Jump to content
RealModScene

JC Denton

Members
  • Content Count

    2
  • Joined

  • Last visited

  • Days Won

    3

JC Denton last won the day on July 21 2017

JC Denton had the most liked content!

Community Reputation

1 Neutral

About JC Denton

  • Rank
    RMS Freshman

Profile Information

  • Gender
    Not Telling
  1. JC Denton

    RGH Guide

    Reset Glitch Hack/ggbuild Guide v0.2 ** This guide was not written by me I am only reproducing its contents here - contents may be out of date and contain invalid links to software - simply posting for archival purposes ** Contents Disclaimer FAQ What you need Step 1: Disassembling Step 2: Read the XBOX360 nand. Step 3: Verify your nand dumps. Step 4: Using the original reset glitch hack, build a xell reloaded image (.ecc file) Step 5: Flash Reset Glitch Hack v1.1 .ecc file to nand using nandpro 3.0 Step 6: Install the CPLD (Glitch Chip) Step 7: Program the CPLD (Glitch Chip) Step 8: Boot Xell reloaded and retrieve CPU key from screen. Step 9: Building image with Xebuild. Step 10: Flash ggbuild image to nand Step 11: Your done! But don't forget a few things.. DISCLAIMER: This information is to be used for educational purposes only and is not to be used for software piracy or anything that may violate the Microsoft Xbox360 terms and conditions. **Some of the images linked here were borrowed from Logic Sunrise's excellent guides. FAQ Just to cover a few of the most commonly asked questions I'm seeing lately... Q) Does the CPLD stay in the xbox360 forever? A) Yes, it is the heart of the hack. Q) What can I do once I've finished this guide? A) It will operate exactly like an Xbox360 Jtag would. What you will need 1) A compatible Xbox360. (At the time of writing this, the supported motherboard types are: Falcon, Jasper, Opus,Zephyr and Trinity (Slim)) The dash version does not matter. Unfortunately at this time Jaspers with CB 6752 are not glitchable (ones returned from MS refurb centers) ***The new slim motherboard "Corona" is currently not compatible with this hack. 2) A method/device for reading and writing the xbox360 nand. (Such as LPT, USB SPI (nandx, maximus etc)) 3) A CPLD (aka glitch chip) These can be purchased from a variety of sources. 4) A method/device for programming the CPLD. (Build your own with This diagram, purchase a programming cable, or use an updated nandx or maximus device for use with nandpro3.0,see nandpro3.0 readme for more info.) *Note: For nandx, it must be reprogrammed using an xecuter CK3i, more info on this available here 5) Software (xebuild 1.00.f1, 14699.zip (filesystem files, not the ms systemupdate), nandpro3.0, xilinx lab tools, 360 Flash Dump Tool 0.97, Reset Glitch Hack v1.1) 6) Skill (If you cant solder or follow readmes, stop now.) Step 1 Disassemble the Xbox360 Game console -Disassemble the Xbox360 and remove the motherboard. You can find videos on how this is done here. Step 2 Read the XBOX360 nand. -Solder your LPT or USB SPI LPT diagram *Note: the points are exactly the same for the slim, you will notice the exact same points, just oriented slightly differently on the board. So follow the same diagram for slim. USB SPI NandX -Read nand using Nandpro 3.0a (Download here) From command prompt use the following commands for nandpro (which you can easily open by holding shift and right clicking on the folder containing nandpro 3.0a and selecting "Open Command window here") For LPT: nandpro lpt: -r16 orignand1.bin For USB: nandpro usb: -r16 orignand1.bin *Note for BB jaspers, change the number -r16 to the size of your nand accordingly. *Remember your 360 Power supply must be connected to the motherboard (But the system should not be powered on) -Dump the nand ATLEAST 3 times into different files (orignand1.bin, orignand2.bin etc) Do NOT remove your nand flasher yet, you will still need it. Step 3 Verify your nand dumps -Open a command prompt (which you can easily open by holding shift and right clicking on the folder containing your nand dumps and selecting "Open Command window here") Type/paste the following command into the command window: fc /b orignand1.bin orignand2.bin -Then do it again to compare files 2 and 3 Type/paste the following command into the command window: fc /b orignand2.bin orignand3.bin It should say: Comparing files orignand1.BIN and orignand2.BIN FC: no differences encountered Then Comparing files orignand2.BIN and orignand3.BIN FC: no differences encountered If it does not say this, go back to step 2, you do not have a good nand dump. (Check your soldering