Jump to content


Photo

Kingkong+linux Sda Loader- Single(duallayer) Dvd Bootdisk


  • Please log in to reply
28 replies to this topic

#1 Icekiller2k6

Icekiller2k6

    X-S Senior Member

  • Members
  • PipPip
  • 180 posts

Posted 13 January 2008 - 01:17 PM


I was getting sick of changing the KingKong dvd with the SDA loader DISC..
So I went hunting for the possibility to have 1 single dual layer DVD to do all my bidding...
After annoying Ssmurf on IRC he said it is very well possible but the only problem was that the dvd was in 'game' mode and needed to change to regular mode.

Then I searched around and got the basic readcd codehttp://free60.cvs.sourceforge.net/free60/xell/readcd(thx Tbminc for the good notes @ code Wink).

I also got a hold of the "close tray" PPC code...

After experimenting with a few possibilities, increasing the time etc... We (ssmurf & I) found out that the disc doesn't exactly 'needs' to eject.
The Dvdrom drive just needs to get the instruction to eject. So basically the Tray stays closed (cool!).

We compiled the code at an Xbox360 itself (tutorial is on free60 http://www.free60.org/wiki/Readcd).

After this we hexed in the SDA loader @ 0x00 because the Xbox360 ignores it anyway... (Hacked drive of course..)



What you need:
Vulnerable Kernel: versions 4532 and 4548
Xbox360 Dvd drive with patched firmware.
The new shader: released in the shaderform(loadfromdvd.bin)
Xorloser tools: kkpatcher.
Kingkong Game (first 1)
winhex
XELL-Bootloader-sda2-v2.6.21.1.iso (maybe there will be another one by the time this guide is posted...)


First backup your KingKong game with XBC, we'll name it KingKong.iso


After that we use the kkpatcher to patch our newly formed shader into the KingKing.iso(in dos):
kkpatcher kingkong.iso loadfromdvd.bin

You will see successful or something..

Hex Editing the xell boot loader sda2:
now start winhex, make sure you have more than 7,5 gb free on your C drive (winhex makes a tempfile..)
open KingKong.iso then open XELL-bootloader-sda2-v2.6.21.1.iso.

go to XELL-bootloader-sda2-v2.6.21.1.iso, control+a (select all), then Control+c (right click:edit->copy block->Normally).
Now go to KingKong.iso !!VERY IMPORTANT DON'T CONTROL+V!! First go to address 0 (alt+G).
Now go to Edit->Clipboard Data->WRITE.
Now go to file save just to be sure..
Burn with XBC and your done..



Just to be clear I maybe went through the motions but Ssmurf did all the hard work.. for which Iím grateful no more getting up to change the disc! Wink

has been tested on a xbox360 with a Samsung & Hitachi 47DJ with older xtreme versions. But seeing as you won't go on live anymore..




download link:
http://rapidshare.co...rf_Kit.rar.html
http://www.megaupload.com/?d=94S7ARWD

extra:
BUT you need to have Linux installed on your xbox 360..

so first use KingKong with the normal shader & the gentoo live cd install debian or ubuntu like explained here:
Install it to harddisk (optional)

Guide: http://forums.xbox-s...howtopic=595543

Debian etch install Script: http://www.free60.org/wiki/Debian-etch (Recommended)

Ubuntu 7.04 install Script: http://www.free60.org/wiki/Ubuntu7.04

after you have done that,

Use kingkong with 'my' shader...
put dvd in and play start and it boots linux from your xbox360 hd...without changing discs or the tray opening at all..

#2 JCDenton@AS

JCDenton@AS

    X-S Senior Member

  • Members
  • PipPip
  • 185 posts
  • Interests:Games/Games design.<br />Console modding.
  • Xbox Version:v1.0
  • 360 version:v4.0 (jasper)

Posted 13 January 2008 - 06:24 PM

oh brilliant! Just what us lazy people need lol. Im in the process of modding for linux on a alternative 360. Using ubuntu!

Edited by JCDenton@AS, 13 January 2008 - 06:26 PM.


