SoftModding for Absolute Beginners

Stuff you need to know that the other guides don't tell you...

Disclaimer

Soft-modding can screw up your XBOX. If you follow the instructions you should be fine but I can't take responsibility if anything goes wrong. Good luck!

Introduction

This guide is intended to help complete beginners to understand soft-mods and how to install them successfully. I am not an expert but I have one chipped XBOX and one soft-modded and this guide documents what I needed to do in order to perform a soft-mod.

I am assuming some basic knowledge of PC's and networking on your part and the use of standard tools such as FTP.

To perform a softmod you are going to need to connect your XBOX to a PC using the ethernet socket at the back of the XBOX. You can connect this directly to a network card on your PC using an ethernet cross-over cable or you use a straight ethernet cable to connect it to a port on a switch, hub or router if you already have a home LAN.

Before we get into soft-modding in detail you are going to need to understand a little of how the XBOX works:

The Dashboard

This is the program that provides the user interface when you start up your XBOX. Amongst other things the standard MS Dashboard allows you to manage game saves, set the clock and other system settings and launch XBOX Live. It is implemented in a file called xboxdash.xbe on the root of the C drive on your XBOX's hard drive and it loaded every time you boot the box.

The MS dashboard uses a number of other files which, depending on your dashboard version will either be also in the root directory or in subdirectories off the root. For soft-modding purposes the only files which concern us are the font files which are named XBox Book.xtf and Xbox.xtf (more on these later).

The BIOS and PBL

The XBOX has a BIOS, similar to that in a PC. When you install a modchip you are replacing the functionality of the standard BIOS with a specialised BIOS which is provided by the modchip manufacturer. You would generally also install a replacement third-party dashboard alongside any modchip.

Okay so how is this relevant to soft-modding? Well the answer is that in 2003 some clever people came up with a software application which works like a modchip and allows you to load one of the modchip BIOSes, completely in software. This package is called PBL or the Phoenix Bios Loader.

The standard unmodded XBOX will only execute applications and games which have been 'signed' in a special way. This is why you cannot use backups or third-party apps on an unmodded box. The BIOS loaded by PBL together with a third-party dashboard will allow unsigned code to be executed and so you will typically get FTP access, the ability to run Linux, backups, third-party applications etc.

The Gamesave Exploits

Hopefully from the above description it is clear that what we need to achieve is to get PBL, a replacement BIOS and a new dashboard onto the XBOX. In order to do this we will need FTP access to the box. This is where the gamesave exploits come in.

These take advantage of security loopholes which will allow us to temporarily load PBL and an alternative dashboard. This will give us FTP access to the XBOX and will subsequently enable us to load PBL etc for a more permanent solution.

The technical details of how these work are beyond the scope of this document but there are plenty of detailed explanations within the XBS forums and elsewhere.

There are three main gamesave exploits which all work similarly and are based on the games; 007 Agent Under Fire, Mech Assault and Splinter Cell. For each of these there are various different packages available. To use one of these you will need:

• an original (i.e. not a backup) copy of the game in question
• a copy of the relevant gamesave exploit package
• an XBOX memory device with some way of transferring the game save to it from your PC e.g. an Action Replay or Mega X-Key. Alternatively you need a friend with a chipped or soft-modded XBOX who can transfer the game save to a standard XBox Memory Card.

Details of the requirements and how to use the exploit will be included with the package. Here is how I did it using the Splinter Cell exploit.

• I downloaded a package called splinter_cell_exploit-pal.zip. (PAL refers to the video standard used by your XBOX. I have a UK, PAL-based box, if you are in the USA your box will be NTSC).
• I did not own an Action Replay or an XBOX memory card so I made an XBOX USB cable and used a standard 128Mb USB pen drive to transfer the game save from my chipped XBOX. There are various tutorials on how to make a USB cable and how to convert a standard XBOX memory card to Action Replay functionality on XBS. If you can't do any of this then you will have to buy an Action Replay or the new Mega X-Key.
• I loaded the Splinter Cell game saves onto my chipped XBOX via FTP.
• I connected my pen drive to the chipped XBOX and went into the Memory option in the standard MS Dashboard. The pen drive was recognized by the XBOX and was formatted to allow game saves to be written to it.
• I then used the Memory function to transfer the Splinter Cell game saves from the XBOX hard drive to the pen drive.
• I then moved the USB cable and pen drive to the unmodded XBOX and used the Memory function to transfer the saved games from the pen drive to the XBOX hard drive. If you have a Mega X-Key (or Action Replay) you can transfer the save games from the PC directly to the X-Key and then plug it in the unmodded box and transfer it to the hard drive.
• I booted the XBOX with my original Splinter Cell disk in the drive.
• After it loaded I went to Start Game, selected the profile "LINUX" and chose "Check Points".
• I was then presented with a replacement dashboard called Evolution-X (Evox).
• Within Evox I set up an IP address, subnet mask and default gateway for my XBOX (something suitable for your LAN).
• I saved the details, rebooted and went through the three steps (above) from booting with the original Splinter Cell again. At this point I had FTP access to my XBOX from my PC.

