Hacking Hardware Picofly - a HWFLY switch modchip

abal1000x

abal1000x

Well-Known Member
Member
Level 8
Joined
Jun 5, 2022
Messages
1,070
Trophies
0
XP
1,408
Country
Gaza Strip
Dandan0404 said:
Of course its normal to think that far far latest update would be better. So thats my reason.

Problem is, it would immediately boot to OFW. Rather than glitch glitch sucees then START. When you press on, the switch turns on and shows nintendo logo(OFW) while simultaneously glitching(of course glitch is already late)
Click to expand...
Since you could watch it, i assume you already opened it right.
You might check the RST line.

I remember in the Q&A:
Q: GREEN, but instant reset
A: Clean flux near the RST point
 
  • Like
Reactions: Dandan0404
Dandan0404

Dandan0404

Well-Known Member
Member
Level 2
Joined
Mar 25, 2023
Messages
131
Trophies
0
Age
23
XP
183
Country
Philippines
abal1000x said:
Since you could watch it, i assume you already opened it right.
You might check the RST line.

I remember in the Q&A:
Q: GREEN, but instant reset
A: Clean flux near the RST point
Click to expand...
I managed to boot luckily to hekate out of pure luck. Instantly rolled back to 2.67 and never again gonna update. Never opened my switch again. Dont want to mess shit up. I was hoping the update would all be software. If i had to tinker hardware again, im going to pass on that.
 
  • Like
Reactions: abal1000x
abal1000x

abal1000x

Well-Known Member
Member
Level 8
Joined
Jun 5, 2022
Messages
1,070
Trophies
0
XP
1,408
Country
Gaza Strip
Dandan0404 said:
I managed to boot luckily to hekate out of pure luck. Instantly rolled back to 2.67 and never again gonna update. Never opened my switch again. Dont want to mess shit up. I was hoping the update would all be software. If i had to tinker hardware again, im going to pass on that.
Click to expand...
Yupz, if it aint broken don't fix it.
Thats the golden rule for everything.

My hunch telling me that the installation is not stable.

Here is my analyze:
The more logical explanation is the installation are unstable. Since the firmware already open. Everyone can read it. And i could tell that theres nothing in the firmware update which could hinder the pico from resetting the cpu. Its just sending the low signal to reset. If the clock mismatch for example because of the OC. Still the cpu will reset on a skewed time of reference. The most probable explanation is the pico already send the low voltage signal, but it got dispersed. Because of dielectric material around it (flux, water, etc) or because the connection is unstable such as a cold joint solder.
 
Uberfish

Uberfish

Active Member
Newcomer
Level 1
Joined
Jan 5, 2014
Messages
44
Trophies
0
Location
Tangerang
XP
101
Country
Indonesia
abal1000x said:
You might do this on your own risk:
View attachment 378816
Thats already correct to modify the circle point. With that original shape, highly probable it will short circuit the D1.

When you insert it exactly like the guide line, you will get the value, means its connected maybe to d0 only or short d0 and d1. Now shift it little bit right, and check again the diode mode, repeat until you find it zero. That is the edge.

Now you approach it from the edge to the left, slowly until it shows a value. That will be the most probable d0 point without shorting to d1. Do this while you take the power off (battery connector plug off).

And if you're confident, you might try to power it on, to test wether the glitch work or not. And turn it off immediately after it failed (by pressing the power button 20sec or shorting the power pin to gnd for 20sec). Dont forgot to plug off the battery connector, after it.

And if your hunch feels is incorrect, then trust your hunch. Usually experience made our body have a reflex, about something is not right, even thouh our brain cannot find the logical explanation. That what usually happened to me.

Again i warn, this is dangerous only do it on your own risk. I recommend you read the datasheet to understand a gist about it.
Click to expand...
Solid info. The weird thing about this adaptor is the guide line is offset. The cutout shape (that goes around all the BGA pins) forces the lines on the left to go under the EMMC, as you can see here. Cutting where you showed would let me push it even more to the right.

I'll be honest; I don't feel confident shooting in the dark. I'll just try to get an actual emmc adaptor once I've got the screen working again.
 

Attachments

  • emmc.jpg
    emmc.jpg
    207 KB · Views: 29
  • Like
Reactions: Danook28 and abal1000x
abal1000x

abal1000x

Well-Known Member
Member
Level 8
Joined
Jun 5, 2022
Messages
1,070
Trophies
0
XP
1,408
Country
Gaza Strip
Uberfish said:
Solid info. The weird thing about this adaptor is the guide line is offset. The cutout shape (that goes around all the BGA pins) forces the lines on the left to go under the EMMC, as you can see here. Cutting where you showed would let me push it even more to the right.

