Jump to content


Photo

Corrupted Ecc, Nand Dump And Progskeet Questions


  • Please log in to reply
8 replies to this topic

#1 ZY0NZ

ZY0NZ

    X-S Enthusiast

  • Members
  • 3 posts

Posted 24 December 2011 - 09:50 PM

Hi everyone at XBScene. I completely screwed an X360 trying to recover the DVD Key from it. Let me describe this issue with max details.
I got a Jasper from a friend with no DVD drive and no DVD key. So, I tried to recover DVD key using RGH (8955 dash). I got all the tools necessary (NAND SPI Flasher, Matrix Glitcher and all the necessary Files) and started doing it, following the GliGli tutorial. First, I made a dump from the NAND (Hynix 512MB) but, instead of dumping the whole NAND, I just got it from the first 64MB (according to the tutorial, it wasn't necessary to dump the whole NAND, that's why I just got 64Mb of it). My PC is running Win7 Ultimate (32Bits), with all updates and necessary files installed.
All wires were correctly connected ( I soldered pins to the points, so I coudn't get any unsoldered or cold solder points - and I'm very good at it). I started trying to use NandPro2.0e but it couldn't recognize the SPI Flasher (I got a message saying "ARM device not compatible with this version of NandPro"). Then, I only got it working with NandPro 20a (the one I ended up using).
I got 3 64MB-dumps from the NAND using Nandpro 20a. I made a safe backup from them, generate the ECC (following the tutorial) and dump it back into the NAND. Everything went out ok, responses similar to the ones described in the tutorial.
Then, I soldered the Matrix Glitcher to the board, turned the power on, but got no response from the console. Double checked the wires (everything was ok) and tried to turn it on a second time, with still no response (PSU LED just stays in Stand By - orange). Disconnected all wires and tried to Flash Back to original NAND. NandPro didn't recognize the NAND, showing the message "Could not detect flash controller". Double checked all connections (everything was ok) but I got the same results.
Since then, I have tried all methods from Internet (fast power the NAND, short 44 and 47 pins, alternate points, etc) but it has all been in vain (Nandpro can't access the NAND).
After doing lots of researches on the Internet, I figured out there's a way to read/write the X360's NAND, by using Progskeet (and I got the white one).

My doubts are:

1 - Are my 64MB-NAND dumps really of any trust? (I checked them using NandPro Fc command, latest version of XNandHealer and NandCompare with no differences)
2 - Progskeet only make full dumps from NAND. Is there a way I can "merge" (or correct) the corrupted NAND with the one I have? Are there any softwares for that?
3 - Still according to Progskeet, is there a way I can write my 64MB dump back to the X360? I think I only got a corrupted ECC, that why (I think) the console isn't powering on.
4 - Is still possible to recover the DVD key from it?
5 - Some people say the SPI is dead (that'd be why the NandPro is not recognizing the NAND), but where the SPI is located (inside the Flash NAND or in some circuit on the mainboard)?

Any help is really appreciated

Thx to everyone and sorry for my bad English, I'm from Brazil. =)

#2 Julets

Julets

    X-S Senior Member

  • Members
  • PipPip
  • 174 posts

Posted 26 December 2011 - 06:23 AM

1st, I do not know where the SPi comes from, so I can't help you there. Also, yes 64MB is fine, technically you only need 2mb. *NOTE: However, in your case and having to using progskeet, you did good by getting the whole 64MB. If you only got the 2mb, you might of been screwed with progskeet.

I will assume you already flashed your appropriate .jed/.xsvf to the glitcher and that you actually waited between 1-10 minutes for it to boot (BB Jaspers can take forever to boot, especially without the correct capacitor). If you did flash your .jed/.xsvf how did you do it? I was under the impression only nandpro30 was only capable of doing that.

For the 64MB dumps you have, well you could open that up in a hex editor, copy it, then paste it into any 512mb nand overwriting the data.

General steps are for RGH....
1.Flash the coolrunner device.
2.Dump Nand and then flash generated .ecc
3.Get CPU key and then flash generated freeBoot or xell image.

Now in the case of a BB Jasper, you might have to wait a VERY long time. Before I applied the capacitor, it would take about 2-7 minutes to boot!

Again, I can't help your progskeet, so sorry on that. I know if you would let any program like progskeet write to the nand, after 64mb you could just terminate the process. It's dirty I know, but it works (I've CTRL+C out of nandpro plenty of times).

You sure you have the correct .jed/.xsvf? Have you kept all the wires on the bottom of the mobo away from center (not that this matters much)?

When I received "ARM device not compatible..." when flashing the coolrunner, the wires to the coolrunner were incorrect, or it was not in programming mode. When I receive "ARM device not compatible..." when flashing SPi to the nand, I just unplug my maximus flasher and plug it back in.

