Tutorial [Tutorial] How to flash the HWFLY Clone chips

james194zt2

Well-Known Member
Newcomer
Joined
Jan 4, 2022
Messages
57
Trophies
0
Age
40
XP
135
Country
United Kingdom
Except the author of this tutorial someone was able to reflash the modchip ?
I believe so yes. It us with the locked out chips that are the issue, I have a couple of the GD32 chips on their way over from China and hoping to get late next week fingers crossed and swap it out.

Going to have a play with them then and see if I can flash and get it working, the only thing I wonder if it it is the FPGA implementation causing issues, Spacecraft was design for SX Core and SX Lite not the HWFly modchips. We are assuming I believe that the FPGA implementation was reproduced by the Chinese cloners and that they didn't manage to get hold of the TX version. I have been doing some binary analysis and there are large changes in both the 0.2 official Spacecraft and what has been dumped from the 0.2 HWFly modchips so maybe this some of the modifications are what makes this work with their FPGA implementation.

I am going to have a play this weekend, first thing I will do is record the boot process a few times through a logic analyzer on the working install, focusing on the traffic between the SPI interface of the GD32 and the FPGA, then if it fails on the new chip I can see if we get the same sort of signals going between them.

I have been trying to get hold of a legit SX Core for a few weeks but they are like gold dust, would love to try and play around with one of them as well and compare what the process is like. Although to be fair I am sure the Chinese cloners will be far beyond me in skills for hacking that hardware in the first place and will have spotted more than I will spot, although they are doing it for profit not because they want to annoy the cloners so who knows we might get some success as it will be get it implemented as quick as possible for them!
 
Last edited by james194zt2,
  • Like
Reactions: doom95

urherenow

Well-Known Member
Member
Joined
Mar 8, 2009
Messages
4,157
Trophies
1
Age
46
Location
Japan
XP
2,728
Country
United States
Well, crap. Looks like a COVID fair-up in China is affecting businesses and shipping. I had order a buttload of stuff, including

- GDLink-OB GD-Link CMSIS-DAP burner emulator downloader

But just got a refund for it and a message:

Sorry, because of the serious epidemic situation in Xi'an, the supplier's goods can't be sent to Shenzhen. The goods can only be sent to you after the epidemic situation in Xi'an is over

Here's hoping that everything I assume is true, between what the seller told me about the chip I ordered, and the installation diagram they sent me. The OLED model I ordered just might come with a USB adapter and all it takes to reset the chip (to be flashed again) is a pair of metallic tweezers to short out 2 points while powering on. In which case, I guess I don't need this programmer thing anyway...
 
  • Wow
Reactions: mvmiranda

mvmiranda

Well-Known Member
Member
Joined
Oct 29, 2013
Messages
1,442
Trophies
0
Age
40
Location
Brazil, Sao Paulo
Website
www.gamemod.com.br
XP
1,420
Country
Brazil
Well, crap. Looks like a COVID fair-up in China is affecting businesses and shipping. I had order a buttload of stuff, including

- GDLink-OB GD-Link CMSIS-DAP burner emulator downloader

But just got a refund for it and a message:

Sorry, because of the serious epidemic situation in Xi'an, the supplier's goods can't be sent to Shenzhen. The goods can only be sent to you after the epidemic situation in Xi'an is over

Here's hoping that everything I assume is true, between what the seller told me about the chip I ordered, and the installation diagram they sent me. The OLED model I ordered just might come with a USB adapter and all it takes to reset the chip (to be flashed again) is a pair of metallic tweezers to short out 2 points while powering on. In which case, I guess I don't need this programmer thing anyway...
That really sucks! :/
Things are getting worse again :( I just hope everything be right soon!
Ppl, keep safe!

Back to what you said, what OLED model would this be?
 

urherenow

Well-Known Member
Member
Joined
Mar 8, 2009
Messages
4,157
Trophies
1
Age
46
Location
Japan
XP
2,728
Country
United States
https://www.aliexpress.com/item/1005003698689759.html?spm=a2g0o.9042311.0.0.27424c4d1b7RBt

Price has gone up another $10 since I ordered it. I paid $110 and it's now showing $120. I asked a bunch of questions, and the seller said they would have to "talk to the factory", then replied later that it has v0.2.0 flashed to it already. After a few more questions, they sent me an instruction page that someone else already posted here in a different thread. But I guess it won't hurt to post here (the part on the bottom right corner is what gets me excited... although with some of the resent replies to this thread, I'm now worried if the v.0.2.0 that's on it is modified or not, and if flashing a later version direct from the github page will work or not... or brick it...)...
 

