Advertisement
Boards Golf Society are looking for new members for 2022...read about the society and their planned outings here!
How to add spoiler tags, edit posts, add images etc. How to - a user's guide to the new version of Boards

So you want to JTAG your xbox360? (POST 248 FOR xeBuild/16197 TUT)

1468910

Comments



  • yeah ive been using the standard dash, i removed the ini file that boots to fsd to make sure of that, but its still not doing anything

    wont even recognise a dvd in the drive as being the update one

    ill try runing the xex from the file manager in fsd now in a bit and let you know how i get on

    cheers




  • Ok lads I think this might warrant a thread of its own, so as not to try & dilute the content of this particular thread (which is essentially the jtag process & directly related issues). So Helix if your not sorted already, I'll ask you to create a new thread for the Kinect issue if thats ok :)




  • Ricochet69 wrote: »
    (...) talk to irish people (...)

    ROI residents would suit better

    :pac:




  • Hi

    Was wondering if my xbox 120gig elite can be jtag?

    build was 25/09/2009
    dashboard 2.0.13599.0

    Thanks




  • finno wrote: »
    Hi

    Was wondering if my xbox 120gig elite can be jtag?

    build was 25/09/2009
    dashboard 2.0.13599.0

    Thanks

    If you read the first post you'd know the answer ;)


  • Advertisement


  • If you read the first post you'd know the answer ;)

    Thanks just read through it there no hope of jtag my xbox

    Thats my PS3 & Xbox that i can't do anything with




  • finno wrote: »
    Thanks just read through it there no hope of jtag my xbox

    Thats my PS3 & Xbox that i can't do anything with

    Not quite, there is hope on the horizon for your Xbox, just don't upgrade the dashboard for the next while :)




  • Thanks again for the guide TV did another Jasper BB at the weekend. Was a little worried when I got a blank screen after installing xell, but installed the mana files that you mention in the trouble shooting section and boom

    the boxdarr method or whatever its called for wiring is really the way to go.

    to prepare my update.bin or whatever its called i used something called easy free boot ( which seems to have been surpassed by Exploit 360)

    Really easy. Not sure if it included the patched SMC file that TV has mentioned, and i didnt see a way of adding my own smc file.




  • No bother WMN - you can use Bestpig's FreeBOOT Toolbox (v2.72, on bestpig.fr) which is the latest dashboard and allows you to "Create a custom freeboot" where you can add the SMC file :)




  • does anyone have a good guide for remapping bad blocks on a nand.
    Cant seem to find one that goes into detail.


  • Advertisement


  • Every nand has a reserved area of 32 blocks at the very end of the reserved (system) part of the nand which is for bad-block remapping.

    On a 16MB nand the first bad block encountered should be moved to 0x3FF, the second should be moved to 0x3FE and so on. Say I get a bad block error on block 0x43 (within the first 50 blocks which is vital for XeLL) then I would do the following:
    nandpro <xellous.bin>: -r16 block0x43.bin 43 1
    nandpro usb: -w16 block0x43.bin 3FF 1
    
    It might also be an idea if that doesn't work to erase the bad block like so:
    nandpro usb: -e16 43 1
    

    Now block 0x43 is located at 0x3FF. If you encountered another bad block later you do the same thing but remap to 0x3FE ..then 0x3FD and so on. If you get more than 32 bad blocks the nand is wrecked but I'd check my soldering first, 32 bad blocks is a lot :P

    On 256/512MB Jaspers it's a little different. Nandpro reads blocksizes in 16KB no matter what nand it's reading, but Big Block nands have a blocksize of 128KB. This is why when you type "nandpro usb: -r16 kv.bin 1 1" on a Big Block nand nandpro will read 8 blocks (8x16KB = 128KB, or 1 big block).

    So on a 256/512MB nand, when you read one bad block you'll get 8 errors, one for each 16KB mini-read). The remapping space takes place at 0xFFF on BB nands, but since you're writing 8 locations there's some tweaking involved. Let's run an example. Reading a BB nand and there's an error on block 0x1D0-0x1D7 (1 big block). Then to move this block you do the following:
    nandpro <nand_file_to_write.bin>: -r256 1D0 8
    nandpro usb: -w256 FF8 8
    
    You read the 8 blocks (1 big block), 128KB bin file from the file you want to write. Then you write it to the reserved bad block area starting at 0xFFF - (#number of bad blocks to date * 8) - 8. So on the first bad block that's 0xFFF - 8 which is 0xFF8. On the second it's 0xFFF - 8 - 8 which is 0xFF0, with a 3rd bad block you're down to 0xFFF-16-8 which is 0xFE8 and so on.

    You can also attempt to erase the bad block using the -e switch and see if that helps too. Once again, more than 32 blocks and you've got a real issue :)




  • this is the best guide from the best man




  • what fuse is ur cpu key ??