As far as the status light on the PSU, does it change prior to boot anyways? I don't see how the orange status can indicate anything besides the xbox isn't powered on, which doesn't seem to help does it?

Good luck!

#3 ZY0NZ

ZY0NZ

    X-S Enthusiast

  • Members
  • 3 posts

Posted 27 December 2011 - 03:04 AM

QUOTE
1st, I do not know where the SPi comes from, so I can't help you there. Also, yes 64MB is fine, technically you only need 2mb. *NOTE: However, in your case and having to using progskeet, you did good by getting the whole 64MB. If you only got the 2mb, you might of been screwed with progskeet.


First of All ,thank u very much Julets for helping me. I really appreciate that. I did some google and found that the SPI is inside the Flash, so I canīt just exchange the NAND with another one from an old mobo (and use the old mobo SPI - IF the SPI circuit was in the mobo). If the SPI is (probably) dead, I just need another way of reading/writing the dump, and progskeet will help me (I think so).
About the 64MB, I also believe that that size is ok for glitching. Besides the GliGli tutorial, I've read several times in foruns that 64MB dump is far from enough.

QUOTE
I will assume you already flashed your appropriate .jed/.xsvf to the glitcher and that you actually waited between 1-10 minutes for it to boot (BB Jaspers can take forever to boot, especially without the correct capacitor). If you did flash your .jed/.xsvf how did you do it? I was under the impression only nandpro30 was only capable of doing that.

For the 64MB dumps you have, well you could open that up in a hex editor, copy it, then paste it into any 512mb nand overwriting the data.


That's right. I flashed the Matrix Gltcher with appropriate .jed file and, in fact, I awaited 10min to console to boot - but the main issue was that after writing the ECC to the NAND, I try to turn the console on and didn't have any response from X360 (I know it because the PSU didnīt start - it stood in Stand by mode - just orange led, no green led) and the console didn't turn on (no green ring of light - it seemed the console was off all the time, like all cables were disconnected). I flashed my .jed file using Xilinx (following the GliGli tutorial) and checked it was ok (run Chain Process in Xilinx software). Even after I take the Glitcher off, the console refuses to turn on (no green ring of light, no PSU startup).

I'll try to follow your hint and try to copy/paste the 64MB-dump in a 512MB-dump I'll take using Progskeet. I think it will work.

QUOTE
General steps are for RGH....
1.Flash the coolrunner device.
2.Dump Nand and then flash generated .ecc
3.Get CPU key and then flash generated freeBoot or xell image.

Now in the case of a BB Jasper, you might have to wait a VERY long time. Before I applied the capacitor, it would take about 2-7 minutes to boot!

Again, I can't help your progskeet, so sorry on that. I know if you would let any program like progskeet write to the nand, after 64mb you could just terminate the process. It's dirty I know, but it works (I've CTRL+C out of nandpro plenty of times).


I followed the same steps you said, I just didn't get CPU Key (The tutorial didn't explain how to do it).
Don't worry about the Progskeet, I really appreciate your help and support, that's the real deal to me. You set aside some of your time just to help me, and I'm very thankful for that. I'll see what I can get from Progskeet foruns. If I didn't get a word from them, I'll try to use the tips you gave me.

QUOTE
You sure you have the correct .jed/.xsvf? Have you kept all the wires on the bottom of the mobo away from center (not that this matters much)?
When I received "ARM device not compatible..." when flashing the coolrunner, the wires to the coolrunner were incorrect, or it was not in programming mode. When I receive "ARM device not compatible..." when flashing SPi to the nand, I just unplug my maximus flasher and plug it back in.


Yeah, I've checked the .jed file and double checked the Matrix Glitcher, I think the issue is ECC-related. I'm not sure, but I believe the ECC generated is corrupted at some point and not allowing the boot process to start.
I don't know why I get that message ("ARM device not compatible"), some people say it's Flasher-related, others say it's software-related. I really don't know who's right or wrong, all I know I just got NandPro 2.0a working and since the tutorial asks for at least NandPro 2.0e, I got really insecure about the dumps I got.
And unfortunately, I don't have such good tools like Coolrunner and Maximus Flasher, just the Chinese ones (Matrix Glitcher and generical SPI Flasher).

QUOTE
As far as the status light on the PSU, does it change prior to boot anyways? I don't see how the orange status can indicate anything besides the xbox isn't powered on, which doesn't seem to help does it?