If you get this far successfully then you are now ready to install a dashboard exploit.

The Dashboard Exploits

There are basically two different types of dashboard exploit. The 'fonts' exploit replaces the XBOX fonts (see the Dashboard section above) with 'special' versions which exploit another security loophole and allow PBL to be loaded.

The second type is the audio exploit. This is triggered by copying a special audio track to your hard drive. When you try to use the standard dashboard function to copy this track it generates an error and PBL can be loaded. Again there are better technical explanations of how these work if you are interested.

There are many different versions and variations of both the fonts and audio exploits but they all function basically the same way. I recommend using an all-in-one package (see below).

Once installed, the fonts exploit is typically activated automatically every time you power on the box so you boot into a modified dashboard.

In contrast, with the audio exploit you boot to the standard MS dash and go through a sequence of 5 or 6 key presses in order to activate the exploit and load the PBL and the replacement dash.

So why would you choose the audio exploit? The reason is that the fonts exploit is occasionally prone to something called the clock loop problem. See here for details:

I suffered this problem and was only able to get out of it using the technique described by lugnut in the first page of the above thread. That is why I now use the audio exploit. Because this boots to an unmodded MS dash it is immune to the clock problem.

A third option called the double-dash exploit. See here for details.

This exploit is immune to the clock loop and does not require as many keypresses as the audio exploit. However it has a different problem which means that the XBOX reboots whenever you open the drive tray. If this issue can be resolved then this will be the best exploit solution.

The fourth and newest exploit is called the UDE (Ultimate Dasboard Exploit). This is a font-based exploit which is not subject to the clock loop problem. As such it is the best method devised so far and has very few con's. See here for details.

As the name suggests this is likely to be the best it can get and if your XBOX meets the requirements then this has to be the exploit of choice.

Signing

The question of signed code comes up again at this point. You need to install a version of PBL which is signed for the particular type of dashboard exploit you are using i.e. fonts or audio. There is a tool you can use to perform the signing BUT you should be able to find a dashboard exploit package containing PBL pre-signed for the type of exploit you are using. I never had to manually sign anything to get my soft-mod working.

Installing The Dashboard Exploit

I would suggest using the UDE exploit or if you want more flexibility I would recommend a package by mkjones which has its own thread here.

This installs both audio and font exploits and several different replacement dashboards and allows you to switch between them at will. This was the first package I installed.

My first issue was that this package requires that you have MS dash version 4920 and I had an earlier one. One of the main differences between the two versions was that my old dash stored the XBOX font and other files in the root of the C drive whereas the newer dash uses \font and other subdirectories.

Okay, so how did I update the dash? I simply used the 'Live' tab in the MS dash and kept following the instructions until it told me that my system was being updated. I think you may need to be connected to the internet for this to work (I was). After I did this I rebooted and my dash had been upgraded to 4920.

From then on it was a case of following the detailed instructions in the mkjones softmod package.

Versions

Most of the soft-mod methods require particular versions of dashboard and kernel to be on the XBOX. You can find out what version you have by going to the Settings screen on your box and selecting System Info. Once the text scrolls up you will see something like this:

K: 1.00.4817.1
D: 1.00.4920.1

In this example the kernel version is 4817 and dashboard is 4920.

How To Get The Files

To locate the relevant files you will need to use something called xbins. A tutorial on how to do this is contained here.

Updates

May-31-2004 - Added UDE details and link

Very neat tutorial... very clean and concise.

Agree, looks to be well written I only skimmed however

Well done, its great to see more people share knowlege around here, there are too many closed minds sometimes

Well don

very nicely done. thanks for helping out. hope to see it pinned.