Attachments

  • OLED_HWFLY.jpg
    OLED_HWFLY.jpg
    1.4 MB · Views: 32

Acide0

Well-Known Member
Newcomer
Joined
Aug 21, 2016
Messages
65
Trophies
0
Age
43
XP
295
Country
Canada
I believe so yes. It us with the locked out chips that are the issue, I have a couple of the GD32 chips on their way over from China and hoping to get late next week fingers crossed and swap it out.

Going to have a play with them then and see if I can flash and get it working, the only thing I wonder if it it is the FPGA implementation causing issues, Spacecraft was design for SX Core and SX Lite not the HWFly modchips. We are assuming I believe that the FPGA implementation was reproduced by the Chinese cloners and that they didn't manage to get hold of the TX version. I have been doing some binary analysis and there are large changes in both the 0.2 official Spacecraft and what has been dumped from the 0.2 HWFly modchips so maybe this some of the modifications are what makes this work with their FPGA implementation.

I am going to have a play this weekend, first thing I will do is record the boot process a few times through a logic analyzer on the working install, focusing on the traffic between the SPI interface of the GD32 and the FPGA, then if it fails on the new chip I can see if we get the same sort of signals going between them.

I have been trying to get hold of a legit SX Core for a few weeks but they are like gold dust, would love to try and play around with one of them as well and compare what the process is like. Although to be fair I am sure the Chinese cloners will be far beyond me in skills for hacking that hardware in the first place and will have spotted more than I will spot, although they are doing it for profit not because they want to annoy the cloners so who knows we might get some success as it will be get it implemented as quick as possible for them!
That’s pretty strange that the only one here who was able to flash it is the author it’s self… when I read every one else was not able to do it even professional in modding scene….
 

lufeig

Well-Known Member
Member
Joined
Oct 22, 2009
Messages
282
Trophies
0
Age
43
Location
São Paulo, Brazil
XP
767
Country
Brazil
https://www.aliexpress.com/item/1005003698689759.html?spm=a2g0o.9042311.0.0.27424c4d1b7RBt

Price has gone up another $10 since I ordered it. I paid $110 and it's now showing $120. I asked a bunch of questions, and the seller said they would have to "talk to the factory", then replied later that it has v0.2.0 flashed to it already. After a few more questions, they sent me an instruction page that someone else already posted here in a different thread. But I guess it won't hurt to post here (the part on the bottom right corner is what gets me excited... although with some of the resent replies to this thread, I'm now worried if the v.0.2.0 that's on it is modified or not, and if flashing a later version direct from the github page will work or not... or brick it...)...
Luckily I purchased mine from the same link on Jan 1st. It was US$ 105 then.

If everything goes well I should receive it next week. Brazilian customs received it yesterday.
 
  • Like
Reactions: mvmiranda

james194zt2

Well-Known Member
Newcomer
Joined
Jan 4, 2022
Messages
57
Trophies
0
Age
40
XP
135
Country
United Kingdom
That’s pretty strange that the only one here who was able to flash it is the author it’s self… when I read every one else was not able to do it even professional in modding scene….
Not really this page has several thousand views now, generally you will only find the people who are having problems will post!! So there might be hundreds who flashed and not reported anything here.

The process used in the opening post is sound, I was looking at a similar thing myself with BOOT0 except op used the RX/TX pins because the standard SWD method wouldn't have worked due to the protection levels of the chip. Sadly for some of us the chip has maximum protection level (level 2), so we cannot do anything as a fuse is burnt out to prevent any form of access/flashing of the chip, this method works on level 1 protected chips which some appear to be.
 