or wire length on the nand reader) If no differences were encountered we will now verify the image in 360 Flash dump tool 0.97 Bad blocks in a nand dump are normal, however you need to verify that they are indeed bad blocks (and have been remaped by the nands error correction) and not just bad blocks as the result of a bad nand read. -Open one of your nand dumps in 360 flash dump tool 0.97 Dont worry if it says BADKV, that is normal because you haven't entered the cpu key yet, we will get to that later. Check for a bad blocks tab next to the filesystem tab. If there is no bad blocks tab, you have no bad blocks. If there IS a bad blocks tab, click on the tab and verify it looks like this: Note: Bad Block ID 0x0349 [Offset: 0x00D8D200] ->Block ID 0x0349 found @ 0x3FD [Offset: 01073A00] You should see that for every bad block you have.The numbers may be different of course depending on blocks you have bad but the point is for each bad block you should see that block was Found @ another block. This means you did have bad blocks, but they have been corrected by the NANDs error correction so they are legit. bad blocks and not just read errors. If you see: Note: Bad Block ID 0x0349 [Offset: 0x00D8D200] But NO Found @ location for the block, that means this bad block was the result of a read error with the nand reader, check your soldering, and wire lengths again. If all checks out, you have 3 good nand dumps. KEEP ALL 3 SAFE. FOREVER. STEP 4 Using the original reset glitch hack, build a xell reloaded image (.ecc file) *Please note if you have a fat you MAY need to enter 1bl key into the build.py script, for information on how this is done, see Logic sunrises tutorial "SectionIII: Creating the Hackimage" Try building with out it first, if you encounter any errors, reference the tutorial above. -Download and install Python (Download here) (Make sure to install it to its default path which is c:Python27) - -Download and install PythonCrypto (Download here) -Download an extract the Reset Glitch Hack v1.1 (Download here) -Create a folder called output inside the Reset glitch hack v1.1 folder -Copy one of your nand dumps into the folder where you extracted the reset glitch hack v1.1 (Example: orignand1.bin) -Open a command prompt (which you can easily open by holding shift and right clicking on the folder containing the reset glitch v1.1 files and selecting "Open Command window here") -Type/paste the following command into the command prompt. PATH=c:python27 This will set the PATH to python. -Type/paste the following into the command prompt: python common/imgbuild/build.py orignand1.bin common/cdxell/CD common/xell/xell-gggggg.bin If all goes well it should see a lot of data scroll on the screen, and the last line should say: ------------------------------------- Written into output/image_000000000.ecc If it does, you should have a image_000000000.ecc file in the output folder inside the reset glitch 1.1 folder, as well as smc.bin KEEP BOTH OF THESE FILES SAFE. FOREVER. If you get an error that says: " 'python' is not recognized as an internal or external command, operable program or batch file." Then the PATH setting must be added manually to the Environment Variables -> System Variables -> PATH on your system. Google for more information on this if you need it. If you get an error regarding Pythoncrypto missing, you didn't install it, please install it now. Step 5 Flash Reset Glitch Hack v1.1 .ecc file to nand using nandpro 3.0 -Ensure your nand flasher is connected to the 360. Remember your 360 Power supply must be connected to the motherboard (But the system should not be powered on) -Copy the image_000000000.ecc file into the nandpro3.0 folder -Open a command prompt (which you can easily open by holding shift and right clicking on the folder containing nandpro3.0 files and selecting "Open Command window here") -Type/paste the following command (Note it must be +w16 NOT -w16) For LPT: nandpro lpt: +w16 image_00000000.ecc For USB: nandpro usb: +w16 image_00000000.ecc *Note for BB jaspers (Jaspers with internal memory units) Change the number +w16 to the size of your nand accordingly. The image should then be written to your 360 nand. Do not attempt to power on your 360 yet, it will not boot until the CPLD is in place. Step 6 Install the CPLD (Glitch Chip) -Solder in your CPLD using the appropriate wiring diagram. Depending on what CPLD you have the wiring may be different, below are a few wiring diagrams for some of the common chips. Slim: Seeed Studio XC2C64A CoolRunner-II CPLD Xecuter