Stuff you need to know that the other guides don't tell you...
Soft-modding can screw up your XBOX. If you follow the instructions you should be fine but I can't take responsibility if anything goes wrong. Good luck!
This guide is intended to help complete beginners to understand soft-mods and how to install them successfully. I am not an expert but I have one chipped XBOX and one soft-modded and this guide documents what I needed to do in order to perform a soft-mod.
I am assuming some basic knowledge of PC's and networking on your part and the use of standard tools such as FTP.
To perform a softmod you are going to need to connect your XBOX to a PC using the ethernet socket at the back of the XBOX. You can connect this directly to a network card on your PC using an ethernet cross-over cable or you use a straight ethernet cable to connect it to a port on a switch, hub or router if you already have a home LAN.
Before we get into soft-modding in detail you are going to need to understand a little of how the XBOX works:
This is the program that provides the user interface when you start up your XBOX. Amongst other things the standard MS Dashboard allows you to manage game saves, set the clock and other system settings and launch XBOX Live. It is implemented in a file called xboxdash.xbe on the root of the C drive on your XBOX's hard drive and it loaded every time you boot the box.
The MS dashboard uses a number of other files which, depending on your dashboard version will either be also in the root directory or in subdirectories off the root. For soft-modding purposes the only files which concern us are the font files which are named XBox Book.xtf and Xbox.xtf (more on these later).
The BIOS and PBL
The XBOX has a BIOS, similar to that in a PC. When you install a modchip you are replacing the functionality of the standard BIOS with a specialised BIOS which is provided by the modchip manufacturer. You would generally also install a replacement third-party dashboard alongside any modchip.
Okay so how is this relevant to soft-modding? Well the answer is that in 2003 some clever people came up with a software application which works like a modchip and allows you to load one of the modchip BIOSes, completely in software. This package is called PBL or the Phoenix Bios Loader.
The standard unmodded XBOX will only execute applications and games which have been 'signed' in a special way. This is why you cannot use backups or third-party apps on an unmodded box. The BIOS loaded by PBL together with a third-party dashboard will allow unsigned code to be executed and so you will typically get FTP access, the ability to run Linux, backups, third-party applications etc.
The Gamesave Exploits
Hopefully from the above description it is clear that what we need to achieve is to get PBL, a replacement BIOS and a new dashboard onto the XBOX. In order to do this we will need FTP access to the box. This is where the gamesave exploits come in.
These take advantage of security loopholes which will allow us to temporarily load PBL and an alternative dashboard. This will give us FTP access to the XBOX and will subsequently enable us to load PBL etc for a more permanent solution.
The technical details of how these work are beyond the scope of this document but there are plenty of detailed explanations within the XBS forums and elsewhere.
There are three main gamesave exploits which all work similarly and are based on the games; 007 Agent Under Fire, Mech Assault and Splinter Cell. For each of these there are various different packages available. To use one of these you will need:
- an original (i.e. not a backup) copy of the game in question
- a copy of the relevant gamesave exploit package
- an XBOX memory device with some way of transferring the game save to it from your PC e.g. an Action Replay or Mega X-Key. Alternatively you need a friend with a chipped or soft-modded XBOX who can transfer the game save to a standard XBox Memory Card.
- I downloaded a package called splinter_cell_exploit-pal.zip. (PAL refers to the video standard used by your XBOX. I have a UK, PAL-based box, if you are in the USA your box will be NTSC).
- I did not own an Action Replay or an XBOX memory card so I made an XBOX USB cable and used a standard 128Mb USB pen drive to transfer the game save from my chipped XBOX. There are various tutorials on how to make a USB cable and how to convert a standard XBOX memory card to Action Replay functionality on XBS. If you can't do any of this then you will have to buy an Action Replay or the new Mega X-Key.
- I loaded the Splinter Cell game saves onto my chipped XBOX via FTP.
- I connected my pen drive to the chipped XBOX and went into the Memory option in the standard MS Dashboard. The pen drive was recognized by the XBOX and was formatted to allow game saves to be written to it.
- I then used the Memory function to transfer the Splinter Cell game saves from the XBOX hard drive to the pen drive.
