Rebuilding flashable NAND image from linux dump32 NAND.BIN

[rjrusek]

I recently had the unfortunate luck of erasing my onboard nand.

I do have my 1BL.BIN, FUSES.TXT, and NAND.BIN that where generated under Gentoo using dump32.

I know that the nand.bin cannot be used by infectus to write to the nand.

I want to know what my options are.

Can I rebuild the nand image from the NAND.BIN that was generated using dump32 by adding ecc to it?

Can I download a 4532 nand image from some other console and inject my cpukey, fuses, etc?

Thank you,
Robert.

[Shaun]

hmm 'maybe'
I guess a nand from the SAME MB but with your kv transplanted should work.
As you have fuses i assume its a xenon.  Im not sure if you have to match your old cb version too as im not sure if the lockdown was only implemented in 1921 and beyond.
Assuming you get that far, then its just a case of remapping the bad block (if any) that your nand has, or the donor nand had.

[itsfakemon]

I recently had the unfortunate luck of erasing my onboard nand.

I do have my 1BL.BIN, FUSES.TXT, and NAND.BIN that where generated under Gentoo using dump32.

I know that the nand.bin cannot be used by infectus to write to the nand.

I want to know what my options are.

Can I rebuild the nand image from the NAND.BIN that was generated using dump32 by adding ecc to it?

Can I download a 4532 nand image from some other console and inject my cpukey, fuses, etc?

Thank you,
Robert.

...............eh?
you can very well flash it with infectus, unless it's a piece of shhit (I haven't used it in ages)
but it would very well work with xd card (basically regular nand)
it contains all the necessary ecc data, which is all that matters

just to make sure: you DO mean tmbincdump, right?

[Ell3X]

I guess a nand from the SAME MB but with your kv transplanted should work.

yeah and how do you encrypt the "nand" with other cpu-key

[Shaun]

you dont need to.  kv + hashes are derived from cpukey which he has.
i'm not sure exactly what features robinsods tool has for extracting / rebuilding kv from a dump. but with the correct key i belive it has the ability to do such (im happy to be wrong but was led to believe as such).

IF (as initial post is led to belive) you have a blank nand and only a nix backup. nothing to lose by calcing tthe whole nand ecc data and writing.  Worst case have to extract each section, then rebuild and prog - making note of any verify error indicating bad blocks which can be cut n pasted elsewhere in the dump in a hex editor

[rjrusek]

I recently had the unfortunate luck of erasing my onboard nand.

I do have my 1BL.BIN, FUSES.TXT, and NAND.BIN that where generated under Gentoo using dump32.

I know that the nand.bin cannot be used by infectus to write to the nand.

I want to know what my options are.

Can I rebuild the nand image from the NAND.BIN that was generated using dump32 by adding ecc to it?

Can I download a 4532 nand image from some other console and inject my cpukey, fuses, etc?

Thank you,
Robert.

...............eh?
you can very well flash it with infectus, unless it's a piece of shhit (I haven't used it in ages)
but it would very well work with xd card (basically regular nand)
it contains all the necessary ecc data, which is all that matters

just to make sure: you DO mean tmbincdump, right?

No, unfortunetly the dump was done before tmbincdump was available.  It is a dump32 dump without the ecc data.  That is the bigger problem.  The ecc would have to be regenerated since in its present form it cannot be read in with robinsods flash tool.

I found this thread but the program that does the ecc calculations is not there anymore.

[Tiros]

Inject your KV into a donor 1888 image, like that produced by the Degraded tool.
Then run the timing attack.

[rjrusek]

Inject your KV into a donor 1888 image, like that produced by the Degraded tool.
Then run the timing attack.

Why do I have to run the timing attack?  I already have the cpu key?  Please explain in more lament terms.

Thank you,
Robert.

[braza]

http://www.youtube.com/watch?v=fKXSACLBF8M

Press High resolution !

no time atack needed !

[rjrusek]

OK, looks like I can use up to 360_Flash_Tool.85 to be able to read in my NAND.BIN if I rename it to NAND.RAW.   I guess 360_Flash_Tool.86 > requires a file with ecc in it.

Sorry for being such a noob but what can I do with this tool?  I have extracted files such as CB.1903.bin, CD.1888.bin..xboxkrnl.1888, xboxkrnl.2528.exe, and xboxkrnl4532.

Can I use those file to build a new nand image?

Again sorry for the idiot noob questions.  I am just trying to unbrick my 360.

[Tiros]

Inject your KV into a donor 1888 image, like that produced by the Degraded tool.
Then run the timing attack.

Why do I have to run the timing attack?  I already have the cpu key?  Please explain in more lament terms.

Thank you,
Robert.

Without the ECC the FlashFS is hosed.

If you have the key, then just do like I said, cept load the resultant image into flash tool, then patch the headers.

Copy the encrypted Kv outa the ecc less nand. Add ecc to it.
Paste that into a complete 1888 donor image.
Run flashtool to fix up the headers.
That should do it

[rjrusek]

Inject your KV into a donor 1888 image, like that produced by the Degraded tool.
Then run the timing attack.

Why do I have to run the timing attack?  I already have the cpu key?  Please explain in more lament terms.

Thank you,
Robert.

