iBotModz Tutorials: jTag

How to switch a KV on your JTAG

Wed, 21 Jul 2010 16:07:07 +0000

Moving from XBR to freeBoot 0.32

Tue, 29 Jun 2010 00:12:17 +0000

First we are going to need some things.

Requirements
[list][*]CPU Key (Tutorial for obtaining)[*]1BL Key (Google it, cannot be posted legally. It starts with a D and ends with an A)[*]Hex Editor (HxD Hex Editor Download)[*]Mobo Files (mediafire link)[*]libeay32.dll (Google your computer for it, I guarantee one application has it. Then simply copy it to needed location)[*]Kernel 9199 files (ask around, or xbins /XBOX 360/development/freeBOOT/)[*]freeBOOT v0.032 (ask around, or xbins /XBOX 360/development/freeBOOT/)[*]Flash360 (download)[/list]
Steps

1. Using the CPU Key tutorial, obtain the CPU key and save it to a txt file for future use.

2. Use Flash360 on your jtagged xbox, and save a Full Nand Backup to the root of the HDD / Flash Drive

3. Obtain that file, via the flash drive or connecting your hard-drive to your computer from one of these methods.

4. Open that file in a preferred Hex Editor.

5. At the very top of the file you should see something similar to CB0=#### (see screenshot below)

6. Record that 4 digit number in the same txt folder as your CPU key.

7. Obtain via Google or elsewhere the 1BL Key.

8. Copy that key to that same txt file too.

9. Your txt file should now look similar to this.

If you have all 3 digits, then continue. Otherwise, please re-read steps 1-9.

10. Extract the freeBoot package.

11. Move the libeay32.dll from the requirements into the root of the folder (see below)

12. Copy your XBR3 Backup file from step 4, into the bin folder

13. Open up Command Prompt

14. Change Directories to this location.

Type

cd full location to files.

example

cd C:\Users\iBotPeaches\Desktop\360_Flash_Tool_v0.94\freeBOOT-0.032\freeBOOT-0.032

15. Now copy this code

ibuild x -d data\ -b 1BLKEY -p CPUKEY bin\flashdmp.bin

Quote

Replace
1BLKEY = Key from Step 7, the 1BL Key.
CPUKey = Key from Step 1, the Xbox 360 CPU Key

16. This should error out, since it is an XBR file, and not a clean file. Ignore the error and continue.

17. Navigate to the freeBOOT-0.032\data folder and delete everything but kv.bin, smc.bin and smc_config.bin

18. Extract the kernel 9199 files directly into the data folder

19. You should have a lot of files.

[img]http://i49.tinypic.com/21e5j15.png[/img]

20. Open up the downloaded mobo_files , and locate your motherboard revision (EX: xenon) and the CB0 type (step 5)

21. Traverse the file system of the mobo_files opening your mobo revision, and then CB0 type.

22. Copy the files (crl.bin, crl.bin.meta, extended.bin, extended.bin.meta, odd.bin, odd.bin.meta, secdata.bin, secdata.bin.meta) from the mobo folder into the freeBoot data folder.

23. Re-open Command Prompt.

24. If needed, redo steps 13-14 to change to the right directory

25.Type this code

ibuild.exe c freeBOOT -c CONSOLE -d data\ -p CPUKEY -b 1BLKEY bin\images.bin bin\fuses.bin

Quote

Replace

CONSOLE = falcon, xenon, jasper, jasper256 or jasper512
CPUKEY = CPU Key from step 1
1BLKey = 1BL Key from step 7

26. Hit enter and the process should complete without errors. If it does error, restart my tutorial right now.

27. There is now an image.bin file in the bin folder that happens to be the same size as your XBR dump.

28. Rename image.bin to updflash.bin and re-transfer back to your flash drive or HDD (Do the reverse of step 3)

29. Boot your jtagged 360 and boot Flash360.xex

30. Click A, B, A and that will re-flash that image to your xbox.

31. If anything errors, restart my tutorial again.

32. If all succeeded the xbox 360 should restart.

33. Upon restarting it will act like a new xbox asking for your language. You got it

34. Verify in the settings menu that your current dash is 2.0.9199.0

Obtaining CPU Key

Mon, 28 Jun 2010 23:39:08 +0000

Xellous is what you need to boot to grab your keys. However, it can only be booted by holding down the eject button.

You then will be greeted by a blue/black screen with digits flying.

You must take a picture of the digits when they appear, as its impossible to memorize that fast

Picture above shows an example xell shot that you would want to take.

