it's just a signal and not vcc. And how electronic boards work, if you ground a signal, it doesn't break anything, just malfunctioning. In this instance, doesn't boot because clock signal is interrupted.
Switch OLED teardown V1/V2
- Thread starter grubgrub
- Start date
- Views 213,839
- Replies 1,130
- Likes 10
This is what I thought, im sure there's quite a few people who have or will end up doing this, thankfully I did not, that point is insanely tiny. But that's what a microscope is for
I flashed 0.6.1 and this is what it does. Nothing else. No effect if i have 0.6b2 bootloader or the new.
When i flash 0.6b2 back, it brings me with solid while after a second of flashing other things.
I installed a new CPU adapter, but no difference. I guess my SX core is just broken.
Edit: now i switched the ID pin back to as SX core when it was as SX lite. Now it successfully glitched and is working! Yay! Finally!
When i flash 0.6b2 back, it brings me with solid while after a second of flashing other things.
I installed a new CPU adapter, but no difference. I guess my SX core is just broken.
Edit: now i switched the ID pin back to as SX core when it was as SX lite. Now it successfully glitched and is working! Yay! Finally!
Last edited by Quezacotl,
that seems like a bad choice since theyre not accurate like just scraping with a tweezer youll remove solder mask all around on the ground pad which will make bridging easy
Good to know. I'll practice on some dead boards first.
It was bought really for doing repairs though. So I'll just use one of my tweezers instead
Hi guys need help
I installed a hx core to a switch, everything worked, it fell down, didnt work anymore, tried to resolder sp1 and sp2 and one of them burned off so i wanted to install the same chip to another console but the flex cable was burned out, i tried to install it with the backside plates but on the new switch i still ended up with a instant green to red led switch
Ive already ordered a oled specific chip, my problem now is after removing the hwfly core from the new switch (but without removing any wires or dag0 adapter from the switch itsself) the switch is not bootable anymore… there are no burninga that i could spot and no solder bridges… the seitch just stays with a black screen even when a charger is plugged in but i can feel that the cpu is getting warm. Lcd connector looks fine also
Will the oled specific chip maybe fix it, is the nand corrupted by the old chip?
I installed a hx core to a switch, everything worked, it fell down, didnt work anymore, tried to resolder sp1 and sp2 and one of them burned off so i wanted to install the same chip to another console but the flex cable was burned out, i tried to install it with the backside plates but on the new switch i still ended up with a instant green to red led switch
Ive already ordered a oled specific chip, my problem now is after removing the hwfly core from the new switch (but without removing any wires or dag0 adapter from the switch itsself) the switch is not bootable anymore… there are no burninga that i could spot and no solder bridges… the seitch just stays with a black screen even when a charger is plugged in but i can feel that the cpu is getting warm. Lcd connector looks fine also
Will the oled specific chip maybe fix it, is the nand corrupted by the old chip?
Either the drop dmgd it or your soldering skills did or it's not properly cleaned up after removal
I wouldn't recommend you installing another chip up you literally burnt caps off and melted the flex cable
Afaik the payload is written to BOOT0, which breaks the signature.
The black screen indicates that the switch might be in RCM mode - you could check that with TegraRcmGUI.
The process for Auto RCM is to "destroy" the BOOT0 signature, that's why it came to mind.
The right process to remove the modchip probably would be to restore a clean BOOT0 backup and THEN removing the modchip.
EDIT: @doom95 - is it possible to add an "Dump clean BOOT0" option to the HWFLY Toolbox?
If I'm not mistaken, there is currently no way to get a dump of BOOT0 without the payload from Hekate.
An option in the toolbox, that dumps BOOT0 without the SD Loader inside would be awesome <3
The black screen indicates that the switch might be in RCM mode - you could check that with TegraRcmGUI.
The process for Auto RCM is to "destroy" the BOOT0 signature, that's why it came to mind.
The right process to remove the modchip probably would be to restore a clean BOOT0 backup and THEN removing the modchip.
EDIT: @doom95 - is it possible to add an "Dump clean BOOT0" option to the HWFLY Toolbox?
If I'm not mistaken, there is currently no way to get a dump of BOOT0 without the payload from Hekate.
An option in the toolbox, that dumps BOOT0 without the SD Loader inside would be awesome <3
Last edited by FR0ZN,
I know it's possible to restore a clean boot0 with the chip installed. My buddy did it when trying to figure out exactly what chip was put in his OLED. I can try to find out how he went about doing it, though I know it put his chip in a weird state where it wouldn't glitch for a while, I think he had to reset the chip over USB Serial.
The question is how he created a clean BOOT0 - restoring it is not an issue.
It's a chicken and egg problem.
To get the ability to dump something on a glitched Switch, the exploit needs a payload in BOOT0, which (afaik) is written once and not cleared after a successful glitch.
So when you dump it in Hekate, you dump your BOOT0 with a payload inside.
You can probably zero out the payload with a hex editor in the PC, or just generate a clean BOOT0 with the console keys.
But having such an option on the console in the toolbox (or wherever) that automates this process, would be nice.
SXOS had this abaility to restore/remove all modifications to the system afaik.
Last edited by FR0ZN,
Reading/writing BOOT0 does not require glitching the device. But, in order to have a meaningful way to of dumping the BOOT0 contents, we need access to either the SD card, or expose the contents over i.e. MTP. These latter 2 obviously require tegra intervention and thus unsigned code execution, which on Mariko and later is only achieved through glitching into a user-written payload inside BOOT0.
So yes, chicken & egg, mostly, although it'd technically be possible as a function of the firmware by dumping BOOT0 over USB. Not something I'll add though since I see absolutely no point in doing so. There's 4 identical bct entries, we corrupt only two. The firmware even has a way of restoring the 3rd/4th on empty eMMC chips. If you remove your modchip, it'll just boot from those. Next OFW update, they're all restored.
I mean adding it as an option in the toolbox.
Isn't it possible to include an option to dump BOOT0 without the payload?
I mean, I'm no coder but the toolbox already has the ability to read/write to and from the eMMC and SD, no?
Reading BOOT0 from eMMC to the SD card w/o the payload inside doesn't seem unrealistic tbh but that's why I'm asking you
What you say sounds perfectly fine but having a clean dump for the records is always nice imo.
Similar threads
-
Xdqwerty
what are you looking at? -
Psionic Roshambo
-
BigOnYa
-
K3Nv2
-
Sicklyboy
-
-
-
-
-
-
@
Sicklyboy:
Someone doxxed me on here before because they were upset about a moderating decision I made lul+1
-
-
@
Sicklyboy:
I just so happened to see the post within like a minute of it being posted, so... bye, bitch+1
-
@
Sicklyboy:
I don't even know how many years ago that was. I don't live at the same address I did back then anyway so **shrug**
-
-
@
Psionic Roshambo:
My ex if I wanted too I could ruin her entire life, I still have about 20GBs of data
-
-
-
-
-
-
-
-
-
-
-
-
-
@
Psionic Roshambo:
It's great if you have something anyone else wants, otherwise it's annoying and potentially bad if you lose your keys
-
