Jump to content


Photo

Xbox Version 1.6 found


  • Please log in to reply
570 replies to this topic

#211 Grez

Grez

    X-S Young Member

  • Members
  • Pip
  • 52 posts

Posted 03 May 2004 - 08:03 PM

QUOTE (Exobex @ May 3 2004, 08:56 PM)
The MCPX still has to read the kernel from somewhere. One of those chips has taken over the function of the TSOP. That chip ought to connect to the same points of the MCPX as the TSOP did. Using PCB traces. That may still have test points or vias.

Yes, it has to read kernel from somewhere, but not necessarily using the same bus as before. As I don't have an 1.6 box on my hands, I can't give any solid info, but time will tell.

#212 downlowfunk

downlowfunk

    X-S Member

  • Members
  • Pip
  • 128 posts

Posted 03 May 2004 - 08:07 PM

Ok I want to know how come no one has james bond'ed this new 1.6 yet?

Agent James bond plays an important role in all my XBOX expierimenting. I would have Raincoat, loading on that new box so quick.

its a bummer u have to unlock the TSOP just to get its ID, other than visual confirmation.

now my other question where heck is the bottom of this board?

I feel like this 1.6 mystery is going too slow, compared to the speed im used to with the scene.



uhh.gif uhh.gif muhaha.gif muhaha.gif muhaha.gif muhaha.gif muhaha.gif muhaha.gif

#213 w1nt3rmut3

w1nt3rmut3

    X-S Enthusiast

  • Members
  • 6 posts

Posted 03 May 2004 - 08:09 PM

QUOTE (Grez @ May 3 2004, 10:03 PM)
Yes, it has to read kernel from somewhere, but not necessarily using the same bus as before. As I don't have an 1.6 box on my hands, I can't give any solid info, but time will tell.

your exactly right. this has been out for like 3 days, and, from this board as a source, no serious modder has done a full writeup. maybe i missed it somewhere in the 20 pages of posts. however, the fact that the community could speclate over just pictures, and probably have the truth somewhere, is amazing. give someone in xecuter or other chip builders a day, and they will have this thing on the verge of cracked, if not done so already. this is taking a risk but i say by may 15 this thing could be licked.

#214 lordvader129

lordvader129

    He Who Posts Alot...

  • Head Moderators
  • PipPipPipPipPipPipPipPipPipPipPipPipPipPipPip
  • 17,752 posts
  • Gender:Male
  • Location:Chicago, USA
  • Xbox Version:v1.1
  • 360 version:v5.0 (360S - trinity)

Posted 03 May 2004 - 08:10 PM

it would be interesting to see if this new kernel allows even gamesave exploits to load

raincoat would def be pointless at this point as you have to read enable the chip just to ID it, and as of yet we dont know what (if anything) can be bridged to enable read access to the chip

#215 brahm2

brahm2

    Internet Superstar

  • Members
  • PipPipPipPipPipPipPipPipPipPip
  • 6,003 posts
  • Location:Saskatchewan, Canada
  • Interests:I'm an EE student at the UofS in Saskatoon. I love guitar and drinking beer.. sometimes both.
  • Xbox Version:v1.0
  • 360 version:none

Posted 03 May 2004 - 08:13 PM

QUOTE (black_light @ May 3 2004, 01:19 PM)
And the 1.5 was a hoax, its mostly because people dont connect there points well.

Err... the 1.5 box wasn't a hoax. It's been confirmed by XS and every modchip team out there - if it wasn't a hoax, they wouldn't have special instructions for 1.5 installs.

#216 XanTium

XanTium

    Xanta Powa!

  • Admin
  • 3,110 posts
  • Location:Solaris
  • Xbox Version:v1.0
  • 360 version:v1 (xenon)

Posted 03 May 2004 - 08:45 PM

QUOTE (downlowfunk @ May 3 2004, 11:07 PM)
I feel like this 1.6 mystery is going too slow, compared to the speed im used to with the scene.

HW teams and independents don't have this v1.6 xbox ... so they can't do any research. Most people who had a v1.6 are shipping it to several teams atm.

#217 species8472

species8472

    X-S Senior Member

  • Members
  • PipPip
  • 162 posts

Posted 03 May 2004 - 09:21 PM

QUOTE (Corspegrinder99 @ May 2 2004, 12:59 AM)
this wasnt a Halo box...was it?

nah, the halo xbox's are 1.4's and easily modable.

#218 -Gadget-

-Gadget-

    X-S Genius

  • Members
  • PipPipPipPip
  • 820 posts

Posted 03 May 2004 - 09:42 PM

just read all 20 pages ! what a nice read smile.gif
suddenly finding out something new, when its had a bit of time to be mature is always better smile.gif

Ok my 2 cents. mainly derived from what many people have already said, Facts or general common sense!

Its unlikly that the main MCPX has changed (for reasons that we all know)
so like its been said, that means the way it gets the bios info must still be the same (as in pins and bus traffic).
and ultimatly(sp) xbox is alwyas gonna be expliotable
unless of course they can change this easily without the word of nVidia ? then Paulbs words would come into play.
What is what Exobex said..
QUOTE

The MCPX still has to read the kernel from somewhere. One of those chips has taken over the function of the TSOP. That chip ought to connect to the same points of the MCPX as the TSOP did. Using PCB traces. That may still have test points or vias.


