Print

[charon99]

Hello,

i recreated now the tutorial again, this solution works faster and is easier in my eyes, big thanks to the RAW2SMC Tool from foouser, you can download here now the FreeBOOT AllinOne Package, there is everything in you need.

1.) XeLLous v1.0 by Redline
2.) FreeBOOT AllinOne Package
3.) 1BL Key just google “1BL XBOX”

in the FreeBOOT AllinOne Package you will find all needed Files and the XBR2freeBOOT Tutorial.pdf, which describes you step by step everything.

Regards,
cHarOn

OLD INSTRUCTIONS

Hi all,

because i don't have a original NAND Backup for my Xbox and i had issues with the tutorial from here Xbr -> Freeboot Without Your 5xxx/6xxx/7xxx Full Dump i wrote my own tutorial which worked for me without any issue.

I have a Jasper with 16MB XBR3

Special Thanks:
Skevus
Pacotera
freeboot team
freeboot tool maker (Donor Files)

1.) What you need:
1.) Your CPU Key use Xellous for it

2.) Flash360

3.) freeBOOT v0.032

4.) libeay32.dll if you have issues with ibuild

5.) 9199.zip

6.) 1BL Key just google for 1BL XBOX

7.) Hexeditor i use Ultraedit, i only need it to read out the CB

8.) Donor Files for your Motherboard Donor Files for all

9.) The official MS Xbox Update $SystemUpdate_9199.zip


2.) How to build a Freeboot Image:
1.) boot into Xellous and read out your CPU Key

2.) start Flash360 and create a Full Nand Backup of your XBR3 (flashdmp.bin)

3.) open flashdmp.bin with a Hexeditor, at the top you should find CB0=6723, or a different number, write it down

4.) extract freeboot v0.032 to C:\ , the libeay32.dll should go into C:\freeBOOT-0.032\

5.) copy your XBR3 Backup (flashdmp.bin) to C:\freeBOOT-0.032\bin

6.) open the Dos Command prompt

7.) cd c:\freeBOOT-0.032 that we are in the right directory

8.) ibuild x -d data\ -b "1BL Key" -p "CPU Key" bin\flashdmp.bin
"1BL Key" replace it with the 1BL Key
"CPU Key" replace it with your CPU Key

*For Jasper512, Jasper256, or Images which don't extract read at Point 3

9.) there will be an error, but we don't care about it, because we only need 3 files from it

10.) go to c:\freeBOOT-0.032\data delete everything only this 3 files should stay kv.bin, smc.bin and smc_config.bin

11.) extract 9199.zip into c:\freeBOOT-0.032\data

12.) extract Donor_Files.zip on a different place

13.) In the Donor Folder, open the folder for your Motherboard (Falcon, Jasper, Xenon), i had to choose Jasper

14.) as we found out at Point 3, move into the right folder, for my board it is 6723

15.) copy the files (crl.bin, crl.bin.meta, extended.bin, extended.bin.meta, odd.bin, odd.bin.meta, secdata.bin, secdata.bin.meta) into c:\freeBOOT-0.032\data

16.) open the Dos Command prompt

17.) cd c:\freeBOOT-0.032

18.) ibuild.exe c freeBOOT -c "Console" -d data\ -p "CPU Key" -b "1BL Key" bin\image.bin bin\fuses.bin
"Console" replace it with falcon, xenon, jasper, jasper256 or jasper512
"1BL Key" replace it with the 1BL Key
"CPU Key" replace it with your CPU Key

the Image creation need to finish without errors!!!!

19.) you should find now a image.bin in your c:\freeBOOT-0.032\bin folder, the size should be the same as your XBR Nand Backup, for my 16MB Jasper it is 16.896KB big!

20.) rename now image.bin to updflash.bin and put it on the root of your USB Stick where you have flash360 on it

21.) connect the Usb Stick to your console and open Flash360.xex

22.) now flash with A B A, if there is a KV mismatch, then you did something wrong, wrong CPU Key.......

