Jump to content
RealModScene
Lunaaar

Nand dash version issue r-jtag

Recommended Posts

Glitch/Nand Reader Product(s) used: J-R Programmer v2 , cr4xl
Console Type: zephyr
NAND size: 16
Dashboard version: e.g 2.0.12625/2.0.
CB version: 4578
Was the console working before you started: Y
Description of problem:
was doing r-jtag on my zephyr just to try if i could get it to work. But now i think i messed up.

I did nand backup before i started r-jtag. was trying to get it to boot but remembered that i probbably should update to latest dash, and flashed nand with my backup and updated dash then wired r-jtag up again and wrote xell to the box and tried to get it to boot again after a while i remembered that forgot to do a backup of the nand after the dash update. Then i thought no problem just to flash my backup again and update dash again...then do a new backup... upload_2019-1-12_12-2-10. 

Now the box wont boot with retail nand backup. i get rrod "Bridged solder joint/Short GPU-> (H)ANA" and im 100% sure nothing is bridged.
I think the problem is that i wrote the old dash nand to the box that had the latest dash update. Am i thinking right?

can i update dash on my nand backup bin file or maybe extract files from the backup file and use the important files needed to create a new updated nand file with latest dash update.
can i still boot in to xell with my old dash backup? if i get r-jtag to work and if not i try rgh.

what are my options now?
 

 

jrunner.jpg

Share this post


Link to post
Share on other sites

If you started on a dash more than 15574, all you should need to do to fix the problem is to add 1 to the ldv, and then write the new image. This shouldnt require the cpu key, and j-runner has an option for that in one of the menus. So, currently, it is reporting an ldv of 8, change that to 9, and assuming you didnt update the CB version with your update, then you should be good. If you did update the CB version, the only way to fix the console is to glitch it into xell, get the CPU_KEY, and then using your backup image, create a new retail image of the latest dash, and change the ldv to 9. Simple enough..... Then again, Zephyrs are notorious for RROD even if you arent trying to mod them. I would say that 2/3rd of all zephyrs I have attempted to mod have either died in the process of glitching them, or shortly after. I use those and xenon boxes as door stops. lol.

 

Share this post


Link to post
Share on other sites

did the backup before i started when the box was on 12625... then the box was updated to 17526. dont know if CB was updated, i did not do it. Can cb udate when doing an dash update from msoft?

I will try with the ldv.

But i should be able to get in to xell even if the backup is on wrong version and  IF im able change ldv and get a working R-Jtag or rgh?

yes zephyrs arent the top of the line.... 🙄 hopefully this have not been abused that much, it has "only" been used ca 50-100 hours since new😉 

Share this post


Link to post
Share on other sites

when trying to change ldv in jrunner i cant see any change anywhere. under advanced there are "change ldv" then a window pops up where i enter new value and the advanced button is greyed out, when i push ok i cant see any change in jrunner. am i missing something?

Share this post


Link to post
Share on other sites
12 minutes ago, Lunaaar said:

when trying to change ldv in jrunner i cant see any change anywhere. under advanced there are "change ldv" then a window pops up where i enter new value and the advanced button is greyed out, when i push ok i cant see any change in jrunner. am i missing something?

Jrunner should create an edited nand.bin, with the new ldv iirc

Share this post


Link to post
Share on other sites
26 minutes ago, Lunaaar said:

nope, nothing in output folder after changed value and press ok...

ahh ok..

 

so here is the solution:

once you press OK with new LDV, you have to press "create XeBUild image" and new one will be done with new LDV

Share this post


Link to post
Share on other sites

Check the nand info, and see if it updates, when you change the ldv value. there are 2 ldv values, one says 8 one says 9 in the picture above. Put any number in for an ldv, and see if that number appears in the nand info screen. You shouldnt need to build a new image, as this is in the non encrypted boot information on the chip. You just have to get the value right, which should be 1 more than it was previously.

Share this post


Link to post
Share on other sites

no change anywhere. Tried to flash anyway but still rrod retail.

will i be able to get in to xell anyway? if i get r-jtag or rgh to work. 

Log:

Initializing nanddump2.bin..
Zephyr
Glitch Selected
Nand Initialization Finished
Retail Selected

(here i tried to change ldv)

Version: 10
Flash Config: 0x01198010
Writing Nand
nanddump2.bin
 

Share this post


Link to post
Share on other sites

Yes, you should be able to get into xell. Once you do, you can get the proper LDV, and CB version from the fuses. There are some nice guides on rebuilding nand images when you have lost everything, which you havnt, since you still have the KV.

Share this post


Link to post
Share on other sites

Have tried build a new nand on the latest dash 17526 same as the box, with the "lost everything guide" and changed ldv 9 and ldv 10 but get basically the same post out on both RGH and R-JTAG. Read something about split cb "after the 14717 update they turned all phats to split cb boot chain"

Could it be that on post 25 its trying to find cb-b but can only find cb-a and it and can not continue further?

