Jump to content
RealModScene
Anonymous

[JTAG/RGH] How to build a new NAND when you lost everything

Recommended Posts

Have a problem with 4g toshipa nana cb 13121 and cb b 13182 winbond2k i used donor nand but the xbox stuck on boot . It just frezze . Boot xell with no problem ...i need help please?

http://www.se7ensins.com/forums/threads/xbox-360-smc-power-mode-editing-fixes-falcon-freezing-on-rgh2.1166312/

 

This should work on a corona also.

Share this post


Link to post
Share on other sites

hey guys been awhile,, ok looks like Jrunner is pouched ,, I have a Xenon jtag I got from a customer that has many,, I mean many bad blocks to the point that I have to rebuild a brand new nand,, I have the cpu keys and looks like the dvd keys from xebuild,, can this program build a nand also??

Share this post


Link to post
Share on other sites
On 3/26/2014 at 7:41 AM, Anonymous said:

This tutorial is only for those of you who; lost all of their original and hack nand dumps + erased/corrupted the nand/flash the wrong image to the nand.

If you find yourself in this situation then this tutorial will walk you step by step to make your console boot hack dash again.

Take note that you won't be able to restore your console to retail ever again and you will be unable to use your dvd drive until you extract the key off of it.

Things you will need;

usb spi nand programmer(nand-x, jr-programmer, any will do(eMMC R/W kit for corona 4gb)

J-Runner the ultimate JTAG/RGH app DOWNLOAD

Extracted nand files that match you motherboard model (download below)

Step 1; Recovery of cpu key and LDV's

Download one of the clean extracted donor nand files according to your motherboard model and extract the containing folder to the location of your choice;

Don't use these files to unban your console, first you don't have the original cpu key and second they are all from ban consoles. You have been warned!

corona 4gb.rar

corona 16mb.rar

falcon opus.rar

jasper bb.rar

jasper sb.rar

trinity.rar

trinitynofcrt.rar

xenon.rar

zephyr.rar

Next you need to solder/plug in your nand programmer wires onto the motherboard

Open J-Runner app an click on "show working folder" button located at the bottom right

post-16724-0-48682000-1395833423_thumb.jpg

Open the folder name "data" located inside /J-Runner/xeBuild/ folders

Open your extracted nand files folder and copy and paste KV.bin, SMC.bin, smc_config.bin and fcrt.bin(if required) to data folder. It should look like this.

post-16724-0-65248000-1395833480_thumb.jpg

In J-Runner, copy and paste this cpu key F37C0CD50B928F4E67614ACD548A4E49 in the cpu key section.

Choose dashboard version according your hack type (for JTAG choose 7371 - for phat rgh1 choose 14699 - for R-JTAG choose 15574 - for phat RGH2 choose 14719 - for slim choose anything above 14719)

Select your motherboard nand type.

Select retail as your image type.

It should look like this.

post-16724-0-90877100-1395833526_thumb.jpg

In J-Runner under the Advanced tab click on Create an image without nanddump.bin

post-16724-0-16046200-1395833576_thumb.jpg

Then you will be ask to enter LDV just enter any number between 1 and 80 and click ok.

post-16724-0-00976100-1395833615_thumb.jpg

At this point the dummy image should be successfully created and automatically loaded in the "Load Source" section.

Now with your nand programmer properly connected to both you pc and motherboard click on "Write Nand".

Wait until J-Runner is finish writing the nand and select your "hack type" then click on "Create ECC" for rgh machine or "Create Xell-Reloaded" for JTAG/R-JTAG machine.

Now click on "Write ECC" or "Write Xell-Reloaded" depending on your hack type.

post-16724-0-32222600-1395833662_thumb.jpg

post-16724-0-28060600-1395833683_thumb.jpg

You are now ready to boot xell and recover your cpu key.

Power on your console and wait for xell to boot.

Once xell as booted write down your cpu key, fuseset 02 and fuseset 07

post-16724-0-41889900-1395833724_thumb.jpg

Understanding and calculating LDV's

Calculating CF/CG ldv is fairly simple. Just count the number of "F" in fuseset 07 to fuseset 11. So in the example above we have a cf/cg lock down value of 2.

Calculating CB LDV can be a little bit more trickier. You have to take the right-most "F" and calculate how many character it is from the left. In the example above the right-most "F" is 5 characters from the left so we have a cb lock down value of 5.