The orange status on the PSU is just to confirm that the issue is not related to lack of power into the NAND circuitry. I also refer to the orange status to show the console is not powering on when the Matrix Glitcher is soldered to the console, showing that the console is not powering on with or without the Glitcher. That why I believe, the NAND dump is corrupted and can't start the boot up.

thx one more time

C ya



#4 Julets

Julets

    X-S Senior Member

  • Members
  • PipPip
  • 174 posts

Posted 27 December 2011 - 04:05 AM

Progskeet should work. I read up on it a bit when I was installing my Cygnos v2's a coupld years back (I think it was progskeet). Progskeet should be a "true" flasher.

You only need the 2mb to get the cpu key. With RGH there is no point in getting more than the 2mb. Technically i think it is like 1.3mb you need (I don't remember the exact block count, something like 04F).

I've dumped my 512MB multiple times, about 10 times, and not 1 was identical to the other. However, all dumps 64mb and lower are always identical. I personally don't bother with anything bigger than 2mb, I mean what is the point? 2mb gets you the almighty kv. After that you are either going to flash xell which is only 2mb anyways, or you are going to use a tool like Multibuilder to create a freeboot image, which in turn will create the full nand.bin for you. I just don't see why you would bother with more than 2mb.

Anyways, from what I see on the progskeet software as of v.111120, you should be able to select custom block/range counts and cancel operations. Looking at WinSkeet4000.exe, it looks very similar in function how the cygnos works, of course so does the wiring.

If all else is well besides your nand image, you should be able to sort this out pretty fast.

Forget 64mb, stick with 2mb !!!

#5 RavenPhoenix

RavenPhoenix

    X-S Enthusiast

  • Members
  • 20 posts
  • Location:Sydney OZ
  • Xbox Version:unk
  • 360 version:v4.0 (jasper)

Posted 04 January 2012 - 09:31 AM

Look mate don't listen to this Julets cause if you just grab 2MB and the dump turns out to be bad then you are totally stuffed cause you don't have a full nand dump to write back and revert to stock if the shite hits the fan. I have JTAGED/RGH'ed my fair share of xbox360's (trust me I do it for a living) and especially on a big block 512 Jasper they are a pain in the ass to have to wait for the 2 matching dumps to finish but if you are using a reliable SPI flasher like Nand-X then it shouldn't take you more than 3-4 dumps max if your soldering is done correctly. 99% of the time my first two dumps are matching already so just make sure you have a reliable SPI flasher and good soldering done.

Now, regarding your xbox360 not powering on - don't bother with waiting for it to glitch cause I can tell you even if you wait for a decade it will not glitch if the xbox360 is not showing signs of getting any power. If you don't the green light flashing/or solid in the middle depending on if your DVD drive is connected or not then that means your console is either still in standby or something is causing it not to power on.

1. Check to make sure that you have the Matrix glitcher installed properly in terms of soldering (especially the stdby_clk [hana chip point]). If you have a cold or a bridge at that point your console won't power on properly.
2. After you have confirmed the Matrix glitcher is installed properly by testing continuity with a multimeter you should also check that you can still read/write to the nand after resoldering your SPI flasher on properly. If you are getting the flash controller is not detected in nandpro then you have either botched up the soldering or you may have screwed up your nand.

My best advice to you is to get a pro to fix up the issue for you cause it looks like you may have screwed up pretty badly. I have offer these services to the Australian public so if you are in OZ you can take a look at my website.

http://www.consoleme.webs.com


Also, with regards to the Pro Skeet. Yes you can use it to read/write to the nand but if you have a broken trace on the board then you may need to wire it up directly to the pins of the nand tsop itself. I would only recommend doing this as a very last resort as it is not an easy feat.


QUOTE(Julets @ Dec 27 2011, 02:05 PM) View Post

Progskeet should work. I read up on it a bit when I was installing my Cygnos v2's a coupld years back (I think it was progskeet). Progskeet should be a "true" flasher.

You only need the 2mb to get the cpu key. With RGH there is no point in getting more than the 2mb. Technically i think it is like 1.3mb you need (I don't remember the exact block count, something like 04F).

I've dumped my 512MB multiple times, about 10 times, and not 1 was identical to the other. However, all dumps 64mb and lower are always identical. I personally don't bother with anything bigger than 2mb, I mean what is the point? 2mb gets you the almighty kv. After that you are either going to flash xell which is only 2mb anyways, or you are going to use a tool like Multibuilder to create a freeboot image, which in turn will create the full nand.bin for you. I just don't see why you would bother with more than 2mb.

Anyways, from what I see on the progskeet software as of v.111120, you should be able to select custom block/range counts and cancel operations. Looking at WinSkeet4000.exe, it looks very similar in function how the cygnos works, of course so does the wiring.

If all else is well besides your nand image, you should be able to sort this out pretty fast.