23.) now you should have the freeboot image installed, check it out in your Settings, it should tell you 2.0.9199.0

24.) now to make it complete we install also the official Systemupdate, to install the missing files.

25.) extract the $SystemUpdate_9199.zip rename the folder to $SystemUpdate and burn a CD with $SystemUpdate on it

26.) now put the CD into your Xbox drive, start something and it should tell you that there is a new update avaible, install it.

27.) after a reboot your are finally at 2.0.9199.0


Regards cHarOn

*For Jasper512, Jasper256, or Images which don't extract:

3.) What you need:
1.) nandpro

2.) dummy smc_config.bin

3.) your full XBR Nand Backup (flashdmp.bin) made Flash360 or Xellous

4.) 360 flash tool v0.92 to extract kv.bin and smc.bin


4.) How we make it:

1.) first extract with the Flash dump Tool the kv and smc from your flashdmp.bin

2.) open Flash dump Tool, key in your CPU key under Keys

3.) open file and select your flashdmp.bin

4.) click Extract and set SMC und Key Vault active, press OK and save it to C:\jasper

5.) in C:\jasper there should be now 5 files, we need only KV_dec.bin and SMC_dec.bin, rename this two files to KV.bin and SMC.bin, delete the rest.

6.) the size of the KV.bin should be now 16.384 bytes, thats wrong, we need 16.368 bytes, so we need to remove the first line from this file, ii use Ultraedit.

7.) open KV.bin with a Hexeditor, remove the first line 00000000h now save it again, now the size should be 16.368 bytes.

8.) now we build a Image for fun  with freeboot, to get a clean image.

9.) i extracted the freeboot zip again into a different folder not that i get confused, extract it to C:\freeboot copy libeay32.dll also into it, if you have issues.

10.) now copy your modified KV.bin, SMC.bin and from the dummy smc_config.bin the needed smc_config.bin for your motherboard to C:\freeboot\data

11.) extract 9199.zip into c:\freeboot\data

12.) extract Donor Files on a different place

13.)In the Donor Folder, open the folder for your Motherboard (Falcon, Jasper, Xenon), and copy the files to c:\freeboot\data

14.) open the Dos Command prompt

15.) cd c:\freeboot

16.) ibuild.exe c freeBOOT -c "Console" -d data\ -p "CPU Key" -b "1BL Key" bin\image.bin bin\fuses.bin
"Console" replace it with falcon, xenon, jasper, jasper256 or jasper512
"1BL Key" replace it with the 1BL Key
"CPU Key" replace it with your CPU Key

19.) you should find now a image.bin in your c:\freeboot\bin folder

20.) extract Nandpro to C:\nandpro, in that folder install port95nt.exe, without it it doesn't work

21.) now copy your Flash360 Nand backup, flashdmp.bin and the image.bin which we made now to c:\nandpro

22.) open the Dos Command prompt

23.) Now we extract with Nandpro your original kv.bin and config.bin from your flashdmp.bin and inject it into the image.bin
For 16MB NAND:
1) Extract KV and Config blocks from flashdmp.bin
nandpro flashdmp.bin: -r16 rawkv.bin 1 1
nandpro flashdmp.bin: -r16 rawconfig.bin 3de 2
2) inject into image.bin
nandpro image.bin: -w16 rawkv.bin 1 1
nandpro image.bin: -w16 rawconfig.bin 3de 2

For 256MB NAND:
1) Extract KV and Config blocks from flashdmp.bin
nandpro flashdmp.bin: -r256 rawkv.bin 1 1
nandpro flashdmp.bin: -r256 rawconfig.bin ef7 2
2) inject into image.bin
nandpro image.bin: -w256 rawkv.bin 1 1
nandpro image.bin: -w256 rawconfig.bin ef7 2