Understanding CB LDV; Quote from Martin C @ TX

Quote

This value is NOT updated every dashboard version and is not directly reflected in any apps. However, the value can be translated to a CB/dashboard version. You cannot 'edit' your image to use a different CB for a retail NAND. It MUST match the entry as found in XeLL, otherwise it'll fail to boot.

The example above is from a Jasper with a cb ldv cseq of 5 and by looking at the chart below we can determine that dashboard 7371 would be the highest version acceptable for this particular console.

post-16724-0-94820500-1395833852_thumb.jpg

Step 2; Building the fake OG nand image

Now back in J-Runner, enter your cpu key in the cpu key section.

Select your dashboard according to your CB LDV cseq

Select Retail as Image type.

Select Motherboard nand type.

Click on the "Advanced" tab and on "create an image without nanddump.bin"

post-16724-0-56410500-1395833891_thumb.jpg

You will be ask for LDV, this is the cf/cg LDV so you enter what you have in fuseset 07 and click "ok"

post-16724-0-38463900-1395833936_thumb.jpg

You have now created a fake original nand image. Even though you won't be able to boot your console with this image it would still be a good idea to keep it somewhere safe.

With your new image loaded in the "Load Source" section and your cpu key in the "Cpu Key" section click on the "kv info" tab. You will noticed that the info in there are obviously not from your console. So now would be a good time, for those who can, to extract your dvd drive key and patch the key vault with the appropriate dvd key.

Click on the "XB Settings" tab, click on "Advanced XeBuild Options", paste your dvd key in the "dvdkey" section, click "OK" then click the "Use Edited Options" check box.

post-16724-0-44151900-1395834004_thumb.jpg

For DG16D5S and DLN10N owners; the easiest and cheapest way to make your dvd drive functional would be to install a TX LTU 2 pcb.

Final Part; Building/writing your hack image

Back in J-Runner, with your new fake original nand image loaded in the "Load Source" section and cpu key in the "Cpu Key" section select hack image type(Jtag - rgh - rgh2 - r-jtag), select your desired dashboard(should be the latest which is 16537 at the moment of write), select motherboard nand type. You can also edit dashlaunch and xeBuild options at this point.

Click on create xeBuild image. You will see 3 or 4 warning messages poping up which will ask you if you want to delete kv.bin, smc.bin, fcrt.bin and smc_config.bin. Click yes on all of them.

post-16724-0-16106300-1395834054_thumb.jpg

With your nand programmer properly connected to both your console and pc click on "Write Nand"

​

Boot your console and have fun.

I need your help, someone? I already have the CPU Key and fuses so I do not know where to start. For the  "Building the fake OG nand image" step, what nand do I put in for the source? The one I read that was read from the console or the dummy nand that you provided? 

 

Share this post


Link to post
Share on other sites

Two questions. if you have the fuses, does xell report the DVD_KEY? if so, and you want to create a retail image from the nand on the console, which I am assuming is either RGH/JTAG, or ECC image. If this is the case, first you will want to load up the file you dumped off of the nand, and dump the files from it. You will then need the kv_dec.bin renamed to KV.bin, the FCRT.bin(if your console has this), and the clean SMC for your console(Should be provided above). Put these files in the xebuild folder. Now, load up the image that is included, and create xebuild image for the console. Dont forget to set LDV to fuses, and build for a retail image that uses the CB that the CPU is expecting. Assuming the KV is the original, and not banned, the console should boot, and play on live. if the KV is not original, you will never get it to be a retail console again, and if it is banned, it wont play on live again.

Share this post


Link to post
Share on other sites

I can't get my xbox 360 corona 16mb (postfix adapter needed) to boot into xell. 

I messed up the nand and thought this TUT would help. 

So I did everything up until building the fake nand and then flashing ECC, went smooth

Then installed the ace v3 chip, like weekendmodder does into a corona 16mb (you can look it up on youtube) 

Maybe my chip installation is wrong? I don't understand why it's not booting, soldering is clean and neat.

 

Share this post


Link to post
Share on other sites

Glitching consoles can be iffy. Are you using a postfix adapter? If not, that could be the problem. If not, then the green light should be blinking. If that is the case, 3 things come to mind. 1. your glitch timing is off, possible if using the glitch timing pre programmed by ace. If that is the case, I suggest S-RGH timing files. They are about as good as a cr4 as far as boot time goes. 2. there is a bad block on your nand in the ecc area, which is preventing it from booting. 3. you damaged the xbox on the install.

