***** How to do the JTAG Hack/Dump NAND/Xell Tutorial *****

when i compared the 2 xbr's there were 9 differences. should i dump again or is that okay? :S

 

you need to compare the xbr you read from the box to the xbr you injected the kv and config into not the the original xbr you downloaded. If you are doing this and there are differences then i would try to either read it again or write it again. If you write again, then you will have to read the new again and compare to the xbr you built with your kv and config.

 

Okay, so I flash it without anything injected, read that flash, inject the original one i downloaded, and compare the injected one to the non-injected read?

 

Is a 360 on dash version 2.0.6717.0 guaranteed to be Jtag readY?

 

@Pheenoh - I did not see anywhere what type of box you are using, Is it Arcade 256mb or 512mb? or a 16mb nand. nandpro tells you as soon as you start a read.

Follow the exact instructions that android16 posted. When you the xbr write is complete, if you still cant boot, then read the nand back off the system, So in dos you would type "nandpro lpt: -r16 xbrnand.bin" (without the quotes) the "xbrnand" could be named anything as that is the file name, I named my this to keep them organized.

Now you will take the xbrnand.bin file and compare it to the XBR.bin file that you injected your kv and config to. These should match. If they do you know that it is not an issue with the flash. This is only to eliminate the chance that the flash went wrong. So if they are matching it is a good possibility you have a short on the board, causing it not to boot. If they dont match then it is a good possibility that something went wrong when you were flashing xbr.

@ Petries - I believe a box with that dash is guaranteed jtag-able but it if you read the nand and check the cb you will be 100% sure.

 

Alright. I'm flashing an injected xbr to the nand now, and if it doesn't work then i'll dump it and compare. Xbox is a pro with a zephyr in it. Nandpro read a 16mb dump.

I'm 99.9% sure this is exploitable due to it being manufactured in october of '08 and not being update since march 09. And the CB version was around 4580.

 

I'm thinking of attempting this for the first time next week, but the parts listings confuse me a bit. Would it be easier to find them online, or somewhere local like radio shack? Might someone be able to provide some guidance on procuring everything required?

 

The diodes and resistors are at radio shack. just write down the part number for the diodes given in the tutorial and for the resistors look for 100-ohm 1/2 watt resistors.

 

Thanks muchly.

Any recommendations for wires or will anything pretty much work?

 

okay big news. I read somewhere that my CB version is only exploitable when I use a falcon version of xbr on my board. so i injected a falcon xbr.bin and flashed it and... my 360 turns on! But it goes to the setup menu as if i just bought the 360 new. So now that I'm here, how do I get my CPU key?

Side note, I get E79 when I hit the eject button (hit, not hold), but I'm guessing that's because I don't have my drive plugged up.

EDIT: The E79 thing just seems to happen at random now. i read you have to hook up the dvd drive to boot into xell, but I just get E65 everythime I try to boot to it. (Through the eject button obviously)

 

I used some small speaker wire, and some wire my friend clipped off some old headphones and both worked. So pretty much anything as long as it's not too thick or extremely long.

 

This is probably one of the dumber questions in this thread but here goes anyway...

In the diagram showing the lpt wiring are we looking at the db25 from the front (male connector that plugs into pc) or the back? I assumed we were looking at the front so my LPT1 is the upper right corner when looking at the pins with the row of 13 on top and 12 on the bottom.

 

Hey, nice tutorial, thanks!

I'm at the point where I go to download the NAND and it gives me error messages when doing the 20 minuted download. Didn't know if that was normal or not but when I opened the NAND in a Hex editor since it needed that year change to be read, it was all zeroes.

I read somewhere it may be a bad ground but it all checks out with a multimeter for continuity. Any other reasons?

Using the switching diodes, directly to the board with the black stripe nearest the board, and 1/2 watt, 100ohm resistors that are also soldered directly to the board.

TIA!

 

Oh, and it's a Xenon board - dunno if that would matter. I'm using the new Xenon pinouts for the JTAG part itself but the standard LPT config.

 

I believe that is showing the orientation if looking at it from the back. You may have pin numbers on the connector itself, too, if you look carefully. When looking at the connector from the front, the part you'll plug into your printer port, the #1 pin is in the upper left, then count left to right from there, with #14 starting the lower row at the left.

 

thanks. I did everything exactly backwards. Doh!

 

@ Petries - I would recommend solid wire 20-24 gauge if you can find it. I have done it with braided wire and solid wire, the first time was with braided and it took about 9 hours to do lpt and jtag. The second time was with solid wire & flux and took about an hour for lpt and jtag. I used 20 gauge wire from home depot, i believe it is doorbell wiring and costs 24 cents per foot. JUST MAKE SURE TO PRE-BEND YOUR WIRES WHEN USING SOLID WIRE, or you could rip a pad off if you try bending it after you soldered it to the board.

@ Biground 1 - There should be tiny numbers by each pin on the lpt cable.

@ Pheenoh - you have to boot it by pressing the eject button, it wont go into xell if you are booting it up then pressing eject. and make sure your not using HDMI for xell.

 

I'm 100% sure I'm booting it by hitting eject. I'll reflash it and try again though.

EDIT: Nope, no matter how I hit the eject button, it just goes to E65 when I have the drive plugged in.

EDIT 2: Just making sure, you don't have to integrate xell into the latest xbr bins right?

 

Anyone with a possible assist for this? I've tried changing the type of port in the BIOS, etc. Only thing I've not tried yet is to go with lower ohm or no resistors but fear to do that in case of frying.

 

My flashconfig is: 0x1198010

That's apparently wrong.

HELP!