Print

[Grim187]

Can i Homebrew?

check your dash version to make sure you dont have the 1bl update (disables the smc hack which allows xbr to run).

turn on your console, go to system settings > console settings > system info.
2.0.XXXX.0

XXXX = your dash version.

if its 7371 or lower your good to continue, if its 8xxx then you have updated and there currently is no way to run xbr/freeboot/xell.

Note: if your console is new (you bought it 09 or later) then even if you have Dash version 7363 you could still have the 1bl update, so far the ones confirmed with the 1bl update are mfg date 6-23-09 and the ones confirmed w/o 1bl update (and exploitable) are 6-18-09.

If you have updated or bought a console with the 1bl update then there is no way to downgrade and you wont be able to run homebrew on your console for a long time if ever so Please Dont Ask/Talk About Downgrading Here.

Building a LPT Cable

An LPT Cable is Needed to read/write the nand (which has the stock dash on it and will have xbr (hacked dash) when your done).

Things you will need:
a pc with a lpt port
DB25 Header
5 x 100ohm Resistors (watt's dont matter; i use 1/8th)
3 x 1n4148 Diode
LPT Cable (DB25 male > female)
soldering iron
solder
rosin flux
some wire (30-24awg, the smaller the better)
your 360 apart


Credit for the Image Go's to sandungas.

Note: dont solder the Diode to db1f1, solder it to j2d2 like this.

Note2: The diodes/wires are for xbr/freeboot/xell, if they are connected and you boot your stock nand you will get 3 red lights error code 0020.

Checking to Make Sure You have a Exploitable Box

Software you will need:
Dos (comes with windows)
Nandpro2.0b

unpack nandpro to c:\nandpro\
install port95nt.exe
press windows key + r or click start > run
type cmd and click ok or press enter.
a command prompt will display, in it type

CODE

cd "c:\nandpro"

 and hit enter.

type

CODE

nandpro lpt: -r3 c1.bin

hit enter

type

CODE

nandpro lpt: -r3 c2.bin

hit enter

type

CODE

fc c1.bin c2.bin /b

hit enter

if differances where found type

CODE

nandpro lpt: -r3 c3.bin

hit enter

type

CODE

fc c1.bin c3.bin /b

hit enter then type

CODE

fc c2.bin c3.bin

hit enter

use the 2 that match, if c2 and c3 match rename c3.bin to c1.bin

CODE

rename c3.bin c1.bin

open up c1.bin in a hex editor (free hex editor) and you should see

QUOTE

© 2004-200X Microsoft Corporation. All rights reserved.

X = 5, 6, 7, 8 or 9 (depending on what dash you have/when your console was made).

now search in hex for "CB" (without quotes) your looking for the one at or around 8400 in hex (it has to be in caps).
copy the 4 hex digits after it and convert it from hex to dec with this Conveter
Like This

Xenon: 1921 or lower is Exploitable (exception: 8192 IS EXPLOITABLE)
Zephyr: 4558 or lower is Exploitable (exception: 4580 IS EXPLOITABLE)
Falcon: 5770 or lower is Exploitable
Jasper 16mb: 6712 or lower is Exploitable
Jasper Arcade (256/512): 6723 or lower is Exploitable

Board Version Detection

If you have confirmed your consoles version and have a higher version CB then listed above you cannot do homebrew,
there is no way to downgrade and you wont be able to run homebrew on your console for a long time if ever so Please Dont Ask/Talk About Downgrading Here.

Backing Up Your Original Nand

Things you will need:
Gentoo Beta 2
lflash for 16mb nand or lflash for 256/512mb nand
nandpro 2.0b
usb storage device
xell for your version of motherboard (get it from the usual places)

format your usb drive as fat32 (windows will do this; right click on it and click format)

put lflash.c on the thumb drive

burn gentoo beta 2 iso to cd.

rename the xell bin for your version of motherboard to xell.bin and put it in c:\nandpro\

unpack nandpro to c:\nandpro\
install port95nt.exe
press windows key + r or click start > run
type cmd and click ok or press enter.
a command prompt will display, in it type

CODE

cd "c:\nandpro"

and hit enter.

if you dident check to make sure you have a exploitable box then backup the first 2mb before flashing xell.

type

CODE

nandpro lpt: -r2 c1.bin

hit enter then type

CODE

nandpro lpt: -r2 c2.bin

hit enter then type

CODE

fc c1.bin c2.bin /b

hit enter, if there are differences then delete both files and start again.

