Though I'd normally edit new things in, I feel that this should be a separate post for a few reasons, none of which matter.
Anyways, Here's my theory for getting the RGH booting a hacked dash.
I'll list the complete process, just because.
1) Extract NAND of the target Xbox 360.
2) Make a Backup of this NAND and don't touch it yet.
3) Patch NAND using the files and method in the RGH guide, by GliGli.
4) Build and program your Coolrunner using GliGli's guide.
5) Flash your RGH-patched NAND to the target Xbox 360.
6) Install your Coolrunner to the Target Xbox 360.
7) Startup the Xbox 360 and grab your keys with Xell.
8) Make another copy of your Backup NAND.
[Unsure if JTAG Tool will accept the 13599 native NAND image]
9) Throw the NAND image into JTAG Tool [or perhaps Exploit 360, I haven't check the features yet so...]
10) Install the 13599 Freeboot Dash to your NAND.
11) After patching is complete, Click "Convert XBR to Original", wait for it to finish.
12) Flash Image to Xbox 360.
[Speculation From Here On]
13) Obtain your real CD from the NAND image you backed up (your original NAND)
[^^Haven't found method yet, Please inform me if there is an easy way to do this.^^]
14) Using the Build.py in GliGli's guide, use this to make it work:
python common\imgbuild\build.py original_nand.ecc [NAND CD Folder]\[YOUR CD]
[Don't know how original CD will react to a Patched Dash, also, Xell is eliminated so I'm unsure if it will even compile. I don't have a NAND to test it with yet, but you can bet I'll even build a *gulp* LPT Cable *shiver* just to try it before my NANDX arrives!]
15) Flash output ECC file to the NAND the same way as before.
16) Boot your Xbox 360.
17) Jump for joy or commence the flaming.
I'm sure there's some flaws with my reasoning here, but all we need to do is modify the CD and, Assuming the JTAG Tool did, in fact, patch the dash, Make sure there's no traces of anything left.
In contrast, I have a funny feeling the the current versions of Freeboot and XBR use a Boot-time Ram-Poke method to apply the patches to memory. If this is the case, removing Freeboot from the image is the same as restoring it to it's original state.
Basically, we need both those Dash Patches and a Patched CD for a much closer to 100% "It's Gonna Work" idea and a way to patch the files without relying on Build.py
Also, doing a HEX compare on the CD's should tell anyone skilled enough what was changed.
And though I haven't checked it yet, apparently the CD provided with GliGli's guide is in an un-encrypted,
"plaintext" format. If we have an original plaintext CD, one for each 360 revision, we may be able to build a custom CD with it and modify the permissions to resemble the patched, plaintext CD from a JTAG.
Most of this is still speculation so please Help out if you have any ideas that are relevant!
To add on to a problem with step 14, the new, hacked CB will NOT decrypt an encrypted CD as it's been modified to expect a plaintext CD in NAND.
Basically, someone needs to hack those CDs!
Once we have working CDs that are in plaintext and set to accept all dashboards, regardless of patches, we'll be ready to move on.
Edit - If you do have the ability, and resources to create a hacked CD, DON'T POST IT HERE OR LINK TO IT.
The CD most definitely contains M$ copyrighted code.
Better yet, It would be better if we could decrypt our own CD's and apply a patch to them as the patch wouldn't contain M$ code it's self.
I "Think" the cpu key can be used to decrypt the CD, but it may be the private key so no guarantees.
Anyways, as this is grey area talk, I'll just move right along...
Another thing I'd like to know is if the custom plaintext CD's included in the RGH are re-code-able to act similarly enough to the real ones to continue the boot process as normal into a hacked dash.
Any ideas?This post has been edited by Gadorach: Sep 23 2011, 12:44 PM