4 Step Guide To Flashing Xbreboot, Lets Get that Homebrew Working for You Options

[Grim187]

Can i Homebrew?

check your dash version to make sure you dont have the 1bl update (disables the smc hack which allows xbr to run).

turn on your console, go to system settings > console settings > system info.
2.0.XXXX.0

XXXX = your dash version.

if its 7371 or lower your good to continue, if its 8xxx then you have updated and there currently is no way to run xbr/freeboot/xell.

Note: if your console is new (you bought it 09 or later) then even if you have Dash version 7363 you could still have the 1bl update, so far the ones confirmed with the 1bl update are mfg date 6-23-09 and the ones confirmed w/o 1bl update (and exploitable) are 6-18-09.

If you have updated or bought a console with the 1bl update then there is no way to downgrade and you wont be able to run homebrew on your console for a long time if ever so Please Dont Ask/Talk About Downgrading Here.

Building a LPT Cable

An LPT Cable is Needed to read/write the nand (which has the stock dash on it and will have xbr (hacked dash) when your done).

Things you will need:
a pc with a lpt port
DB25 Header
5 x 100ohm Resistors (watt's dont matter; i use 1/8th)
3 x 1n4148 Diode
LPT Cable (DB25 male > female)
soldering iron
solder
rosin flux
some wire (30-24awg, the smaller the better)
your 360 apart


Credit for the Image Go's to sandungas.

Note: dont solder the Diode to db1f1, solder it to j2d2 like this.

Note2: The diodes/wires are for xbr/freeboot/xell, if they are connected and you boot your stock nand you will get 3 red lights error code 0020.

Checking to Make Sure You have a Exploitable Box

Software you will need:
Dos (comes with windows)
Nandpro2.0b

unpack nandpro to c:\nandpro\
install port95nt.exe
press windows key + r or click start > run
type cmd and click ok or press enter.
a command prompt will display, in it type cd "c:\nandpro" and hit enter.

type

CODE

nandpro lpt: -r3 c1.bin

hit enter

open up c1.bin in a hex editor (free hex editor) and you should see

© 2004-200X Microsoft Corporation. All rights reserved.

X = 5, 6, 7, 8 or 9 (depending on what dash you have/when your console was made).

now search in hex for "CB" (without quotes) your looking for the one at or around 4800 in hex (it has to be in caps).
copy the 4 hex digits after it and convert it from hex to dec with this Conveter
Like This

Xenon: 1921 or lower is Exploitable (exception: 8192 IS EXPLOITABLE)
Zephyr: 4558 or lower is Exploitable (exception: 4580 IS EXPLOITABLE)
Falcon: 5770 or lower is Exploitable
Jasper 16mb: 6712 or lower is Exploitable
Jasper Arcade (256/512): 6723 or lower is Exploitable

Board Version Detection

If you have confirmed your consoles version and have a higher version CB then listed above you cannot do homebrew,
there is no way to downgrade and you wont be able to run homebrew on your console for a long time if ever so Please Dont Ask/Talk About Downgrading Here.

Backing Up Your Original Nand

Software you will need:
Dos (comes with windows)
Nandpro2.0b

unpack nandpro to c:\nandpro\
install port95nt.exe
press windows key + r or click start > run
type cmd and click ok or press enter.
a command prompt will display, in it type

CODE

cd "c:\nandpro"

and hit enter.

now connect the xbox 360 to power supply and connect the lpt cable to your pc and type

CODE

nandpro lpt: -r16 1.bin

or if you have a jasper arcade type

CODE

nandpro lpt: -r70 1.bin

and hit enter, wait for it to load and press anykey if it prompts you to (i use the down arrow so it dosent messup the next command).



it will take about 36mins to get to 3ff (jasper arcade will take longer).
if you get a few errors thruout the nand you should get the same errors in the same place on the next dump and i will address this later.
if every block give you a error then x out of the window and check the cable; make sure everything is soldered good, etc.

once its finished type

CODE

nandpro lpt: -r16 2.bin

or if you have a jasper arcade type

CODE

nandpro lpt: -r70 2.bin

and hit enter, press anykey if it prompts you to and wait another 36mins (jasper arcade will take 160mins).

after the 2nd read is done type

CODE

fc 1.bin 2.bin /b

if it comes back with no differences found skip the next 3 steps







if differences where found type

CODE

nandpro lpt: -r16 3.bin

or if you have a jasper arcade type

CODE

nandpro lpt: -r70 3.bin

and hit enter, press anykey if it prompts you to and wait another 36mins (jasper arcade will take 160mins).



then type

CODE

fc 1.bin 3.bin /b

if there are no differences delete 2.bin and skip the next step

if there are differences type

CODE

fc 2.bin 3.bin /b

if there are no differences delete 1.bin, rename 3.bin to 1.bin and continue



if it still finds differences use NandCompare v1.3, load all 3 dumps and have it build a valid dump for you and/or check your lpt cable and start again (this is what i would suggest).

now right click on 1.bin and click open with > notepad (this may take a sec depending on your pc)
within the first line you should see

© 2004-200X Microsoft Corporation. All rights reserved.