I'll be honest; I don't feel confident shooting in the dark. I'll just try to get an actual emmc adaptor once I've got the screen working again.
Click to expand...
(Sorry i asking a lot)
What is the diode mode value on that states?
 
  • Like
Reactions: Uberfish
jkyoho

jkyoho

Well-Known Member
Member
Level 10
Joined
Sep 2, 2020
Messages
1,331
Trophies
0
Age
39
Location
TORONTO
Website
form.jotform.com
XP
2,270
Country
Canada
abal1000x said:
Yupz, if it aint broken don't fix it.
Thats the golden rule for everything.

My hunch telling me that the installation is not stable.

Here is my analyze:
The more logical explanation is the installation are unstable. Since the firmware already open. Everyone can read it. And i could tell that theres nothing in the firmware update which could hinder the pico from resetting the cpu. Its just sending the low signal to reset. If the clock mismatch for example because of the OC. Still the cpu will reset on a skewed time of reference. The most probable explanation is the pico already send the low voltage signal, but it got dispersed. Because of dielectric material around it (flux, water, etc) or because the connection is unstable such as a cold joint solder.
Click to expand...
I had that v2.74 boot straight into OFW as well when I was updating from 2.73. It didn't show 2.74 on toolbox after I tried 2x update from toolbox, but eventually 3rd time I reboot to OFW right after pickfly fw update and shutdown from OFW. Then toolbox shows 2.74 info.
For the boot straight into OFW, for me it was the 1k ohm GATE resistor add-on, after I remove the resistor, issue solved.(But now I have the 33k ohm there for testing, so far so good).
FYI, any rp2040 wiring/circuit related change I recommend reset training data, and do manual training few times for best glitching result.
 
  • Like
Reactions: Switxh and abal1000x
abal1000x

abal1000x

Well-Known Member
Member
Level 8
Joined
Jun 5, 2022
Messages
1,070
Trophies
0
XP
1,408
Country
Gaza Strip
Uberfish said:
No worries! You've helped me a lot! The diode shows ~702 (Black on GND).
Click to expand...
I see. Noted, thank you.


I see the horizontal line guide still on outside. Maybe you not insert it to maximum length.
Or maybe its just the picture parallax. You should insert it until it cannot goes anymore.
 
Uberfish

Uberfish

Active Member
Newcomer
Level 1
Joined
Jan 5, 2014
Messages
44
Trophies
0
Location
Tangerang
XP
101
Country
Indonesia
abal1000x said:
I see. Noted, thank you.


I see the horizontal line guide still on outside. Maybe you not insert it to maximum length.
Or maybe its just the picture parallax. You should insert it until it cannot goes anymore.
Click to expand...
That's the maximum insertion without really forcing it. I actually think in that install the contact point wasn't going around the BGA because of the Ω shape... these adaptors are so many levels of trash.
 
  • Like
Reactions: abal1000x
abal1000x

abal1000x

Well-Known Member
Member
Level 8
Joined
Jun 5, 2022
Messages
1,070
Trophies
0
XP
1,408
Country
Gaza Strip
  • Love
  • Like
Reactions: Danook28 and chronoss
Switxh

Switxh

Well-Known Member
Member
Level 3
Joined
Mar 11, 2023
Messages
110
Trophies
0
Age
28
XP
273
Country
United Kingdom
jkyoho said:
I had that v2.74 boot straight into OFW as well when I was updating from 2.73. It didn't show 2.74 on toolbox after I tried 2x update from toolbox, but eventually 3rd time I reboot to OFW right after pickfly fw update and shutdown from OFW. Then toolbox shows 2.74 info.
For the boot straight into OFW, for me it was the 1k ohm GATE resistor add-on, after I remove the resistor, issue solved.(But now I have the 33k ohm there for testing, so far so good).
FYI, any rp2040 wiring/circuit related change I recommend reset training data, and do manual training few times for best glitching result.
Click to expand...
Can I ask what you mean by manually training? I know about resetting the training data in picofly toolbox but I'm not sure what you mean by manual training after. Is that just turning it on and then turning it off after Hetake comes up a bunch of times?
 