  • The CPU key is fuse3+fuse5 or fuse4+fuse6.

    fuse 3: 1111
    fuse 4: 1111
    fuse 5: 2222
    fuse 6: 2222

    CPU Key = 11112222




  • cheers mate couldnt remember update xbox here :)




  • Build Instructions (Updated for latest fbBuild v0.33):

    For simplicity you need the following:

    1) Your CPU Key
    2) A copy of your nand (original or FreeBOOT) and SMC
    3) Dashboard Data (Google for "xxxxx Dashboard data" where XXXXX is the version number e.g. 12611, 13599. Here is 13604
    4) fbBuild v0.33 (xbins -> /XBOX 360/development/fbBuild/)

    Getting ready
    Download fbBuild and extract it to a folder - say C:\fbBuild

    Open your dashboard data zip file and extract the contents to C:\fbBuild\<version_number> e.g. for 13604.zip, extract the contents to C:\fbBuild\13604. The folder should already exist in C:\fbBuild anyway.

    Edit C:\fbBuild\1blkey.txt. On the first line is a dummy key - replace it with DD88AD0C9ED669E7B56794FB68563EFA

    Edit C:\fbBuild\mydata\cpukey.txt. On the first line is a dummy key - replace it with the CPU key of the console.

    Extracting KV and SMC_CONFIG.bin
    Open up 360 Flash Tool v0.97 and click Settings->Options. Tick the box that says "Extract ibuild compatible files". Then open your nand and click extract on the bottom. Tick the box for 'config blocks' and 'Keyvault' and click OK. Choose a folder for these files. When extraction is done, go to that folder and there'll be a folder called freeBOOT, click into it, then into data and you will find two files - kv.bin and smc_config.bin. Copy these two files to C:\fbBuild\mydata.

    Picking the right SMC (not for Xenon consoles)
    This step is very important if your console is not a xenon - flashing the wrong SMC can end your JTAG :( If the nand file you used to extract the KV.bin and SMC_CONFIG.bin files in the previous step was taken from your previous dashboard updflash.bin, or was taken from a dump you took off your currently working JTAG, then use the same steps above but check the box labelled SMC. You'll find an SMC.bin in the same place you found KV/SMC_CONFIG.bin.

    If you're using your original nand (not recommended unless you know your wiring schema), then you will need to pick an SMC for the JTAG wiring in use. You can find SMC files for the AUD_CLAMP method of wiring (the preferred choice) in this file. Remember: Using the wrong SMC file can b0rk your JTAG, to play it super safe, take a dump of your nand using Flash360, and extract the SMC from that using 360 Flash Tool

    Copy smc.bin to C:\fbBuild\mydata

    Build freeBOOT
    Open a command prompt, go to C:\fbBuild and type the following
    fbbuild -c <model> -d mydata -f <dashboard> updflash.bin
    

    <model> is either xenon, falcon, zephyr, jaspersb, jasper256, jasper512
    <dashboard> is the name of the folder holding the dashboard files (e.g. 13604)

    fbBuild will build freeBOOT as updflash.bin - copy it to USB, boot to Xellous and flash it.


    Post-Install

    Download the full system update - www.xbox.com/en-GB/system-update-usb
    Check the version number in the filename matches your newly installed dashbaord version.
    Extract to a USB stick (blank)
    Insert USB stick into console
    Power console on, accept the update, the console will apply and then reboot.

    Links
    Previous post detailing (with pictures) the steps above, with minor differences because that was dashboard 12625
    [url=https://us.v-cdn.net/6034073/uploads/attachments/6737/151641.zip[/url]




  • Lost your original nand or keyvault & smc_config.bin?

    I recently found myself in this predicament with one of my own JTAGs. I made a balls of it when I thought it'd be a good idea to JTAG with a few beers. Simply put I have no idea if I took a nand dump of the console, but if I did it was deleted. Then I built freeBOOT using a KV/Config from a different Jasper. That left me in the situation where I had no original nand backup (not a big deal) but more importantly, no keyvault and no smc_config.bin.

    Side effects
    The JTAG worked fine, but the DVD drive refused to read any DVD. Xellous reported the CPU key, but had a "kv_read_error". The console MAC address (for ethernet) is stored in SMC_Config, which means I now had two consoles on my network with the same MAC address - not a good thing either.

    More details
    The Keyvault is encrypted with a CPU key. So you might think that the solution would be to get a keyvault, decrypt it with the CPU key from the console the keyvault came from, and re-encrypt it with the CPU key from the broken console. Nice idea in theory, but in practice it didn't work. Re-encrypting the keyvault seemed to change the hash of the KV, producing a rainbow-lights issue (flashing RROD where two lights are red, two green, and they alternate in sequence).

    In fact, any modification to the Keyvault, because it's a KV Type 2, resulted in either no video output at all or a Christmas Lights scenario. I tried building a freeBOOT with the keyvault hash-check disabled but that never worked (though it should :confused:)

    Solution
    The solution is to flash the console with a KV/SMC_Config and then flash the DVD drive with the key/OSIG from that Keyvault. So you build an updflash using the KV/SMC_Config from a donor console using that donor console CPU key.