I think we can also safely say that, the video chip is now the video/audio chip (and in same place as video chip).
The bios/firmware (xyclops) chip has replaced the TSOP/Pic chip etc .
EEprom chip is still the same, and i expect everything about its contents is the same
(for things like Xbox HDD, and Serial number(xboxlive))
what grimlock also said (but better !)
QUOTE

Summarising major chips in old/new versions, for comparison: (pls improve if needed)
v1.0-1.5
CPU, GPU, RAM, BIOS(TSOP), video encoder (focus/conexxant), audio chip
v1.6
CPU, GPU, RAM, Xyclops, Xcalibur


And as for no spae for the 128MB upgrade.. even at the moment its not really a DIY job, not just because u either canna get the chips, or need to destroy another xbox for them but fitting them is a right ta-do so Exobex even if you are correct, not sure it will ever be done just because of the pros agian cons !!
QUOTE

I'm sure if you do a continuity test between the populated and unpopulated RAM chip areas on a 1.4, most will match. Only the topmost address lines (or maybe the chip enable lines) will be different. These (on the unpopulated area at least) need to be traced back to the appropriate via on the MCPX's little circuit board.

Piggyback the new RAM on top of the existing RAM (it's a technique sometimes used on higher-capacity DIMMs) with the "non-continuity" pins left separate. Connect these separate pins to the same vias you found on the 1.4's MCPX (unless you find that the PCB traces still exist to some extent, in which case use those).
Nasty, but possible. I wouldn't do it, though!


ok we also know that the newer bios found in v1.4/1.5 xbox already have the xcaliber support.
THUS meaning that to put that in it, means that THIS SAME BIOS will also work in the v1.6 smile.gif
and thus the chip thats used in a 1.6 must support this type of bios smile.gif
as in, if th 1.6 requires a totally diferent kind of make up of bios, then it would have its own make of bios !!
and not found in previous bios found in 1.4 etc
and i think this is a VERY important to remeber !
As heinrich said and confirms. this 3rd encoders been in bios for while
QUOTE

both 5530 and 5713 support all 3 known video encoders, and both kernels have been on xbins for a while.


so then what needs to be tried, i think again we all know due to the last board revisions !
Short out d0 (like hippo said at worst case scenario)
and see what the LPC points are now (probing/scoping/tracing) and try a newest bios that we do have
(which supports these hardware changes(encoders))

And whats also been discussed is software mods, was'nt aware that the new Kernels, stopped older Dash's running
(even XBL ones !? as in if u put in a old XBL game in, would update your dash to its old (exploitable) dash..
Now if the kernel stoped this then u would have a NonWorkin xbox would u not ???? PLEASE correct me on this ! )
or does the kernel even stop it running the older type xblive updater?
but if this is poss. hotswap the HDD (as this would still work the same)
and maunally 'update' your HDD thus getting it soft modded, and thus able to use as such !!

oo by the way, i think 1.6 is correct version naming !, maybe goto 2.0 when minixbox comes out depending how high we already ar ! lol
and tsop, as long as we all know what we are reffering to ! does it matter what we call it ! tsop always seems to refer to the HARDWARE chip, Bios always seems to refer to the SOFTWARE contents of the chip .. (as in "lets flash a new bios to the tsop")

Bit of a Big post, sorry ... But hopefully a bit of a revision post !
Thanx for reading please post your thoughts too, Mick ..

EDIT added Quotes EDIT

Edited by -Gadget-, 03 May 2004 - 10:06 PM.


#219 lordvader129

lordvader129

    He Who Posts Alot...

  • Head Moderators
  • PipPipPipPipPipPipPipPipPipPipPipPipPipPipPip
  • 17,752 posts
  • Gender:Male
  • Location:Chicago, USA
  • Xbox Version:v1.1
  • 360 version:v5.0 (360S - trinity)

Posted 03 May 2004 - 09:50 PM

QUOTE
(even XBL ones !? as in if u put in a old XBL game in, would update your dash to its old (exploitable) dash..
Now if the kernel stoped this then u would have a NonWorkin xbox would u not ???? PLEASE correct me on this ! )


the old XBLgames compare versions, if the version on your HD is lower than 4920 it updates you, otherwise it does nothing


in only 2 days this thread has become the most viewed and 3rd most replied to thread in gen hardware, lol

Edited by lordvader129, 03 May 2004 - 09:54 PM.


#220 -Gadget-

-Gadget-

    X-S Genius

  • Members
  • PipPipPipPip
  • 820 posts

Posted 03 May 2004 - 10:07 PM

arr yes of course they all come with XBL now ..
(gone are the days of locked XBE to xbox ! lol)

how about gamesave exploit ? is that still here ?

Mick ..

#221 oz_paulb

oz_paulb

    X-S X-perience

  • Members
  • PipPip
  • 345 posts

Posted 03 May 2004 - 10:18 PM

QUOTE (Exobex @ May 3 2004, 08:56 PM)
The MCPX still has to read the kernel from somewhere.  One of those chips has taken over the function of the TSOP.  That chip ought to connect to the same points of the MCPX as the TSOP did.  Using PCB traces.  That may still have test points or vias.