#3 Dark Seraph

Dark Seraph

    X-S Member

  • Members
  • Pip
  • 120 posts
  • Location:Florida
  • Xbox Version:v1.4
  • 360 version:v1 (xenon)

Posted 13 January 2008 - 06:43 PM

omfg....amazing.

i cant wait to do this later today...i hate getting up to change the disk.

so this basically means i can sit on my bed..use my controller to turn my 360 on..and boot into linux without ever getting up =D awesome.

#4 Magixx

Magixx

    X-S Senior Member

  • Members
  • PipPip
  • 194 posts

Posted 13 January 2008 - 07:13 PM

Of course I just had to delete my King Kong backup a week ago.

#5 Itcouldbeyou

Itcouldbeyou

    X-S Young Member

  • Members
  • Pip
  • 33 posts
  • Xbox Version:v1.1
  • 360 version:none

Posted 13 January 2008 - 08:30 PM

Great work! Anyone knows, how long does it take to boot up Linux from powerup to the desktop this way?

#6 Icekiller2k6

Icekiller2k6

    X-S Senior Member

  • Members
  • PipPip
  • 180 posts

Posted 13 January 2008 - 09:26 PM

QUOTE(Itcouldbeyou @ Jan 13 2008, 09:06 PM) View Post

Great work! Anyone knows, how long does it take to boot up Linux from powerup to the desktop this way?

um for the moment it actually takes a little longer then needs be..

the Xell (at sda booter) should be rewritten.. because it still has & timer and extra code like boot from TFTP etc.. and fuses etc which isn't necessary.. i'll time it next chance i get wink.gif

#7 mrbelvedere

mrbelvedere

    X-S Senior Member

  • Members
  • PipPip
  • 164 posts
  • Xbox Version:v1.6
  • 360 version:v1 (xenon)

Posted 13 January 2008 - 11:44 PM

Great job! Works perfectly on my box with a Hitachi drive. My tray does open about half way before closing though. But that's no problem at all.

#8 Icekiller2k6

Icekiller2k6

    X-S Senior Member

  • Members
  • PipPip
  • 180 posts

Posted 13 January 2008 - 11:56 PM

QUOTE(mrbelvedere @ Jan 14 2008, 12:20 AM) View Post

Great job! Works perfectly on my box with a Hitachi drive. My tray does open about half way before closing though. But that's no problem at all.

really? can you tell me which version of Xtreme you have on it & which hitachi?

#9 mrbelvedere

mrbelvedere

    X-S Senior Member

  • Members
  • PipPip
  • 164 posts
  • Xbox Version:v1.6
  • 360 version:v1 (xenon)

Posted 14 January 2008 - 02:36 AM

Sure, Xtreme 2.4 on a Hitachi GDR-3120L 47DJ. Although, the second time I used the disc it did not eject the tray at all. Also, I made a similar post over at xboxhacker under the name kwkard.

#10 Muzzakus

Muzzakus

    X-S Senior Member

  • Members
  • PipPip
  • 223 posts

Posted 14 January 2008 - 04:16 AM

WHat are you guys running on you're linux boxes ?

mame? some sort of media center ?

what makes it worth while for your average man at this point in time ?

#11 Icekiller2k6

Icekiller2k6

    X-S Senior Member

  • Members
  • PipPip
  • 180 posts

Posted 14 January 2008 - 11:00 AM

mame should run.. i'm going to try LinuxMCE when i have spare time..

I setuped my box with auto boot game if it is in the dvd drive

0secs poweron
29secs to boot to 'start' game
34secs to be able to press start (before the USB control is detected, should be faster with an xbox 360 remote control)

51secs for Xell to start the count down.

Truth be told that the xell timer & fuses stuff 'could' be removed to speed it up.

edit:
owyeah, the xbox360 controllers work in linux.. including the wireless ones.. so you could just use them for mame..

Edited by Icekiller2k6, 14 January 2008 - 11:19 AM.


#12 mrbelvedere

mrbelvedere

    X-S Senior Member

  • Members
  • PipPip
  • 164 posts
  • Xbox Version:v1.6
  • 360 version:v1 (xenon)

Posted 14 January 2008 - 06:33 PM

QUOTE(Icekiller2k6 @ Jan 14 2008, 04:36 AM) View Post

mame should run.. i'm going to try LinuxMCE when i have spare time..