One thing, this can be erased from going to the original dash and just delete everything that has to do with this right? Then you can go on live? Becuause I go on xbox live all the time and would like to try this out for a week or two before getting a modchip that I can just turn off for live. Sorry this might be a "noob" question buy I dont want to risk getting banned from live. I already have the save game hack on my memory card so it wouldnt be hard to do. Thanks

Alright thanks, Ill try it this weekend with splinter cell. Ill probably be back with a few questions.

Tutorial updated to include UDE.

Wondering if you can go on through to the backing up stages with UDE in a tutorial? I have been to the other post and no responds yet. Im trying to ftp to make a 1:1 backup of games. I have the UDE install and have 21 games that my son has not destroyed (YET) backed up on my pc hd with craxtons help. Now Im stuck. Whats next? Burn with nero? Signing? validating data? Please help.

Also am I going the right way? Is there a better way?

Please if anyone could write out or pm me for the next learning curve? Thank you for your time.

Jcupp114

Two suggested additions to the guide:
-"BIOS and PBL" section: PBL will NOT work with kernel version 5530 and above.
-"Dashboard Exploit" section: Audio hack only works with dash 4920. Link to another guide about how to downgrade to dash 4920 if they choose to use an Audio hack.

can you add into your tutorial which x-box versions cant be modded? or which kernels, er whatever its called...

i want to soft mod my xbox but i dont have access to a modded xbox so if som1 can upload the file and post it on the web it would be appreciated. Thanks

i have an action replay and ive found you can transfer from pc to xbox with action replay by applying the action replay card into the controller and accessing it from is there any need for the x-key if stated above works ?

If your AR lets you get a working hacked gamesave onto your box, then you dont need an x-key to softmod it eh.

Hmmm, this guide will be great help to me in the near future. Although I have one small problem, and I am not quite sure what the problem is but hopefully someone here can throw me a few pointers.

I just got the usb keyboard adapter in the mail today, so I loaded up the mechassult files on to my SanDisk cruzer mini 256mb, and pluged it into my controller. Here is where the problem lies, when I go into memory, the xbox just slows down. Since the screen has some kind of fading effect that is slowed down as well. Basically my xbox doesn't read the microdrive. I read a list of compatible usb drives, my microdrive was on the list, so either something is wrong with the drive, the list is wrong, or my xbox just won't read it.

Any help would be appreciated.

Just for reference:
MFG Date: 2002-04-19

So does this modding technique support adding a bigger harddrive and the ability to rip xbox games onto it?

I would assume it does, but we all know what assuming does...

Thanks in advance.

Sergg, The best way I've found to transfer files to my xbox is via a standard memory card. I bought a Mad Cats version for around $20. I was going to need one anyway, so I bought it.

How does one transfer games to his memory card from his PC? Well you plug your xbox controller into your PC with the memory card installed. Funny, you say? It is funny, but the xbox controller is detected as a USB device as is the card. With the drivers that come with the Action Replay software (free update), you're off to the races.

How does one connect his xbox controller to his PC? well, you gotta "hack" it together. Meaning take out your wire cutters and "hack" into the cables my friend. Then you mate a male USB connector to a hacked up xbox break away cable and then connect your controller to that. End Result: xbox controller & memory card plugged into PC via USB connector.

Here is a pic of how you wire it (notice the yellow wire goes nowhere). Good Luck.



P.S. The motivation behind this thread is great, but I think it should be updated to mention LTools as it would have saved me the agrivation of trying to install UDE by hand.

I have an Action Replay and am having troubles getting the -free-x-mechassault.rar- file onto the memory card, the software that AR uses to upload saved games gives me an error of -not a valid xbox saved game- am I doing something really wrong, thanks for the help.

timr524, yeah you really should check out LTools. The other thing is that the file you upload must be a ZIP file and not a RAR file. You also have to have the files located in special folders within the zip. There is a tut on that someplace around here.

http://forums.xbox-scene.com/index.php?showtopic=249145

i used the splinter cell pal exploit and AR i transferred the save across went to check point and got a green and black screen with foriegn writing on with a number 21 in the corner what am i doing wrong please please please someone help me

i was thinking of soft moding my xbox but i don't have a memery card, USB stick, Action Replay,ect.
Can I still do this by hotswaping or something
could someone plezz help

so basically, can i go on xbox live with my xbox modded like this, or not?
...

