Jump to content


Photo

4 Step Guide To Flashing Xbreboot


  • Please log in to reply
99 replies to this topic

#1 Grim187

Grim187

    X-S Freak

  • Head Moderators
  • PipPipPipPipPip
  • 1,663 posts
  • Gender:Male
  • Location:Yakima, Washington, USA
  • Xbox Version:v1.0
  • 360 version:v4.0 (jasper)

Posted 27 December 2009 - 03:32 PM

Can i Homebrew?


check your dash version to make sure you dont have the 1bl update (disables the smc hack which allows xbr to run).

turn on your console, go to system settings > console settings > system info.
2.0.XXXX.0

XXXX = your dash version.

if its 7371 or lower your good to continue, if its 8xxx then you have updated and there currently is no way to run xbr/freeboot/xell.

Note: if your console is new (you bought it 09 or later) then even if you have Dash version 7363 you could still have the 1bl update, so far the ones confirmed with the 1bl update are mfg date 6-23-09 and the ones confirmed w/o 1bl update (and exploitable) are 6-18-09.

If you have updated or bought a console with the 1bl update then there is no way to downgrade and you wont be able to run homebrew on your console for a long time if ever so Please Dont Ask/Talk About Downgrading Here.






Building a LPT Cable


An LPT Cable is Needed to read/write the nand (which has the stock dash on it and will have xbr (hacked dash) when your done).

Things you will need:
a pc with a lpt port
DB25 Header
5 x 100ohm Resistors (watt's dont matter; i use 1/8th)
3 x 1n4148 Diode
LPT Cable (DB25 male > female)
soldering iron
solder
rosin flux
some wire (30-24awg, the smaller the better)
your 360 apart

IPB Image
Credit for the Image Go's to sandungas.

Note: dont solder the Diode to db1f1, solder it to j2d2 like this.

Note2: The diodes/wires are for xbr/freeboot/xell, if they are connected and you boot your stock nand you will get 3 red lights error code 0020.






Checking to Make Sure You have a Exploitable Box


Software you will need:
Dos (comes with windows)
Nandpro2.0b

unpack nandpro to c:\nandpro\
install port95nt.exe
press windows key + r or click start > run
type cmd and click ok or press enter.
a command prompt will display, in it type cd "c:\nandpro" and hit enter.

type
CODE
nandpro lpt: -r3 c1.bin

hit enter

open up c1.bin in a hex editor (free hex editor) and you should see

QUOTE
2004-200X Microsoft Corporation. All rights reserved.

X = 5, 6, 7, 8 or 9 (depending on what dash you have/when your console was made).

now search in hex for "CB" (without quotes) your looking for the one at or around 4800 in hex (it has to be in caps).
copy the 4 hex digits after it and convert it from hex to dec with this Conveter
Like This

Xenon: 1921 or lower is Exploitable (exception: 8192 IS EXPLOITABLE)
Zephyr: 4558 or lower is Exploitable (exception: 4580 IS EXPLOITABLE)
Falcon: 5770 or lower is Exploitable
Jasper 16mb: 6712 or lower is Exploitable
Jasper Arcade (256/512): 6723 or lower is Exploitable

Board Version Detection

If you have confirmed your consoles version and have a higher version CB then listed above you cannot do homebrew,
there is no way to downgrade and you wont be able to run homebrew on your console for a long time if ever so Please Dont Ask/Talk About Downgrading Here.







Backing Up Your Original Nand


Software you will need:
Dos (comes with windows)
Nandpro2.0b

unpack nandpro to c:\nandpro\
install port95nt.exe
press windows key + r or click start > run
type cmd and click ok or press enter.
a command prompt will display, in it type
CODE
cd "c:\nandpro"

and hit enter.

now connect the xbox 360 to power supply and connect the lpt cable to your pc and type
CODE
nandpro lpt: -r16 1.bin

or if you have a jasper arcade type
CODE
nandpro lpt: -r70 1.bin

and hit enter, wait for it to load and press anykey if it prompts you to (i use the down arrow so it dosent messup the next command).

IPB Image

it will take about 36mins to get to 3ff (jasper arcade will take longer).
if you get a few errors thruout the nand you should get the same errors in the same place on the next dump and i will address this later.
if every block give you a error then x out of the window and check the cable; make sure everything is soldered good, etc.

once its finished type
CODE
nandpro lpt: -r16 2.bin

or if you have a jasper arcade type
CODE
nandpro lpt: -r70 2.bin

and hit enter, press anykey if it prompts you to and wait another 36mins (jasper arcade will take 160mins).

after the 2nd read is done type
CODE
fc 1.bin 2.bin /b

if it comes back with no differences found skip the next 3 steps


IPB Image

IPB Image


if differences where found type
CODE
nandpro lpt: -r16 3.bin

or if you have a jasper arcade type
CODE
nandpro lpt: -r70 3.bin

and hit enter, press anykey if it prompts you to and wait another 36mins (jasper arcade will take 160mins).

