Hacking Hardware Picofly - a HWFLY switch modchip

[Mansi]

how to convert file from uf2 to bin ???

I can convert without problems. Just what will it give you?)
In uf2, the template for the firmware is deleted and we get a bin file.

 

[Adran_Marit]

There is nothing that can be expected from something that can't even start hos before atmo.

But there are rumors that there is a private build of the firmware which can boot atmosphere

True story it happened to a friend of a friend of mine

 

[Icewing]

True story it happened to a friend of a friend of mine

Let your friends share it, or share the source.

 

[nqtal]

Gentlemen, at what point did we rule out the rp2040 hardware limitation as a possible problem? Initially, it was believed that the chip rests on frequencies. And the rp2040 has only two attachment points to the CPU compared to hwfly with four. Sorry if this issue has already been discussed. I read the topic from the beginning and now on page 33, but we immediately moved from "it's impossible" to "need firmware"

 

[Lamcza]

Gentlemen, at what point did we rule out the rp2040 hardware limitation as a possible problem? Initially, it was believed that the chip rests on frequencies. And the rp2040 has only two attachment points to the CPU compared to hwfly with four. Sorry if this issue has already been discussed. I read the topic from the beginning and now on page 33, but we immediately moved from "it's impossible" to "need firmware"

i mean now it can boot hekate, android and ubuntu if am not wrong ? So it looks like frimware limitations.

 

[Adran_Marit]

Gentlemen, at what point did we rule out the rp2040 hardware limitation as a possible problem? Initially, it was believed that the chip rests on frequencies. And the rp2040 has only two attachment points to the CPU compared to hwfly with four. Sorry if this issue has already been discussed. I read the topic from the beginning and now on page 33, but we immediately moved from "it's impossible" to "need firmware"

It's not a rp2040 limitation, you can see in various videos through the thread people with the chip installed booting to hekate all be it a version that is locked so we can't boot atmosphere.
As such the issue is we either make a firmware that works that doesn't clear the keyslots allowing atmosphere to boot, or we crack the initial leaked firmware that is ID locked OR OR we wriet a new firmware for it from scratch

Post automatically merged: Mar 17, 2023

Let your friends share it, or share the source.

I'm memeing there.

But I have to assume there are people who have it, but can't share it for whatever reason.

 

[vittorio]

It's not a rp2040 limitation, you can see in various videos through the thread people with the chip installed booting to hekate all be it a version that is locked so we can't boot atmosphere.
As such the issue is we either make a firmware that works that doesn't clear the keyslots allowing atmosphere to boot, or we crack the initial leaked firmware that is ID locked OR OR we wriet a new firmware for it from scratch

Post automatically merged: Mar 17, 2023

I'm memeing there.

But I have to assume there are people who have it, but can't share it for whatever reason.

the firmware that circulate are still protected by id

 

[BigHorse420]

Probably because it gets lost in the sea of "how do I install this" or "look at the stuff I bought for when it works"
Anyways, if I have this correct, we have 2 uf2's, one from the actual picofly that doesn't boot due to the ID being unique to the pico, and one that boots, but only non-hos payloads?
For anyone that's looked at this in ghidra, have we found the section where the pio is? That's going to most likely be the main communication, since it would effectively allow the pico to bitbang upwards of 100mhz+. I've more or less emulated the gameboy's APU on a pico with heavy pio usage for the audio output. I wouldn't say I'm a pro, but I know how to work with it to an extent.
Lastly, is there any documentation on how this works on the switch side? even if it's at a high level?

A lot of info isn't public, this is the best I could find https://gbatemp.net/threads/questio...rces-on-the-functionality-of-sx-hwfly.614151/

 

[Adran_Marit]

the firmware that circulate are still protected by id

There are two firmwares we have in this thread

Firmware 1 - ID locked. Won't boot on other devices
Firmware 2 - Not locked. But has been modified to prevent atmosphere from booting.

So we either need firmware to be hacked, firmware 2 to be restored to allow atmosphere or write a new firmware for it.

 

[vittorio]

There are two firmwares we have in this thread

Firmware 1 - ID locked. Won't boot on other devices
Firmware 2 - Not locked. But has been modified to prevent atmosphere from booting.

So we either need firmware to be hacked, firmware 2 to be restored to allow atmosphere or write a new firmware for it.

we need to crack the firmware 1 or rewrite it

 

[Adran_Marit]

we need to crack the firmware 1 or rewrite it

Or restore the sd loader part of the second firmware, correct.

 

[vittorio]

Or restore the sd loader part of the second firmware, correct.

it's all encrypted

 

[BigHorse420]

Ok, modified the call and now and there is no additional data, same as non inject

How is this going?

 

[Kingdedede]

@rehius we know that you are against piracy... but between Hwfly and people who sell firmware for rp2040 who charge to receive a firmware that you already have..... this is to tell you that piracy is still there regardless of you and your firmware ... indeed we would all be grateful if you made it public thanks

 

[ppeach]

What is the conclusion reached in the 99 pages of discussion?
FW is not publicly available and there is no one here who can create FW.

 

[vittorio]

What is the conclusion reached in the 99 pages of discussion?
FW is not publicly available and there is no one here who can create FW.

bottom line is i don't think you will ever see a public firmware that boots Atmosphere

 

[ppeach]

bottom line is i don't think you will ever see a public firmware that boots Atmosphere

yes , unfortunately

 

[Lamcza]

bottom line is i don't think you will ever see a public firmware that boots Atmosphere

Bet that Tendo thinks the same about their patched switches "they will never break it is unhackable" but yes because it is just illegal we will probably never see a public one but I bet we will see something under the table xD

@rehius we know that you are against piracy... but between Hwfly and people who sell firmware for rp2040 who charge to receive a firmware that you already have..... this is to tell you that piracy is still there regardless of you and your firmware ... indeed we would all be grateful if you made it public thanks

Leave that man alone bet he is not against piracy but he is against piracy for free so it is probably his firmware and probably he is selling it and nothing wrong with it I mean for me Tendo will be mad ofc but that is not my business

 

[qgywibczozfvvl]

What is the conclusion reached in the 99 pages of discussion?
FW is not publicly available and there is no one here who can create FW.

Your nihilism defies that of my dying cat

Truly wonderful specimen

 

[Piorjade]

bottom line is i don't think you will ever see a public firmware that boots Atmosphere

I wouldn't say that

Problem is it seems like nobody here is actually interested enough to start working on a fw themselves

That or there are people working on one and just don't want to share it here because their PMs will explode with demands and questions like "are you done yet?"