Hacking Spacecraft-nx failed flash

[K3mpst0n]

Why do you want to flash that Spacething anyway?

In my case to remove all connection to SX and any illegal code on my Switch. I only ever wanted an SXCore installed in my Switch for Homebrew, and Spacecraft combined with Atmosphere allows this. SX OS and boot.dat were necessary evils to do anything non-N approved on my Mariko Switch, as soon as that ceased to be the case I stopped using them and I'm happy I did so.

Personally I had no issues flashing Spacecraft and it worked perfectly first time, and if updates need to be installed it can be done without USB once it's initially flashed so opening the Switch and USB flashing is a one time deal. Still, it's up to individuals of course if they wish to chance it.

 

[britain4]

You can use SX Gear boot.dat to just load a payload (e.g. Hekate, AMS) rather than flashing Spacecraft if you prefer. That said I do use Spacecraft myself as for whatever reason it glitches a lot quicker and boots up more reliably than the SX bootloader which would regularly produce a black screen on boot.

I did "brick" my chip with the cyan light going straight into OFW - first flashing the initial backups using the Spacecraft tool (so the PC recognised it as an SX chip again) then flashing the firmware using the official SX updater sorted it out.

 

[CabroX]

Reflashed again bootloader and firmware through ST Link V2, but there is no way I can boot normaly into CFW, always starts in a white led and boots directly into OFW.

Any idea of how to proceed?

EDIT: At this point I would like to solve the problem by any means, even reflashing official sxcore firmware and using atmosphere, but I don't know which is the firmware address to flash to.

The problem now is I can't reflash the firmware by USB because soldering into the pads has caused them to wear out and cannot solder into them anymore. The only way I have now to flash is ST Link v2.

EDIT2: Flashed official sx bootloader and flashed official firmware into address 0x08003000, which leads to directly booting into OFW with a static green LED in the SXCore. Do you know if this is the correct firmware address to flash?.

Thank you!

 

[n0xius]

Reflashed again bootloader and firmware through ST Link V2, but there is no way I can boot normaly into CFW, always starts in a white led and boots directly into OFW.

Any idea of how to proceed?

EDIT: At this point I would like to solve the problem by any means, even reflashing official sxcore firmware and using atmosphere, but I don't know which is the firmware address to flash to.

The problem now is I can't reflash the firmware by USB because soldering into the pads has caused them to wear out and cannot solder into them anymore. The only way I have now to flash is ST Link v2.

EDIT2: Flashed official sx bootloader and flashed official firmware into address 0x08003000, which leads to directly booting into OFW with a static green LED in the SXCore. Do you know if this is the correct firmware address to flash?.

Thank you!

the original firmware can't be flashed directly since its encrypted with a variant of TEA.
you need to decrypt it first by using gw_flash.py(https://gist.github.com/SciresM/cd40c3d1b5dfafbf1fe8f7e5cf13f91e).
it requires python version 2.7.11 and the usage of that python script is "python gw_flash.py -d encrypted_firmware_name.bin decrypted_firmware_name.bin".
afterwards you need to remove the first 16 bytes of the decrypted firmware with an hex editor and then you're able to flash it to 0x08003000 using the st-link flash tool.

other way is to flash the sx bootloader and use the sx core updater tool via the usb dongle. you need to update the serial number inside the bootloader though (since it contains your serial number of the chip) and for that you need the license-request.dat EXCEPT you still have the first backup bootloader file spacecraft-nx's flash tool created for you.

 

[CabroX]

the original firmware can't be flashed directly since its encrypted with a variant of TEA.
you need to decrypt it first by using gw_flash.py
it requires python version 2.7.11 and the usage of that python script is "python gw_flash.py -d encrypted_firmware_name.bin decrypted_firmware_name.bin".
afterwards you need to remove the first 16 bytes of the decrypted firmware with an hex editor and then you're able to flash it to 0x08003000 using the st-link flash tool.

other way is to flash the sx bootloader and use the sx core updater tool via the usb dongle. you need to update the serial number inside the bootloader though (since it contains your serial number of the chip) and for that you need the license-request.dat EXCEPT you still have the first backup bootloader file spacecraft-nx's flash tool created for you.

Does that 16 byte removal apply to the spacecraft-nx firmware too?

