xb360 jtag exploit - Discussion

[jz_5_3]

I guess, the patched smc from xbin may not be used with build.py, or you have to change some addresses in build.py (e.g. DMA target address) to match with the patched smc. otherwise, you have to code your own smc.

[B1N4RY]

By the way, the hacked SMC for xenon is the file xenon_hack.bin, correct?

[jz_5_3]

xenon_hack.bin is the image ready to be flashed. hacked SMC is encrypted inside xenon_hack.bin. you can take it out and decrypted it and then compare with the original SMC code. they have differences in a few places. I have not taken time to see the details.

[jester]

xenon_hack.bin is the image ready to be flashed. hacked SMC is encrypted inside xenon_hack.bin. you can take it out and decrypted it and then compare with the original SMC code. they have differences in a few places. I have not taken time to see the details.

That's what I thought, I provided it to Iriez to put on xbins, and was a little confused about this since I had no time to test, and we wanted to get it on xbins asap, but thank you for clearing this up, hopefully I will get a readme put in the zip so this doesn't happen again.

[B1N4RY]

I know this question is stupid, but I cannot simply take that image and flash it to my Xbox, correct?
Also, does anyone have the CPU key to decrypt the image?

[jester]

I know this question is stupid, but I cannot simply take that image and flash it to my Xbox, correct?
Also, does anyone have the CPU key to decrypt the image?

You don't need to decrypt the image, and yes you can just flash that image to a Xenon and be done with it.
Do NOT attempt it on another hardware revision!

[B1N4RY]

yes you can just flash that image to a Xenon and be done with it.

Holy $#!t be right back!

[ddxcb]

how about a xenon with ben repair by ms ?

[jester]

how about a xenon with ben repair by ms ?

Have you updated to Summer '09 (kernel 8498)?

[ddxcb]

how about a xenon with ben repair by ms ?

Have you updated to Summer '09 (kernel 8498)?

nope i have not update my 2 xbox to that its 7***

[garry_b]

So now the main question how does one flash this image to the 360 like whAt kind of hardware is needed.thanks

[SeventhSon]

So now the main question how does one flash this image to the 360 like whAt kind of hardware is needed.thanks

It's all been written by tmbinc before.

Main options: infectus, external NAND programmer, linux software flasher (if you can already run code) or a soon to be released free60 project that can flash via SB SPI.

Required hardware is 3 x resistors.

[madmalkav]

Can we use the XD Mod? I think so, but please confirm. In that case, is there any way to write the image to the XD card directly from the PC? I assume we need the image to be written in RAW format in the card or something like that.

[Straßenkampf]

With tux

Code:

dd if=/path/to/kernel.bin of=/dev/sdx

should work.

[jacksback]

Can we use the XD Mod? I think so, but please confirm. In that case, is there any way to write the image to the XD card directly from the PC? I assume we need the image to be written in RAW format in the card or something like that.

There is a wealth of information in this thread --> http://www.xboxhacker.net/index.php?topic=7683.0

Including diagrams, hardware, drivers, and the software to flash the card

[B1N4RY]

Required hardware is 3 x resistors.

Other than the resistors connecting three SB GPIO to the CPU Header, are there three more to solder if you want to use the JTAG flashing method?

[SeventhSon]

madmalkav, yes xD card setup will work fine for the hack.

Required hardware is 3 x resistors.

Other than the resistors connecting three SB GPIO to the CPU Header, are there three more to solder if you want to use the JTAG flashing method?

It's not JTAG flashing, it will use South Bridge SPI interface. I don't know anything about what free60 have lined up for this, but you can make various assumptions from tmbinc's comments in the "serious ideas for exploiting withoput KK" thread. I.E. you can access the flash regs (except DMA target, of course) via SB SPI. You will obviously need to solder some connections on the 360 mainboard for this, but nothing too hard I wouldn't have thought. Signal levels will be an issue too, but not a big one I'm sure. It all depends on the details, which I don't have.

Again, I don't know anything about the upcoming flashing solution tmbinc mentioned. I'm guessing here

[garry_b]

When i saidhardware what i meant was noob friendly harware just the dvd hacks are almodt noob friendly

[jacksback]

When i saidhardware what i meant was noob friendly harware just the dvd hacks are almodt noob friendly

Maybe read up on the Cygnos360 PCB. You're required to have some soldering skills but their installation manual is descriptive and fairly easy to follow.

http://www.cygnos360.com/Downloads/installationmanual.pdf

[SeventhSon]

When i saidhardware what i meant was noob friendly harware just the dvd hacks are almodt noob friendly

The most noob friendly (boooring *yawn*) hardware implementation will be the SPI programmer (not yet released) to flash the NAND and the 3 resistors to allow SMC to handle the JTAG part.

As far as I can see.