X = 5, 6, 7, 8 or 9 (depending on what dash you have/when your console was made).

if you have a jasper arcade skip this step (360 flash dump tool dosent support jasper arcade's nands):
get 360 Flash Dump Tool and open 1.bin, make sure it shows lots of files under flash file system and shows your cd, cb, ce versions as well as ldv's, patch 0 and patch 1.

now rar or zip 1.bin and e-mail it to yourself.

Flashing XBReboot

Things you will need:
Dos (comes with windows)
XBRebooter (found in the usual places)
Your Original Nand Dump (named 1.bin)

if you have a xenon use XBR_Xenon_1921_8955_1.bin only if your cb version is 1921, if its 1920 or lower use XBR_Xenon_8955_1.bin

First Rename the version of xbr you will flash to xbr.bin and place it in c:\nandpro\

if you had bad blocks in the same position from your dump's you will need badblockmover
analize 1.bin then repoisition bad blocks in xbr.bin (currently there isent a tool that will do this for jasper arcade's, you can contine and it might work w/o this, as long as you have a valid original nand dump your safe)

press windows key + r or click start > run
type cmd and click ok or press enter
type

CODE

cd "c:\nandpro"

and press enter

Warning if you dont have a valid backup of your original nand the fallowing will kill your 360.

type

CODE

nandpro lpt: -w16 xbr.bin

or if you have a jasper arcade type

CODE

nandpro lpt: -w256 xbr.bin

and hit enter, press anykey when if prompts you to, it will take 36mins to write (jasper arcade will take 90mins?).



type

CODE

nandpro 1.bin: -r16 kv.bin 1 1

and hit enter, press anykey when if prompts you to

type

CODE

nandpro 1.bin: -r16 config.bin 3de 2

or if you have a jasper arcade type

CODE

nandpro 1.bin: -r256 config.bin ef7 2

and hit enter, press anykey when if prompts you to

now you should have config.bin and kv.bin in the nandpro folder.

type

CODE

nandpro lpt: -w16 kv.bin 1 1

or if you have a jasper arcade type

CODE

nandpro lpt: -w256 kv.bin 1 1

and hit enter, press anykey when if prompts you to



type

CODE

nandpro lpt: -w16 config.bin 3de 2

or if you have a jasper arcade type

CODE

nandpro lpt: -w256 config.bin ef7 2

and hit enter, press anykey when if prompts you to





and your done, enjoy homebrew.

This post has been edited by Grim187: Dec 28 2009, 11:20 AM

[curtis2k8]

BTW Zephyr CB/CD 4580 is now confirmed as exploitable
http://www.xboxhacker.org/index.php?PHPSES...p;topic=13353.0

[blueray]

Are you sure that 1bl was updated with the last fw updates? I mean it was the 2bl only. I asked this in another thread.

http://forums.xbox-scene.com/index.php?showtopic=699491

Found also another discusion:

http://www.xboxhacker.org/index.php?PHPSES...p;topic=13342.0

This post has been edited by blueray: Dec 27 2009, 07:09 PM

[yaazz]

Nice guide.
Man that DB1F1 point is a small point to be soldering to a non leaded solder joint. Any tips for that?

[kipper2k]

Nice guide.
Man that DB1F1 point is a small point to be soldering to a non leaded solder joint. Any tips for that?

Use Kynar 30AWG. Put a little flux on the pad, touch the soldering iron to the pad, touch the solder to the soldering iron, and lift the iron away from pad, you may have to repeat a few times until you see a small solder blob on the pad. DO NOT try this with a fat tip, the tip should be a fine pointed conical tip. You will get a small solder blob on the pad, once you get the blob, strip a small bit of the kynar wire, measure it up to fit both ends, hold the kynar wire over the solder pad and just dab the wire with the soldering iron. Wiggle the wire gently to make sure its on, once you verify a good connection use glue to hold the wire in place. Do not put glue over the pad itself, just close to it.

If you use a big tip and too much heat then you will burn the pad and have to use the alternates underneath which ae just as much fun.

[Grim187]

BTW Zephyr CB/CD 4580 is now confirmed as exploitable
http://www.xboxhacker.org/index.php?PHPSES...p;topic=13353.0

added exception for 8192 and 4580.

