Toggle sidebar

Switch OLED teardown V1/V2

  • Thread starter Thread starter grubgrub
  • Start date Start date
  • Views Views 261,030
  • Replies Replies 1,138
  • Likes Likes 10
Red will likely be your DAT0. Even without a screen installed you will get a green light. If you get red you have an install issue. I would fix that before continuing
 
https://github.com/Pheeeeenom/payloadchecker/releases/tag/1.0 Made this really simple app to check the payload that's written to your boot0. This will tell you if the chip that's currently installed is a hwfly with spacecraft v1 or v2 payload. Simply open it press the button and select your boot0

If you're testing multiple chips be sure to connect the USB cable and press E on PuTTy or other equivalent Serial COM application.
 
  • Like
Reactions: CompSciOrBust, de9ed, FR0ZN and 2 others
Mena said:
https://github.com/Pheeeeenom/payloadchecker/releases/tag/1.0 Made this really simple app to check the payload that's written to your boot0. This will tell you if the chip that's currently installed is a hwfly with spacecraft v1 or v2 payload. Simply open it press the button and select your boot0

If you're testing multiple chips be sure to connect the USB cable and press E on PuTTy or other equivalent Serial COM application.
Click to expand...

You say "written to your boot0", does this mean that the DAT0 connection is actually used only once to write the modified boot0 to the eMMC? Or is a DAT0 connection necessary for every boot?

I always thought that the chip injects a modified BCT at boot over DAT0 and then again I always wondered why it's not written permanently to the eMMC.
 
FR0ZN said:
You say "written to your boot0", does this mean that the DAT0 connection is actually used only once to write the modified boot0 to the eMMC? Or is a DAT0 connection necessary for every boot?

I always thought that the chip injects a modified BCT at boot over DAT0 and then again I always wondered why it's not written permanently to the eMMC.
Click to expand...
You need it for every boot.
 
  • Like
Reactions: FR0ZN
Mena said:
You need it for every boot.
Click to expand...
Can you explain what the hack actually does?
My understanding was that it glitches the signature check of BCT.

But it seems that there is more involved, if boot0 is altered as well 🤔
 
FR0ZN said:
Can you explain what the hack actually does?
My understanding was that it glitches the signature check of BCT.

But it seems that there is more involved, if boot0 is altered as well 🤔
Click to expand...
They write a custom bct and bootloader to boot0 then glitch the bootrom's pubkey hash check to make the bootrom think a custom pubkey in the custom bct is correct/valid.

I'd guess they flash it on each boot because the OS attempts to restore stuff at some points, or maybe they reflash the original package1 for compatibility on each boot after glitching, idk.
 
  • Like
Reactions: CompSciOrBust and FR0ZN
Mena said:
https://github.com/Pheeeeenom/payloadchecker/releases/tag/1.0 Made this really simple app to check the payload that's written to your boot0. This will tell you if the chip that's currently installed is a hwfly with spacecraft v1 or v2 payload. Simply open it press the button and select your boot0

If you're testing multiple chips be sure to connect the USB cable and press E on PuTTy or other equivalent Serial COM application.
Click to expand...
I’m interested in trying this out. Once I connect the USB cable do I have to power the chip somehow? Or does the USB port power the chip? Also, do I need an application for the computer to recognize the chip or driver or is your app enough?
 
No, you dump BOOT0/BOOT1 to SD card using Hekate, then load BOOT0 from your computer into the application.
 
Just picked up an OLED switch, can't wait to get my OLED chip in now. Hopefully they stay the same price @ $100USD
 
Hello there, maybe someone will help in this topic. After installing modchip SX Lite in switch oled, the fan stopped spinning, joycons do not charge. Switch works fine. Joycons are detected and work without bluetooth. On switch V1-V2, pu chip was responsible for charging the joycons and the fan, but I can't find it on switch oled.
 
heinrich_frei said:
Hello there, maybe someone will help in this topic. After installing modchip SX Lite in switch oled, the fan stopped spinning, joycons do not charge. Switch works fine. Joycons are detected and work without bluetooth. On switch V1-V2, pu chip was responsible for charging the joycons and the fan, but I can't find it on switch oled.
Click to expand...
your fan doesn't work and your joycons don't charge? they likely don't detect either. i would do voltage injection on the fan circuit.
 
Mena said:
your fan doesn't work and your joycons don't charge? they likely don't detect either. i would do voltage injection on the fan circuit.
Click to expand...

I ordered an oled specific chip, I'm hearing that we shouldn't use the 3.3v off of bridging the 2 capacitors. Why is this? And if it's true what point should we use?
 
Mena said:
your fan doesn't work and your joycons don't charge? they likely don't detect either. i would do voltage injection on the fan circuit.
Click to expand...
Joycons are detected and work as usual, but are not charged. The power supply is 0v in the fan circuit, but there is no short circuit to the ground
 
ZachyCatGames said:
They write a custom bct and bootloader to boot0 then glitch the bootrom's pubkey hash check to make the bootrom think a custom pubkey in the custom bct is correct/valid.

I'd guess they flash it on each boot because the OS attempts to restore stuff at some points, or maybe they reflash the original package1 for compatibility on each boot after glitching, idk.
Click to expand...
Don't the chips sniff DAT0 to synchronize the timing since Mariko has the random delays?
 
TheUnknownOne said:
I ordered an oled specific chip, I'm hearing that we shouldn't use the 3.3v off of bridging the 2 capacitors. Why is this? And if it's true what point should we use?
Click to expand...
yes, if anyone has an explanation to this , i also want to know. some tap off from the 2 caps for 3.3v, some tap off from the cap near EMMC for 3.3v , whats the difference?
 

Site & Scene News

Go to forum More news

Popular threads in this forum

Dusk for switch (TLoZ Twilight Princess port)

Homebrew  Full List of N64 Recompilation Switch ports

Homebrew  New Homebrew "Foil Server"?

Homebrew Tutorial Translation Project  CS2SX — Write Nintendo Switch Homebrew in C#

Hacking  WiFi chip failing and can't boot. is it possible to enable Airplane Mode by editing system save files directly?

Homebrew Homebrew game Project  So... Dan didn't want to reveal his Vulkan, so I made mine.

Homebrew  Sonic Unleashed Recompiled (Homebrew Port)

Feedback Homebrew  Essential Homebrew