Magnus Hydra

It’s rare for me to be here.
Member
Joined
Dec 12, 2011
Messages
147
Trophies
0
XP
416
Country
United States
https://www.aliexpress.com/item/1005003698689759.html?spm=a2g0o.9042311.0.0.27424c4d1b7RBt

Price has gone up another $10 since I ordered it. I paid $110 and it's now showing $120. I asked a bunch of questions, and the seller said they would have to "talk to the factory", then replied later that it has v0.2.0 flashed to it already. After a few more questions, they sent me an instruction page that someone else already posted here in a different thread. But I guess it won't hurt to post here (the part on the bottom right corner is what gets me excited... although with some of the resent replies to this thread, I'm now worried if the v.0.2.0 that's on it is modified or not, and if flashing a later version direct from the github page will work or not... or brick it...)...
What is factory settings?
 

james194zt2

Well-Known Member
Newcomer
Joined
Jan 4, 2022
Messages
57
Trophies
0
Age
40
XP
135
Country
United Kingdom
https://www.aliexpress.com/item/1005003698689759.html?spm=a2g0o.9042311.0.0.27424c4d1b7RBt

Price has gone up another $10 since I ordered it. I paid $110 and it's now showing $120. I asked a bunch of questions, and the seller said they would have to "talk to the factory", then replied later that it has v0.2.0 flashed to it already. After a few more questions, they sent me an instruction page that someone else already posted here in a different thread. But I guess it won't hurt to post here (the part on the bottom right corner is what gets me excited... although with some of the resent replies to this thread, I'm now worried if the v.0.2.0 that's on it is modified or not, and if flashing a later version direct from the github page will work or not... or brick it...)...
I wonder why the SX Coreis $28 more than OLED, it has less PCBs etc...and costs less to produce! Such scams these lot, just makes me more determined to crack this even more!! Quicker we can open source these chips the better!
 
  • Like
Reactions: mvmiranda

mvmiranda

Well-Known Member
Member
Joined
Oct 29, 2013
Messages
1,442
Trophies
0
Age
40
Location
Brazil, Sao Paulo
Website
www.gamemod.com.br
XP
1,420
Country
Brazil
Not sure what you're asking. My guess is that it wipes out both the firmware, and the bootloader, which kicks it into DFU mode (so that you can flash an update). But that's just a hopeful guess... I don't have the chip yet.
I though about something completely different by "factory reset".
Maybe the trained data or glitch timings, assuming this chip has this feature.

Anyway, I'm buying one now, for science, of course!
 
  • Haha
Reactions: lufeig

james194zt2

Well-Known Member
Newcomer
Joined
Jan 4, 2022
Messages
57
Trophies
0
Age
40
XP
135
Country
United Kingdom
I though about something completely different by "factory reset".
Maybe the trained data or glitch timings, assuming this chip has this feature.

Anyway, I'm buying one now, for science, of course!
The "glitch settings" are stored in the MCU, there is no training though sadly as they have crippled the MCU memory area so it is read only so can't store the timings. Flashing the GD32 MCU won't affect that side of things but installing an unlocked MCU will, but apparently once flashed glitching can stop working, can't experiment though sadly with that until my replacement GD32 chips arrive and I can replace this locked out chip with one that is not crippled.
 
Last edited by james194zt2,
  • Like
Reactions: mvmiranda

Acide0

Well-Known Member
Newcomer
Joined
Aug 21, 2016
Messages
65
Trophies
0
Age
43
XP
295
Country
Canada
it's pretty strange that the only one finding it suspicious is you.

I mean, op already explained why not all modchips are flasheable using this method.

It seems you didn't read or didn't understand every post.
lol no there is a lot of people thinking the same hahaha they just don’t ask it…

so I ask if someone have been able to do it could post it here please !!
 

0x3000027E

Well-Known Member
Member
Joined
Mar 14, 2018
Messages
341
Trophies
0
Age
42
XP
1,324
Country
United States
lol no there is a lot of people thinking the same hahaha they just don’t ask it…

so I ask if someone have been able to do it could post it here please !!
It's a difficult process, but I certainly wouldn't question the method. Mena is top dawg.
 