Are you sure that 1bl was updated with the last fw updates? I mean it was the 2bl only. I asked this in another thread.

http://forums.xbox-scene.com/index.php?showtopic=699491

Found also another discusion:

http://www.xboxhacker.org/index.php?PHPSES...p;topic=13342.0

yes 2bl was updated as well, 1bl had a different fuse line then 2bl.

http://www.xboxhacker.org/index.php?topic=13126.0

[vintage_guitar]

Newbies are probably not going to check if their arcade has 256 or 512mb beforehand, so you could possibly add this check by having them read their flash config in nandpro. And yeah, it took about 90 minutes for XBR for large block jasper to flash. (the file is 64mb)

This post has been edited by vintage_guitar: Dec 28 2009, 05:12 AM

[deakphreak]

Thank you for this great tutorial. So I take it from reading this, we only need to backup 70 meg or so from our 512MB Jasper?

[X-hacker]

Got a bit of a problem. This is the 2nd xbox I'm doing. The first xbox had CB1921 which is now running as we speak. (Injected KV & config into Xenon_1921_8955)

This one I cannot get to power up after flashing XBR.

I have injected the KV & config into the Xenon_8955_1 image (CB is 1903) and flashed back with NANDPro. Now the xbox won't power up...

Its definitley exploitable, CB 1903 - Patch0 5767 - Patch1 6683 & I also have the CPU key from the JTAG.

Can anyone help out?

[Grim187]

Newbies are probably not going to check if their arcade has 256 or 512mb beforehand, so you could possibly add this check by having them read their flash config in nandpro. And yeah, it took about 90 minutes for XBR for large block jasper to flash. (the file is 64mb)

256 or 512 dosent matter; the cmds are the same.

Thank you for this great tutorial. So I take it from reading this, we only need to backup 70 meg or so from our 512MB Jasper?

since your only flashing 64mb you really only need to backup 64mb of the nand.

altho with xell i found that i had to restore an extra mb to get it to boot retail agian so i just rounded up to the nearest 10 (better safe then sorry).

your welcome

Got a bit of a problem. This is the 2nd xbox I'm doing. The first xbox had CB1921 which is now running as we speak. (Injected KV & config into Xenon_1921_8955)

This one I cannot get to power up after flashing XBR.

I have injected the KV & config into the Xenon_8955_1 image (CB is 1903) and flashed back with NANDPro. Now the xbox won't power up...

Its definitley exploitable, CB 1903 - Patch0 5767 - Patch1 6683 & I also have the CPU key from the JTAG.

Can anyone help out?

check your wires and flash the original, redownload xbr and use the tutorials way (i dont like to inject in to the image; i think its better to flash them separate).

[vintage_guitar]

256 or 512 dosent matter; the cmds are the same.

For flashing the 64mb XBR, yes. But for backing up, you should backup the entire NAND just in case.. people have had bad experiences with profiles messing up the nand with XBR. If these people had no backup they'd be screwed.

[X-hacker]

256 or 512 dosent matter; the cmds are the same.
since your only flashing 64mb you really only need to backup 64mb of the nand.

altho with xell i found that i had to restore an extra mb to get it to boot retail agian so i just rounded up to the nearest 10 (better safe then sorry).

your welcome
check your wires and flash the original, redownload xbr and use the tutorials way (i dont like to inject in to the image; i think its better to flash them separate).

I have followed the tutorials word for word. I've sorted this now, ended up flashing the XBR_1921 image even though the system has CB 1903.

Flashing the sectors seperate gives the same result as injecting them. My soldering/wiring is perfect - out of the 2 consoles I have done NEITHER have had any read errors at all with NANDPro. I did cheat a bit and use my infectus to dump 3 x images from each console (can't be arsed waiting almost an hour for LPT)

Thanks for the reply anyways

[Grim187]

For flashing the 64mb XBR, yes. But for backing up, you should backup the entire NAND just in case.. people have had bad experiences with profiles messing up the nand with XBR. If these people had no backup they'd be screwed.

i thought you had to format the onboard memory everytime you flash anyways?

[rzwx]

i see here it's possible to read out the kv and config from the file you already got (nandpro 1.bin: -r16 kv.bin 1 1) is it also possible to write it back into the xbr file before flashing and then flash the whole package in one, i'm asking because i got the infectus chip ,and don't know how to flash that kv and config to the nand so if i could readout the nand with infectus and then use nandpro to perform the action taken ,the i could flash to whole thing back in one piece.

sorry for the english i'm from holland

[rory2005]

there is a tutorial to flsh infectus 2 with freeboot which has virtually no problems compared to xbreboot.