Topic: SMC Utility v1.1 (Read 103 times)

Xbox-Scene · « **on:** November 19, 2010, 06:05:00 PM »

SMC Utility v1.1
Posted by XanTium | November 19 20:05 EST | News Category: Xbox360

(IMG:http://www.burstnet.com/cgi-bin/ads/ad9520b.cgi/ns/v=2.1S/sz=300x250A/

Blackaddr released a new version of SMC Utility:

Quote

This is a general purpose SMC utility designed to replace the old SMC I/O Config Utility. The program itself is a patching engine, where the patches are written as scripts in the INI file. This will allow any future patches to be released as scripts instead of re-releasing the program itself.

This allows you to build a hacked SMC from your original, unhacked version. Included is an All-In-One patch that provides a uniform exploit code base between several SMC versions, and applies a patch that improves the support for Play'N'Charge cables. It eliminates the 'reboot' problem while shutting down with a controller charging. Optional patches are included that allow you force the console to power down instead of charging if you do not wish to leave the console charging unattended. You can also patch it to restore the original unconditional booting.

An analysis mode allows quick diagnostics of the SMC using the new code base to check the JTAG I/O configuration, bug status, status of other patches, etc.

What's new/fixed:
INI v1.1 Arrived -> Updates to AIO patch, GUIDE button and HDD swaps now boot correctly!
Posted Version 1.1. All boot modes now work properly with PlayNCharge. No known issues. Thanks to Cory1492.

Official Site: n/a, by Blackaddr
Download (v1.1): here
News-Source: xboxhacker.org

finalman · « **Reply #1 on:** November 19, 2010, 08:16:00 PM »

So what command string would i use if i wanted the console to completely power off even with the PlayandCharge kit with a depleted battery attached?

This post has been edited by finalman: Nov 20 2010, 04:28 AM

effbee05 · « **Reply #2 on:** November 20, 2010, 05:31:00 AM »

Open the smc_util.ini and remove the single semicolons (

in front of the lines in brackets ([]) from:

;;PNC_NO_CHARGE PATCH
;;This patch can modify an SMC that has been built with the AIO script.
;;Instead of charging in standby, it will shut the console down. This will
;;allow you charge while using the console, but shutdown completely without having
;;to unplug the cable if you don't like leaving the console running.
;[NAME=PNC_NO_CHARGE]
;; When detecting charging mode, replace the argon msg with a shutdown command
;; POP R0 LJMP <D/C> <D/C> SETB <D/C> LJMP
;; = 0xD0 0x00 0x02 0x?? 0xD2 0x?? 0x02
;; 0 1 2 3 4 5 6 7 8 9 <= this line is just for byte labeling
;[PAT=D000020000D20002]
;; 0123456789 <= this line is just for byte labeling
;[WILD=00011010]
;; replace the SETB <D/C> with SETB 04
;[6=04]
;[\PNC_NO_CHARGE]

to:

;;PNC_NO_CHARGE PATCH
;;This patch can modify an SMC that has been built with the AIO script.
;;Instead of charging in standby, it will shut the console down. This will
;;allow you charge while using the console, but shutdown completely without having
;;to unplug the cable if you don't like leaving the console running.
[NAME=PNC_NO_CHARGE]
;; When detecting charging mode, replace the argon msg with a shutdown command
;; POP R0 LJMP <D/C> <D/C> SETB <D/C> LJMP
;; = 0xD0 0x00 0x02 0x?? 0xD2 0x?? 0x02
;; 0 1 2 3 4 5 6 7 8 9 <= this line is just for byte labeling
[PAT=D000020000D20002]
;; 0123456789 <= this line is just for byte labeling
[WILD=00011010]
;; replace the SETB <D/C> with SETB 04
[6=04]
[\PNC_NO_CHARGE]

Then you'd run "smc_util patch input_dec.bin output_dec.bin"

iwanttheagrocrag · « **Reply #3 on:** November 20, 2010, 06:01:00 AM »

Blackaddr ROX!!!

