Rebooter - Alternatives to Cygnos360 v2?

[Badger101]

Thanks cory1494 for your excellent explanations (software is definately not my strong point!)

I didn't know that the SMC reset is such an issue. If your sure there is no soft reset in the SMC code then maybe FT2N3 is actually the Southbridge reset line?

Would be nice with someone with a Cygnos to have a poke around with a scope to see if FT2N3 gets pulled low (or high), and then the Nands get switched, then FT2N3 gets released.

In the mean time I'll have a play with a Pic to see if I can get it to reliably receive @38400 baud.

Most Pic's should run O.K. @ 3.3v

[B1N4RY]

maby it will be possible to have binary of nand on hdd and boot from there... ?

No, that will not work, with millions of reasons

[cory1492]

Anything is possible, keeping in mind the more hardware that is brought up before chainload the more complex the reset will be as it has to either preserve, patch or reset more stuff. I honestly shudder to thing the work that would involve from my perspective.

I think FT2N3 is a bust, as far as I can tell with just a DMM it gives a steady 3.26V when the box is on and that is all (probably to cause H/ANA to turn on.) Maybe I'm wrong and pulling low when it is high would cause a fault/reset/brownout of southbridge or even just smc, not something worth trying without knowing for sure at any rate.

Perhaps it is possible to switch without caring about SMC with freeboot in it's current state (after jtag hack is delivered obviously SMC should continue on to regular operation)? Maybe worth a shot (but for some reason I think there is more to it.)

[le_uberfry]

Tip: SMC code is altered, you can NOT run the rebooter in its current state on a regular console.
Once the message 04 is sent, it will go back to exploit the console again and you don't want that, do you?
However, try this: add a function to modify the SMC code back to normal, doing this before the whole rebooting process takes place.
Go crazy: add another function to trigger the SB reset. TMB already mentioned which register is the Rx FIFO, so you go girls.
I know that nobody here will get it done, but feel free to prove the opposite. (Sorry, but if you had to wait for a rebooter coded by some dickwad to be "out in the wild", just plain forget about trying. Seriously.)

[Tiros]

Tip: SMC code is altered, you can NOT run the rebooter in its current state on a regular console.
Once the message 04 is sent, it will go back to exploit the console again and you don't want that, do you?

Are you sure about this?
The current hack for SMC does in fact, only sploit once per power cycle.
After the first CMD 04, the patch is "removed" so CMD 04 indeed functions normally again.

Does the SB really get HW reset?

[le_uberfry]

edit: I know what I know, f*** what others think.

[l-tyrosin]

I know that nobody here will get it done, but feel free to prove the opposite. (Sorry, but if you had to wait for a rebooter coded by some dickwad to be "out in the wild", just plain forget about trying. Seriously.)

http://www.xboxhacker.net/index.php?topic=8737.msg84927

[le_uberfry]

I know that nobody here will get it done, but feel free to prove the opposite. (Sorry, but if you had to wait for a rebooter coded by some dickwad to be "out in the wild", just plain forget about trying. Seriously.)

http://www.xboxhacker.net/index.php?topic=8737.msg84927

Well, why don't you become their hero and code up a patch to do it then? 
On another note, where's tiros' flame? I'm about to hit the sack.

[cory1492]

Do refer to the topic title/OP, le_uberfry. You are seriously mistaken if you think most in this thread are even remotely interested in coding anything (chainloader-wise) for the 360 itself. Certainly isn't worth the bunch your panties seem to be in at any rate. This weeks project for me has been nearly as educational as last weeks (compiling the latest PPC cross compiler toolchain under msys, which proved pointless as the main contributor apparently gave up on the low level support lib, besides the fact I already have a working 'chain under linux <-- certainly beats pulling my pud trying to find people to insult who know less than me about a specialized piece of hardware, or for that matter waiting like a young bird for it's momma to feed it.)

Think on this: I still strongly believe the same functionality (provided my qualms about SMC can be solved) can be achieved without buying into a - proprietary/closed source, overpriced/marked up for retail, we'll drop support whenever it suits our fancy - 3rd party chip which has probably suddenly started selling well as it's the only current way of using a single console for dual purposes without closing the current exploit or constantly reflashing to outdated kernels.