For 512MB NAND:
1) Extract KV and Config blocks from flashdmp.bin
nandpro flashdmp.bin: -r512 rawkv.bin 1 1
nandpro flashdmp.bin: -r512 rawconfig.bin ef7 2
2) inject into image.bin
nandpro image.bin: -w512 rawkv.bin 1 1
nandpro image.bin: -w512 rawconfig.bin ef7 2

24.) now we copy image.bin from c:\nandpro to c:\freeboot\bin

25.) open the Dos Command prompt

26.) cd c:\freeboot

27.) ibuild x -d data\ -b "1BL Key" -p "CPU Key" bin\image.bin
"1BL Key" replace it with the 1BL Key
"CPU Key" replace it with your CPU Key

28.) in c:\freeboot\data there should be now the extracted image, we need the kv.bin, smc.bin and your now real smc_config.bin

29.) this 3 files we copy to c:\freeBOOT-0.032\data now you can go back to Point 11 "How to build a Freeboot Image:"

There is maybe a easier solution  i don't know it, but in that way i can say that it will work 100%.

Regards,

This post has been edited by Ranger72: Apr 29 2010, 02:27 PM

[gui1e]

sounds like a good tut but I get unable to determine image type when using ibuild to extract files, they were read by flash360 and all three images match (jasper 256)

[Ranger72]

Works like a charm for my 16mb Jasper.

Thanks for the tut.

[jhoff80]

QUOTE(gui1e @ Apr 26 2010, 02:01 PM)

sounds like a good tut but I get unable to determine image type when using ibuild to extract files, they were read by flash360 and all three images match (jasper 256)

Same issue here.  That's with the full NAND (~256MB) and the flash part (~66MB) from Flash360, both times with a Jasper 256.

[charon99]

for all Jasper 256 and 512 users i will update tommorow the thread, its to late now but i have the solution.

Regards,
cHarOn

[jhoff80]

I know that 360 Flash Tool can extract from the Big Block NAND, so I used 360 Flash Tool to extract SMC_dec.bin and KV_dec.bin, to rename to SMC.bin and KV.bin.

The only problem is getting the SMC_config.bin though, I don't believe config.bin is the same thing.

[steveo1978]

Gonna have to give this a try. Wish you had posted this yesterday. But great work anyway.




Edit: Nice only took about 10mins to get this all done and works great

Thanks

This post has been edited by steveo1978: Apr 27 2010, 03:22 AM

[DragonNZ]

Thanks charon99 it worked perfectly on my Jasper 16Mb. First time I have ever tried anything like this, and your tutorial made it so easy. Thanks      

[charon99]

for 512MB Jaspers i have the solution already, can someone from you guys send me a 256MB Nand Backup + CPU Key, so that i can verify that it works also with 256MB Nands?
just download a backup with Xellouse or flash360 + cpu key or fuse.txt on xellous, pack it into a zip and send me a download link please.

Regards,
cHarOn

[jhoff80]

QUOTE(charon99 @ Apr 27 2010, 02:07 AM)

for 512MB Jaspers i have the solution already, can someone from you guys send me a 256MB Nand Backup + CPU Key, so that i can verify that it works also with 256MB Nands?
just download a backup with Xellouse or flash360 + cpu key or fuse.txt on xellous, pack it into a zip and send me a download link please.

Regards,
cHarOn

Sorry, not going to send my unbanned nand and cpu key, but if you tell me your method, I can let you know if it works.

[soulwarrior]

QUOTE(charon99 @ Apr 27 2010, 02:07 AM)

for 512MB Jaspers i have the solution already, can someone from you guys send me a 256MB Nand Backup + CPU Key, so that i can verify that it works also with 256MB Nands?
just download a backup with Xellouse or flash360 + cpu key or fuse.txt on xellous, pack it into a zip and send me a download link please.

Regards,
cHarOn

QUOTE(jhoff80 @ Apr 27 2010, 02:18 AM)

Sorry, not going to send my unbanned nand and cpu key, but if you tell me your method, I can let you know if it works.