Forget 64mb, stick with 2mb !!!

Edited by RavenPhoenix, 04 January 2012 - 09:33 AM.


#6 ZY0NZ

ZY0NZ

    X-S Enthusiast

  • Members
  • 3 posts

Posted 18 January 2012 - 09:04 PM

Hi RavenPhoenix

I really appreciate your help and I'd like to thank you for that. Unfortunately, I'm from Brazil and it' really tough to find a good technical assistance over here. I'm quite sure the issue with the console is NAND-related 'cause i'd had already triple checked the solder points and everything else. I am quite good at soldering and even with all my experience I soldered the Matrix Glitcher 3 or 4 times just to make sure all the points were well soldered. I can't get NandPro to recognize the NAND, and the console doesn't start up.
Now, All I got is a 64MB-Nand backup and the progskeet I got from a friend. I was thinking about getting a full NAND backup from progskeet and try to "merge" with the 64MB backup I have and see if I can get the console working and start over. What do you think about it? Is it a good or a terrible idea?
Any suggestions are welcome

Thx a bunch

C ya

#7 RavenPhoenix

RavenPhoenix

    X-S Enthusiast

  • Members
  • 20 posts
  • Location:Sydney OZ
  • Xbox Version:unk
  • 360 version:v4.0 (jasper)

Posted 31 January 2012 - 09:01 AM

QUOTE(ZY0NZ @ Jan 19 2012, 07:04 AM) View Post

Hi RavenPhoenix

I really appreciate your help and I'd like to thank you for that. Unfortunately, I'm from Brazil and it' really tough to find a good technical assistance over here. I'm quite sure the issue with the console is NAND-related 'cause i'd had already triple checked the solder points and everything else. I am quite good at soldering and even with all my experience I soldered the Matrix Glitcher 3 or 4 times just to make sure all the points were well soldered. I can't get NandPro to recognize the NAND, and the console doesn't start up.
Now, All I got is a 64MB-Nand backup and the progskeet I got from a friend. I was thinking about getting a full NAND backup from progskeet and try to "merge" with the 64MB backup I have and see if I can get the console working and start over. What do you think about it? Is it a good or a terrible idea?
Any suggestions are welcome

Thx a bunch

C ya


Sorry for the delayed response mate.

Right, considering that you are in Brazil then in that case I will have to try to offer my assistance the best that I can through this forum.

Answer these question for me the best you can.

1. What type/brand of flasher/reader are you using e.g. Team Xecuter NandX, LPT or another USB SPI Nand flasher?
2. Do you have another xbox360 mobo that you could solder your nand reader/flasher on to that you can use to test to make sure it is not you device which is causing the problem?
3. How have you tested your soldering to be sure that you have all the points soldered correctly for the nand reader/flasher?
4. Are you able to take good quality pictures of your current soldering and setup?

If you could answer those questions for me to the best of your knowledge and provide as much good quality photos of your soldering with the nand flasher connected to the motherboard then I can try my best to troubleshoot it for you.

Also, just put aside the idea of the progskeet for now as you really don't want to delve into that technical piece of hardware unless it is absolutely necessary. I will let you know if you really need to resort to that as an option after you can provide the answers to my questions.

Edited by RavenPhoenix, 31 January 2012 - 09:03 AM.


#8 antalpromille

antalpromille

    X-S Member

  • Members
  • Pip
  • 80 posts
  • Location:Sweden
  • Interests:mods and repair
  • Xbox Version:v1.6
  • 360 version:v3.0 (falcon)

Posted 31 January 2012 - 11:22 AM

hi!
try this out, open your dump in flash dump tool, if it opens then you are ok.
e remember nandpro 2.0 early versions was unable to write to BB nands, all it wrote was FFFFFFFFF and so on, and thats probably why it doesn start at all.

#9 mrdude2478

mrdude2478

    X-S Member

  • Members
  • Pip
  • 73 posts

Posted 22 February 2012 - 03:48 AM

HI m8, been reading your post and I and lots of others have had the same problem. I spent about three days going over my soldering etc and eventually I came across a post on the net with the correct fix.

Most likely cause of non booting is that you blew the resistor near the hana chip when you were soldering the RGH on to it. This should read 34-35 Ohms. If you measure that and you don't get it you need to solder a new resistor in.

Symptoms of this resistor blown:

NO booting, power light on power brick shows orange. No reading of nand possible.


The resistor you need to check is: C3B2 R4B24 - where the orange Stby_clk wire from the coolrunner goes on the 360 mobo. You can replace this with a resistor between 34-39 ohms.


Hope that helps you m8.

Edited by mrdude2478, 22 February 2012 - 03:49 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users