- I then moved the USB cable and pen drive to the unmodded XBOX and used the Memory function to transfer the saved games from the pen drive to the XBOX hard drive. If you have a Mega X-Key (or Action Replay) you can transfer the save games from the PC directly to the X-Key and then plug it in the unmodded box and transfer it to the hard drive.
- I booted the XBOX with my original Splinter Cell disk in the drive.
- After it loaded I went to Start Game, selected the profile "LINUX" and chose "Check Points".
- I was then presented with a replacement dashboard called Evolution-X (Evox).
- Within Evox I set up an IP address, subnet mask and default gateway for my XBOX (something suitable for your LAN).
- I saved the details, rebooted and went through the three steps (above) from booting with the original Splinter Cell again. At this point I had FTP access to my XBOX from my PC.
The Dashboard Exploits
There are basically two different types of dashboard exploit. The 'fonts' exploit replaces the XBOX fonts (see the Dashboard section above) with 'special' versions which exploit another security loophole and allow PBL to be loaded.
The second type is the audio exploit. This is triggered by copying a special audio track to your hard drive. When you try to use the standard dashboard function to copy this track it generates an error and PBL can be loaded. Again there are better technical explanations of how these work if you are interested.
There are many different versions and variations of both the fonts and audio exploits but they all function basically the same way. I recommend using an all-in-one package (see below).
Once installed, the fonts exploit is typically activated automatically every time you power on the box so you boot into a modified dashboard.
In contrast, with the audio exploit you boot to the standard MS dash and go through a sequence of 5 or 6 key presses in order to activate the exploit and load the PBL and the replacement dash.
So why would you choose the audio exploit? The reason is that the fonts exploit is occasionally prone to something called the clock loop problem. See here for details:
I suffered this problem and was only able to get out of it using the technique described by lugnut in the first page of the above thread. That is why I now use the audio exploit. Because this boots to an unmodded MS dash it is immune to the clock problem.
A third option called the double-dash exploit. See here for details.
This exploit is immune to the clock loop and does not require as many keypresses as the audio exploit. However it has a different problem which means that the XBOX reboots whenever you open the drive tray. If this issue can be resolved then this will be the best exploit solution.
The fourth and newest exploit is called the UDE (Ultimate Dasboard Exploit). This is a font-based exploit which is not subject to the clock loop problem. As such it is the best method devised so far and has very few con's. See here for details.
As the name suggests this is likely to be the best it can get and if your XBOX meets the requirements then this has to be the exploit of choice.
The question of signed code comes up again at this point. You need to install a version of PBL which is signed for the particular type of dashboard exploit you are using i.e. fonts or audio. There is a tool you can use to perform the signing BUT you should be able to find a dashboard exploit package containing PBL pre-signed for the type of exploit you are using. I never had to manually sign anything to get my soft-mod working.
Installing The Dashboard Exploit
I would suggest using the UDE exploit or if you want more flexibility I would recommend a package by mkjones which has its own thread here.
This installs both audio and font exploits and several different replacement dashboards and allows you to switch between them at will. This was the first package I installed.
My first issue was that this package requires that you have MS dash version 4920 and I had an earlier one. One of the main differences between the two versions was that my old dash stored the XBOX font and other files in the root of the C drive whereas the newer dash uses \font and other subdirectories.
Okay, so how did I update the dash? I simply used the 'Live' tab in the MS dash and kept following the instructions until it told me that my system was being updated. I think you may need to be connected to the internet for this to work (I was). After I did this I rebooted and my dash had been upgraded to 4920.
From then on it was a case of following the detailed instructions in the mkjones softmod package.
Most of the soft-mod methods require particular versions of dashboard and kernel to be on the XBOX. You can find out what version you have by going to the Settings screen on your box and selecting System Info. Once the text scrolls up you will see something like this:
In this example the kernel version is 4817 and dashboard is 4920.
How To Get The Files
To locate the relevant files you will need to use something called xbins. A tutorial on how to do this is contained here.
May-31-2004 - Added UDE details and link
Edited by mbriody, 31 May 2004 - 02:46 PM.