IPB Image

then type
CODE
fc 1.bin 3.bin /b

if there are no differences delete 2.bin and skip the next step

if there are differences type
CODE
fc 2.bin 3.bin /b


IPB Image

if there are no differences delete 1.bin, rename 3.bin to 1.bin and continue

IPB Image

if it still finds differences use NandCompare v1.3, load all 3 dumps and have it build a valid dump for you and/or check your lpt cable and start again (this is what i would suggest).

now right click on 1.bin and click open with > notepad (this may take a sec depending on your pc)
within the first line you should see
QUOTE
2004-200X Microsoft Corporation. All rights reserved.

X = 5, 6, 7, 8 or 9 (depending on what dash you have/when your console was made).

if you have a jasper arcade skip this step (360 flash dump tool dosent support jasper arcade's nands):
get 360 Flash Dump Tool and open 1.bin, make sure it shows lots of files under flash file system and shows your cd, cb, ce versions as well as ldv's, patch 0 and patch 1.

now rar or zip 1.bin and e-mail it to yourself.






Flashing XBReboot


Things you will need:
Dos (comes with windows)
XBRebooter (found in the usual places)
Your Original Nand Dump (named 1.bin)

if you have a xenon use XBR_Xenon_1921_8955_1.bin only if your cb version is 1921, if its 1920 or lower use XBR_Xenon_8955_1.bin

First Rename the version of xbr you will flash to xbr.bin and place it in c:\nandpro\

if you had bad blocks in the same position from your dump's you will need badblockmover
analize 1.bin then repoisition bad blocks in xbr.bin (currently there isent a tool that will do this for jasper arcade's, you can contine and it might work w/o this, as long as you have a valid original nand dump your safe)

press windows key + r or click start > run
type cmd and click ok or press enter
type
CODE
cd "c:\nandpro"

and press enter

Warning if you dont have a valid backup of your original nand the fallowing will kill your 360.

type
CODE
nandpro lpt: -w16 xbr.bin

or if you have a jasper arcade type
CODE
nandpro lpt: -w256 xbr.bin

and hit enter, press anykey when if prompts you to, it will take 36mins to write (jasper arcade will take 90mins?).

IPB Image

type
CODE
nandpro 1.bin: -r16 kv.bin 1 1

and hit enter, press anykey when if prompts you to

type
CODE
nandpro 1.bin: -r16 config.bin 3de 2

or if you have a jasper arcade type
CODE
nandpro 1.bin: -r256 config.bin ef7 2

and hit enter, press anykey when if prompts you to

now you should have config.bin and kv.bin in the nandpro folder.

type
CODE
nandpro lpt: -w16 kv.bin 1 1

or if you have a jasper arcade type
CODE
nandpro lpt: -w256 kv.bin 1 1

and hit enter, press anykey when if prompts you to

IPB Image

type
CODE
nandpro lpt: -w16 config.bin 3de 2

or if you have a jasper arcade type
CODE
nandpro lpt: -w256 config.bin ef7 2

and hit enter, press anykey when if prompts you to

IPB Image



and your done, enjoy homebrew. biggrin.gif

Edited by Grim187, 28 December 2009 - 11:20 AM.


#2 curtis2k8

curtis2k8

    X-S Enthusiast

  • Members
  • 8 posts

Posted 27 December 2009 - 05:57 PM

BTW Zephyr CB/CD 4580 is now confirmed as exploitable
http://www.xboxhacke...p;topic=13353.0

#3 blueray

blueray

    X-S Enthusiast

  • Members
  • 18 posts

Posted 27 December 2009 - 06:33 PM

Are you sure that 1bl was updated with the last fw updates? I mean it was the 2bl only. I asked this in another thread.

http://forums.xbox-s...howtopic=699491

Found also another discusion:

http://www.xboxhacke...p;topic=13342.0

Edited by blueray, 27 December 2009 - 07:09 PM.


#4 yaazz

yaazz

    X-S Freak

  • Members
  • PipPipPipPipPip
  • 1,562 posts
  • Xbox Version:unk
  • 360 version:v1 (xenon)

Posted 27 December 2009 - 09:45 PM

Nice guide.
Man that DB1F1 point is a small point to be soldering to a non leaded solder joint. Any tips for that?