TheUnknownOne

Well-Known Member
Newcomer
Joined
May 29, 2021
Messages
78
Trophies
0
Age
35
XP
195
Country
United States
Well, crap. Looks like a COVID fair-up in China is affecting businesses and shipping. I had order a buttload of stuff, including

- GDLink-OB GD-Link CMSIS-DAP burner emulator downloader

But just got a refund for it and a message:

Sorry, because of the serious epidemic situation in Xi'an, the supplier's goods can't be sent to Shenzhen. The goods can only be sent to you after the epidemic situation in Xi'an is over

Here's hoping that everything I assume is true, between what the seller told me about the chip I ordered, and the installation diagram they sent me. The OLED model I ordered just might come with a USB adapter and all it takes to reset the chip (to be flashed again) is a pair of metallic tweezers to short out 2 points while powering on. In which case, I guess I don't need this programmer thing anyway...

Yes that is how the chip works, already had to do it. Chip works very well now
 

Acide0

Well-Known Member
Newcomer
Joined
Aug 21, 2016
Messages
65
Trophies
0
Age
43
XP
295
Country
Canada
It's a difficult process, but I certainly wouldn't question the method. Mena is top dawg.
Difficult process let me laugh… what is difficult here ? yeah I know find someone who have been able to do it …. I´m waiting return from people who have succes with it.
 

urherenow

Well-Known Member
Member
Joined
Mar 8, 2009
Messages
4,157
Trophies
1
Age
46
Location
Japan
XP
2,728
Country
United States
Yes that is how the chip works, already had to do it. Chip works very well now
You got yours already from the same seller (or at least with that same installation instruction)? Which software is used to flash it (link please)? The page doesn't really specify, only that you turn it on with the 2 points shorted...
 
General chit-chat
Help Users
  • No one is chatting at the moment.
  • AliceCE @ AliceCE:
    and screwed up a little less but still pretty damn bad instead
    Gift
  • AliceCE @ AliceCE:
    i bent pins on the cpu socket bay and my cpu was wigging out
    Gift
  • AliceCE @ AliceCE:
    luckily i was able to unbend the bastards and get my pc booting again
    Gift
  • AliceCE @ AliceCE:
    i will never forget that horrible, 800hz 4 - 2 - 1 beep
    code
    Gift
  • AliceCE @ AliceCE:
    eeeeyikes
    Gift
  • AliceCE @ AliceCE:
    on the flip side, i was able to give the dingus machine that i nearly screwed the cpu up on a solid state drive
    Gift
  • AliceCE @ AliceCE:
    and i cleverly got the idea to move the pagefile to it
    Gift
  • AliceCE @ AliceCE:
    i think my ram's slower than that solid state drive, jesus christ
    Gift
  • AliceCE @ AliceCE:
    it seems like the pc chugs, then gets exponentially faster after what i can only assume is the pc running out of physsey
    ram
    Gift
  • AliceCE @ AliceCE:
    whereas before it just chugged no matter what
    Gift
  • AliceCE @ AliceCE:
    slow pagefile, slow ram, now the pagefile's leaving poor phrammy in the dust
    Gift
  • AliceCE @ AliceCE:
    and all this on a dingus windows 7 pc with no graphics card, of all things
    Gift
  • AliceCE @ AliceCE:
    an optiplex 755 MT
    Gift
  • DinohScene @ DinohScene:
    I deal with bent CPU pins on a almost daily basis...
    Gift
  • Digitalcat @ Digitalcat:
    bent cpu pins are my fav, love unbending them and then bending even more by accident.
    Gift
  • Digitalcat @ Digitalcat:
    Hate how they are getting thinner and thinner.
    Gift
  • Veho @ Veho:
    Didn't they invent those nubs and contacts a while ago so we wouldn't have to deal with a million pins when plugging in a CPU?
    Gift
  • Veho @ Veho:
    What happened to that?
    Gift
  • DinohScene @ DinohScene:
    I think Intel still uses LGA?
    Gift
  • DinohScene @ DinohScene:
    not to well known with the newer CPUs
    Gift
  • AliceCE @ AliceCE:
    optiplicks
    Gift
  • Psionic Roshambo @ Psionic Roshambo:
    New AMD is still on pins Intel went LGA but rumor is they are swapping with AMD going LGA and Intel maybe going back to pins
    Gift
  • AncientBoi @ AncientBoi:
    [turns it all into USB-B] Problem Fixed
    Gift
  • AliceCE @ AliceCE:
    CPU but awesome
    Gift
  • AncientBoi @ AncientBoi:
    CPU's? But I'm still working on EMP's
    Gift
    AncientBoi @ AncientBoi: CPU's? But I'm still working on EMP's