As I keep saying I'm not up to disassembling much of anything PPC for the 360, but instead am focused (in this discussion at least) on seeing if there is a provable way that (<sarcasm >us mere mortals who apparently aren't worthy of your presence</sarcasm >) would do away with the thing that drove UP (PSP) sales (a chainloader tacked on to hardware by some anon fellow(s) that allowed the user to keep a fully exploited kernel and still use relatively current firmware at the time) and thus further lined divineo's pockets for something that was all too quickly useless (for many) and insufficient for most other purposes in the end. Until freeboot was made available, I had little interest in anything along these lines - because it simply wasn't an issue.

Knowing is an entirely different beast than believing, though - so tomorrow I will be wiring up an external NAND and taking a whack at some bitbang serial receive code (which will be a first for me) to try and test my idea; Consider also that until a couple months ago I had very little interest in 360 beyond it's use as a toy I think I've done a fairly good job grasping some of the basics of this complex platform. Whether or not the 'it's worth a shot' idea fails I will learn from it, though exactly what I'll learn has absolutely nothing to do with what you think I'm trying to understand - beyond that I'm busy being patient as: what will be, will be - and next week will invariably bring something new for me to mess with be it on 360 or not.

[Redline99]

FYI, I have successfully used the rebooter without a cygnos modchip.

I have a xD card dual nand setup.  I've posted my setup many times if you want to look.

I had to make a few trivial changes to freeboot.bin. 
I ended up NOT having to mod the smc code.

freeboot.bin chages:
offset / change

set boot delay loop to 500,000,000 = gives about 3-5 seconds
0x60E = 1D CD
0x612 = 65 00

NOP out the uart config, use 115200 8N1 to connect to use a nice baud rate
0x420 = 60 00 00 00

[le_uberfry]

edit: I won't feed trolls.

[Grim187]

@Readline99; sorry for the noobish question (most of this stuff is over my head) but will this work with another tsop48 with a switch on ce? (like this)
if this is possible is there a way to hook up a couple transistors to do the switching? (npn and/or pnp on a pin out of the tsop)

[Redline99]

yes, thats pretty much what I use, but I used xD cards instead of another tsop.  Sure if you can find an IO or some other switching utility then you could make it auto. It's all a matter of getting your hands dirty and making the changes.

My setup.
http://www.xboxhacker.net/index.php?topic=11914.msg77698#msg77698

[Badger101]

Thanks Redline99 for your input.

So your saying that all you have to do is to switch Nands at a specific time (when !SWITCH is output on J2?), and you've extended the delay so you can do it manually with your physical switch?

If that is true, then we should still be able to do it with a Pic and the original freeboot.bin (leave the baud @38400 so it is easier to capture the !switch command), or do you think the delay is still too tight?

[l-tyrosin]

Thanks Redline99 for your input.

So your saying that all you have to do is to switch Nands at a specific time (when !SWITCH is output on J2?), and you've extended the delay so you can do it manually with your physical switch?

If that is true, then we should still be able to do it with a Pic and the original freeboot.bin (leave the baud @38400 so it is easier to capture the !switch command), or do you think the delay is still too tight?

das guuuuuuuuuuuud, ull have a blast wiring up the xd card

[insaciable]

Hi,
Redline99

This method work on a original cygnos360(v1) ??

Thanks.

[Tiros]

Nice work Redline

[cory1492]

Redline99: thanks for saving me a day of tedious work proof positive, definitely good to know the state machine need not be reset to different code.

le_uberfry: well, research done, I know who you are
http://www.xboxhacker.net/index.php?topic=9015.0
as well as exactly how much weight to give my opinion of you (little to none.) With the same style para-reading you put into your last post...

Grow up because I, dickwad -insult-someone- no control, {am} cocksmoker.

Baseless accusations and name calling? Grow up? edit:/ and the latest, use a mirror... ever?

[Redline99]

This method work on a original cygnos360(v1) ??

cygnos hasn't sent me any samples to test out, so I dont know.

If that is true, then we should still be able to do it with a Pic and the original freeboot.bin (leave the baud @38400 so it is easier to capture the !switch command), or do you think the delay is still too tight?

I had a hell of a time trying to connect at 38400 8N1. So after wasting time trying I decided to remove the setting.

have a blast wiring up the xd card

hehe yeah wiring an xD card isn't the easiest. The cygnos is still the best option for most people.

[thanks for saving me a day of tedious work proof positive, definitely good to know the state machine need not be reset to different code.

you're welcome

[B1N4RY]

cygnos hasn't sent me any samples to test out, so I dont know.

just help them with bits and pieces here and there, and then ask them politely. that's how i got mine