get the rest of the exploit and the code on there i'm not sure about but if we can keep the payload on the sd card then that would be a huge space save.

Hacking Raspberry PI Pico Dongle?

Nyah!

Developer

BBMB

Developer

BBMB

Developer

Member

Developer

Developer

Well-Known Member

Well-Known Member

Developer

New Member

Similar threads