For those who don't know, here's how code currently gets into the CPU on existing (pre-1.6) Xbox's:

The CPU's reset code reads memory at the very top of the CPU address space. All external memory requests go via the MCPX chip. The MCPX sees the address range as being what should be 'ROM' (as opposed to SDRAM, or other I/O space).

The top 512 bytes of the address space are actually inside the MCPX - so, it just passes this directly to the CPU without the need to access external Flash.

The rest of the 'ROM' space has to be fetched from the Flash chip. This is done over a standard address/data bus - a bus (between MCPX and TSOP Flash) which (I believe) is only used by the Flash chip (separate bus from the SDRAM). The MCPX will basically just 'route' CPU requests to the top of memory (which aren't the top 512 bytes) directly to the external Flash chip.

On the 1.6, there are a few possibilities I can think of that could make it difficult to find the same address/data lines that used to go between the MCPX and the TSOP Flash:

- The new BIOS could be on the LPC bus (whether/not it's 'inside' another chip), so all of the dedicated address/data lines that used to go between the TSOP BIOS and the MCPX would be unused

- The new BIOS may not be directly-addressible on the CPU's address/data bus as it currently is (via the MCPX) - it could be more of an "I/O" device that gets 'read in' to RAM (by the MCPX boot code) at startup. The exact method of doing an I/O read of the memory could be any of a number of methods (example: simple serial bus like I2C, or an 8-bit databus with no address bus other than the I/O port (because it's always a sequential read of the entire image to RAM)). In these cases, again, the old address/data lines that used to go from TSOP Flash to MCPX wouldn't necessarily be there.

- The new BIOS could be 100% inside the MCPX chip. I know that MS/NVidia have had their contract disputes, but I don't know whether/not NVidia is still obligated to either do the work of replacing MCPX internal ROM images for MS, or perhaps the contract says that they have to provide MS with the capability to do it themselves (lots of contracts are written this way - in case NVidia were to go out of business, for example). The 'core' to MS's security (RC4 key, etc) is currently in the 512-byte ROM inside the MCPX, and MS has already made NVidia 'scrap' a bunch of MCPX's/make new ones with a new key. I wouldn't be surprised if MS can demand continued ability to update their security. Now, there's a separate issue of whether/not there's enough die space to hold more than 512 bytes of ROM, but as technologies get smaller, it gets easier to fit more inside a fixed chip package size.


I'm sure there's plenty more possibilities... we're all just speculating at this point.

- Paulb


#222 hippo

hippo

    X-S Freak

  • XS-BANNED
  • PipPipPipPipPip
  • 1,195 posts
  • Xbox Version:unk
  • 360 version:unknown

Posted 03 May 2004 - 11:07 PM

Oh great that means a 29 wire mod soldered to the less than ample mcpx internal vias smile.gif

You could solder 30awg kynar to that D0 spot I found this morning, I should do some better pictures, the close up I posted got comprimised so I could show the orientation of the silkscreened T in Taiwan. There is space between the trace and the next via and I would feel comfortable soldering to it.

#223 Exobex

Exobex

    X-S Hacker

  • Members
  • PipPipPipPipPipPip
  • 2,063 posts
  • Xbox Version:none
  • 360 version:none

Posted 03 May 2004 - 11:54 PM

QUOTE (-Gadget- @ May 3 2004, 10:42 PM)
ok we also know that the newer bios found in v1.4/1.5 xbox already have the xcaliber support.
THUS meaning that to put that in it, means that THIS SAME BIOS will also work in the v1.6 smile.gif

Not necessarily. Remember that 1.0 and 1.1 BIOSes weren't interchangable, (due to an MCPX change, wasn't it?)

Bourke reported one of those earlier BIOSes though. I'd still like to see a picture of that board of his. Perhaps his was a 1.6 and these are actually 1.7 boards? WAAAAAAHHHHH!

#224 illypso

illypso

    X-S Member

  • Members
  • Pip
  • 143 posts
  • Location:Canada, Quebec, Brossard
  • Interests:Anything that can be hard to do in my xbox and that have a risk to broke it is a nice thing to try
  • Xbox Version:v1.0

Posted 04 May 2004 - 12:05 AM

just a noob 2 cent,

could they have fuse the TSOP(or wathevers it is call now) and another chip
like the TSOP and the sound chip, like this they would have hide the TSOP somewhere. and by changing this it would be impossible for us to flash it but not for M$ as they know how and not us.

just a sugestion like this maybe it is not possible i don't know , i am a noob.

#225 muggs

muggs

    X-S X-perience

  • XS-BANNED
  • PipPip
  • 397 posts
  • Location:Long Island
  • Xbox Version:v1.0

Posted 04 May 2004 - 01:04 AM

Picked up one of these just for shits and giggles. Damn this thing is weird, no open RAM spots, no d0 point on front or back (also the other points that are usually near the alt d0 aren't there) extra LPC point... uhh.gif



muggs




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users