|
|
|
How to Install XBReboot
|
|
AfterDawn Addict
|
16. January 2010 @ 15:43 |
Link to this message
|
THIS GUIDE WAS NOT WRITTEN BY ME SO I TAKE NO CREDIT FOR IT
Thanks to supremecippy
JTAG/freeBOOT/XBReboot FAQ http://forums.afterdawn.com/t.cfm/f-152/...oot_faq-829623/
** NOTE : There is still no XBR_hack for jasper 256 and 512 yet.
The very first thing you need to check, is your xbox kernel. At the time of writing, the most recent kernel is : 2.0.8955.0
* Turn on your xbox and go to console settings.
* Go to system info, the kernel version is on top right.
As of 5/12/09 (December 5th 2009) If you have kernel 2.0.8495.0 or HIGHER, YOU CANNOT INSTALL XBReboot.
If you have kernel 2.0.7371.0 or lower, there is one more check to do, which requires you to read the nand chip with a homemade lpt nand reader.
** There is no other 100% way of knowing your CB version without reading the nand.
---------------------------------------------------------------------------
Follow this thread to build a cable, Simple Db-25/cat5 Lpt Nand Dump/flash Cable Tut
the plan here is to create one neat and tidy cable that can be used to dump and flash your 360's NAND simply by plugging into a specially created Ethernet port. The benefits of this being the cable can be used on multiple 360's without constant resoldering or messy wires hanging out your box.
What you'll need
RJ45 Ethernet Network LAN Cable Extension Adapter - I bought mine on eBay at £3 for 10
Cat5 patch cable
D-Sub hood 25-way - I bought mine in Maplin for about £1.60 part #FP29G
DB25 25-way male plug - I bought mine in Maplin for about £1.50 part #YQ48C
Other things you'll need are 5x100 ohm resistors and possibly some zip ties for securing your wiring.
The idea here is pretty simple. All you're going to do is match the colours marked on the Xbox motherboard with the db25 plug. But instead of going straight from one to the other you're going to have an Ethernet cable extender in the middle. This will allow you to unplug/connect you're 360 to your PC quickly and whenever you want.
Cut your Cat5 cable in half and prepare both ends for soldering. I recommend keeping the cable between your Xbox and PC as short as possible. After a bit of trial and error I found 35-40cm to be about right. The cable inside your Xbox should also be as short as possible.
Solder your wires to the Xbox motherboard following my diagram above. Find a good spot to place your Ethernet extender and secure it in place. I cut a hole in the metal shielding behind the DVD drive and hot glued the extender in place. I then cut a small hole on the outer case under the hard drive to allow easy access to the port whenever needed. When not in use the port is hidden under the hard drive.
Next you need to solder the other half of your Cat5 cable to the DB25 plug. Be careful to match up with the correct wires you soldered to the 360's motherboard!. Depending on your PC you may or may not need to install some 100 ohm resistors on pins 1,2,14,16 and 17. Some people will get away without them but in my case the NAND would not dump correctly unless I had resistors in place. You may also need to fit a switching diode to pin 11 if you are not getting the correct FlashConfig (normal config being 0x1198010). I had no issues so there was no need for me to fit the diode.
Just so there is no confusion on which pin is which.....
Fit your D-sub hood and you're all done .
---------------------------------------------------------------------------
Use this site to determine which motherboard type you have : Xbox 360 revisions
xenon
Zephyr, Falcon, Opus, Jasper JTAG Connections
Once the cable is ready and double checked, grab nandpro20b from Xbins (Make sure its version 2.0b)
Follow these steps to read your nand :
* Make sure port95nt.exe is installed, if it's not, install it (from nandpro20b folder) you might need to reboot.
* Plug your 360, but don't power it on.
* Plug the lpt cable
* Go to the nandpro20b folder and type :
* nandpro lpt: -r16 orig.bin
* MAKE SURE THAT THE FLASH CONFIG SAYS : FlashConfig:01198010 , if it doesn't , refer to troubleshooting at end of guide.
* Wait patiently...
