The copper one will be better surely !  Copper > Aluminium in terms of thermodynamic properties.
Sure the gpu seatsink with copper heatpipe is better than one without but the newer cpu heatsink which is purely aluminium would not be as good as the older one.
MS just used cheaper components with smaller cpu die as it didnt generate as much heat so didnt need the better more expensive copper in it

its stored in the header of CB and yes if cpukey is known can be altered at will by recalcing cb header. if non slim console then nand flasher will do it

there are plenty of ways but you are effectively after a diy logic analyser thats can measure pretty damn quick pulses.  However you choose to obtain this is debatable

The only thing which has changed for you is the fact you can now get the cpukey via glitch method.  Once obtained this will allow you update the rest of the files which had been corrupted - however, flashtool or something similar needs updating to reflect the newer security measures in place on newer dashboards and filesystem required to rebuild the files and hashes

If you have a fat xbox, then run glitch, get cpukey, load dump in flashtool and increment ldv values.
For slims and possibly refurb with newer jaspers, flashtool or a diff sw needs to be updated to work with other security files (didnt know the ldv was embedded in files too - thanks cory )

i thought you had a backup of 12xxx ? If so use your cpukey with that and increment the ldv values to make it work using flashtool

If you have a spare drive, then it should open and close regardless of matched key etc which will indicate if the drive or the MB is faulty. If you are saying you have tried 2 x drives and it still doesnt work then I guess the MB is faulty.  Check voltages on power supply 1st else could be fried sata controller

it shoudl be salvagable yes. Holy grail to sort would be your cpukey. Run hack, obtain cpukey, then you should be able to rebuild the nand

I got hold of a spare Falcon to play with and the feed into Q3M1 was identical - swapped that and voila ! Seems I had swapped it already for a faulty component !!!
For ref - the 'on' voltage to Q3M1 is # 1V (i didnt check how it changes with temp increase)

Nice 1st post - done

Hmm anyone with some knowledge of what should be happening at Q3M1 ? It looks as though its fed from Q3M2 via a pull up resistor r3m9 with d3a1 involved somewhere too ?
Any idea what voltage q3m2 should supply to make q3m1 operate ?
Also, southbridge must feed the whole lot ultimately.

E74 was GPU, it got reballed and went away USB was a transistor, just tracing the elusive fans now !

hmm thanks.  The system booted fine until i changed some settings and then became e74 so i dont think it a hardware issue causing it. will check resistor though !

Have a falcon mb which has had cpu swapped and reballed to a different mb, nand has been copied and jtag applied.  Only issue is, setings were changed and now it shows e74 but xell loads fine.
Not sure if a reg has gone down or whether config is corrupt.  Fans could definitely be config related but not sure whether 5v should eb 'up' as soon as the system is up ?  None of the usb have power however the rf board takes 5v there so am not sure how the system starts up ?  Any advice ?
System is XBR3 currently, need to check with a newer xell flashed from dvd which seems to work nps

From what I understand the GPU JTAG is limited in what it can talk to in both address space and privilege.
Also, the CPU JTAG is disabled by efuse in the manufacturing process, hence why it was never utilised.

The 1D etc is the POST port which the timing attack uses. At each stage in 1BL and 2BL (to a certain point) each 'stage' of bootup a 'value' (read 8 bits which when converted to a byte yield a value ie 1D) is outputted.
The timing attack concentrated on the hash check of the CB header.  The cpu was running slow enough for cheap electronics to measure the differences as each byte was checked sequentially.  This worked as the header was hashed and stored the LDV values which we were changing which are meant to be calculated with the CPU key amongst other data.
IIRC from the 1BL, The signature of CB is checked, then Hash check, then decrypted to mem, then CB revocation (2nd fuseline).
The timing attack was fixed by altering the byte check of the hash to a word check, but again this would only affect very old CB which are vulnerable to jtag anyway.

My 'theory' would be a hacked custom CB which contains no check of further components down (3BL 4BL etc) and no fuseline checks meaning it would run on any HW.
This however would not be signed so would fail the sig check.  IF this could be defeated, then you could 'own' the machine from CB execution.
Im trying to rem how the timing attack was defeated as it was patched by an updated CB, meaning the hash check of CB must be ran from CB itself, not 1BL as this was not changed (and cant be).

RE LA, you are concentrating on POST port so 8 bit.  Without going back through the TA thread but Gerimia did the early testing with results of numbers

Im sure I rambled about this in the other thread.
Key points.
1) Glitching would need to be repeated every boot and is notoriuosly variable. Could take 3s to 3 min each time you powered up
2) Voltage and Clock glitching are both available (and afaik both viable on the 360 regardless of PLL, voltage lines may need to eb isolated however as its only the cpu - or at least part of it- your interested in)
3) May as well aim for the stars and attack CB sig check. IF you beat it, you allow an unsigned CB to run which you could modify to boot on any console, this happens VERY early in 1BL which checks 2BL (CB) and outputs to POST

lol you dont ask much do you. if you messed with the pot then the laser is most probably screws which would be your cheapest method of fixing.
the samsung guide was because it was the 'normal' spin off to the xbox1 equivalent so an easier fudge, hence why correct firmware exists for it.
you can fit any ide drive in (kinda) and it will work but it will never read an original disc as the game partition will never be unlocked.  You will not get a modified firmware for any other drive unless you are willing to write one yourself.
Plus, with a normal drive, the eject line was inverted compared to the standard drive which is why the motor had to be reorientated.
For ease, fit a new laser or get a new drive for easier, oh and you wont get xbox live on an xbox1 anymore - that went a year or so ago

Dear god, ive not read this thread for quite some time, but hopefully the new method should prevent the pcb graveyard of people destroying tracks like this.
If you do screw up a track or via, at least use thin wire (kynar is great) and keep the exposed wire at the ends to a minimum for smd components !

CORRECT