Matthaeus · « **Reply #4 on:** November 20, 2010, 07:43:00 AM »

So i just tried this and my console & xellous no longer boot lol....(no error) It was previously running freeboot with 12611 dash

I ran
smcutil custom
smcutil patch (to get the no charge fix)
I ran these on a already patched smc

Here's the analysis output of the final smc that was used with fbuild .1 +dashboard 12611

QUOTE

*** Xbox 360 SMC Utility ***
*** Version 1.1 by Blackaddr ***

Looking for SMC version...
SMC Version: 2.3

Processing ANALYSIS section of smc_util.ini

DMA_READ_HACK: found at 0x2ED2
GPU_JTAG: found at 0x2F11
PCI_MASK_BUG: not found
TMS_PATCH: found at 0x2DBB : TMS_value_is 0xCC
TDI_PATCH_0_of_3: found at 0x2E19 : TDI_value_is 0xC0
TDI_PATCH_1_of_3: found at 0x2E3F : TDI_value_is 0xC0
TDI_PATCH_2_of_3: found at 0x2E56 : TDI_value_is 0xC0
TDI_PATCH_3_of_3: found at 0x2F17 : TDI_value_is 0xC0
PNC_CHARGE: found at 0x2EBF
PNC_NO_CHARGE: found at 0x2EC8

Can i flash my original-hacked (working) smc to the nand using a lpt cable and the following command?

QUOTE

nandpro lpt: -w16 smc_old_hacked_working.bin

Unfortunately i do not have my cable or soldering equipment with me....have to wait a week (IMG:style_emoticons/default/sad.gif)

Thanks.

This post has been edited by Matthaeus: Nov 20 2010, 03:48 PM

effbee05 · « **Reply #5 on:** November 20, 2010, 08:07:00 AM »

How is your JTAG wiring? SMC Utility now uses DB1F1 for TDI and AUD_CLAMP for TMS as default.
If your wiring is the old ARGON_DATA on the Ring of Light then that's why it isn't booting.
Don't know if Xell will boot for you. Might be worth a shot.

Matthaeus · « **Reply #6 on:** November 20, 2010, 08:39:00 AM »

QUOTE(effbee05 @ Nov 20 2010, 04:07 PM)

How is your JTAG wiring? SMC Utility now uses DB1F1 for TDI and AUD_CLAMP for TMS as default.
If your wiring is the old ARGON_DATA on the Ring of Light then that's why it isn't booting.
Don't know if Xell will boot for you. Might be worth a shot.

Thanks for the quick reply. I think you hit the nail on the head

Lol i completely misread that section of the readme.... yep i'm definitely using the ROL for TMS.

What i might do (since i don't have my LPT cable and a shitty iron) is temporarily solder a wire from my J2D2 diode to the audioclamp (Q2N1) and it should work? I can then reflash the console and remove the audio clamp.

Would i have to remove my current DB1F1 solder point? I only ask, as due to the heatshrink, hot glue, and my current lack of tools it would be much easier not to.

Thanks.

p.s.

QUOTE

Don't know if Xell will boot for you. Might be worth a shot.

No, it's not (IMG:style_emoticons/default/sad.gif)

This post has been edited by Matthaeus: Nov 20 2010, 04:40 PM

effbee05 · « **Reply #7 on:** November 20, 2010, 11:19:00 AM »

Yeah if you can move to TMS wire to Q2N1 you'll be good. DB1F1 willl stay where it is.

Matthaeus · « **Reply #8 on:** November 20, 2010, 01:13:00 PM »

QUOTE(effbee05 @ Nov 20 2010, 07:19 PM)

Yeah if you can move to TMS wire to Q2N1 you'll be good. DB1F1 willl stay where it is.

Thanks. Just to clarify - i actually mean to leave the DB1F1 connected to the J2D2 diode - and adding the additional solder wire/point (aud clamp) to the J2D2 diode.

I just wanted to make sure, as i haven't heard of anyone doing this before, and i would hate to damage anything.

Cheers.

erak · « **Reply #9 on:** November 20, 2010, 02:56:00 PM »

I described my problem here.

Could it be a SMC problem? Here is my output

SMC Version: 1.51

DMA_READ_HACK: found at 0x2DC0
GPU_JTAG: not found
PCI_MASK_BUG: not found
TMS_PATCH: not found
TDI_PATCH_0_of_3: found at 0x2E66 : TDI_value_is 0xC0
TDI_PATCH_1_of_3: found at 0x2E86 : TDI_value_is 0xC0
TDI_PATCH_2_of_3: found at 0x2E9D : TDI_value_is 0xC0
TDI_PATCH_3_of_3: not found
PNC_CHARGE: not found
PNC_NO_CHARGE: not found

It's a xenon. It says in the readme that you should use the original unhacked nand. But I don't have the original. Is it impossible to patch a hacked SMC?

effbee05 · « **Reply #10 on:** November 20, 2010, 03:48:00 PM »

I think you will be OK. I read somewhere Blackaddr said to use clean SMC's esp. for Xenon but run the hacked SMC thru the utility and then run an analysis on it.