type

CODE

nandpro lpt: -w2 xell.bin

and hit enter.

when thats done writing turn the console on, you should see a blue screen with lots of text, this means the first step is done, you might want to take a picture of fuses; combine lines 5 and 6 to get your cpu key (keep it safe; its needed for decrypting the key vault).

put the gentoo beta 2 disk in the console and reboot it; gentoo will automaticly load, once it has plug in a usb keyboard and mouse (if you have problems with dectection plug it in when you boot the console but make sure not to press anything while its booting)

note: user gentoo will automatically login after 10sec at the login screen; just let it.

once you get to the desktop click applications > accessories > terminal
and type the fallowing commands

CODE

sudo passwd

use a simple password; you wont need it agian

CODE

sudo -s

CODE

cd Desktop

CODE

mkdir flash

CODE

dmesg | grep -i "SCSI device"

CODE

mount -t vfat -o uid=gentoo,gid=users /dev/sdb1 /home/gentoo/Desktop/flash

"/dev/sdb1" refers to the usb drive; if you have a hdd plugged in it will be sdb, if you just have the usb storage device plugged in it will be sda.

CODE

cd /home/gentoo/Desktop/flash

CODE

gcc lflash.c -o lflash

CODE

./lflash 1.bin

assuming the dump and verify whent well
unplug the usb drive from the 360 and plug it in to your computer, take put 1.bin in c:\nandpro\

if it dident do another dump

CODE

./lflash 11.bin

Flashing XBRebooter

Things you will need:
Gentoo Beta 2
lflash for 16mb nand or lflash for 256/512mb nand
nandpro 2.0b
usb storage device
XBRebooter for your version of motherboard (get it from the usual places)
Xell flashed to your 360 (all xbr revs have xell embedded)

unpack nandpro to c:\nandpro\
install port95nt.exe
press windows key + r or click start > run
type cmd and click ok or press enter.
a command prompt will display, in it type

CODE

cd "c:\nandpro"

and hit enter.

rename xbr bin for your motherboard version to xbr.bin and put it in c:\nandpro\
rename your original nand to 1.bin and put it in c:\nandpro\

in the cmd window type

CODE

nandpro 1.bin: -w3 c1.bin

hit enter then type

CODE

nandpro 1.bin: -r16 kv.bin 1 1

hit enter then type

CODE

nandpro 1.bin: -r16 config.bin 3de 2

hit enter then type

CODE

nandpro xbr.bin: -w16 kv.bin 1 1

hit enter then type

CODE

nandpro xbr.bin: -w16 config.bin 3de 2

hit enter then type

CODE

rename 1.bin backupnand.bin

and hit enter

copy xbr.bin to your usb storage device.

if you still have gentoo running from above

plug the usb drive back in to the 360 and in terminal type

CODE

dmesg | grep -i "SCSI device"

if you have a hdd pluged in (like i did in the example above) the usb drive should now be sdc (if you dont it should be sdb)

type

CODE

mount -t vfat -o uid=gentoo,gid=users /dev/sdc1 /home/gentoo/Desktop/flash

and hit enter; the usb drive will be mounted in flash on the desktop agian.

CODE

./lflash 2.bin xbr.bin

will dump agian and flash xbr.bin

note: ignore "illegal logical block" error

if your updating xbr

format your usb drive as fat32 (windows will do this; right click on it and click format)

put lflash.c on the usb storage device.

burn gentoo beta 2 iso to cd.

put the gentoo beta 2 disk in the console, turn the console off
if you have xbr_1 or previous turn the console on via guide button of a wired controller pluged in to the back port or media center button on a 360 remote control.

gentoo will automaticly load, once it has plug in a usb keyboard and mouse (if you have problems with dectection plug it in when you boot the console but make sure not to press anything while its booting)

note: user gentoo will automatically login after 10sec at the login screen; just let it.

once you get to the desktop click applications > accessories > terminal
and type the fallowing commands

CODE

sudo passwd

use a simple password; you wont need it agian.

CODE

sudo -s

CODE

cd Desktop

CODE

mkdir flash

CODE

dmesg | grep -i "SCSI device"

CODE

mount -t vfat -o uid=gentoo,gid=users /dev/sdb1 /home/gentoo/Desktop/flash

"/dev/sdb1" refers to the usb drive; if you have a hdd plugged in it will be sdb, if you just have the usb storage device plugged in it will be sda.

CODE

cd /home/gentoo/Desktop/flash

CODE

gcc lflash.c -o lflash

CODE

./lflash 1.bin xbr.bin

note: ignore "illegal logical block" error


restart the console and your done, enjoy homebrew.