Without the ECC the FlashFS is hosed.

If you have the key, then just do like I said, cept load the resultant image into flash tool, then patch the headers.

Copy the encrypted Kv outa the ecc less nand. Add ecc to it.
Paste that into a complete 1888 donor image.
Run flashtool to fix up the headers.
That should do it

I am sorry for being a noob at this.  I still do not quite understand of what you are saying to do?

I know how to extract the kv.bin out of my non ecc image.  Flashtool .85 will do it. Do you mean add ecc to the kv.bin or my non ecc nand image?  How do I add ecc?

How do I paste it into a 1888 donar image? What tool do I use to do this?  By donar image do you mean the 1888.fs that I can find at the usual places?  If you do mean the 1888.fs how do I make a "image" out of the 1888.fs?  The 1888.fs contains files.  I cannot use degrade tool since it will not read my original non ecc image.

Do I still need to do the actual time attack or since I have the key I can just flash the 1888 onto the onboard nand?  The time attack is used to get the 2BL, having the CPU key can I derive the 2BL?

Again, sorry for being such a noob.  I only started this a week ago and am trying to learn as much as I can through reading.

[Tiros]

Inject your KV into a donor 1888 image, like that produced by the Degraded tool.
Then run the timing attack.

Why do I have to run the timing attack?  I already have the cpu key?  Please explain in more lament terms.

Thank you,
Robert.

Without the ECC the FlashFS is hosed.

If you have the key, then just do like I said, cept load the resultant image into flash tool, then patch the headers.

Copy the encrypted Kv outa the ecc less nand. Add ecc to it.
Paste that into a complete 1888 donor image.
Run flashtool to fix up the headers.
That should do it

I am sorry for being a noob at this.  I still do not quite understand of what you are saying to do?

I know how to extract the kv.bin out of my non ecc image.  Flashtool .85 will do it. Do you mean add ecc to the kv.bin or my non ecc nand image?  How do I add ecc?

How do I paste it into a 1888 donar image? What tool do I use to do this?  By donar image do you mean the 1888.fs that I can find at the usual places?  If you do mean the 1888.fs how do I make a "image" out of the 1888.fs?  The 1888.fs contains files.  I cannot use degrade tool since it will not read my original non ecc image.

Do I still need to do the actual time attack or since I have the key I can just flash the 1888 onto the onboard nand?  The time attack is used to get the 2BL, having the CPU key can I derive the 2BL?

Again, sorry for being such a noob.  I only started this a week ago and am trying to learn as much as I can through reading.

You use a hex editor to clip out the kv from your ecc less dump.
You add ecc to that. This increases the file size.
You then take a complete nand image, I dont know where you will get it, and cut out the kv (w/ecc) again with a hex editor.
Then paste the kv to which youve added the ecc to in the exact same spot where you cut from the complete image.
Load this hexedited image into flashtool.
Patch the headers, save, flash, boot

[rjrusek]

Inject your KV into a donor 1888 image, like that produced by the Degraded tool.
Then run the timing attack.

Why do I have to run the timing attack?  I already have the cpu key?  Please explain in more lament terms.

Thank you,
Robert.

Without the ECC the FlashFS is hosed.

If you have the key, then just do like I said, cept load the resultant image into flash tool, then patch the headers.

Copy the encrypted Kv outa the ecc less nand. Add ecc to it.
Paste that into a complete 1888 donor image.
Run flashtool to fix up the headers.
That should do it

I am sorry for being a noob at this.  I still do not quite understand of what you are saying to do?

I know how to extract the kv.bin out of my non ecc image.  Flashtool .85 will do it. Do you mean add ecc to the kv.bin or my non ecc nand image?  How do I add ecc?

How do I paste it into a 1888 donar image? What tool do I use to do this?  By donar image do you mean the 1888.fs that I can find at the usual places?  If you do mean the 1888.fs how do I make a "image" out of the 1888.fs?  The 1888.fs contains files.  I cannot use degrade tool since it will not read my original non ecc image.

Do I still need to do the actual time attack or since I have the key I can just flash the 1888 onto the onboard nand?  The time attack is used to get the 2BL, having the CPU key can I derive the 2BL?

Again, sorry for being such a noob.  I only started this a week ago and am trying to learn as much as I can through reading.

You use a hex editor to clip out the kv from your ecc less dump.
You add ecc to that. This increases the file size.
You then take a complete nand image, I dont know where you will get it, and cut out the kv (w/ecc) again with a hex editor.
Then paste the kv to which youve added the ecc to in the exact same spot where you cut from the complete image.
Load this hexedited image into flashtool.
Patch the headers, save, flash, boot

Thank you, that is much clearer..

Can I do the following:

1. Use Infectus to read the current nand of my other working xbox360 that has the latest dash on it.
2. Once I get a good dump of the working xbox360 nand use it with the degrade tool using cpu key from the broken xbox
3. Inject broken xbox KV into the 1888 image
4. Fix headers using flashtool.
5. Flash broken xbox and hopefully boot

Thank you,
Rob.

[.ISO]

http://www.youtube.com/watch?v=fKXSACLBF8M

Press High resolution !

no time atack needed !

WRONG!
Timing attack IS needed, the firmware is writted to the XD card aftward