* If there are errors, refer to trouble shooting at end of guide.
* If there are no errors, read the nand again :
* nandpro lpt: -r orig2.bin
* Reading it a 3rd time is not a bad idea.
Once you have a good dump , at any point you can restore it to your 360. Follow instructions at end of guide.
How to make sure you have a good dump :
* First , compare the dumps together using a hex editor or other tool, they should match 100%
* Grab Degraded from Xbins.
* Run Degraded and click settings, enter key you found using google "Degraded 1BL key" should pop right up.
* After you set the key click Valid next to it and set the File System Start to 39. Click ok.
* Open orig.bin
* If you get, cannot read file , you must edit the orig.bin file. Make a copy of it, origcopy.bin and open it up in your hex editor. At offset 0x0012 , you will see 2004 - 2007 Microsoft Corporation...
* Change it to : 2004 - 2005 Microsoft Corporation and it will open with Degraded :
(This picture shows an unexploitable CB version)
If Degraded shows you some bad blocks, refer to the bad blocks section at the end of the guide.
Check which version of CB you have.
Exploitable CB versions:
1888, 1902, 1903, 1920,1921: exploitable xenon
4558: exploitable Zephyr
5761, 5766, 5770: exploitable falcon
6712, 6723: exploitable jasper
These CB versions are patched so the JTAG/SMC Hack is no longer working: (CD = 8453 for all of them)
Xenon: 1922, 1923, 1940
Zephyr: 4571, 4572, 4578, 4579
Falcon/Opus: 5771
Jasper: 6750
More info here :http://www.eurasia.nu/wiki/index.php?pagename=Xbox360Kernel
If you have an exploitable CB , then you are in luck , if you dont, then for now , there is nothing you can do but find another xbox 360.
So you have a 7371 or ealier kernel , and an exploitable CB you can install the JTAG HACK Refer to the picture for your motherboard under the Required Soldering topic. Once you wired your 360 this way, you install XBR to your nand.
*You 360 will not boot at this point, it needs code contained in XBR to boot with the JTAG hack.
Flashing XBR to your nand :
* Grab the XBR_8955 matching your board from Xbins
* Go to your nandpro20b folder
* nandpro orig.bin: -r16 rawkv.bin 1 1
* nandpro orig.bin: -r16 rawconfig.bin 3de 2
* Now that you have extracted your keyvault and config blocks from your orig.bin, inject them in the xbr_8955.bin of your motherboard version :
* Rename the xbr_8955.bin of your board to xbr.bin to simplify things.
* nandpro xbr.bin: -w16 rawkv.bin 1 1
* nandpro xbr.bin: -w16 rawconfig.bin 3de 2
* Now that you've injected your keyvault and config into xbr.bin all you need to do is flash is back to your nand.
* nandpro lpt: -w16 xbr.bin
* Once done , unplug lpt cable from pc , turn on xbox and enjoy XBR.
* Problems? Refer to troubleshooting and end of guide.
Troubleshooting
I've gathered this from reading other people's posts, as i have not experienced any problems at all, except read errors above 0x200 while making first dump of my nand.
Nandpro / LPT notes : You should try to keep your cable as short as possible to avoid errors.
Nandpro FATAL ERROR :
* nandpro only works with certain USB adapters, and real LPT ports, not pci to lpt cards.
* Check wiring, check pc BIOS settings for parallel port mode SPP (Normal) but users report nandpro working fine on most lpt settings.
* Is port95nt.exe installed? Run port95nt.exe again
* Try a different pc
Nandpro Flashconfig: 01198010 / reading errors :
* Are you using the diode as explained in the cable making tutorial? The diode is a hit and miss, if you receive config 01198010 then its not needed. The diode goes with the black line towards the board , and pin 11 of lpt port connected to the other leg.
* Shorten your wires
* Are you using the 5 resistors? Some boards require you to solder directly, without using the resistors. This will fix reading errors above 0x200 that some experience.
* Check solder joints, make sure they are clean and they are not touching each other.
