Free60 JTAG/SMC XeLL Hack for Jasper-256/512mb Motherboards Posted by XanTium | November 15 19:35 EST | News Category: Xbox360

This was actually released last week already, but with all the BAN news we kinda missed it (but we're still the first site to report about it ;)) ... so here it is :) After the release of the hack for Xenon, Falcon/Opus, Zephyr and Jasper-16mb motherboards, here's the Free60 JTAG/SMC XeLL Hack for Jasper (v4) motherboards with 256 and 512mb NAND chips. This NAND image will boot your Xbox360 right into XeLL, which allows you to launch linux distros or run libxenon homebrew software, as long as you never upgraded it via the normal MS upgrade procedures to kernel 849x or higher. From the readme/nfo: [QUOTE] Finally the Jasper JTAG Hack is here :) This is XELL (Redline99's XeLL) inserted into 6723 Jasper-Kernel. Don't wonder about the Filesize, its correct like that. It just flashes the beginning of the NAND so your console specific data like MAC adress will stay. Of course you should have a working backup of your NAND before you proceed. *** NOTE *** It's for the Large Block Jaspers, 256MB and 512MB ;) [/QUOTE] Someone also sent us this nice diagram made by Sandungas about how to wire the JTAG hack and SPI (for NAND reading/writing via LTP with nandpro) on Falcon/Zephyr/Jasper motherboards. *Update* Latest version of the diagram made by Sandungas on the free60 wiki. Download: n/a (contains MS code) News-Source: xbins.org

w00t!

all i need now is a rebooter for the jasper and i can start to play games again

holy crap, does this mean we can read the nand on the Jaspers?

this is great news....
now is there any way to write code to the nand, not just reflash?

do we still need a second nand to get unbanned?

either way, great news.

As usual it looks like you guys are READING what you WANT TO SEE and missing out the important part

which is


This NAND image will boot your Xbox360 right into XeLL, which allows you to launch linux distros or run libxenon homebrew software, as long as you never upgraded it via the normal MS upgrade procedures to kernel 849x or higher.


Now think if you got banned you have the latest dash so no you cannot use this to get unbanned

.........


YET!

What if you have the cygnos v2.0?

Could you play offline/Linux with one Nand & online/latest kernal with other Nand?
I doubt it otherwise it would be mentioned more...

Maybe one day

no. (1bl update disables the smc hack)

this was on xbins about a week ago.

Edit:

This is only possible on consoles that haven't been on live since 8-10-09, where manufactured before 6-19-09 and have pre 849x dash.

This hack isn't working on new motherboards, where base CB is locked to 6750!

I did the wiring diagram, and this one was not finished

The finished one is this
http://www.free60.org/images/e/e9/SPI_%26_...s-jasper%29.png
*uploaded in free60 wiki

Does this mean , assuming we havent upgraded the kernel, we will be able to retrieve the dvd key, even if it has an unmoddable liteon?

Hi,

I have a brand new Arcade Jasper (manufacture date 2009-08-08) with dashboard version 2.0.7363. The internal memory is 322MB(512?). Do I have anything to worry about? Is my arcade hackable with this JTAG hack? Is my motherboard compatible? Thanks for your help

The SPI is fully compatible with all motherboard models (same solder points in all motherborads)
The JTAG hack is "blocked" in new manufactured motherboards (blocked at the bootloader level)

To be sure what bootloader do you have... you can make a dump of your nand with SPI... and later, open this dump in "360 flash tool"
360 flash tool can show you info of the dump contents (Cx sections) even without your CPU-key
360 flash tool actually cant open jasper nand dumps, but if im not wrong... a new version is in development

If your bootloader works with the JTAG hack... then you can write the hacked_jasper_nand_image.bin (or whatever) in your nand to retrieve your CPU-key (and other efuse security data)

May I ask:

If I only wanted to back up/write to my NAND chip data, would I only need to wire up the SPI part? And to clarify, if I did not want to Xell hack it, would I still be able to retrieve the data on my NAND chip with the lastest NXE update? I would like to back up my NAND before I actually get banned. I don't want to be HDD crippled.

Would the JTAG wiring only be necessary for the Xell hack?

Are these the correct procedures?
1) Wire up the SPI section.
2) Connect parallel cable to PC with PortIO and NandPro
3) nandpro lpt: -r256 nand.bin (read: assuming I had the 256mb chip)
4) nandpro lpt: -w256 nand.bin (write back the read data IF I am banned)

let me know if I'm forgetting something or got the command wrong.

