Softmod Bios Chain Loading From Tsop - No Exploit. Options

[Movax]

Softmod bioses seem to have the most advanced features, but I like to TSOP flash whenever possible. I want the best of both worlds if xman or someone can help a bit.

What I am looking for is the ability to have a system with a simple 256K bios (likely x2 4981) that I use with TSOPs that does nothing boot boot a bios loader with all the latest features. I would have the ability to have proper up-to-date lba48 support, eeprom protection, shadow C, ISO loading, etc. At the same time if i swap out the hard drive I can set it up quickly with an autoInstaller.

I haven't read about this stuff in awhile - I think i may have known how at one point but I don't know now - How should I set this up?

[Heimdall]

Complicated. You'd need to use PBL to chainload a BFM stock BIOS, otherwise the softmod wouldn't work (because the softmod patches the stock BIOS in-memory, and if you aren't running a stock BIOS then the patch just gives you a blank screen and an unresponsive Xbox). I'm sure you could make it work with a bit of effort, but I'm not sure what you'd achieve in reality. With a TSOP you don't really need eeprom protection and shadow C, and I'm sure that there's a BIOS that does ISO loading, and apart from that there aren't many features I can think of that you get with a softmod that you don't get with a flashed BIOS.

This post has been edited by Heimdall: Jun 19 2011, 06:19 PM

[Movax]

because the softmod patches the stock BIOS in-memory, and if you aren't running a stock BIOS then the patch just gives you a blank screen and an unresponsive Xbox

This.

Yes I knew that would be an issue. I am just not happy with any of the bioses out there and don't want to screw around with patchers just for ISO loading. I would probably just turn off virtual eeprom and shadow C, but this seems the most elegant solution, plus I feel softmods are the most up date (most recent work).

[ldotsfan]

Tsop splitting a 1.0/1.1 and switching between retail bios+nkpatcher and non-retail bios on different banks could achieve your objectives.

[Movax]

Yeah I could also flash retail and flash back before removing the harddrive... but I don't want the flubber.

[ldotsfan]

nkpatcher patches kernel by specific memory addresses for each kernel version. If you could locate the flubber animation code in the retail bios and NOP the whole chunk, nkpatcher might still work. Somebody like FrostytheSnowman could pull this off.

[Movax]

Might be possible - I think i could do it (I know enough about assembly generally) but with no experience it would take a lot of exploring code. I think it would be easier to load a retail into memory and then patch it.. Ideally chain load the bios patcher without needing to use an exploit.

[Heimdall]

I'm fairly certain you have to load the BIOS patcher with an exploit because the BFM stock BIOS will only run signed code, but it should be easy - a standard softmod will do that for you. So, you install PBL as your hacked dash, use that to chainload the BFM stock BIOS, that loads the softmod xboxdash.xbe, which loads the fonts to trigger nkpatcher.

[xboxmods2977]

nkpatcher patches kernel by specific memory addresses for each kernel version. If you could locate the flubber animation code in the retail bios and NOP the whole chunk, nkpatcher might still work. Somebody like FrostytheSnowman could pull this off.

I'm not sure that this is possible, being as the softmod (and bios loader) wouldn't take hold of the system until the console attempts to load the dash (after the flubber has been displayed), so how can the flubber be removed beforehand?

This post has been edited by xboxmods2977: Jun 21 2011, 04:39 PM

[Movax]

I'm not sure that this is possible, being as the softmod (and bios loader) wouldn't take hold of the system until the console attempts to load the dash (after the flubber has been displayed), so how can the flubber be removed beforehand?

nop it.. or more likey jmp over the flubber code and flash the bios back to the chip. Not sure if, or how well the xbox validates the bios, but sounds like it would work.

I'm fairly certain you have to load the BIOS patcher with an exploit because the BFM stock BIOS will only run signed code, but it should be easy - a standard softmod will do that for you. So, you install PBL as your hacked dash, use that to chainload the BFM stock BIOS, that loads the softmod xboxdash.xbe, which loads the fonts to trigger nkpatcher.

Yes I am am not sure if it is possible to skip the exploit part since you have a retail bios at that point.. but it should be possible to create a tool if one doesn't exist to load a retail bios and patch it at once, or load the bios, then load and run the patcher without calling the bios.. just ideas.

I was thinking of simply setting up a softmod bios I like and dumping the active bios uses xmans bios dumping tool and flashing to the TSOP? Not sure if there are issues there.

[xboxmods2977]

Oh ok. IC. So your saying, to dump the retail kernel, modify it, and then flash it back to the TSOP? I wouldn't be brave enough to try that.

How about this? Flash iND to the TSOP (or any bios that can skip flubber) and set it to skip flubber. Then, set the first dash to PBL. PBL then loads the retail BFM. Then, softmod the retail BFM. The softmod exploits the retail BFM, and in turn, loads it's payload BFM hacked bios.

The result: All the advantages of hardmod and the luxuries of a softmodded box.

EDIT: I may try this myself right now....

This post has been edited by xboxmods2977: Jun 21 2011, 05:43 PM

[Movax]

Yes that should work.. I would go with X2 with flubber turned turned off since it doesn't hit the hard drive. I was hoping to avoid the softmod files, but might be good enough..

[xboxmods2977]

OK, my first snag/problem.

I'm trying this out on a 1.4 xbox running X2 5035 from a chip.

So far, I have PBL (pbl-lite) set up to load as my first dash. When it starts, it boots 5101 bfm (semi) successfully to the M$dash, but the screen is garbled like there is a vertical hold issue. I thought maybe it might correct itself when I went to load the 007 game to start the exploit but it too boots garbled.

Any ideas?

[Movax]

http://forums.xbox-scene.com/index.php?s=&...t&p=4163480

Maybe. edit.. nevermind, you used the right version.

This post has been edited by Movax: Jun 21 2011, 07:09 PM

[xboxmods2977]

I'm gonna try it now on a 1.0 just for sh!ts.

EDIT: Not worth the trouble. Here is what happens:
It works, up until the softmod installer says "softmod installed successfully, power down now blah, blah"
When I restarted the xbox, it boots to the famous "hacked bios present with softmod" black screen. If I start it with a game, the game loads, but somewhere in the dash exploit process, things don't go good.

Here is why it isn't worth it.

All of your hardmod advantages are lost because when PBL loads, your xbox is retail again, which means no unlocked HD's and no missing DVDRom's or the M$ dash will error. Same case with after the softmod is finished, that is if someone successfully gets past post-install. (Maybe, hot-swap and then NDURE?)

So, I guess if you want to go through all this crap, just so you can hide/customize your flubber on your softmod box, be my guest. That is the only advantage.

PS, I never got it to work with 1.4 xbox. Only the 1.0 was free of the graphical issue, but still never got past the first reboot during the softmod process. (krayzies 1.1)

The hacked (flubber removal) retail bios idea is probably the only option

This post has been edited by xboxmods2977: Jun 21 2011, 08:08 PM