#5 kipper2k

kipper2k

    X-S Expert

  • Members
  • PipPipPip
  • 549 posts
  • Location:Manitoba, Canada
  • Xbox Version:unk
  • 360 version:unknown

Posted 28 December 2009 - 03:33 AM

QUOTE(yaazz @ Dec 27 2009, 09:45 PM) View Post

Nice guide.
Man that DB1F1 point is a small point to be soldering to a non leaded solder joint. Any tips for that?



Use Kynar 30AWG. Put a little flux on the pad, touch the soldering iron to the pad, touch the solder to the soldering iron, and lift the iron away from pad, you may have to repeat a few times until you see a small solder blob on the pad. DO NOT try this with a fat tip, the tip should be a fine pointed conical tip. You will get a small solder blob on the pad, once you get the blob, strip a small bit of the kynar wire, measure it up to fit both ends, hold the kynar wire over the solder pad and just dab the wire with the soldering iron. Wiggle the wire gently to make sure its on, once you verify a good connection use glue to hold the wire in place. Do not put glue over the pad itself, just close to it.

If you use a big tip and too much heat then you will burn the pad and have to use the alternates underneath which ae just as much fun.

#6 Grim187

Grim187

    X-S Freak

  • Head Moderators
  • PipPipPipPipPip
  • 1,663 posts
  • Gender:Male
  • Location:Yakima, Washington, USA
  • Xbox Version:v1.0
  • 360 version:v4.0 (jasper)

Posted 28 December 2009 - 04:21 AM

QUOTE(curtis2k8 @ Dec 27 2009, 08:57 AM) View Post

BTW Zephyr CB/CD 4580 is now confirmed as exploitable
http://www.xboxhacke...p;topic=13353.0

added exception for 8192 and 4580.


QUOTE(blueray @ Dec 27 2009, 09:33 AM) View Post

Are you sure that 1bl was updated with the last fw updates? I mean it was the 2bl only. I asked this in another thread.

http://forums.xbox-s...howtopic=699491

Found also another discusion:

http://www.xboxhacke...p;topic=13342.0

yes 2bl was updated as well, 1bl had a different fuse line then 2bl.

http://www.xboxhacke...p?topic=13126.0


#7 vintage_guitar

vintage_guitar

    X-S Freak

  • Members
  • PipPipPipPipPip
  • 1,441 posts
  • Xbox Version:v1.4
  • 360 version:unknown

Posted 28 December 2009 - 05:10 AM

Newbies are probably not going to check if their arcade has 256 or 512mb beforehand, so you could possibly add this check by having them read their flash config in nandpro. And yeah, it took about 90 minutes for XBR for large block jasper to flash. (the file is 64mb)

Edited by vintage_guitar, 28 December 2009 - 05:12 AM.


#8 deakphreak

deakphreak

    Ting

  • Members
  • PipPipPipPipPipPip
  • 2,432 posts
  • Location:Utah
  • Xbox Version:v1.3
  • 360 version:v4.0 (jasper)

Posted 28 December 2009 - 05:19 AM

Thank you for this great tutorial. So I take it from reading this, we only need to backup 70 meg or so from our 512MB Jasper?

#9 X-hacker

X-hacker

    X-S Senior Member

  • Members
  • PipPip
  • 161 posts
  • Location:Sheffield, UK
  • Xbox Version:v1.1
  • 360 version:v1 (xenon)

Posted 28 December 2009 - 05:35 AM

Got a bit of a problem. This is the 2nd xbox I'm doing. The first xbox had CB1921 which is now running as we speak. (Injected KV & config into Xenon_1921_8955)

This one I cannot get to power up after flashing XBR.

I have injected the KV & config into the Xenon_8955_1 image (CB is 1903) and flashed back with NANDPro. Now the xbox won't power up...

Its definitley exploitable, CB 1903 - Patch0 5767 - Patch1 6683 & I also have the CPU key from the JTAG.

Can anyone help out?

#10 Grim187

Grim187

    X-S Freak

  • Head Moderators
  • PipPipPipPipPip
  • 1,663 posts
  • Gender:Male
  • Location:Yakima, Washington, USA
  • Xbox Version:v1.0
  • 360 version:v4.0 (jasper)

Posted 28 December 2009 - 05:50 AM

QUOTE(vintage_guitar @ Dec 27 2009, 08:10 PM) View Post

Newbies are probably not going to check if their arcade has 256 or 512mb beforehand, so you could possibly add this check by having them read their flash config in nandpro. And yeah, it took about 90 minutes for XBR for large block jasper to flash. (the file is 64mb)

256 or 512 dosent matter; the cmds are the same.