I setuped my box with auto boot game if it is in the dvd drive

0secs poweron
29secs to boot to 'start' game
34secs to be able to press start (before the USB control is detected, should be faster with an xbox 360 remote control)

51secs for Xell to start the count down.

Truth be told that the xell timer & fuses stuff 'could' be removed to speed it up.

edit:
owyeah, the xbox360 controllers work in linux.. including the wireless ones.. so you could just use them for mame..


What do you have to do to get the wireless controllers working. After the linux kernel loads my controller will no longer connect to the xbox. Also, when the kernel is loaded the leds on the front change to red. What is controlling those? In other words, I would like to write some code to manipulate the leds.

#13 Icekiller2k6

Icekiller2k6

    X-S Senior Member

  • Members
  • PipPip
  • 180 posts

Posted 14 January 2008 - 07:13 PM

QUOTE(mrbelvedere @ Jan 14 2008, 07:09 PM) View Post

What do you have to do to get the wireless controllers working. After the linux kernel loads my controller will no longer connect to the xbox. Also, when the kernel is loaded the leds on the front change to red. What is controlling those? In other words, I would like to write some code to manipulate the leds.

everything you need is here:
http://gentoo-wiki.c...roller_on_Linux

#14 mrbelvedere

mrbelvedere

    X-S Senior Member

  • Members
  • PipPip
  • 164 posts
  • Xbox Version:v1.6
  • 360 version:v1 (xenon)

Posted 14 January 2008 - 09:50 PM

Looks good, I'll play with it when I get home. Any idea about controlling the led's on the front of the console?

Edited by mrbelvedere, 14 January 2008 - 09:52 PM.


#15 Icekiller2k6

Icekiller2k6

    X-S Senior Member

  • Members
  • PipPip
  • 180 posts

Posted 14 January 2008 - 11:31 PM

QUOTE(mrbelvedere @ Jan 14 2008, 10:26 PM) View Post

Looks good, I'll play with it when I get home. Any idea about controlling the led's on the front of the console?

CODE

#include <stdio.h>
#include <stdlib.h>
#include <fcntl.h>
#include <getopt.h>
#include <string.h>

#define SMC_FILENAME "/dev/smc"

int smc_fd;

void query_poweron_type(unsigned char *msg)
{
  msg[0] = 0x01;
}

void query_rtc(unsigned char *msg)
{
  msg[0] = 0x04;
}

void query_sensor(unsigned char *msg)
{
  msg[0] = 0x07;
}

void query_tray(unsigned char *msg)
{
  msg[0] = 0x0A;
}

void query_avpack(unsigned char *msg)
{
  msg[0] = 0x0F;
}

void query_version(unsigned char *msg)
{
  msg[0] = 0x12;
}

void query_ir_address(unsigned char *msg)
{
  msg[0] = 0x16;
}

void query_tilt_sensor(unsigned char *msg)
{
  msg[0] = 0x17;
}

void set_standby(unsigned char *msg)
{
  msg[0] = 0x82;
  // TODO: other parameters
}

void set_time(unsigned char *msg, int time)
{
  msg[0] = 0x85;
// msg[1] = ...
}

void set_fan_algorithm(unsigned char *msg, int algorithm)
{
  msg[0] = 0x88;
  msg[1] = algorithm;
}

void set_fan_speed(unsigned char *msg, int cpugpu, int speed)
{
  msg[0] = cpugpu ? 0x94 : 0x89;
  msg[1] = speed | 0x80;
}

void set_dvd_tray(unsigned char *msg, int state)
{
  msg[0] = 0x8B;
  msg[1] = state ? 0x60 : 0x62;
}

void set_power_led(unsigned char *msg, int override, int state, int startanim)
{
  msg[0] = 0x8C;
  msg[1] = (override ? 1 : 0) | (state ? 0 : 2);
  msg[2] = startanim;
}

void set_audio_mute(unsigned char *msg, int mute)
{
  msg[0] = 0x8D;
  msg[1] = mute;
}

void set_ir_address(unsigned char *msg, int ir_address)
{
  msg[0] = 0x95;
  msg[1] = ir_address;
}

void set_dvd_tray_secure(unsigned char *msg)
{
  msg[0] = 0x98;
}

void set_leds(unsigned char *msg, int enable, int red, int green)
{
  msg[0] = 0x99;
  msg[1] = enable;
  msg[2] = red | (green << 4);
}