My Zeph has an original SMC version 1.10 which isn't supported yet, so I used a 2.3 SMC from XBR and all is well.

Matthaeus · « **Reply #11 on:** November 21, 2010, 05:49:00 AM »

All working a treat now - did the audio clamp fix and then flashed an update which had the same SMC, but with the io changed to the ROL/db1f1. There wasn't even a any glue on the solder points either - too easy.

Cool apps - thanks!

Thanks for the help effbee05.

This post has been edited by Matthaeus: Nov 21 2010, 01:50 PM

TheBiGW · « **Reply #12 on:** November 21, 2010, 12:38:00 PM »

Jasper512 owner here - updated today using SMC Util 1.1 and all good. Just dumped the updated SMC into FreeBoot image and reflashed with Flash360.

Don't forget to use the I/O tool if you have an HDMI console (smc_util io patched.bin patched2.bin /i)

eriksson25 · « **Reply #13 on:** November 22, 2010, 05:02:00 PM »

Hi, Need a litle bit of help, have done some jtags (10+) but have been away from the xbox scene for a while. And now I am wondering what all this aud_clamp fix is?

I have a BB Jaspar, wired with this guide (ecept everything is made on the bottom of the motherboard). http://forums.xbox-scene.com/index.php?showtopic=700520

I dont have any problems with the box, except that it dont charges the handcontrolers. So was gone use this utility but dont know how to configure it with my settings.

And what is the benefits of using aud_clamp ??

Thnks for the replys

finalman · « **Reply #14 on:** November 26, 2010, 10:37:00 PM »

QUOTE(effbee05 @ Nov 20 2010, 01:31 PM)

Open the smc_util.ini and remove the single semicolons ((IMG:style_emoticons/default/wink.gif) in front of the lines in brackets ([]) from:

;;PNC_NO_CHARGE PATCH
;;This patch can modify an SMC that has been built with the AIO script.
;;Instead of charging in standby, it will shut the console down. This will
;;allow you charge while using the console, but shutdown completely without having
;;to unplug the cable if you don't like leaving the console running.
;[NAME=PNC_NO_CHARGE]
;; When detecting charging mode, replace the argon msg with a shutdown command
;; POP R0 LJMP <D/C> <D/C> SETB <D/C> LJMP
;; = 0xD0 0x00 0x02 0x?? 0xD2 0x?? 0x02
;; 0 1 2 3 4 5 6 7 8 9 <= this line is just for byte labeling
;[PAT=D000020000D20002]
;; 0123456789 <= this line is just for byte labeling
;[WILD=00011010]
;; replace the SETB <D/C> with SETB 04
;[6=04]
;[\PNC_NO_CHARGE]

to:

;;PNC_NO_CHARGE PATCH
;;This patch can modify an SMC that has been built with the AIO script.
;;Instead of charging in standby, it will shut the console down. This will
;;allow you charge while using the console, but shutdown completely without having
;;to unplug the cable if you don't like leaving the console running.
[NAME=PNC_NO_CHARGE]
;; When detecting charging mode, replace the argon msg with a shutdown command
;; POP R0 LJMP <D/C> <D/C> SETB <D/C> LJMP
;; = 0xD0 0x00 0x02 0x?? 0xD2 0x?? 0x02
;; 0 1 2 3 4 5 6 7 8 9 <= this line is just for byte labeling
[PAT=D000020000D20002]
;; 0123456789 <= this line is just for byte labeling
[WILD=00011010]
;; replace the SETB <D/C> with SETB 04
[6=04]
[\PNC_NO_CHARGE]

Then you'd run "smc_util patch input_dec.bin output_dec.bin"

Not working. I get the following:

_____________________________

Processing PATCH section of smc_util.ini

NAME: PCI_MASK_BUG
PAT: 2407D0E0F8
WILD: 00000
PCI_MASK_BUG: not found

NAME: PNC_NO_CHARGE
PAT: D000020000D20002
WILD: 00011010
PNC_NO_CHARGE: not found
_____________________________

No data in the file changes.

Author Topic: SMC Utility v1.1 (Read 103 times)