QUOTE(deakphreak @ Dec 27 2009, 08:19 PM) View Post

Thank you for this great tutorial. So I take it from reading this, we only need to backup 70 meg or so from our 512MB Jasper?

since your only flashing 64mb you really only need to backup 64mb of the nand.

altho with xell i found that i had to restore an extra mb to get it to boot retail agian so i just rounded up to the nearest 10 (better safe then sorry).

your welcome


QUOTE(X-hacker @ Dec 27 2009, 08:35 PM) View Post

Got a bit of a problem. This is the 2nd xbox I'm doing. The first xbox had CB1921 which is now running as we speak. (Injected KV & config into Xenon_1921_8955)

This one I cannot get to power up after flashing XBR.

I have injected the KV & config into the Xenon_8955_1 image (CB is 1903) and flashed back with NANDPro. Now the xbox won't power up...

Its definitley exploitable, CB 1903 - Patch0 5767 - Patch1 6683 & I also have the CPU key from the JTAG.

Can anyone help out?


check your wires and flash the original, redownload xbr and use the tutorials way (i dont like to inject in to the image; i think its better to flash them separate).

#11 vintage_guitar

vintage_guitar

    X-S Freak

  • Members
  • PipPipPipPipPip
  • 1,441 posts
  • Xbox Version:v1.4
  • 360 version:unknown

Posted 28 December 2009 - 05:54 AM

QUOTE(Grim187 @ Dec 27 2009, 10:50 PM) View Post

256 or 512 dosent matter; the cmds are the same.

For flashing the 64mb XBR, yes. But for backing up, you should backup the entire NAND just in case.. people have had bad experiences with profiles messing up the nand with XBR. If these people had no backup they'd be screwed.

#12 X-hacker

X-hacker

    X-S Senior Member

  • Members
  • PipPip
  • 161 posts
  • Location:Sheffield, UK
  • Xbox Version:v1.1
  • 360 version:v1 (xenon)

Posted 28 December 2009 - 06:03 AM

QUOTE(Grim187 @ Dec 28 2009, 05:50 AM) View Post

256 or 512 dosent matter; the cmds are the same.
since your only flashing 64mb you really only need to backup 64mb of the nand.

altho with xell i found that i had to restore an extra mb to get it to boot retail agian so i just rounded up to the nearest 10 (better safe then sorry).

your welcome
check your wires and flash the original, redownload xbr and use the tutorials way (i dont like to inject in to the image; i think its better to flash them separate).



I have followed the tutorials word for word. I've sorted this now, ended up flashing the XBR_1921 image even though the system has CB 1903.

Flashing the sectors seperate gives the same result as injecting them. My soldering/wiring is perfect - out of the 2 consoles I have done NEITHER have had any read errors at all with NANDPro. I did cheat a bit and use my infectus to dump 3 x images from each console (can't be arsed waiting almost an hour for LPT)

Thanks for the reply anyways smile.gif

#13 Grim187

Grim187

    X-S Freak

  • Head Moderators
  • PipPipPipPipPip
  • 1,663 posts
  • Gender:Male
  • Location:Yakima, Washington, USA
  • Xbox Version:v1.0
  • 360 version:v4.0 (jasper)

Posted 28 December 2009 - 10:22 AM

QUOTE(vintage_guitar @ Dec 27 2009, 08:54 PM) View Post

For flashing the 64mb XBR, yes. But for backing up, you should backup the entire NAND just in case.. people have had bad experiences with profiles messing up the nand with XBR. If these people had no backup they'd be screwed.

i thought you had to format the onboard memory everytime you flash anyways?

#14 rzwx

rzwx

    X-S Young Member

  • Members
  • Pip
  • 35 posts

Posted 28 December 2009 - 11:39 PM

i see here it's possible to read out the kv and config from the file you already got (nandpro 1.bin: -r16 kv.bin 1 1) is it also possible to write it back into the xbr file before flashing and then flash the whole package in one, i'm asking because i got the infectus chip ,and don't know how to flash that kv and config to the nand so if i could readout the nand with infectus and then use nandpro to perform the action taken ,the i could flash to whole thing back in one piece.

sorry for the english i'm from holland

#15 rory2005

rory2005

    X-S Enthusiast

  • XS-BANNED
  • 24 posts
  • Xbox Version:unk
  • 360 version:v4.0 (jasper)

Posted 29 December 2009 - 02:23 AM

there is a tutorial to flsh infectus 2 with freeboot which has virtually no problems compared to xbreboot.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users