void set_rtc_wake(unsigned char *msg, int time)
{
  msg[0] = 0x9a;
  // todo
}

void hexdump(unsigned char *msg)
{
  int i;
  for (i=0; i<0x10; ++i)
    printf("%02x ", msg[i]);
  printf("\n");
}

void show_tilt(unsigned char *msg)
{
  if (*msg == 0x83)
    msg++;
  printf("tilt: %s\n", (msg[1]&1) ? "vertical" : "horizontal");
}

void show_tray(unsigned char *msg)
{
  char *states[] = {"open", "opening", "closed", "closing", "pushed"};
  printf("tray: %s\n", states[(msg[1] & 0xF) % 5]);
}

void show_ir(unsigned char *msg)
{
  printf("IR code: %02x\n", msg[3]);
}

void show_avpack(unsigned char *msg)
{
  if (*msg == 0x83)
    ++msg;
  printf("AV pack type: %02x\n", msg[1]);
}

void show_poweron_type(unsigned char *msg)
{
  printf("poweron type: %02x\n", msg[1]);
}

void show_rtc(unsigned char *msg)
{
  int rtc = msg[1] | (msg[2] << 8) | (msg[3] << 16) | (msg[4] << 24);
  printf("rtc: %d.%03d\n", rtc / 1000, rtc % 1000);
}

void show_sensor(unsigned char *msg)
{
  printf("sensor data: ");
  int i;
  for (i=0; i<4; ++i)
  {
    float s = (msg[i * 2 + 1] | (msg[i * 2 + 2] << 8)) / 256.0;
    printf("%3.1f C, ", s);
  }
  printf("\n");
}

void show_version(unsigned char *msg)
{
  printf("version: %d.%d\n", msg[2], msg[3]);
}

void show_ir_address(unsigned char *msg)
{
  printf("ir address: %d\n", msg[1]);
}

void show_response(unsigned char *msg)
{
  switch (msg[0])
  {
  case 0x83:
    switch (msg[1])
    {
    case 0x11:
      printf("poweroff occuring\n");
      break;
    case 0x14:
      show_tilt(msg);
      break;
    case 0x60 ... 0x65:
      show_tray(msg);
      break;
    case 0x23:
      show_ir(msg);
      break;
    case 0x40:
      show_avpack(msg);
      break;
    default:
      hexdump(msg);
      break;
    }
    break;
  case 0x01:
    show_poweron_type(msg);
    break;
  case 0x04:
    show_rtc(msg);
    break;
  case 0x07:
    show_sensor(msg);
    break;
  case 0x0a:
    show_tray(msg);
    break;
  case 0x0F:
    show_avpack(msg);
    break;
  case 0x12:
    show_version(msg);
    break;
  case 0x16:
    show_ir_address(msg);
    break;
  case 0x17:
    show_tilt(msg);
    break;
  default:
    hexdump(msg);  
    break;
  }
}

int main(int argc, char **argv)
{
  int first = 1;
    /* try open SMC. if this doesn't work, bail out. */
  smc_fd = open(SMC_FILENAME, O_RDWR);
  if (smc_fd < 0)
  {
    perror(SMC_FILENAME);
    return 1;
  }
  
  while (1)
  {
    unsigned char msg[16];

    static struct option long_options[] =
      {
        {"query-poweron-type", no_argument, 0, 'p'},
        {"query-rtc", no_argument, 0, 'r'},
        {"query-sensors", no_argument, 0, 's'},
        {"query-tray", no_argument, 0, 't'},
        {"query-avpack", no_argument, 0, 'a'},
        {"query-version", no_argument, 0, 'v'},
        {"query-ir-address", no_argument, 0, 'i'},
        {"query-tilt-sensor", no_argument, 0, 'n'},
        {"set-standby", required_argument, 0, 'S'},
        {"set-time", required_argument, 0, 'R'},
        {"set-fan-algorithm", required_argument, 0, 'f'},
        {"set-cpu-fan-speed", required_argument, 0, 'C'},
        {"set-gpu-fan-speed", required_argument, 0, 'G'},
        {"set-dvd-tray", required_argument, 0, 'T'},
        {"set-powerled", required_argument, 0, 'P'},
        {"set-audio-mute", required_argument, 0, 'M'},
        {"set-ir-address", required_argument, 0, 'I'},
        {"set-dvd-tray-secure", no_argument, 0, 'O'},
        {"set-leds", required_argument, 0, 'L'},
        {"set-rtc-wakeup", required_argument, 0, 'W'},
        {"poll", no_argument, 0, 'w'},
        {}
      };