Quick question: Is there a list of which VERSIONS of the three games with exploits around? For instance, assuming the original versions of all games can be used, can the platinum hits version of each be used (007 and SC)? Here's my current understanding:

Can be used:

MA original - Yes
MA Platinum - No
MA Online (current) - No

007 original - Yes
007 Platinum - ???

SC original - Yes
SC Platinum - ???

Thanks in advance!

http://forums.xbox-scene.com/index.php?showtopic=253982

this is probably a stupid question, but can you still upgrade the HDD to say 200Gb and use XBMC with softmod?

Ya can u?????

sure why not?

SWEET!!!. And is it possible to mod an xbox w/ out a chip and w/ out a friend with a modded XBOX. Cuz no one would have a modded xbox in my area.

very good post... useful to thoughs just starting out.. or thoughs who are to old to remember what they had for breakfest....but... yeah .. HEHE good post mate

Maybe a dumb question, but why would anybody bother with modchips if you can just softmod your Box to the same effect?

(only reason I can think of is to able to switch it off for Live)...

how too download these :
ldots xboxhdm 1.9
ldots UDE package 1.4
ltools v1.7.5
Where is the usual place? is it thru mIRC, anybody can list out every singlae steps?

http://www.xbox-scene.com/articles/xbins.php learn to search.

how can i find out my xbox ip address

very good job.

So will this work with a v1.6 ntsc xbox?

Ok. SO I am a complete beginner. So far I have the MA savegame exploit on my xboxhd and i have an old version of the game. I am about to run evox but is it necessary to get a differnt dash? cant you just use evox to run burned games etc.? someone please explain before i ruin my xbox.
BTW i have a v1.6 K: 5838 D:5960

I have an xbox which would seem to be version 1.4 or 1.5 from its production date and bios & kernel versions, i attempted to softmod my xbox with the MA exploit, once i had copied the MA save game files to my xbox hdd via my pc with the hdd swap trick i then proceeded to load the game and install linux, unfortunatley my version of the xbox is read only on certain sections of the hdd (well thats one of the explainations i could think of), so i got an error when trying to install linux, now i am attempting to solder the 2 tsop points on my xbox mobo and using a friends modded xbox to place my hdd in to then use slayers auto installer to set my hdd back to factory defaults so it will be unprotected but still just like a standard xbox hdd, so i can then put the SC exploit onto my xbox hdd and run evox to gain ftp access, i will then get pbl so to emulate a bios temporarily and a replacement dash on there, doing all this with the audio exploit will enable me to have a hijacked yet modded xbox, then with this to make a more permenant modification i am going to flash the xecuter 4983 bios to my xbox directly then use slayers again to format my hdd but this time it will be my 200gb hdd and it will be constructed with appz, avalaunch dash and then i will start copying games over..

My questions are:

When i set the hdd back to factory defaults will my xbox read it as a normal hdd like b4 or will it reject it..?

Do i need to do the tsop points to write to the bios or will i be able to write to it with out soldering the tsop points...?

When i had an error installing linux primarily was it because my hdd has certain read only sections or was it another reason, if so what is the other reason

i have software on my xbox (Enigmah Videomode Switch) that changes the Xbox to output a NTSC signal, but the Xbox originally is a PAL box. What should i consider it as when i download the exploit?

Thanks in advance

Hi, I'm a noob and have a quick question... My friend and I did a software hack on my xbox version, K:1.00.4034.01 and the D is the same. My friend says you have to delete all you music if you are going to do an audio hack. I forgot to delete my music and I can boot up the bios through Mech Assult but when i try to install the audio hack I get an error. My friend says I messed up cause I didnt delete my music and that I will never be able to software hack my Xbox again.. Is he right. Please help out a noob. Thank you.

You don't need to delete the music, but its not a bad idea.. Already existing music won't alter the st.db like ripping new tracks does.. Make sure you know what key e:\linux.xbe needs to be signed with.. Most probably its the -audio key, but I think there are st.db's floating around that want a -habibi key. Oh, before you worry about anything I just said you will need to upgrade your dash to 4920. You can do this with most older Live enabled games like MA, SW/Tetris to name a couple with the right dash..

how would you find out what version dashboard you have?