Do I need the serial number of the chip inside the official sx bootloader to flash through the USB dongle with the sx updater program? I mean, I won't use the SXOS anymore, I will be using hekate and atmosphere and so not needing the license.

And I have soldered the USB directly to the chip as sthetix told me in spacecraft-nx issue I created in github (cannot post links because I am a New Member ), flashed the spacecraft bootloader with the stlink v2 and connected with USB but seems it does not communicate well as it is detected but the device suddently disapears and I don't have time to update it. (I attach screenshot).

Maybe we can communicate by other means, like telegram, discord or even steam if you want to solve this issue faster

 

[n0xius]

Does that 16 byte removal apply to the spacecraft-nx firmware too?

Do I need the serial number of the chip inside the official sx bootloader to flash through the USB dongle with the sx updater program

it does not apply for the spacecraft-nx firmware. if you don't plan to use sxos anymore, the serial number doesn't matter.

Maybe we can communicate by other means, like telegram, discord or even steam if you want to solve this issue faster

sure, ill pm you my discord.

 

[Severence]

it does not apply for the spacecraft-nx firmware. if you don't plan to use sxos anymore, the serial number doesn't matter.

Thanks for providing all this info n0xius

Can you provide more details regarding the serial number, is it at a particular offset in firmware? I'm not going to be able to get it from the spacecraft backup file as it didn't complete and appears corrupt.

I have similar issues as CabroX - blue/whitish LED on SX-Core when it was on switch, no detect via USB in SX updater but detects DFU in spacecraft prompt but just gets stuck. Manually backed up the bootloader and firmware with a J-Link and then wrote the SX bootloader and decrypted SX firmware at the offsets you mentioned but i still have the same issue with the SX updater being unable to see the device following this etc.this is not a USB driver issue afaik (i tried all of them in Zadig)

Serial number wouldn't be playing a part in this would it?

 

[n0xius]

Thanks for providing all this info n0xius

Can you provide more details regarding the serial number, is it at a particular offset in firmware? I'm not going to be able to get it from the spacecraft backup file as it didn't complete and appears corrupt.

I have similar issues as CabroX - blue/whitish LED on SX-Core when it was on switch, no detect via USB in SX updater but detects DFU in spacecraft prompt but just gets stuck. Manually backed up the bootloader and firmware with a J-Link and then wrote the SX bootloader and decrypted SX firmware at the offsets you mentioned but i still have the same issue with the SX updater being unable to see the device following this etc.this is not a USB driver issue afaik (i tried all of them in Zadig)

Serial number wouldn't be playing a part in this would it?

the serial number sits at file offset 0x150 in the bootloader and is 16 bytes long. the serial number is only used for the license for sxos, so it can't be a possible problem except for sxos. a white led on the board indicates a problem glitching the tegra. can you try to a chip erase via an external flasher connected to the gd32 after a full backup and reflashing the bootloader/firmware? a full chip erase will delete the current glitch config which might be a cause of the glitching process to fail.

 

[Severence]

Thanks for the help!

can you try to a chip erase via an external flasher connected to the gd32 after a full backup and reflashing the bootloader/firmware? a full chip erase will delete the current glitch config which might be a cause of the glitching process to fail.

For whatever reason i"m unable to use conventional tools such as J-flash for some reason and have to use Keil uvision in order to do the programming in combination with my J-link, I'm pretty sure Keil has a full erase option (somewhere) so I'll give it a go.

Still don't understand why i can't flash the firmware via USB on windows though with either the SX tool or Spacecraft tool.

previous attempt writing the bootloader and firmware would suggest flash and ram are fine and it's showing as a DFU com device within Windows which seems to suggest modchip hardware is good afaict

 

[n0xius]

Thanks for the help!

For whatever reason i"m unable to use conventional tools such as J-flash for some reason and have to use Keil uvision in order to do the programming in combination with my J-link, I'm pretty sure Keil has a full erase option (somewhere) so I'll give it a go.

