Lunaaar 0 Posted January 12, 2019 Glitch/Nand Reader Product(s) used: J-R Programmer v2 , cr4xlConsole Type: zephyrNAND size: 16Dashboard version: e.g 2.0.12625/2.0.CB version: 4578Was the console working before you started: YDescription of problem:was doing r-jtag on my zephyr just to try if i could get it to work. But now i think i messed up.I did nand backup before i started r-jtag. was trying to get it to boot but remembered that i probbably should update to latest dash, and flashed nand with my backup and updated dash then wired r-jtag up again and wrote xell to the box and tried to get it to boot again after a while i remembered that forgot to do a backup of the nand after the dash update. Then i thought no problem just to flash my backup again and update dash again...then do a new backup... Now the box wont boot with retail nand backup. i get rrod "Bridged solder joint/Short GPU-> (H)ANA" and im 100% sure nothing is bridged.I think the problem is that i wrote the old dash nand to the box that had the latest dash update. Am i thinking right?can i update dash on my nand backup bin file or maybe extract files from the backup file and use the important files needed to create a new updated nand file with latest dash update.can i still boot in to xell with my old dash backup? if i get r-jtag to work and if not i try rgh. what are my options now? Quote Share this post Link to post Share on other sites
gavin_darkglider 1562 Posted January 12, 2019 If you started on a dash more than 15574, all you should need to do to fix the problem is to add 1 to the ldv, and then write the new image. This shouldnt require the cpu key, and j-runner has an option for that in one of the menus. So, currently, it is reporting an ldv of 8, change that to 9, and assuming you didnt update the CB version with your update, then you should be good. If you did update the CB version, the only way to fix the console is to glitch it into xell, get the CPU_KEY, and then using your backup image, create a new retail image of the latest dash, and change the ldv to 9. Simple enough..... Then again, Zephyrs are notorious for RROD even if you arent trying to mod them. I would say that 2/3rd of all zephyrs I have attempted to mod have either died in the process of glitching them, or shortly after. I use those and xenon boxes as door stops. lol. Quote Share this post Link to post Share on other sites
Lunaaar 0 Posted January 12, 2019 did the backup before i started when the box was on 12625... then the box was updated to 17526. dont know if CB was updated, i did not do it. Can cb udate when doing an dash update from msoft? I will try with the ldv. But i should be able to get in to xell even if the backup is on wrong version and IF im able change ldv and get a working R-Jtag or rgh? yes zephyrs arent the top of the line.... 🙄 hopefully this have not been abused that much, it has "only" been used ca 50-100 hours since new😉 Quote Share this post Link to post Share on other sites
Lunaaar 0 Posted January 12, 2019 when trying to change ldv in jrunner i cant see any change anywhere. under advanced there are "change ldv" then a window pops up where i enter new value and the advanced button is greyed out, when i push ok i cant see any change in jrunner. am i missing something? Quote Share this post Link to post Share on other sites
felida 1653 Posted January 12, 2019 12 minutes ago, Lunaaar said: when trying to change ldv in jrunner i cant see any change anywhere. under advanced there are "change ldv" then a window pops up where i enter new value and the advanced button is greyed out, when i push ok i cant see any change in jrunner. am i missing something? Jrunner should create an edited nand.bin, with the new ldv iirc Quote Share this post Link to post Share on other sites
Lunaaar 0 Posted January 12, 2019 nope, nothing in output folder after changed value and press ok... Quote Share this post Link to post Share on other sites
felida 1653 Posted January 12, 2019 26 minutes ago, Lunaaar said: nope, nothing in output folder after changed value and press ok... ahh ok.. so here is the solution: once you press OK with new LDV, you have to press "create XeBUild image" and new one will be done with new LDV Quote Share this post Link to post Share on other sites
Lunaaar 0 Posted January 12, 2019 thanks... but cpu key is needed xebuild image. Quote Share this post Link to post Share on other sites
gavin_darkglider 1562 Posted January 12, 2019 Check the nand info, and see if it updates, when you change the ldv value. there are 2 ldv values, one says 8 one says 9 in the picture above. Put any number in for an ldv, and see if that number appears in the nand info screen. You shouldnt need to build a new image, as this is in the non encrypted boot information on the chip. You just have to get the value right, which should be 1 more than it was previously. Quote Share this post Link to post Share on other sites