I have tried every dip and jumper setting and it never gets past post 28 on rgh and post 25 on r-jtag. checked solder connections many times tried both diode and transistor aud clamp. Using shielded rst cable.

 

RGH2  post                                                                 

Post 01
Post 0F
Post 1B - RC4_DECRYPT
Post 1D - SIG_VERIFY
Post 1E - BRANCH
Post 1F
Post 20 - CB entry point reached
Post 21 - INIT_SECOTP
Post 22 - INIT_SECENG
Post 23 - INIT_SYSRAM
Post 24 - VERIFY_OFFSET_3BL_CC
Post 25 - LOCATE_3BL_CC
Post 26 - FETCH_HEADER_3BL_CC
Post 27 - VERIFY_HEADER_3BL_CC
Post 28 - FETCH_CONTENTS_3BL_CC
Post 01
Post 04
Post 05
Post 06
Post 07
Post 08

 

R-JTAG post

Post 0B
Post 0C
Post 0D
Post 01
Post 15 - FETCH_OFFSET
Post 16 - FETCH_HEADER
Post 1A - RC4_INITIALIZE
Post 1B - RC4_DECRYPT
Post 1C - SHA_COMPUTE
Post 1D - SIG_VERIFY
Post 1E - BRANCH
Post 1F
Post 20 - CB entry point reached
Post 21 - INIT_SECOTP
Post 22 - INIT_SECENG
Post 23 - INIT_SYSRAM
Post 24 - VERIFY_OFFSET_3BL_CC
Post 25 - LOCATE_3BL_CC
Post 01
Post 05
Post 06
Post 08
Post 09

Share this post


Link to post
Share on other sites

could it work if i get a cb 4578 nand dump that is on the 17526 dash?

does it matter if i use a cb 4570 nand dump or it must be cb 4578?

Share this post


Link to post
Share on other sites
3 hours ago, Lunaaar said:

could it work if i get a cb 4578 nand dump that is on the 17526 dash?

does it matter if i use a cb 4570 nand dump or it must be cb 4578?

Your cb was split when you updated the kernel. It is automatically done when you update via retail. 

None of this should matter when getting into xell tho. The Ecc has nothing to do with the kernel. So if you're not getting into xell, start there.. I'd start over from scratch and get xell to boot. Then once you got xell, build your nand image with proper ldv and cpukey

Share this post


Link to post
Share on other sites

All R-JTAG images use a JTAGable SMC image, that is patched. R-JTAG is no different in that sense. As long as it is wired correctly, and you have the dips and jumpers set properly, it should boot, assuming your wiring is correct, which is impossible to tell, since we have no pictures of the work done to the board.  

Share this post


Link to post
Share on other sites

sry about pics.. but here are some. 

measured both jtag connections to at 1.5kohm. Read somwhere that it should be 1.5kohm.

Post in jrunner never get past "Post 25 - LOCATE_3BL_CC"

Pad gone on point M on the cr4 because first i solderd the hard shielded cable direct to board which was not a god idea..but traced it back to chip and replaced with wire direct on chip🙄

IMG_20190117_232810.thumb.jpg.2c63a2a1b7961855e08564dcf0c525dc.jpg

here i replaced the resistor at R8C2 with a bridge and soldered CPU_RST at JBC1 point 2.

IMG_20190117_230624.thumb.jpg.009c71466423d1ff1ae7ff1846fa388b.jpg

and ripped pad because was taking the kapton tape of  that i used to secure the cable that goes from hana chip to point B on the cr4. Relaced trace with cable and i have measured continuity and tested to play a game when i updated the box to latest dash so it shuldnt be a problem.  

IMG_20190117_230912.thumb.jpg.4a94f9655a404d927517bf64d0cc8ae8.jpgIMG_20190117_233158.thumb.jpg.1966e73ee90863d1ce0b683515f1cab2.jpgIMG_20190117_233542.thumb.jpg.ade42a44263c1595c19da418e3c94548.jpgIMG_20190117_231644.thumb.jpg.c1ee90dc9bdf0370e6877019eb1d9c78.jpgIMG_20190117_231734.thumb.jpg.864553eaaf11156aefad27b945dc9661.jpgIMG_20190117_232133.thumb.jpg.61c6b420633d155e65a062fb07f72a38.jpgIMG_20190117_232943.thumb.jpg.dfff8a3f816d6560b9a3514031b2f684.jpgIMG_20190117_233108.thumb.jpg.2d44df761e90d556cad0782ac34c14db.jpg

Share this post


Link to post
Share on other sites

First, use standard blue wire, shielded wire can help, but can also cause issues. Also, for CPU_RST, I have had better luck with the pad on the bottom of the board. it is a decent size pad, and it doesnt modify the signal with a resistor. You could always bridge the resisitor pads, but the bottom is easier. Soldering could be much better as well. I can honestly say I am not surprised it doesnt boot.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...