Nandpro Error 250:
* Error 250: This , in my experience means that the block is full of 0's, and is not an error you should be concerned about if you come across it once or twice. Of course if you keep getting Error 250, there might be an error elsewhere , or maybe you've flashed 0's all over your nand.
RRoD / Blackscreen / Error 79 :
* Do you have an exploitable CB? People seem to only look at their dash board and see it's 7371 or lower and think they can install XBR without verifying their CB to see if JTAG hack will work.
* Did you inject the rawkv.bin into xbr.bin ? (nandpro xbr.bin: -w16 rawkv.bin 1 1)
* Did you inject the rawconfig.bin into xbr.bin ? (nandpro xbr.bin: -w16 rawconfig.bin 3de 2)
* Did you have Bad Blocks in your orig.bin ? Did you follow the Bad Block Installation notes?
Restoring your original nand.
* Make sure port95nt.exe is installed, if it's not, install it (from nandpro20b folder) you might need to reboot.
* Plug your 360, but don't power it on.
* Plug the lpt cable
* Go to the nandpro20b folder and type :
* nandpro lpt: -w16 orig.bin
* Your nand is back to its original state.
* Remove the JTAG HACK or the 360 won't boot.
Bad Blocks in the nand
If Degraded shows you some bad blocks, you will have to move the blocks from your xbr.bin to where they are remapped.
You can try this tool , although it wasn't tested much : Bad Block Remapper
If you want to do it manually, you have to do this:
* Take the picture above as example.
* It says: Note : Block 0x2CE found at 0x3F8
* This is where the bad block 0x2CE was remapped.
* nandpro xbr.bin: -r16 block2ce.bin 2ce 1 (Reads block 0x02CE and saves as block2ce.bin)
* nandpro xbr.bin: -w16 block2ce.bin 3f8 1 (Write block2ce.bin to 0x3f8 where block is remapped)
* You will have to do this for each block.
* Here is the "formula":
* nandpro xbr.bin -r16 blockXXX.bin XXX 1 (Where XXX is the bad block number)
* nandpro xbr.bin -w16 blockXXX.bin YYY 1 (Where YYY is the address where block is found in degraded)
Tips on finding a xbox with an exploitable CB version
* According to this post most boards manufactured after june 2009 should come with an unexploitable CB version so seek something earlier.
* Obviously, must be be pre summer 09' update (kernel 7371 and lower)
* Find your serial number inside your xbox by going to console settings , system info. This is the real serial number, if you bought the 360 second hand , nothing guarantees the information on the back being accurate.
* There is one trick to find the manufactured date with the serial number, this site shows how. The last 5 digits of your serial number determines the date YWWFF 74902 would be 2007 week 49 (december) factory code : Mexico
* Even if it was manufactured before june 2009, if its a second hand console , maybe it was sent to microsoft at some point and it could have been update then.
Playing content from a hdd that wasn't signed to this console
I paid for a lot of microsoft xbla games, and i believe it is my right to play on both my xbox as i please, so here i will give the gross method of playing your 360 xbla games and dlc on this XBR kernel.
* Unscrew your hard drive case until you have just the hard drive and plug it in a SATA port of your pc.
* Grab xplorer360 from xbins and execute it.
* Open Hard drive
* Go to partition 3
* Your games are in Content\0000000000000
* Extract the content you want.
* Most xbla should be contained in a single file
* Hex edit one of the content file the title of the xbla or the dlc is usually at 0x412
* Grab Yaris-Swap from xbins
* Open content file and patch it
* Inject back into hdd using xplorer360
* xplorer360 is drag and drop, use it
* xplorer360 needs a modification in order to see 120gb drives properly, Download the program from our downloads section on main site.
Thanks to the authors of all the tools mentioned in this post, and to all the hard work that everyone did involving them.
A special thanks to supremecippy
PRIVATE MESSAGES ASKING FOR HELP WILL BE IGNORED, USE THE FORUMS TO ASK YOUR QUESTIONS!!!This message has been edited since posting. Last time this message was edited on 16. January 2010 @ 15:53
|
|