Lunaaar 0 Posted January 12, 2019 no change anywhere. Tried to flash anyway but still rrod retail. will i be able to get in to xell anyway? if i get r-jtag or rgh to work. Log: Initializing nanddump2.bin.. Zephyr Glitch Selected Nand Initialization Finished Retail Selected (here i tried to change ldv) Version: 10 Flash Config: 0x01198010 Writing Nand nanddump2.bin Quote Share this post Link to post Share on other sites
gavin_darkglider 1562 Posted January 14, 2019 Yes, you should be able to get into xell. Once you do, you can get the proper LDV, and CB version from the fuses. There are some nice guides on rebuilding nand images when you have lost everything, which you havnt, since you still have the KV. Quote Share this post Link to post Share on other sites
Lunaaar 0 Posted January 16, 2019 Have tried build a new nand on the latest dash 17526 same as the box, with the "lost everything guide" and changed ldv 9 and ldv 10 but get basically the same post out on both RGH and R-JTAG. Read something about split cb "after the 14717 update they turned all phats to split cb boot chain" Could it be that on post 25 its trying to find cb-b but can only find cb-a and it and can not continue further? I have tried every dip and jumper setting and it never gets past post 28 on rgh and post 25 on r-jtag. checked solder connections many times tried both diode and transistor aud clamp. Using shielded rst cable. RGH2 post Post 01 Post 0F Post 1B - RC4_DECRYPT Post 1D - SIG_VERIFY Post 1E - BRANCH Post 1F Post 20 - CB entry point reached Post 21 - INIT_SECOTP Post 22 - INIT_SECENG Post 23 - INIT_SYSRAM Post 24 - VERIFY_OFFSET_3BL_CC Post 25 - LOCATE_3BL_CC Post 26 - FETCH_HEADER_3BL_CC Post 27 - VERIFY_HEADER_3BL_CC Post 28 - FETCH_CONTENTS_3BL_CC Post 01 Post 04 Post 05 Post 06 Post 07 Post 08 R-JTAG post Post 0B Post 0C Post 0D Post 01 Post 15 - FETCH_OFFSET Post 16 - FETCH_HEADER Post 1A - RC4_INITIALIZE Post 1B - RC4_DECRYPT Post 1C - SHA_COMPUTE Post 1D - SIG_VERIFY Post 1E - BRANCH Post 1F Post 20 - CB entry point reached Post 21 - INIT_SECOTP Post 22 - INIT_SECENG Post 23 - INIT_SYSRAM Post 24 - VERIFY_OFFSET_3BL_CC Post 25 - LOCATE_3BL_CC Post 01 Post 05 Post 06 Post 08 Post 09 Quote Share this post Link to post Share on other sites
Lunaaar 0 Posted January 16, 2019 could it work if i get a cb 4578 nand dump that is on the 17526 dash? does it matter if i use a cb 4570 nand dump or it must be cb 4578? Quote Share this post Link to post Share on other sites
felida 1653 Posted January 16, 2019 3 hours ago, Lunaaar said: could it work if i get a cb 4578 nand dump that is on the 17526 dash? does it matter if i use a cb 4570 nand dump or it must be cb 4578? Your cb was split when you updated the kernel. It is automatically done when you update via retail. None of this should matter when getting into xell tho. The Ecc has nothing to do with the kernel. So if you're not getting into xell, start there.. I'd start over from scratch and get xell to boot. Then once you got xell, build your nand image with proper ldv and cpukey Quote Share this post Link to post Share on other sites
gavin_darkglider 1562 Posted January 16, 2019 All R-JTAG images use a JTAGable SMC image, that is patched. R-JTAG is no different in that sense. As long as it is wired correctly, and you have the dips and jumpers set properly, it should boot, assuming your wiring is correct, which is impossible to tell, since we have no pictures of the work done to the board. Quote Share this post Link to post Share on other sites
Lunaaar 0 Posted January 17, 2019 sry about pics.. but here are some. measured both jtag connections to at 1.5kohm. Read somwhere that it should be 1.5kohm. Post in jrunner never get past "Post 25 - LOCATE_3BL_CC" Pad gone on point M on the cr4 because first i solderd the hard shielded cable direct to board which was not a god idea..but traced it back to chip and replaced with wire direct on chip🙄 here i replaced the resistor at R8C2 with a bridge and soldered CPU_RST at JBC1 point 2. and ripped pad because was taking the kapton tape of that i used to secure the cable that goes from hana chip to point B on the cr4. Relaced trace with cable and i have measured continuity and tested to play a game when i updated the box to latest dash so it shuldnt be a problem. Quote Share this post Link to post Share on other sites
felida 1653 Posted January 18, 2019 That cap in the first pic.. lolol Quote Share this post Link to post Share on other sites
gavin_darkglider 1562 Posted January 19, 2019 First, use standard blue wire, shielded wire can help, but can also cause issues. Also, for CPU_RST, I have had better luck with the pad on the bottom of the board. it is a decent size pad, and it doesnt modify the signal with a resistor. You could always bridge the resisitor pads, but the bottom is easier. Soldering could be much better as well. I can honestly say I am not surprised it doesnt boot. Quote Share this post Link to post Share on other sites