Thanks in advance!

its so hard to do this hack

I want to get involved in the 360 homebrew scene (for now I just need to get my feet wet). I'm working on acquiring some older, non-updated boxes to use for homebrew once the scene's efforts reach fruition, so I'll have the hardware for anything related to 360 homebrew.

While I'm quite quick in picking up things when it comes to technology, I'm having issues finding where to start in this area as hardware hasn't been my expertise in the past. I'm slowly working my way through the Free60 wiki pages (JTAG info and such), but I'm not sure if I'm missing anything along the way or if there are any other resources that would be useful to me.

Any advice?

I second that. I'm also very interested to the modding world. Keep me updated! If anyone is interested or already developing firmwares/homebrews and need a hand, let me know. I have some software devevelopemnt experience and can lend a hand. I'm also looking towards knowing more about hardware.

Darn it, just need that Killer App. XBMC360....where art thou? Where are all the legends from Xbox1 days like xport, the avalaunch team, evox, etc etc. Lets do this!

so,
unless unban the xb,
what it for?

Iam getting conflicting images for the falcon board,the original post here

http://www.xbox-scene.com/xbox1data/sep/Ek...kpyLkykckSS.php

shows the following wire setup

SMC-JTAG Hack Wiring
DB1F1 ---|<|--- J2D2.1
RFUnit 2nd row, 2nd Pin ---|<|---- J2D2.2
J2D2.4 --------- J2D2.7

but the wiring in this post shows that the j2d2.2 pin goes to the underside of the board not the front of the 360 by the rod lights. As well as the jdd2.1 ping goes differnetly as well.

I think iam just a bit confused as to what to go by, so just to confirm, if I have a falcon motherboard, I can use all the points on this posts , including lpt pins and all not just the jtag area and all will work?

Any help would be appreciated as to which guide for a falcon to go by, this post seems to make sense but I need to confirm before I actually roll this out.

Thanks

-- Me

Does anyone have the diagram to wire a USB Nand Dumper as my computer does not have an LPT port?

Yes, that's it. I'd suggest reading it twice and comparing dumps to ensure you have a good dump of it. If you can't get a good dump, you may want a USB SPI flasher, then (much faster).


Check this tutorial out.

Some technical jargon @ xbh

How is it MS can rewrite the nand over an internet connection but we can't using same method / hardware?

Since the manufacture date of my arcade is 8-8-09, does that mean that the JTAG hack for me is not possible due to the motherboard? My dashboard is pre-849x. I don't want to open my system if I can't run the JTAG hack. Any help?

There are several solder points you can use, the best ones are on the bottom, but require you to fully disassemble your 360. If you can solder pretty good, then use only the topside points.
2 are inside your xbox and 1 is on the rol board outside.

I used this diagram:
http://pictures.xbox-scene.com/xbox360/free60/diagram.jpg



Pieces needed:
Olimex LPC-H2148
http://www.sparkfun.com/commerce/product_i...products_id=676

LPC Serial Port Programmer
http://www.sparkfun.com/commerce/product_i...products_id=714

Maybe usb and serial cables if you dont already have them.

wiring the lpc programmer to the lpc-h2148 to flash the .hex file included with nandpro 2.0b:
http://img188.imageshack.us/img188/2601/lc...2shiftersmd.jpg

wiring to the 360 to read the nand:
http://img10.imageshack.us/img10/1839/lpc2148.jpg

This dumped my 512mb jasper nand in about 60 minutes.



Microsoft updated the CB on new consoles to 6750 and that means no jtag hack. If you want to know for sure you have to open it up, but 99% chance you cant use the jtag hack on that 360 (yet).

sweet! man I have been waiting for this since i first heard about the jtag hack. Time for me to start researching. But maybe someone could give a helping hand. So from just keeping up with news I remember that there was something called freeboot that would load xell then reboot into the summer 09 update. Not sure how that works.
So here is my question. I have a jasper 256MB nand board. I want to install xell on it, but I also want to be able to install new dash's so i can play the new games. I think that this is what freeboot can achieve. What do I need to be able to do this? Do I need to buy additional hardware?
I'm not interested in LIVE, I never use it, but I would like to be able to dual boot xell and the official dash.
Can't wait to get cracking at this.
Thanks

Freeboot exists, but does not work on jasper consoles yet.

