Jump to content



Eeprom Swapping

  • Please log in to reply
2 replies to this topic

#1 Androxilogin


    X-S Enthusiast

  • Members
  • 6 posts

Posted 01 August 2012 - 01:13 PM

Now I'm not sure if this has been discussed in the past here for the 360 and I do apologize if it has, but here is my situation. I have a box requiring a reball on the south bridge. I however don't have the cash for a kit at the moment. I do have a working box (aside from the one I actually use) that is banned. From my old console modding days, I remember the original xbox having the MAC address built into the EEPROM file itself. With the 360 I understand you have to have a DVD-drive that is married to the chip. I've searched this many times before unsuccessfully and even thought of just risking it for the sake of my own education but since I've swapped PCBs and fixed traces on the drive, reflashed and all that hassle just to have it working again (previous owner pulled the old upside down power) I figured the answer has to be out there and I'm just not digging deep enough. I've been back to this site many times over the years and figured this would be a good place to start aside from the search engines and the sites I frequent. I've had this idea a while but tonight ambition checked in. I didn't exactly know the location on the board and upon finding this link I began to get more excited.


I've actually been searching this a while and 20 minutes today with the correct keywords finally brought up something valid.
I see lots of sites posting today about a way to unban Xbox 360 from LIVE often linking to a thread made on our forums here.

This method has been known for a long time (since the King Kong Exploit days) and does indeed 'work'. Basically you swap the Keyvault (or 'KV' in short, it stores stuff like console certificates, per-box private keys, DVD key, etc) inside the NAND with the KV from an unbanned console. While technically very different you could somewhat compare it to swapping eeprom data during the Xbox1 days.

However there's a (really) big 'IF' (besides the required tech knowledge) … you need the (unique) CPU key of your banned console – without it you can't correctly write the new KV data in the NAND bin of your banned console.
Now you wonder how to get the CPU-key … well by running XeLL of course!
To run XeLL u need to perform the JTAG hack (or the King Kong exploit, but that's even more outdated) … and if you got banned the last few weeks it means you updated to the latest dashboard/kernel (else you can't get on LIVE).
And that's the problem… Microsoft patched the JTAG hack since kernel 849x (July 2009) … so no way to boot up XeLL (= no realistic way for you to get the CPU-key atm) and thus no way to swap the KV data in your NAND image.
And then there's also added KV protection (hashing) on newer motherboards (Falcon+ ?), but if you can't even get your CPU-key it doesn't matter much to do deeper into this problem.
The only way it would work is if you retrieved the CPU-key of your old banned 360 before you updated to anything over 849x. If you did that you probably know about all of this and I'm not telling you anything new
Downgrading kernel is not an option either, older kernels won't boot as both kernel and CB fuses were burned during the various updates MS performed.

Hope that explains the situation a bit (tried to make it not too technical)
On a side-note, it would probably be pretty easy for MS to detect KV-swaps (like HW-mismatches etc).
via Xbox-Scene.

I also found this post touching base on the ultimate question from this same forum. It would make sense to have to lift the NAND and the EEPROM but as I read before, swapping NANDs themselves and the box becomes incapacitated. An interesting yet annoying bit.

Edited by Androxilogin, 01 August 2012 - 02:11 PM.

#2 Aldanga


    X-S Hacker

  • Head Moderators
  • PipPipPipPipPipPip
  • 2,730 posts
  • Gender:Male
  • Interests:Hardware,software,coding,algorithms, troubleshooting, tinkering with anything I can get my hands on.
  • Xbox Version:none
  • 360 version:v5.0 (360S - trinity)

Posted 02 August 2012 - 04:17 AM

I'm not sure if you still need questions answered or if your research has satisfied you.

#3 Androxilogin


    X-S Enthusiast

  • Members
  • 6 posts

Posted 02 August 2012 - 12:59 PM

Most of the links I found were broken. I finally stumbled on to some talk here about the keyvault and how it works, lifting the NAND, CPU and fuse. I didn't quite understand where the CPU fell into play but that's something I'll look into eventually for the sake of knowing. Reballing one chip compared to all of this seems unlikely. I've been wanting to get a hold of a kit.

(from the link above:)

The nand image is encrypted with the CPUKEY and 1BL key.
If your xbox doesnt have the matching cpukey then the nand is just all junk info to the xbox and wont boot.

Only way to get the CPUKEY is to run xell.
Which will only run on a dash version below 8XXXX.

You can un-ban a xbox if you know the cpukey from both consoles.
You decrypt the unbanned xboxs nand.
Then re-encrypt it with the banned xboxs.

You would also have to change the dvd drives key to match.

If if you want to do it the hardware way.

Desolder the nand chip, cpu, fuse.
Then solder them onto the banned xbox and use the unbanned xboxs dvd drive.

My dash version isn't even close to jtag standards on either xbox so my quest is on to something else for now. Thanks for moving this thread to the correct section.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users