Print

[effbee05]

QUOTE(dangwoot @ Jun 1 2010, 05:53 AM)

i have a quick question my falcon that i recently had jtagged will sometimes give me the one red light in the lower left hand side.
And then i have to do the initial setup crap again, and its starting to get old fast would applying the smc fix to a new freeboot image and flashing it fix this or will i have to resolder all the wiring?

cause i didn't do the soldering in the first place and i know nothing about it >.<

if so could someone pm me the instructions on how to apply the fix i know how to flash it but i usually use freeboot toolbox for the rest >.<

You would run version 0.2A from a Command Prompt:
    smc_io.exe SMC_dec.bin SMC_patched.bin 83 28 C0 03

Rename SMC_patched.bin to SMC.bin and it will go into freeBOOT's data folder.

That will get you the bug fix but keeping the original wiring.

[dangwoot]

QUOTE(effbee05 @ Jun 1 2010, 05:37 AM)

You would run version 0.2A from a Command Prompt:
    smc_io.exe SMC_dec.bin SMC_patched.bin 83 28 C0 03

Rename SMC_patched.bin to SMC.bin and it will go into freeBOOT's data folder.

That will get you the bug fix but keeping the original wiring.

okay this is my plan of attack let me know if theres anything im doing wrong or if it should work

i opened 360 flash tool and opened a freeboot image i made with my original nand,
i then extracted the smc_dec to my C:\ drive and typed in what you said and it said

CODE

*** Xbox 360 SMC I/O Config Utility ***
*** Version 0.2 Alpha by Blackaddr  ***

Found the PCIe Start Write Bit bug @ 0x2E9E ...patched PCIe SWB bug..
Found the TMS code at 0x2DC3 and 0x2DCB ...patched TMS output...patched TMS dela
y.
Found the 1/4 TDI code at 0x2DB6 ...patched TDI output.
Found the 2/4 TDI code at 0x2E21 ...patched TDI output.
Found the 3/4 TDI code at 0x2E47 ...patched TDI output.
Found the 4/4 TDI code at 0x2E62 ...patched TDI output.
Found the TCLK delay code at 0x2DFA ...patched TCLK delay.

The output file SMC_patched.bin must be re-encrypted before it can be flashed to
 the NAND.

i then opened freeboottoolbox 2.4 and selected nand for the dashlaunch 1.0 patches im not sure how to make it do no patches, but then i selected creating a custom freeboot then when the box pops up i put my new smc in the temp and the data folder overwriting the ones there then let it continue to build my image,

is it gonna be okay to flash this image or will it break my system?

[dangwoot]

sorry for the double post just wanted to let everyone know my method worked now im just curious if it'll keep these errors away >.<

[antisniperspy]

QUOTE(krizalid @ Jun 1 2010, 01:46 AM)

Nope, that's an issue with FSD's code. I don't know cause I don't code for the console, but It seems like it's the only dash with this issue.

XeXMenu, XeXDash, XeXLoader, other software at bootup don't have this issue.  

The synching issues I had was that when I turned the xbox on controller wouldn't sync, it will only cycle through the lights like it's searching for a device (both controller and console) and nothing.

Solving this issue was to power off console and power back again.

Didn't always happen, but now it never does.  

Ok thanks for the responce. I had a feeling it had to do with freestyle itself but I just wanted to make sure. I have a few xbr and freeboot consoles that have never had controller, hdmi or e79 problems using the ROL point for the jtag mod.

[phantitox]

Patch smc, reconfig jtag wires, NO MORE e79, no more reset settings, no more random 3RL on my Falcon , fuckin incredible thx for this blackaddr

[cthompson019]

Zephyr 4558.

Tried just the bug fix first but it started to e79 after 3 reboots.

Patched a new SMC with the default settings, rebuilt Freeboot and flashed with Flash360.

Moved the wire from RF panel to the AUD_CLAMP pin

After 30 or so reboots I have not seen any more e79 or funky ring dancing.

I just have one question, should we use just a straight wire or should we be using a diode in the new path?


Thanks for the great work, I am not going to miss seeing the e79 every time I sit down to play.

[juggahax0r]

Pretty sure You still need the diode as the SMC still talks at 3.3v and the Jtag at 1.8v so the diode would still be needed and if you didnt add it you may be driving to much oltage into your Jtag port.

[JQE]

QUOTE(krizalid @ Jun 1 2010, 12:46 AM)

Nope, that's an issue with FSD's code. I don't know cause I don't code for the console, but It seems like it's the only dash with this issue.

XeXMenu, XeXDash, XeXLoader, other software at bootup don't have this issue.  