They are still working on it, but on xenon and falcon consoles it is running nicely.
And yes, it will give you this dual boot option

So far freeboot requires the cygnos chip because you need to install 2 dashboards and that wont fit on one 16mb nand chip.
But I think 256/512mb nand jasper owners wont need to worry, there is plenty of space on the nand for another dashboard, so i suggest not buying the cygnos chip.

Your best option is to just wait, or install the jtag exploit and then wait
Also i cannot run any homebrew except linux at the moment on my jasper console
Something to do with libxenon not supporting the jasper video chipset yet.

Real modding, not that cheap FW stuff.
Lucky for me, I may have a box eligible for this hack, I just need the junk that will allow me to do it.

lenselijertje

The wiring diagram for the usb interface that you posted, was that not points only for the Xenon board? I thought the points were different on Jasper?

On the jaspers we can boot xell on, wouldn't this allow us to get the dvd keys for the new drives out there that we cant read? if so has anyone tried it yet ?

I did the same thing with an opus that came back from repair. It worked for me but I used a spare drive. I didn't want to flash the new liteon.

smc points are the same for all consoles, only jtag is a little bit different for xenon.

dont use the 330ohm resistors at all anymore for any console, every motherboard version can use the safer diodes now to activate the jtag exploit.

and yes, you can read out the key and replace the new liteon drive with an old drive, but all new motherboards have this jtag hack disabled

wouldn't the newer unexploitable kernal revisions come preloaded on these newer boards

This is partially true, but you can also use freeboot with an xD card, and (if I'm not mistaken) a 2nd nand (ie: desoldered from another 360, and a switch).



There's no point to replacing the drive with an older drive - the new ones can be flashed just fine.

Actually for 256/512 NAND complete extraction, the SPI mode takes really too much time!
If you want to read/write your full nand in reasonable time, you better consider the usb.

BORING!!!!!, sum1 let me know when theres a decent custom dash, be able to load iso,s from hard drive then i mite get a twich in me pants!!!!!!

Ok. We'll let you know

I got a new Jasper from Argos maufactured in April 2009. I should be ok shouldnt I?

Are you talking about the 94xxx drives?

are u bein serious??? LOL n00b go do sum reading

Thanks for answering his question so thoughtfully.

It was a legitimate question. All I've heard is that the new LiteOns can't be dumped. I myself haven't heard of anyone flashing them (or if it's possible), so I'm wondering the same thing myself. If they can't be dumped but can be flashed, that'd be something I haven't yet heard and quite good news.

Does anybody have a concrete answer for this question?

Yo guys, ive recently purchased the mw2 bundle, can u tell me if its got the exploitable kernel?

NO they cant be, according to the team who makes the FW, theyve had the fw for the drives for over a month, BUT up to now theres no way us norm users can extract the key, and untill theres away to get the key, the fw will not be released!!!! (think aboot it, why rls fw for a drive if no key extraction is avalible)

nick999, we were referring to extracting the key from the motherboard, not the DVD-ROM drive. \

I'm well aware that right now there is no known way that the new LiteOns can't dump their keys in a way we can access them--which makes access the key virtually impossible for most people who flash their drives--but that doesn't mean we have no access to the keys. If you can get the key, you can flash any DVD-ROM to use that key and be accepted by the motherboard as a legitimate drive. (That's not to say that MS can't see this spoof. Xbox Live checks don't fall into my area of expertise.)

We might be getting off-topic here, so I'll stop referencing this question until someone can give me an informed answer on this.

Yeah, modding liek totally sux unless it lets you pirate game$!

I hope its true that a Cygnos is not needed on 256MB/512MB Jaspers.

chances are if you got the new liteon that cant be flashed, then you got a mobo that blocks the jtag...correct?



check the manufacturing date: and if that dont help you then your gonna have to try to dump and see...
as long as you dont have a new xbox than 7371 and below is fine..

What is the size of this NAND?

hynix
HY27US08281A

edit: With a bit of research, I found out it's the 16MB(128Mb) NAND chip. Correct me if I'm wrong.

Yes! It has finally happened!

if i have updated as of earlier this month is there any chance i can use this with the Cygnos360?
http://www.se7ensins.com/forums/xbox-360-d...tom-kernel.html
i know this is for those who have not updated but this must mean it is possible for me to dump my nad as well.
i am willing to buy whatever it takes to dump. any suggestions?

Can I flash a NAND dump from a devkit to a retail Jasper?