    Xellous will always report a kv_read_error on this console because Xellous uses the CPU key from the hardware, and uses that key to try decrypt the keyvault which clearly won't work. However, the DVD key/OSIG matches the key in the keyvault so the console will play games.

    Of course you might still have the issue with the MAC address, but you can hexedit smc_config.bin to change that ;)




  • For feck sake TV, I'm on 13599 all of an hour. Could you not have wrote this earlier? :p Will Dashlaunch work on Freeboot 13604 yet?

    Ah well, it's prob the most fun I get outta 360's tbh so bring it on again :rolleyes::D




  • Regards your kv issue above, essentially your solution involves cloning the identity of a donor console? Disregarding mac etc, but purely from a security crednetials point of view?

    Nice solution, where there any strange effects on your lan with two identical mac addresses? I presume not because it wan't online, but ftp'ing etc might be glitchy/broken?




  • EnterNow wrote: »
    For feck sake TV, I'm on 13599 all of an hour. Could you not have wrote this earlier? :p Will Dashlaunch work on Freeboot 13604 yet?

    Ah well, it's prob the most fun I get outta 360's tbh so bring it on again :rolleyes::D

    Hah, 13604 is out a few days now :P Dashlaunch v2.25 was released for Dash 13604 :)
    EnterNow wrote: »
    Regards your kv issue above, essentially your solution involves cloning the identity of a donor console? Disregarding mac etc, but purely from a security crednetials point of view?

    Nice solution, where there any strange effects on your lan with two identical mac addresses? I presume not because it wan't online, but ftp'ing etc might be glitchy/broken?


    Yup, cloned not only the KV, but the config as well. Dodgy enough given that the LDV values for CF might not match, which is why it was important I got a KV/Config from a similar model. It's not an ideal solution, but neither was losing the fecking kv/smc_config in the first place and at least I have a DVD drive to use.

    I didn't notice any strange effects but that's because the JTAG downstairs has no network. I can imagine problems, especially with DHCP because that's how machines identify who has what IP address (Mac addresses) and the router keeps track of that. Best bet is to not lose the smc_config.bin, but hexediting the MAC to change it is possible too - there may even be an SMC Config tool for the job, I never bothered researching - I just chose another KV/Config from another jasper that isn't in the house :D


  • Advertisement


  • hi lads have a xbox360 im looking to get jtagged with the new hack(reset glitch and chip), any of you guys provide the service?

    I've a xbox 360 elite model with a 20gb HD and hdmi connection on the back.

    Im based in Carlow but could possibly drive or deliver the console to you :)




  • hi lads have a xbox360 im looking to get jtagged with the new hack(reset glitch and chip), any of you guys provide the service?

    I've a xbox 360 elite model with a 20gb HD and hdmi connection on the back.

    Im based in Carlow but could possibly drive or deliver the console to you :)

    Anyone offering a service advertises here - http://www.boards.ie/vbulletin/showthread.php?t=2055478489

    Pay special attention to the first post, no service requesting.




  • EnterNow wrote: »
    Anyone offering a service advertises here - http://www.boards.ie/vbulletin/showthread.php?t=2055478489

    Pay special attention to the first post, no service requesting.

    oops sorry :(




  • Another update another problem

    Have updated using bestpig and flashed using flash360 so am on 13604 but cannot get the official update to run. Have tried the $$ystemupdate method and altered the launch.ini to updater-false but it will not pick up the update

    Have tried from usb and cd, cd picks up as a system update but when i run it it just gives a black screen

    Any ideas???




  • Another update another problem

    Have updated using bestpig and flashed using flash360 so am on 13604 but cannot get the official update to run. Have tried the $$ystemupdate method and altered the launch.ini to updater-false but it will not pick up the update

    Have tried from usb and cd, cd picks up as a system update but when i run it it just gives a black screen

    Any ideas???

    I always just use 360 multi builder and buld a full new nand image with that,
    And then use my nand flasher and write the update directly to the nand,
    Dont have to mess with updates and things not working then




  • Have you tried renaming the folder to $systemupdate




  • Put the $systemupdate folder from the ZIP file onto your USB stick (which is formatted with the FAT/FAT32 filesystem, right?). Power on the console, put USB stick in. If it doesn't work then restart the console. If it still doesn't work then go into System Settings in the dashboard, go to Memory and delete the Avatar/System Update data from your hard drive or memory unit.




  • will give that a go TV. might try the 360 builder next time around.




  • Put the $systemupdate folder from the ZIP file onto your USB stick (which is formatted with the FAT/FAT32 filesystem, right?). Power on the console, put USB stick in. If it doesn't work then restart the console. If it still doesn't work then go into System Settings in the dashboard, go to Memory and delete the Avatar/System Update data from your hard drive or memory unit.

    rather than deleting the avatar/system stuff, changing the name of the directory on the usb key to $$systemupdate can work - in fact thats the only thing that works on mine for some odd reason


  • Advertisement


  • deleting it worked.

    Helix i had tried all types of systemupdate variations. Dashlaunch is why you have to rename it to $$ as it blocks the normal folder


Advertisement