The synching issues I had was that when I turned the xbox on controller wouldn't sync, it will only cycle through the lights like it's searching for a device (both controller and console) and nothing.

Solving this issue was to power off console and power back again.

Didn't always happen, but now it never does.  

the issues is changing the ROL and i don't believe any other dash does this.

If you haven't tested if it works, you can't say it's still broken. If you have tested then it's different. I am curious as i think it will fix the issue myself.

[juggahax0r]

Has everyone been having luck with this?

 And if so has anyone made a set of patched SMCs for all revisions?

I guess i technically can, i have enough backups  i should have 1 for each revision , and all the CPU keys. Anyways I have at least 8 to tag tomorrow so I guess i should get to work on this , been slackin all day.  I used it on a Zephyr SMC but i have no Jtags to test it on mine broke but it was a Xenon anyways.

 Has everyone also been relocating both points , or is the Argon Data line enough too move for Zephyr e79s?

 I have been using 1n4151 diodes on my Zephyrs made it a little less frequent , but whatever this sounds like a real fix. Basically it is new Jtag wiring for the HDMI models , you just have to configure it manually right now , i would expect some n00b friendly stuff to come out for this in the near future also.

 Thanks if anyone replies I appreciate it.

[antisniperspy]

What I am wondering is .....

I have a jasper 512 that is using the rol point and has had no problems booting or syncing controllers *knock on wood*. Would these new points or smc files even do anything for me or is this just for the Zephyer models? Any one who knows a little more could reply I would really appricate it.

Thanks

[juggahax0r]

Thanks for the reply. I have been reading xboxhacker on this subject while he was working on it. I was actually surprised to see something already out for it. I am going to try just the bugfixes on a couple Zephs , I haven't had much trouble with others giving me E79. Not sure what you mean about it taking less time to boot , I have tested it against an unmodded system and it booted faster than the unmodded one. They were both Xenons though , and the boot time actually was affected by SD cables VS VGA. I haven't much paid attention to the boot time on HDMI consoles though. I love Xenons for some reason they never let me down , maybe a reflow but i use no clean flux and never have another problem.
 
 Thanks again i will have some progress on my end to report tomorrow , Not sure when my "guy" is stopping by depends on when UPS shows up kinda like the cable company. I have 8 to test most will probably be HDMIs , and i get a lot of Zephyrs.

[Spegs12]

Any chance of modifying Xell to use AUD_CLAMP or both AUD_CLAMP and TRAY_OPEN? That way we would not have to change wiring.

[juggahax0r]

QUOTE(Spegs12 @ Jun 2 2010, 01:25 AM)

Any chance of modifying Xell to use AUD_CLAMP or both AUN_CLAMP and TRAY_OPEN? That way we would not have to change wiring.

 The SMC code should take care of itself in that regard and run just the same.  

I could be wrong but it is still using the same address in your Nand for the exploit, what is changing is the data line i/o , that it uses to "talk" to TDI and TMS and if you only implement the bugfix and not the changing of the points it is just changing some timing and things like that. But the same data is getting shifted in so it should be the same.

[Spegs12]

QUOTE(juggahax0r @ Jun 2 2010, 01:35 AM)

The SMC code should take care of itself in that regard and run just the same.  

I could be wrong but it is still using the same address in your Nand for the exploit, what is changing is the data line i/o , that it uses to "talk" to TDI and TMS and if you only implement the bugfix and not the changing of the points it is just changing some timing and things like that. But the same data is getting shifted in so it should be the same.

So we could use DB1F1/FT1U2 and AUD_CLAMP for the initial JTAG procedure? Running Xell/Xellous with this wiring to get CPU Key, Flash Dump, etc.

[juggahax0r]

 I first ran the bugfix command , and named it smc1.bin then ran the default command and named the file smc2.bin then i re encrypted smc2.bin (which contains both the bugfix and the point change) into the original freeboot image I had built , then i opened up in flash 360 tool just to make sure thier weren't any errors trying to open it.

  You could make a generic xbr image with just your config and KV , then patch the SMC for the new wiring on the XBR image , this will then give you xell to get your CPU key and build the freeBOOT image. Then you should in theory just be able to use the same patched SMC you made for your XBR image on the freeBOOT image , you just have to have your CPU to build the freeBOOT image.
 I am partly trying to help but also brainstorming how I am going to do it , I have not gotten to test this yet so don't quote me on anything I am saying. I'm not a dumbass though and i have done a lot of Jtagging , and i followed the thread on XBH while they were working on it so i knew this was on the way at some point.

Db1f1 and ft1u2 are still the other point you solder to. I haven't seen anything about how to change the other point to the DVD tray point. Anyone know what command would change the DB1F1 point?