Still don't understand why i can't flash the firmware via USB on windows though with either the SX tool or Spacecraft tool.

previous attempt writing the bootloader and firmware would suggest flash and ram are fine and it's showing as a DFU com device within Windows which seems to suggest modchip hardware is good afaict

flashing the firmware requires a working bootloader since otherwise the dfu won't get initialized. can you check the device/vendor id inside device manager? there are 3 vendor/device ids inside the spacecraft-nx flasher and just one inside the sx flasher, if the modchip shows up as anything but those ones, the flasher tools wont recognize it.

 

[Severence]

Thanks again for your help n0xius.

I did a full erase and wrote the Spacecraft NX bootloader on it's own and then also the Spacecraft NX firmware at 0x08003000 also but in both instances it's not picked up by the SX updater tool and trying to use the Spacecraft tools just results in it hanging at "flashing bootloader" .

I've attached a screencap of the VID/PID info from device manager.

 

[bestpro74]

c'è un tutorial là fuori da sthetix chiamato "UNBRICKING THE TX LITE AND TX CORE MODCHIPS" che coinvolge un gd-link ma può essere fatto anche tramite collegamento v2. non sarai più in grado di usare sx os quando usi il suo bootloader sx poiché contiene il numero di serie del chip che viene utilizzato per la licenza. se hai ancora il file license-request.dat, posso aiutarti a correggere il tuo seriale nel bootloader.

how do i put the serial of my sx core in the sthetix bootloader for sx os?, i attach here my license-request.dat if anyone can help me i would be really grateful. with stlink I can not do anything same problems as other users.

 

[p3p31v]

Hello guys,I have a switch lite with SX Core and flashed with Spacecraft NX. I used to boot the console with atmosphere, but last days, when I turn on the console, the console boot always the sysnand. I dont see any light in the sd card slot anymore. Do you guys think my console is not reading the chip anymore? should I open it and check the weldings? I've already format the sd and still having the same issue.
Thanks for reading.

 

[ConsoleKid69]

Sorry to jump on but I have a few sxlites that need repairing due to bad flashes.

Im using GD link and wiring direct and it connects etc ok.

I can flash the bootloader fine and want to flash the firmware the same way but in the gd link software I cant seem to find any options to stop it erasing, I hope that makes sense.

Any ideas?

Btw I cant flash the firmware via usb as its very hit and miss so would rather do it this way.

 

[Adikirak]

Hi guys, i need help to recovery my modchip...
I bricked my sx core after close windows of spacecraftnx update...
I need to help to buy a correct programmer chip, GDLink or STM32? I need help of this question
Thanks

 

[Mgt]

Hi everyone. I am new to this WEB. I need help to recover and use my sx core chip that is no longer responding. I have the usb st-link v2 and the STM32 ST-LINK program.

I have the cables soldered in their corresponding points and connected to my pc and it seems that everything works fine. I can install the Bootloaders without errors but once the Bootloaders is installed it still does not recognize my pc.

I cannot install the Firmware from my pc or from STM32 ST-LINK or from sxupdater_win32 and I don't know what else I can do or try to be able to use my sx core chip again.

If someone could give me a hand on this matter it would be greatly appreciated.

Thank you very much in advance, regards

 

[Mgt]

[QUOTE = "n0xius, post: 9397272, member: 544119"] flashear el firmware requiere un gestor de arranque que funcione, ya que de lo contrario el dfu no se inicializará. ¿Puede verificar la identificación del dispositivo / proveedor dentro del administrador de dispositivos? hay 3 ID de proveedor / dispositivo dentro del flasher de la nave espacial-nx y solo uno dentro del flasher sx, si el modchip aparece como cualquier cosa menos esos, las herramientas del flasheador no lo reconocerán. [/ QUOTE]


hello n0xius. I see that you understand a lot about this matter, you could give me a hand to try to recover my sx core unit. a greeting

 

[james194zt2]

the serial number sits at file offset 0x150 in the bootloader and is 16 bytes long. the serial number is only used for the license for sxos, so it can't be a possible problem except for sxos. a white led on the board indicates a problem glitching the tegra. can you try to a chip erase via an external flasher connected to the gd32 after a full backup and reflashing the bootloader/firmware? a full chip erase will delete the current glitch config which might be a cause of the glitching process to fail.

Hi,

Did I read you can get the license from the request.dat file? If so is the .dat file encrypted, or is it clear? And which part of it is the SXOS serial number to load back in to the bootloader if you are missing it.

Thanks