Next you'll want to take number 3 & 5, or 4 &6. These combinations of numbers make up your CPU key.

So for example.
Lets take 3 and 5 (fake numbers)
3= xxxxxxxxxxxxxxxxxxxxx
5= yyyyyyyyyyyyyyyyyyyyy

Which makes our CPU Key xxxxxxxxxxxxxxxxxxxxxyyyyyyyyyyyyyyyyyyyyy

JTAG Hack an Xbox 360

Mon, 04 Jan 2010 20:35:29 +0000

This tutorial will be made as I make it. I'm currently performing the JTAG hack on my own xbox and will post tutorial results as I complete them.

Part 1: "Gathering your materials"
Written by iBotPeaches

First off, we will be making a "clean" nand dump connection. This means you will be able to remove the cable without de-soldering. Thus, you won't have cables anywhere. This tutorial also assumes you know how to take apart your xbox 360. This is the tutorial I used for taking apart my xbox.

Requirements:
(Most of these items can be picked up at a local RadioShack.)

[list][*]A computer with a LPT Port, and 32 bit OS (Figure 01)[*]Xbox 360 with older dash then 8495 (Figure 03)[*]Xbox Hard Drive[*]DB25 25-way male plug (RadioShack Link) (Figure 02)[*]D-Sub hood 25-way (RadioShack Link) (Figure 02)[*]Standard RJ45 / CAT5 Cable (If you require one, buy a cheap one)[*]2-6 100ohm resistors ( RadioShack Link)[*]Soldering Iron (RadioShack Link)

Computer Based Applications[*]Total Commander (File Compare Program)[*]360 Flash Tool (Program)[*]NAND Compare (Compare NANDs)[*]NAND Pro (It only worked on 32bit XP for me.)[*]Degraded (Used for testing nand dump for bad blocks)[/list]
This apps can be downloaded from our jtag section

Not required, but helpful items.
[list][*]Flux (Make clean solder points)[*]Multimeter (Check your points, and double check to prevent problems)[*]Electrical Tape (Tape down your cables to prevent snagging)[*]Low Soldering Iron (You need one, just a low watt one)[/list]

Key Points
[list][*]You can use a variety of switching diodes such as BAT41, N4148 or PH4148.[*]The resistors are not needed on some setups, it just protects your xbox and prevents silly errors[*]Please please be careful when soldering, and use a low watt iron. Something too strong will lift traces and make a horrible experience.[*]Most errors are caused by a long cable, so try and make all connections involved in your NAND dump as short as possible.[/list]

Images:
(Figure 01)
[img]http://ibotmodz.net/img/Parallel_t.jpg[/img]

(Figure 02)
[img]http://ibotmodz.net/img/jtag%20007.JPG[/img]

(Figure 03)
[img]http://ibotmodz.net/img/xbrtut1.jpg[/img]

Part 2: "Checking if your console can be modded."

This will be a short segment to double check if your console is moddable. Meaning it hasn't been auto-updated to a newer dash that prevents rebooting. However, even if your console passes these test you will encounter another check after your NAND dump that will be the final decider if you can mod or not.

Step 1) Turn your console around, and locate the barcode.

2) Above the bar code is a field called "MFR Date" in the format of YYYY-MM-DD.

3) Hope that the number is earlier than January 9, 2008

4) Turn on your xbox, pre-nxe or not the way to get to settings are quite similar

5) Under system settings and look in the top right corner. There will be a number, It will be in the format 0.0.0000.0

6) The set of numbers in a group of 4, will be the numbers to write down. They will range from 1888 (First xbox) to 8955 (Most updated)

7) If you plan to use XBReboot, the limit is 7371. Past that, and you can no longer mod.

Refer to this site: Xbox 360 Kernels for learning more about the various kernels.

Part 3: "Lets open the box, and find out the mobo type"

Once your box is opened up, there are 5 motherboard revisions (soon to be 6) that we must check to identify what version you are. Instead of me trying to explain it all, go here and figure out what console motherboard revision you have. All you do is compare the pictures with your opened box. If you haven't taken off the heatsinks (not required) then look in the top right corner to compare.

As of now, the jtagging wiring has 2 schematics. I will be making my own for the Xenon board, and be providing other users diagrams for the other board types. These diagrams will be released in due time, once I have a High Def camera to borrow.

One for Xenon boards, and one for the group of Opus, Falcon, Zephyr, and Jasper