I Know this works for a falcon because i test it myself: you can create an smc_config.bin from a rawconfig.bin extracted with nand pro. I posted this somewhere else:
Using hexworkshop you could done it this way also:
1. open rawconfig.bin <--- rawconfig from nandpro not config.bin from flash tool
2. goto offset 00004200
3. Edit --> select block ---> Method size of block ---> 4000
4. Copy the highlighted portion to a new file and name it smc_config.bin

The problem is, is that i don't know if rawconfig files are the same size regardless of the motherboard, and i don't know if the offsets are the same. This has only been tested with a falcon.

[jhoff80]

I actually just found an older XBR NAND dump that did extract and used the smc_config.bin from that, which did appear to work.  I'm a little worried, because the older dump that I extracted was one where I had saved a file to the internal flash, which corrupted the NAND.

The smc_config.bin in that older dump (again, Jasper 256) is 128KB, and your method, while it gave me mostly similar stuff, is 16KB.

Though, again, I'm not sure if the file from the older NAND is 100% accurate to how it's supposed to be.

If the smc_config.bin file is bad, what would happen anyway?  When I finished installing the version based on the older / possibly corrupt file, it reset all of my settings to their defaults.  However, my console ID / serial number were accurately reflected, and my MAC address is correct as well.

[gui1e]

QUOTE(jhoff80 @ Apr 27 2010, 08:09 AM)

I actually just found an older XBR NAND dump that did extract and used the smc_config.bin from that, which did appear to work.  I'm a little worried, because the older dump that I extracted was one where I had saved a file to the internal flash, which corrupted the NAND.

The smc_config.bin in that older dump (again, Jasper 256) is 128KB, and your method, while it gave me mostly similar stuff, is 16KB.

Though, again, I'm not sure if the file from the older NAND is 100% accurate to how it's supposed to be.

If the smc_config.bin file is bad, what would happen anyway?  When I finished installing the version based on the older / possibly corrupt file, it reset all of my settings to their defaults.  However, my console ID / serial number were accurately reflected, and my MAC address is correct as well.

is it because you extracted 8 blocks x 16k using nandpro?

[jhoff80]

QUOTE(gui1e @ Apr 27 2010, 04:30 AM)

is it because you extracted 8 blocks x 16k using nandpro?

With the older one that worked properly in ibuild, it was just a xellous -dumped NAND image that gave me a 128KB smc_config.bin when ibuild finished.  Opening it in a hex editor showed that most of it was filled with FF anyway.  Data goes up to only about the hex address 400, and then the rest of the space is filled with the FFs.

When I tried this other method, I just used the nandpro flashdmp.bin: -r256 config.bin ef7 2 command, which gave me a 33KB config.bin file.  Then using the hex editor to take the specific portion out gave me a 16KB smc_config.bin file.

Like I said, it's fully possible there could've been some sort of issue with the file from the older NAND, because if doesn't make sense to me that it'd be 128KB either.

However, it does appear to be working as I said, using the possibly too-large smc_config.bin.  The MAC address, console ID, and serial number are all correct.  My console settings / initial setup needed to be redone, but other than that it seems to be working great.  Not sure what would be affected by a bad smc_config file though anyway.

Edit:   I should mention that the very beginning of the old dumped version is identical to the hexed version from the config_raw.bin, for about 500 bytes or so before they differentiate.  Because of that, I'd suspect that your offset is correct for the Jasper 256 as well, and that I'd be better off using the version from that, but I don't know for sure.

Edit2:  Never mind that, ibuild tells me that the expected smc_config size is 128KB for a Jasper 256, so I guess I should just hope that the file I have now is working correctly.  Again, wouldn't know how to know if something was wrong with it anyway, since everything appears to be working.  If the person I originally bought the console from still has the original NAND, then I'll be able to tell you more about whether it's correct or not, but otherwise, I can't say more.

[joeyddr]

i get
ERROR: File "kv.bin" has a size of 16384 bytes. Expected size is 16368 bytes.
ERROR: Unhandled exception.