QuiTim

QuiTim

Well-Known Member
Member
Level 7
Joined
Mar 30, 2023
Messages
758
Trophies
0
XP
1,183
Country
Albania
snaker said:
Hello guys. Is this the cheapest method to backup, restore boot0, boot1 and raw of oled emummc using linux?
https://www.aliexpress.com/item/
I also found this but it is out of stock and it was much cheaper
https://www.tindie.com
Click to expand...
Yes, I think this is the cheapest tool for the job at this time. I think it's based on the design from Tindie model but we were late to the party on that one :/
 
  • Love
Reactions: snaker
C

cicci084

Well-Known Member
Member
Level 3
Joined
Apr 1, 2023
Messages
146
Trophies
0
Age
44
XP
239
Country
Italy
cicci084 said:
Yesterday I did several installations.
Among these is a dispute that I don't know how it works (after replacing the display) despite the bent mainboard.

There is also an oled made with Reballing, if it can serve for some ideas, I also used new connections for the mosfet.

Photo release (The photos are mixed up).
I'm continuing to use FW 2.67 which in my opinion is fast, stable, reliable. What am I getting into by not using the new FW?
Post automatically merged:


As for this problem, I carried out the unbrick level 1 and 2 procedures, after adding resistors (actually I redid the whole installation (the one carried out by the customer independently was disastrous by my standards).
Now I don't get slow memory error anymore, and in emummc everything works, even waking up.
I can't get into OFW though, after the black screen nintendo logo.
What guides can I follow?
I can download the keys without error, it takes like 190 or so.
Click to expand...
Hi guys, solution for this?

Hi guys, today I received a switch victim of an incorrect picofly DIY installation.
I immediately identified the problem (it was very evident) as the CPU cable was shorted to ground.
The console did not turn on.
I just partially got it working again.
The current conditions are as follows:
1) The console can start hekate but it doesn't start in OFW, Nintendo appears and then black screen. To start hekate again, I have to disconnect the battery.
2) I get slow emmc error, but I think it's an EMMC hardware error, as I can backup boot0,1 and also all emmc. However, I cannot save the keys, I receive an error (photo attached).
3) I created emummc and it starts up, but it doesn't wake up from rest mode.
My question is is there any way to reset mmc? (I have a donor switch, in case I could use the mmc.)
Can I wake from sleep in emummc?
I attach all the photos.
Thanks for your support.

EDIT:
after trying to restore the nand with sthetix videos, now everything works in EMUnand, even waking up.

In OFW it does not start, black after the writing nintendo.

How is it possible that in emunand it works?
I created emuNand from the switch when the switch itself wouldn't boot in OFW, so it's probably not corrupted?
Could it be some resistor on the cmd lines/other?
 
Last edited by cicci084,
P

poiu15

Member
Newcomer
Level 1
Joined
Apr 22, 2023
Messages
14
Trophies
0
Age
29
XP
69
Country
Afghanistan
abal1000x said:
You might do this on your own risk:
View attachment 378816
Thats already correct to modify the circle point. With that original shape, highly probable it will short circuit the D1.

When you insert it exactly like the guide line, you will get the value, means its connected maybe to d0 only or short d0 and d1. Now shift it little bit right, and check again the diode mode, repeat until you find it zero. That is the edge.

Now you approach it from the edge to the left, slowly until it shows a value. That will be the most probable d0 point without shorting to d1. Do this while you take the power off (battery connector plug off).

And if you're confident, you might try to power it on, to test wether the glitch work or not. And turn it off immediately after it failed (by pressing the power button 20sec or shorting the power pin to gnd for 20sec). Dont forgot to plug off the battery connector, after it.

And if your hunch feels is incorrect, then trust your hunch. Usually experience made our body have a reflex, about something is not right, even thouh our brain cannot find the logical explanation. That what usually happened to me.

Again i warn, this is dangerous only do it on your own risk. I recommend you read the datasheet to understand a gist about it.
Click to expand...
How about cutting on the red line? So he won't need to find the new position, and if the connection has no problem, maybe the big fat right side stuck between dat0 and NC pin will make the contact more stable.
oato.jpg
 
  • Like
Reactions: Xowin and Danook28

Site & Scene News

Go to forum More news

Popular threads in this forum

Paper Mario TTYD 60fps patch?

Paper Mario Thousand Year Door got leaked

Tutorial  How to play Pokerogue on Nintendo Switch

TTYD patch for AMD black screen sewer issue?

Help a noob with if I need to update CFW to 18.0 or not

Is there any point upgrading to 18.0?

Paper Mario TTYD Resolution Patch?

18.0.1 crash - Atmosphere

General chit-chat
Help Users
  • No one is chatting at the moment.
    SylverReZ @ SylverReZ: @BakerMan, LOL. Its very sunny, what are you on about?