[Chod]

Thanks very much!

Good breakdown on all the steps. I have been holding off with the new xbr until some people had given it a go. Might try updating using gentoo and your instructions. Will let you know how i go.

[petrm79]

thnx for the guide

but little question it possible to break xbox using linux?
and after that it can be fixing using old ltp method?

[alvisar]

Quick Questions regarding updating xbreboot.

1.  Is there any new development on xbreboot?

2.  Is updating using the gentoo/USB possible without the LPT cable?  When I flashed it the first time this weekend, my soldering was messy because I was out of practice, so I removed the LPT cable.

Thanks,
Alvisar

[eis2k]

(IMG:http://img503.imageshack.us/img503/9876/screenshotql.png)

I've done it like you wrote but i allways get the same error when i want to dump my nand.
I've a Jasper with 16MB Nand.

[Grim187]

QUOTE(petrm79 @ Jan 4 2010, 11:38 AM)

thnx for the guide

but little question it possible to break xbox using linux?
and after that it can be fixing using old ltp method?

yes its possible to bad flash and have to recover using lpt.

[effbee05]

alvisar:
Nothing new if you flashed XBR_3.

If you have Xell or XBR up and running then you don't need the LPT cable anymore, unless you have problems with lflash.

petrm79:
There's a small chance that lflash could lock during a NAND write but if it happens and you can no longer boot Xell you can reflash over LPT. The lflash way takes about one minute versus 40 minutes with LPT.

[Grim187]

QUOTE(alvisar @ Jan 4 2010, 11:38 AM)

Quick Questions regarding updating xbreboot.

1.  Is there any new development on xbreboot?

2.  Is updating using the gentoo/USB possible without the LPT cable?  When I flashed it the first time this weekend, my soldering was messy because I was out of practice, so I removed the LPT cable.

Thanks,
Alvisar

yes you can run xell from xbr (read the tut) and flash the nand with gentoo not needing to flash the nand externally (usb spi or lpt).

xbr_3 is alot more stable and will play all games flawlessly.

QUOTE(effbee05 @ Jan 4 2010, 12:04 PM)

The lflash way takes about one minute versus 40 minutes with LPT.

more like 40 sec.

QUOTE(eis2k @ Jan 4 2010, 12:01 PM)

I've done it like you wrote but i allways get the same error when i want to dump my nand.
I've a Jasper with 16MB Nand.

im gonna have to go with what effbee05 said because i haven't tried a jasper (have only done 2 consoles this way) and i haven't seen that, maybe try restarting the process from the beginning?

[eis2k]

http://board.gulli.com/attachment.php?attachmentid=50661

With this lflash version for the 16MB Jasper everything is allright. Thanks you for your work.

[Obveron]

Thanks!

[soulwarrior]

"now search in hex for "CB" (without quotes) your looking for the one at or around 4800 in hex (it has to be in caps). "

Grim you say 4800 but in the picture, you used the value around 8400 (which i believe is the correct one).

"fc 1.bin 2.bin /b" - based on your instructions, shouldn't the command be "fc c1.bin c2.bin /b"?

[vintage_guitar]

QUOTE(eis2k @ Jan 4 2010, 02:01 PM)

I've done it like you wrote but i allways get the same error when i want to dump my nand.
I've a Jasper with 16MB Nand.

Flash config error in lflash for your jasper most likely indicates the new southbridge. You can modify the code in lflash.c to get it to dump though. It should be an accurate dump, this is how we made it dump large block. Flashing though, I'm not so sure it'd be safe. But there's only 1 way to tell, and you can be the one to verify. Not like you lose anything if it doesn't work flashing, just flash it using LPT instead.

[Grim187]

QUOTE(soulwarrior @ Jan 4 2010, 04:46 PM)

"now search in hex for "CB" (without quotes) your looking for the one at or around 4800 in hex (it has to be in caps). "

Grim you say 4800 but in the picture, you used the value around 8400 (which i believe is the correct one).

"fc 1.bin 2.bin /b" - based on your instructions, shouldn't the command be "fc c1.bin c2.bin /b"?

fixed, thanks.

[petrm79]

and one more question it possible to write original 7371 nand with this method

and start xbox after remove JTAG

[XBoxgeek]

In the first section above:-

if differances where found type

CODE

nandpro lpt: -r3 c2.bin

Should be:-

if differances where found type

CODE

nandpro lpt: -r3 c3.bin