    char *help[] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
      "speed from 0 to 127", "speed from 0 to 127", "0: open, 1: close",
      "0: default, 1: on, 2: off, 3: animated", 0, 0, 0, "GR with 1+2+4+8 for the red&green segments", 0, 0};

    int option_index = 0, c;
    c = getopt_long (argc, argv, "prstavinS:R:f:C:G:T:P:M:I:OL:W:w",
        long_options, &option_index);
    
    if ((c == -1) && !first)
      break;

    first = 0;
      
    
    if ((c == '?') || (c == -1))
    {
      struct option *o = long_options;
      char **h = help;
      fprintf(stderr, "usage:\n");
      printf("\t%s <cmd> [<cmd>...]\n", argv[0]);
      while (o->name)
      {
        printf("\t\t--%s, -%c \t%s\n", o->name, o->val, o->has_arg ? "<xxx>" : "");
        if (*h)
          printf("\t\t\t%s\n", *h);
        ++h;
        ++o;
      }
      
      break;
    }
    
      /* prepare message */
    memset(msg, 0, 16);
    
    switch (c)
    {
    case 'p':
      query_poweron_type(msg);
      break;
    case 'r':
      query_rtc(msg);
      break;
    case 's':
      query_sensor(msg);
      break;
    case 't':
      query_tray(msg);
      break;
    case 'a':
      query_avpack(msg);
      break;
    case 'v':
      query_version(msg);
      break;
    case 'i':
      query_ir_address(msg);
      break;
    case 'n':
      query_tilt_sensor(msg);
      break;
    case 'S':
      set_standby(msg);
      break;
    case 'R':
      set_time(msg, atoi(optarg));
      break;
    case 'f':
      set_fan_algorithm(msg, atoi(optarg));
      break;
    case 'C':
      set_fan_speed(msg, 0, atoi(optarg));
      break;
    case 'G':
      set_fan_speed(msg, 1, atoi(optarg));
      break;
    case 'T':
      set_dvd_tray(msg, atoi(optarg));
      break;
    case 'P':
      switch (atoi(optarg))
      {
      case 0: // default
        set_power_led(msg, 0, 0, 0);
        break;
      case 1: // always on
        set_power_led(msg, 1, 1, 0);
        break;
      case 2: // always off
        set_power_led(msg, 1, 0, 0);
        break;
      case 3: // animation
        set_power_led(msg, 1, 0, 1);
        break;
      default:
        break;
      }
      break;
    case 'M':
      set_audio_mute(msg, atoi(optarg));
      break;
    case 'I':
      set_ir_address(msg, atoi(optarg));
      break;
    case 'O':
      set_dvd_tray_secure(msg);
      break;
    case 'L':
    {
      int state = strtoul(optarg, 0, 0x10);
      set_leds(msg, !!state, state & 0xF, (state >> 4) & 0xF);
      break;
    }
    case 'W':
      set_rtc_wake(msg, atoi(optarg));
      break;
    case 'w':
      break;
    default:
    {
      abort();
    }
    }
    
    if (c != 'w')
    {
      printf("sending ");
      int i;
      for (i=0; i<0x10; ++i)
         printf("%02x ", msg[i]);
      printf("\n");
      if (write(smc_fd, msg, 16) != 16)
      {
        perror("write");
        break;
      }
    }
    
    if ((c == 'w') || (msg[0] < 0x80))
    {
      int wait_for = msg[0];
      while (1)
      {
        if (read(smc_fd, msg, 16) != 16)
          perror("read");
        show_response(msg);
        if (msg[0] == wait_for)
          break;
      }
    }
  }

}



compile it gcc smc.c
and then do
./a.out --set-leds <xxx>

Edited by Icekiller2k6, 14 January 2008 - 11:36 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users