USB SPI Flasher with PIC18F2455 - now with source and binaries

[mushy408]

Hello!
i am register on this form because i want built an usb spi flasher!
but i've some questions:
 1) does it woks with any xbox and any kernel or dashboard?
 2)with this flasher, can i obtain the cpukey and dvd key from nand(for unban my 360)?
Thanks

You can only get your cpu key if you have an exploitable kernel. Please go back to the first page and read, or use the search

[furqan]

Hello!
i am register on this form because i want built an usb spi flasher!
but i've some questions:
 1) does it woks with any xbox and any kernel or dashboard?
 2)with this flasher, can i obtain the cpukey and dvd key from nand(for unban my 360)?
Thanks

You can only get your cpu key if you have an exploitable kernel. Please go back to the first page and read, or use the search

Thanks for reply! i've update the dash to  2.0.12611.0 so is possible to get cpu key or dvd key with this programmer?

[Arakon]

No.

[southflyer]

If I am using a 9199 and i Cut the traces comming out of R6T3 could i use the usb spi flash to find the cpu key and then downgrade to a jtagable kernel?

[thon0925]

Considering R6T3 just completes the circuit that provides power to burn eFuses and cutting the traces leading to it won't automagically give you your CPU key, no, you are stuck with a non-exploitable dash. A simple search would have shown this...

[southflyer]

I am sorry i poorly frased that question. could i use the usb spi flasher to read my nand to get my cpu key. if im not allowing the system to distroy the efuses could i then theoredically read my cpu key from my computer?

[Arakon]

No, for the 50th time. You can NOT get the cpu key without having an exploitable console in the first place. The cpu key is, as the name says, on the CPU, NOT in the nand at all.

[southflyer]

OK thank you for the clarification i have found a neighbor with an old busted box ill start fixing that.

[thon0925]

Not to mention that you can't downgrade even with the CPU key... once eFuses are burnt, they're done, removing R6T3 is just a measure to prevent the fuses being burnt in the first place.

[southflyer]

Ok So even if i were to remove the  R6T3 first i couldnt stop the Efuses from being burned out?

[thon0925]

Do you understand how eFuses work? They are fuses located inside of the CPU dye that can be blown using software commands.The 8xxx dash or higher will update some stages of the bootloader and prevent the JTAG hack from being ran. It also will permanently blow eFuses that prevent older, exploitable versions of the bootloader from being ran. Removing R6T3 will break the circuit that provides the power for the CPU to burn the fuses, which will only be helpful if you are on an exploitable/exploited dash (or if you wanted to stay on your current dash in the hopes for a new exploit). It's not like the fuses are burnt everytime at boot time, they are permanent "switches" that prevent downgrading and provide unique console information.

[southflyer]

I understand that As long as my xbox is being left alone my efuses are not being touched however if I were trying to downgrade couldnt you force the box if you cant have the efuses burned?

[Arakon]

Wrong, on so many levels.
Every time you update, efuses are blown. There is no way to downgrade.

[thon0925]

Apparently underlining permanent wasn't enough... Take a look at this: paris.utdallas.edu/ssiri08/Tonti_SSIRI_eFuse_V2.pdf If you look at the pictures of "Un Programmed" and "Programmed" you can see that eFuses are indeed permanent. The update blew fuses inside of the CPU dye and nothing short of getting the CPU itself replaced will let you downgrade or exploit your console.

[southflyer]

What you Havent explained is why they Get burned when there power is cut. if you read my first post thats what im saying.

[Arakon]

They don't. But then, every official update will give you an error when trying to update. So either your console was never updated in like 2 years, has been sitting there with E80 for over two years, or is not exploitable either way because you updated by re-enabling their power supply.

[modme09]

Ok quick question I built the flashers and I used my Jdm pic programmer I have 2 used both but no luck... Which hex and I supposed to program with

[ClickCLK]

Please help.
I built this flasher, flashed picxboot, in PIDFSUSB programmed the pic with PICFLASH_v3b_plus2. Device is recognised by winds as MemoryAccess, everything seems to be fine, but when I try to dump nand from my xenon with nandpro2.0e i get the message that flash controller is not found. After some retryes it starts to read nand but I getting error on every block and the flashconfig type is random and varies every time. After that nanpro2.0e writes incompatible arm architecture error. Tryed with nandpro2.0a - getting random flashconfig, error on every block and after some retryes flashconfig turns to 0012FE78, again error on ervery block, but every new retry gives me the same flashconfig. I'm sure that my wiring to xbox motherboard is correct and the schematic on the flasher is correct too, so I thought that this is problems with code on the pic, so I tried to get device in bootloader mode but it doesn't get to it anymore. I connected the jumper to GND and BOOT, but windows still recognises it as MemoryAccess. Please help me, I don't know what to do.

P.S: sorry for my english

[Gee99x]

The hex code that you're using is up to date and works without issue. This is either a wiring issue or something has happening to your PIC (since you're having a hard time getting it into bootloader mode). Jump pins 17 and 19, connect your USB cable and check if the PICDEM utility can see your board. If it can, erase it and reprogram. Otherwise all that's left is to re-check your wiring. Can you post a pic of your flasher connected to the console?

[ClickCLK]

No, PICDEM can't see my device. I'll post some photos later.