Print

[Xbox-Scene]

Xbox 360 SMC I/O Config Utility v0.1 Alpha *Update v0.2A* Posted by XanTium | May 31 10:22 EST | News Category: Xbox360

Blackaddr released Xbox 360 SMC I/O Config Utility: DESCRIPTION: This is a simple utility to reconfigure output pins on the SMC that are used to execute the JTAG transaction to the GPU.  The utility only supports decrypted SMC files which already contain the JTAG hack code.  It is used to research and fix problems caused by sharing SMC output pins, or caused by the bit timing of the JTAG data. FEATURES: * Basic Mode: -Change only the TMS signal to use AUD_CLAMP pin.  Fixes many issues, a good starting point for testing. * Advanced Mode (for researchers): -Change the TMS and TDI signals to any general purpose I/O pin on the SMC. -Change the TMS lead-in delay.  This determines how long between a TMS logic change and the assertion of TCLK. -Change the TCLK period.  The bit rate is controlled by changing the delay between TCLK level transitions. USEFUL INFO: * The purpose of this utility is to help fix and research boot issues caused by SMC I/O sharing or JTAG bit timing. On non-Xenon consoles, there are no unused I/O available, so we have to borrow some from Microsoft.   * The original hack borrowed ARGON_DATA for TMS, which is the data line that controls the Ring of Light and RF board.  This can cause weird issues with the controller and LED display (particularly Falcons) and E79 issues on Zephyr.  The original hack also borrowed DB1F1 which is used for HDMI purposes(?) on the ANA/HANA chip.  It could causes isses with setting up the output video, especially HDMI resulting in boot failures. * At the time of this release, two new I/O have been found that are not critical to system boot.  First is AUD_CLAMP.  This signal is an control signal that mutes the output of the analog audio.  It has no interaction with system boot and is an excellent replacement for TMS.  The second I/O is TRAY_OPEN.  It is a logic signal that tells the DVD drive to open or close.  It does not interfere with boot, however on some DVD drives, the tray may eject on bootup, it depends on  the mobo/drive combination.  It can be useful for moving TDI if boot failures persist. * Many issues seem to be resolved simply by moving the TMS signal from the RF header to the AUD_CLAMP. !Update! v0.2 Alpha has been released. What's new/fixed * This is a minor update to include a bugfix found by Tiros in the original JTAG code. It is discussed here. You might as well try the bugfix first before going to the trouble of rewiring.  Run version 0.2a with the following parameters.  It will apply the bugfix, but will patch the SMC with the original wiring.  The program only takes in a SMC with the original wiring config since it looks for this configuration to find patch locations. smc_io SMC_dec.bin SMC_patched.bin 83 28 C0 03 If you still have issues, run the basic mode and move the TMS wire (at RF header) to AUD_CLAMP.  If you still have issues and are using diodes, switch to transistors. Official Site: n/a, by Blackaddr Download (v0.2a): here (virustotal check-up) News-Source: xboxhacker.org

[syntaxerror329]

This explains why so many people are have issues with some xboxes. I have been really getting frustrated offering this hack as one of my services to only end up getting complaints about random issues. Glad to know its probably got nothing to do with my work and that someone much smarter then me is working on a solution to perfect the jtag hack.

This is great news, can't wait to here from others that try it.

[Haruk]

still confused what this is...
does it basically let you use alternative jtag points so that you don't get random issues?

[ToBbErT]

Its always nice to see insight from blackaddr. I dont understand much from what he says but i do know hes very talented  

[syntaxerror329]

QUOTE(Haruk @ May 31 2010, 10:36 AM)

still confused what this is...
does it basically let you use alternative jtag points so that you don't get random issues?

That is the goal of this project, yes

[Biaz]

Amazing work! I will definately use this alternate wiring/SMC on all my JTAG installations!

[Cisk]

Class, i know Blackaddr and co have been trying to sort the random issues esp on the zephyrs. Gonna try this out now.

Cheer Blackaddr & others.

Heres the new points taken from the PDF.

[sadsac786]

Can this be used to change db1f1 to an alternate point? If so this is the ace!!! Db1f1 is the shittiest point to solder... A small tut would be helpful if someone has the time.

[Wompa164]

Wow, this is really big news. It looks like we'll still need to solder to DB1F1 initially to get the CPU key via Xell/Xellous and decrypt the keyvault/SMC, but this is great news for anyone that is experiencing random problems sometimes associated with JTAGing.

When you think about it, it might not even be necessary to solder DB1F1 anymore if someone comes up with some kind of spear device (like the probe for Liteon drives) to make contact long enough to get the console to boot into Xell for the very first time and read the CPU fuses.

QUOTE(sadsac786 @ May 31 2010, 11:47 AM)

Can this be used to change db1f1 to an alternate point? If so this is the ace!!! Db1f1 is the shittiest point to solder... A small tut would be helpful if someone has the time.

I respectfully disagree. I had trouble the VERY first time I did it, but never since. Just flux the point, tap it quickly and gently (otherwise you risk lifting the pad) until you get a little bead of solder to stick, lay a pre-tinned wire on top of it and press down. The pre-tinned wire will heat up just enough to bond with the solder on the point and you're finished.

[sadsac786]

QUOTE(Wompa164 @ May 31 2010, 06:47 PM)

I respectfully disagree. I had trouble the VERY first time I did it, but never since. Just flux the point, tap it quickly and gently (otherwise you risk lifting the pad) until you get a little bead of solder to stick, lay a pre-tinned wire on top of it and press down. The pre-tinned wire will heat up just enough to bond with the solder on the point and you're finished.

Did you ever try to solder it on a pre jasper board- I know the point on a jasper is a lot easier since it has a solder pad. On a falcon- it's pure hell!!- I dont even try to solder it anymore- I just solder ft12u on the underside of the board.

[canisay]

This is fantastic. I have a JTAGged Zephyr board sitting in the cupboard due to having problems with it. It usually boots fine with the occasional E79 but usually will lose its settings and I will have to set up the language again. I hope to give this a try later today. Big thanks to Blackaddr for the hard work

This post has been edited by canisay: May 31 2010, 07:59 PM

[Wompa164]

QUOTE(sadsac786 @ May 31 2010, 12:39 PM)

Did you ever try to solder it on a pre jasper board- I know the point on a jasper is a lot easier since it has a solder pad. On a falcon- it's pure hell!!- I dont even try to solder it anymore- I just solder ft12u on the underside of the board.

I've done all boards, Xenon, Zephyr, Falcon, Jaspers.. none of them are that difficult with the proper technique!

[cory1492]

Wompa164: yes you will still need to solder DB1F1, so long as you don't bother to build your own xell images with a patched smc that uses alternate points (aka: you don't need to use pre-built xell images, and even if you must you can still inject a differently patched SMC with sbtool to get around having to wire it twice.)

  DB1F1 is a hard point? why didn't you warn me before I went ahead and...


The only "hard" part was being patient, it does help one to practice on dead stuff to actually get how soldering works as well. Oh and flux, not just what is in the solder core, can make most soldering newbs wet (soldering term) with the best.

[sillybunnie]

I am planning on doing a 256MB jasper soon, would it be better for me to wait on how this develops or are jaspers not as prone to random errors vs other models? I did a xenon already which has been trouble free but sounds like the jasper is going to be more difficult vs the xenon.

[GTRagnarok]

Unless I'm missing the point here, there's no need to use db1f1 on Falcons and Jaspers. Just use the boxxdr method:

(IMG:http://boxxdr.com/boxxdr_jtag.jpg)

This post has been edited by GTRagnarok: May 31 2010, 08:40 PM