Coolrunner Matrix Digilent CMOD (Dont forget, Remove the R2 resistor and connect R2's upper pad to R1's lower pad. on the CMOD) x360 Glitchchip Fat: Seeed Studio XC2C64A CoolRunner-II CPLD Xecuter Coolrunner Matrix Digilent CMOD x360 Glitchchip If you chip is not listed here try going here for more wiring diagrams. Or check manufacture/sellers website for diagrams for your specific chip. Step 7 Program the CPLD (Glitch Chip) You will need to build or purchase a programming cable for the CPLD. You can build one (LPT) using this diagram *Alternatively you can now use Nandpro 3.0 and nandx or maximus to flash the CPLD (an update is required for the devices) See the Nandpro 3.0 readme for more information on this. For nandx, it must be reprogrammed using an xecuter CK3i, more info on this available here -Download and install Xilinx Lab tools from here - http://www.xilinx.co...nload/index.htm at the bottom of the web page scroll all the way down until you see "Lab Tools - 13.2 Utilities" This is the file you want. -You will need the .jed file inside the reset glitch hack v1.1 file for your xbox (slim or fat) This is what gets programed to the chip. -Ensure your 360 Motherboard has the power connected (but not powered on!) Many CPLD will have an LED indicating that the chip has the required 3.3v to operate -Launch IMPACT from xilinx lab tools and follow the pictures as shown in this guide (Section IV: Programming the CPLD) (You may have to set the compatibility mode if your programmer isnt detected) After you see "Program succeeded" as shown in the last picture, you have successfully programed the cpld. Step 8 Boot Xell reloaded and retrieve CPU key from screen. After you have flashed, you can now boot up into xell reloaded. You should get a blue xell reloaded screen. If your system does not boot, triple check everything. Check the cpld wiring esspecially. Once xell reloaded is booted, look for CPU Key: XXXXXXXXXXXXXXXXXXXXXXX This is your CPU key. KEEP IT SAFE Step 9 Building image with Xebuild. Click here to download my xebuild guide (pdf). Step 10 Flash ggbuild image to nand -Open a command prompt (which you can easily open by holding shift and right clicking on the folder containing nandpro3.0 files and selecting "Open Command window here") -Type/paste the following command For LPT: nandpro lpt: -w16 13604gg_trinity.bin For USB: nandpro usb: -w16 13604gg_trinity.bin *Note for BB jaspers (Jaspers with internal memory units) Change the number -w16 to the size of your nand accordingly. Step 11 you’re done! But don't forget a few things… If all was done properly, you should boot right up into the xbox360 dashboard! Everything is pretty much EXACTLY like a jtag after the system boots, so you will use the same apps, processes etc as you would on a jtag. Don't forget to run the official system update for 13604 to be sure you have the required dash/avatar/kinect files. You can get the 13604 from Microsoft <a href="http://www.xbox.com/...pdate-usb">here (No it wont damage your newly glitched 360) Make sure you install dashlaunch 2.25 after you've flashed. **** Special Thanks to Icekiller and everyone in #freeboot @efnet for thier help and support!
  2. ** I did not write this tutorial nor do I take ANY repsonsibility for your 360 exploding if you follow it ** I want to go ahead and get this up for the folks needing help with xebuild. I will be adding more information to it later. ****DISCLAIMER: This information is to be used for educational purposes only and is not to be used for software piracy or anything that may violate the Microsoft Xbox360 terms and conditions. What you need. -Xebuild v1.00.f1 (xeBuild_1.00_f1.zip) -14699.zip (these are filesystem files, NOT the systemupdate from Microsoft) -Nand Dump (either original NAND or currently working freeboot dump from nand flasher 360 or xellous) -Cpu key (from Xell/Xellous/Xell reloaded) -1blkey (Google for this) -SMC.bin (for jtag only, and only if you are using orginal nand image to build, more on this later in the guide) -360 Flash Dump Tool 0.97 (Google to find this) Step 1 Preparing vital files. First you will need a nand dump. This can be obtained in any number of ways. You can use an original nand dump, or you can use a currently working freeboot dump (taken from nand flasher 360 or xellous) Name your nand dump nanddump.bin and place it in the mydata folder included with xebuild. Next, edit the cpukey.txt file inside the mydata folder, remove the dummy key and replace it with your CPU key (if you don’t have this you can obtain