NandPro: LPT and USB nand flash programmer with only 7 wires

[dtrmad2004]

Sorry for the triple posts.

I am getting this error

Testing LPT device address:0378
Using LPT device at address:0378
FlashConfig:01198010
Starting Block:0x000000
Ending   Block:0x0003FF
Error: 258 reading block 3DE
Error: 258 reading block 3FF

[utar]

Do you get the exact same errors on each read?  If so perhaps those are just bad blocks in the nand.

Only guessing though,  I'm planning on attempting myself this weekend.


Utar

[tmbinc]

those single 0x258 errors should be nothing to worry about.

[sandungas]

Great stuff tiros & tmbinc

I have a xenon that gets bricked while swapping nands (between board nand and a XD card).. Im not sure, but i think the board nand contents is corrupted (i dont remember the error number.. maybe 079 the screen shows an error number + 3LOD)
But thanks to tmbincdump i have a valid dump made previously from KK exploit + linux

My question is:
¿there is needed the "bridge" with 330 ohm resistors between J1F1 and J2D2 for write/read capabilities?

[Arakon]

the 330 ohm resistors are ONLY needed for the exploit, not for flashing or dumping.

[dave_birdi]

How do I go about extracting the CPU key with the xell flash installation? I'm attempting to decrypt my original nand dump and extract drive key. If I'm succesful with this I could potentially breath life into 3 bricked consoles...:s This is all very exciting. I may even be tempted to buy up bricked consoles.

[tmbinc]

right, and once they have a valid flashed dvd-drive, update them, and sell them. That's how it works.

[utar]

Hoax: My understanding is that you can use last summer's NXE but if you update to the latest NXE you will no longer be able to use the hack, even if you have your CPU key.


Utar

[logi]

oh no.. this cant be for real.

WITH diode (PH4148) i get flash config 12000.. without i won't (but then i never get an identical dump)

edit: diode needs to be at the xbox board side of the lpt cable. so don't put it into the connector. worked for me.

[Hoax]

Hoax: My understanding is that you can use last summer's NXE but if you update to the latest NXE you will no longer be able to use the hack, even if you have your CPU key.


Utar

I know.. My question was if I am able to restore my dump to use the box as before.. this box isn't online so no 849x update needed for me just wanted to know if its possible to restore my dump.

One other question.. When I solder the points to dump my nand (without the 3 exploit points).. am i still able to play with the box (will the box boot without any issues?) And how is it after soldering the 3 330 ohm resistors too ? still be able to play via nxe (when R6T3 not removed)

thanks

[Arakon]

should still work fine. I've been able to use the console with an older dash at least just fine with the resistors in place.

[l_oliveira]

It's nice how you can just mount the whole DB25 connector with short piece of cable and hide it behind the DVD drive as there's enough room there.
Then you close the console and nobody can tell there's a cable with a connector for SPI flashing in it.
Also I like how it switches to "factory mode" when you hook the connector to the printer port.

Worked on 1st attempt for me.

[DarkstarTM]

I just dumped a Jasper board with 16 MB flash (Elite Box) via LPT on a Thinkpad T61 with dock and I _think_ it worked fine because

- I got no error messages
- I dumped 3 times and got 3 times the same file
- The file content looks sane (Copyright message)
- My wiring is pretty solid (level converter, connectors, etc).

However, if I try to open the dump with the Flash Dump Tool 0.88, I get "Can't read file".

Any Idea what the problem could be?

Try SPP, or ECP.
The ports are searched for controller on 378, 278, 3bc

Try with this LPT modes (in the PC bios config), and compare the resulting dumps

It doesn't matter if I set SPP, EPP or ECP - I always get the same file.
My flashconfig is 0x00023010 which is wrong according to Tiros. 

I will probably try another PC and another xbox now.

Update: When I dump a Xenon Flash, the flashconfig is 0x1198010. I am using the same hardware as I did when dumping the Jasper.

Update II: The Xenon dump is good and I can open it with the Flash Tool. Did anyone else try to open a dump from a Jasper Box with the Flash Tool?

Update III: Xell is running on the Xenon. Cool! 

Update IV: I can dump a Falcon and open it with the Flash Tool, too.

[Lethal435]

hi guys i looked on radioshack.com for all the stuff needed

which one of these can i use out of these 3 resistors can i use?
http://www.radioshack.com/search/index.jsp?kwCatId=&kw=330%20ohm%20resistors&origkw=330%20ohm%20resistors&sr=1

and is this the right Diode?

http://www.radioshack.com/product/index.jsp?productId=2062576

and i'm assuming this is what i need 25 pin D-Sub Connector
http://www.radioshack.com/product/index.jsp?productId=2103239&clickid=cart

i am thankful for all your work guys thanks for the help

[Arakon]

any of them will work. standard is the top one, 1/4W.
the others should be ok, although wait for tiros to confirm the diode type.

[rotoku]

any of them will work. standard is the top one, 1/4W.
the others should be ok, although wait for tiros to confirm the diode type.

I used the same 4148 as represented on the picture. Even if they happened not to be the good type ones at least it worked transparently for me. I didn't try without the diode though.

[rotoku]

i just tried again to confirm this, so:

with 1N914/4148 = OK
W/o 1N914/4148=  KO

for what is the diode needed ?

Considering the way it is soldered on the blueprint i assume it is meant to only allow signal/current IN the pin 11 of pc's lpt port and nothing from said pin 11 to the gpios.

[logi]

well, this is my setup FOR READING THE NAND (not doing all the other stuff, which is available for xenon only), which is quite naughty, but it works fine so far.

http://img44.imageshack.us/gal.php?g=kaltw.jpg

it's a zephyr and i didn't use any resistors at all, but soldered everything at the bottom side (except gnd) and cutted the pins really short, so nothing will touch the case.

instead of j1d2.6 i use a screwhole as GND (thx tmbinc), because i messed j1d2.6 up and in addition, it's way more comfortable do it that way

moreover i used winxp 32bit and all in all a quite old computer... normal mode bi-directional mode

cheers,
kote

edit: opening with 360 flash tool doesn't work properly so far.. got to do some other dumps.. but at least it doesn't display any errors.

edit2: normal mode didnt work 100% properly... bi-directional did it

finally a diode (PH4148) soldered on the board solved the problem. lpt mode doesn't seem to matter.

[Hoax]

If I understood you right this is optional for lpt? Can anyone confirm this ?


Heres another thing I was wondering about: If I load my dump into the Flash Tool, theres an option to patch the consoles region by patching the KV. Will this work correctly? Am I able to i.ex. change the region from EU to US and restore the dump onto the NAND ?

Sorry for some noobish questions

[logi]

"If I understood you right this is optional? Can anyone confirm this ?"

yup, it's optional, but for many people it doesn't work without a diode.