4532 <=> 5759 Tutorial, "Homebrew" <=> "Blue Bragon" Tutorial Options

[openxdkman]

- You will need a way to flash the nand for the downgrading step
(but you don't need it for first steps)
- You CAN keep resistor R6T3 in place!!! It's my case!
(That's why this tutorial for newbies is useful!)

1) Upgrade to 4532 and obtain :
- fuses.txt (from that you get cpu key. hint: concatenate line 3 & 5)
- 1bl.bin (from that you get 1bl key. hint: check gueux site french forum)
- nand.bin (well, not so important now)
- fw_4532_for_infectus.bin

EDIT: Also write down your X: hardware signature (see last blade, it's with your kernel version information). If you (you shouldn't) connect to Live, it's sure X: is wrote down by server. If you connect again with a different X:, bad things will happen for you.

See other tutorial in this forum about how to get these files :
http://forums.xbox-scene.com/index.php?showtopic=615906

While obtaining this last dump, write down if any bad sector appears (0x350 status for each 1st sector of blocks. A block is 32 consecutive sectors. There are 32768 sectors of 512+16 bytes in a 16Mb firmware).
See at bottom, a link to ivc's compiled version of tmbinc software dumper (command 3).

Disclaimer : Because many tools may not know yet how to handle bad sectors, I can't give any warranty, yet, to people who have bad sectors.

If you have infectus installed you can dump firmware. It should be strictly identical to fw_4532_for_infectus.bin (nice way to verify that Infectus works).

2) Play Blue Dragon (if it's the edition on shelves in August, it will upgrade console to 5759, spring update) or any game not upgrading beyond 5766.

EDIT: At this step, your X: hardware signature shouldn't have changed, if you still have R6T3 in place.

3) Use robinsod's flash dump tool 0.81 to edit lock down value
(this phase is necessary if you have R6T3 in place)

Create a copy of fw_4532_for_infectus.bin, rename it : fw_4532_ldv2.bin
Edit this new copy with flash dump tool 0.81 (you can get it from xbins)
Hit "Keys" button to fill in cpu and 1bl key.
This tool crashes at first try. Just insist. Erase CxKeys.txt if it's there.

For me, patch 0 is 4532 with LDV 1
(but you may have an higher value n since LDV increments with each update)
(Also 4532 may not be patch 0 but patch 1 for you)

Hit "Patch" button.
Change Patch 0 (or 1 for you maybe) LDV value from 1 to 2 (from n to n+1)
Hit "Ok"

4) Dump the 5759 firmware (now you need a way to dump by hardware)

Example of in-case Infectus installation :
http://forums.xbox-scene.com/index.php?showtopic=607877

5) Flash your firmware in order to boot again 4532
If you have R6T3 in place, you must use the edited ldv=2 (or n+1) image.

Note: Infectus "Erase" command displayed "Problem on erasing" at the end of the erase operation. But the "Check blank" did confirm "Flash blank OK". And the flashing worked perfectly. So I guess it's not a serious glitch.
(Erasing firmware before writing it IS NECESSARY otherwise data is wrong).

EDIT: You should notice that X: changed! So you are stealth only if you are using the lastest firmware. Ok, I know it's a silly statement since you are to upgrade when you connect to Live... I'm not a subscriber to Live, so...
Anyway, if it's ever important to get a clean X: at a specific firmware version, it is rumoured that 1888 doesn't have any X: storage & co (rememberance of history). So Upgrading from 1888 to a specific version should be ok.

6) Flash your firmware in order to boot again 5759

I suggest to flash instead of upgrading again from 4532 to 5759.
Dunno if upgrader code could do something fishy in case it detects that efuses it should blow up are already blown up... No need to take any risk. You have the dump, you can flash it. Another problem is that LDV is incremented instead of being set to a theoretical pre-defined value... So you would consume a lots of efuses if you repeat upgrade several times!

EDIT: You should notice that X: reverted to its original value. You are stealth again. But once again, it's not wise to connect to Live with a modded one...
Bashing your friend's head only requires a standard condemned console...


Conclusion :
Hurray! We got great games this summer AND we still have homebrew!

HUGE thanks to robinsod!

If someone upgrading its firmware while booting Halo 3 can tell us the new firmware version, that will help up to avoid catastrophes. I really fear Halo 3 will come soon with some bad surprises for homebrewers...

Warning: don't do that with firmware > 5766, M$ may still have ways to brick our consoles, especially if you haven't removed R6T3 (but I still think it's better to not remove it, until we know more about future updates).

EDIT :
ivc posted on xbh a complete set of downgrade tests!
http://www.xboxhacker.net/index.php?topic=7691.120
You can downgrade from 5766 with resistor in place!
Thanks ivc for your courageous testing!

Ok, time to jump back into Blue Dragon...

EDIT :
Swapping still safe with NXE (Kernel 7363)

This post has been edited by openxdkman: Apr 10 2009, 06:10 PM

[zouzzz]

Good news and good tutorial.
Thanks.

[Mithradates]

The last dash update I installed was the spring one (version 2.0.5759.0) and after the forced halo 3 update my dashboard was version 2.0.5766.0 (the 'wireless guitar' fix). Is it usual MS adds these updates into games, or is there more behind it?

This post has been edited by Mithradates: Sep 26 2007, 02:36 PM

[openxdkman]

Usual. M$ wants last update on your console. Understandable.

Thx for info. So, Halo 3 disc has update 5766 on it.
Since this firmware version is compatible with both time attack and firmware swapping trick, it's ok.

But try to resist the envy to connect to Live (unless you have 2 360's) or you may lose homebrew opportunity with firmware updates >5766.

I haven't seen a report that says that 5787 is compatible with time attack. Be careful.
(but ivc reported 5787 is compatible with firmware swapping trick, which is different. so if you got CPU your keys, 5787 is ok, but connecting to live means you may run into fall update any time soon)