it by booting xell/xellous/xell reloaded) Save the file. Next open 1blkey.txt in the root of and replace the dummy key with the 1blkey (Google to find this) and save the file. Now, extract the contents of the 14699.zip file into the 14699 folder included with xebuild (xebuild\14699) FOR JTAG ONLY: If you are using an orginal nand dump, you will need to include a prehacked smc.bin that matches your console and wiring configuration (you can find smc packs on google). If you already have a working jtag setup and you have dumped your nand you do not need to provide this, xebuild will use the one from your nand dump. Step 2 Edit Options.ini: Below is an example from the options.ini ; console type ; valid values are: xenon, zephyr, falcon, jasper, jasper256, jasper512, trinity ; ie: type=falcon; type = trinity ; put hexidecimal 1BL key here, or on command line, or in 1blkey.txt 1blkey = 1blkeygoeshere ; put hexidecimal cpu key here, or on command line, or in cpukey.txt cpukey = cpukeygoeshere ; byte 0x21f of decrypted CF (also is the count of 0xF in fuse rows 7 and 8) ; if you provide a nanddump.bin with the correct ldv value, there is no reason to fill this in ; jtag images won't care what this value is set to, but glitch and retail images require this to match CPU fuses cfldv = 2 You will need to enter the 1blkey, cpukey, and console type to the appropriate fields. If you are doing a jtag, that is all the info you need to enter, you do not need to enter cfldv for jtag. FOR GLITCH: Make sure to set your CF LDV. (cfldv = ) You can obtain this by opening your orginal nand dump in 360 flash dump tool 0.97. Look for CF LDV and use the highest number that you see on the screen, as shown in the picture below. Please note, that it may not be the same box as shown in the screenshot, that shows the highest number LDV. Again, you want the highest number you see. If for some reason you cant get LDV from 360 flash dump tool, You can also get the LDV by booting up xell reloaded and counting the total number of the letter F in fuse like 7+8. The number of F you see will be the LDV. After you have entered the cfldv, now scroll down in the options.ini and look for this. patchsmc = false Change it to: patchsmc = true (This will automatically patch the smc taken from the original nand dump for glitch only!) Save the file once you have made the proper changes. Step 3 build: Open a command prompt in the xebuild folder (You can do so easily by holding down the shift button and right clicking on the folder containing xebuild. Then choose "open command window here".) We will be using the following command to build the image. Replace the parts of the command to match your type of console. xeBuild.exe -t glitch -c trinity -d mydata -f 14699 -t = type of hack, glitch, jtag, retail (remember you have to use the proper hack for your console!) -c = type of motherboard you have (xenon, falcon, zephyr, jasper, jasper256, jasper512, trinity) -d = the folder containing our vital files we prepared in step 1. -f = the version dash/kernel you wish to build. (at the time of writing this 14699 is latest) Once you have edited the command to fit your setup, copy and paste it into your open command window and press enter. If everything worked properly, it should look like the picture below. You may get a message about fcrt.bin missing. If you do its likely because your nand image didn't contain fcrt.bin (some boards do not) Just ignore the warning and move on. **Note: xebuild will automaticly remap any bad blocks you have if you provided a nand dump. Now you can flash the image via a nand flashing device like nandx, or you can use software to flash it such as nand flasher 360 (recommended) or xellous. (To do so with xellous name the image updflash.bin and place on root of fat32 formatted usb stick, and boot xellous) DO NOT FORGET You need to obtain the official Microsoft update matching the version of dash/kernel you built (in this case 14699)You can obtain it from here: http://www.xbox.com/system-update-usb To install, extract the $systemupdate folder into the root of a fat32 formatted usb stick. (if you already have dashlaunch installed, you may have to name it $$ystemupdate) Don’t worry, it will not damage your hacked system. Also, you will need to install the latest dashlaunch version (at time of writing this it is 2.27) You can do so by running the default.xex file from a dashboard such as freestyle dash and following the on screen instructions. Install in that order. systemupdate then dashlaunch
×
×
  • Create New...