Share this post


Link to post
Share on other sites
34 minutes ago, cregister said:

Hi, can anyone fix the links to the donor nand file please. I would be extremely grateful. thanks

They work just fine.. they arent links, they are attached/hosted on this site..

Share this post


Link to post
Share on other sites

Hi. Ive managed to write my ecc and can get my corona 16mb v5 to boot to xell straight away so got my cpu and dvd keys and fuse keys.

however i had to reboot my laptop after writing ecc and rescanned nand so only have my hacked nand now.

i like to create an xebuild with the latest dashboard 17426 (i already manually updated j runner) but it comes up with errors which im guessing is because of the hacked nand. What do i do now please to finish the rgh? Thanks

Share this post


Link to post
Share on other sites

Thanks for this tutorial. Lots of great info. So the situation I’m in is a little unique. I’m doing a j-tag falcon. I successfully got it to load xell, but was unable to create an xebuild image due to missing ini’s in jrunner. So I left it for a couple days. When I came back, I found my computer had crashed and I had to do a clean install of windows. So I lost my original nandump file. Is the original nandump required to create an xebuild image? Any help would be greatly appreciated. 

Share this post


Link to post
Share on other sites
1 hour ago, Dubs21 said:

Thanks for this tutorial. Lots of great info. So the situation I’m in is a little unique. I’m doing a j-tag falcon. I successfully got it to load xell, but was unable to create an xebuild image due to missing ini’s in jrunner. So I left it for a couple days. When I came back, I found my computer had crashed and I had to do a clean install of windows. So I lost my original nandump file. Is the original nandump required to create an xebuild image? Any help would be greatly appreciated. 

No.. As you can pull your nand off your console.. The missing inis are easy to find.. Unless you are trying to build a dash for something that isnt supported

Share this post


Link to post
Share on other sites

So do I just read the hacked nand and create an xebuild image from that? I’m really new to this whole thing. I successfully rgh 1.2 a trinity. Then I came across this falcon with a dash that was old enough to jtag. My biggest problem is not having the background knowledge to know how to work around problems. And many links for files and programs are 15 years old so tracking down stuff can be a challenge. Thanks for the help! I’m stoked to find a place where people are still active. 

Share this post


Link to post
Share on other sites
4 hours ago, Dubs21 said:

So do I just read the hacked nand and create an xebuild image from that? I’m really new to this whole thing. I successfully rgh 1.2 a trinity. Then I came across this falcon with a dash that was old enough to jtag. My biggest problem is not having the background knowledge to know how to work around problems. And many links for files and programs are 15 years old so tracking down stuff can be a challenge. Thanks for the help! I’m stoked to find a place where people are still active. 

well.. yeah.. this guide is more for when you do not have a booting console at all.. but since your jtag runs...

 

do this:

 

dump your nand with 

https://www.realmodscene.com/index.php?/topic/3962-simple-360-nand-flasher-14b/

 

then just use this jrunner to create your updated nand, then flash it back with simple nand flasher

https://www.realmodscene.com/index.php?/topic/3962-simple-360-nand-flasher-14b/

 

 

edit:

make sure you tick the jtag option when building your nand

Share this post


Link to post
Share on other sites

Awesome! Thank you!

I haven’t had a chance to work on it yet. Just out of curiosity, is there any reason I shouldn’t use jrunner to dump the nand? Only asking because it’s still hooked up to my jrprogrammer and I am more familiar with dumping the nand that way. But if the way you suggested is better, I have no problem learning something new. Thanks again!

Share this post


Link to post
Share on other sites
52 minutes ago, Dubs21 said:

Awesome! Thank you!

I haven’t had a chance to work on it yet. Just out of curiosity, is there any reason I shouldn’t use jrunner to dump the nand? Only asking because it’s still hooked up to my jrprogrammer and I am more familiar with dumping the nand that way. But if the way you suggested is better, I have no problem learning something new. Thanks again!

You can use jrunner to dump the nand.. 

 

You can use any way to dump the nand. Lol.. If your console boots.. You can use swizzys simple nand flasher to dump it without hardware.. 

Share this post


Link to post
Share on other sites

I thought I had already replied but apparently not. I dumped the nand, but then realized I dont have the xebuild files for dash 7357. I spent a couple days looking but havent found anything yet. Do you know where I can find the files? I will continue my search either way. Thanks!

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...