jtag questions

[stuntpenguin007]

I know that I have either a xenon or zypher xbox, and its definitely still jtag-able.  So to my understanding, I...

1. Update to dashboard
2. dump the nand (Which I have done on another xbox so I know how).
3. install those 3 330 ohm resistors to enable jtag
4. Patch my nand somehow
5. Reflash the nand
6. Have fun

Could someone verify those steps?  What dash do I need to update to?  How do I patch the nand?  If I have it hacked will it ever try update itself?

Thanks

[cmonkey]

You don't need to update your dash, as long as it's <= 7371 then you're OK.  Your CB (2nd stage bootloader) needs to be an exploitable version.  This version number will differ depending on whether you've got a Xenon or Zephyr (Xenon CB must <= 1921 and Zephyr CB must be <= 4558).  You can find your CB version by loading your nand dump into the 360 Flash Tool.  If it's higher than the numbers above then you wont be enjoying the delights of Xell on this particular machine.

Make sure you've got at least two known good full dumps of your current nand (do a binary file compare and/or check the md5's agree).

The 3 x 330 ohm resistors way of wiring the jtag hack is now obsolete.  You now use 2 diodes and a jumper wire.  Look around these forums for example diagrams showing you how to wire it.  Determine which machine you've got as Xenon wiring differs from Zephyr wiring.

Get the appropriate pre-built Xell image from xbins for your machine type.

Use whichever method you used to dump your nand (nandpro/Cygnos/Infectus) to write the Xell image back your nand.  If you are using nandpro then you only need to flash the first 80 blocks of your nand (only takes 3 or 4 mins).  If using Cygnos/Infectus you'll need to build a full 16.5Mb image from the Xell image and your dumped nand image (copy and paste the contents of the Xell image over the start of your full nand dump).  When you've flashed the partial/full image you can read it back fully/partially if you want to verify that it wrote correctly.

Once you've flashed Xell hook it up to your TV/monitor/whatever and hit the power button.  If you've done the jtag hack wiring correctly and the Xell image is the correct one for you machine then you'll see Xell loading which will give you lots of nice information about your Xbox.

Xell's built after 11th Sept have self updating code in them.  In order to update to a later and greater Xell you simply put the updated Xell on the root of a USB stick and name it updxell.bin.  When Xell boots it will look for this file and update your Xell automatically.

To ensure continued enjoyment from Xell and your newly liberated Xbox be sure to remove R6T3 and at the same time say a huge thank you to tmbinc, robinsod, SeventhSon, Martin_sw, Tiros and jester for making all this possible.

[stuntpenguin007]

wow thank for all the info, and to everyone who made this possible.

I just have one last question before I give it a try.

I figured out that this motherboard is a xenon.  I dumped my old xenon nand with the 7 wire lpt thing, but I didn't use 100 ohm resistors.  It didn't fry anything, I've read the nand 4 times now, and written to it once.  Should I put in a few 100 ohm resistors just to be safe?

[cmonkey]

If nandpro is returning a flash config of 01198010 and you've dumped the nand 4 times and all 4 images are identical then you're good to go.  You wont be needing the 100 ohm resistors.  Have you opened the dump in 360 Flash Tool just to check that it opens OK and displays CB/CD/LDV and a file system?  You could also run the nand dump through the Infectus nand checker as an extra safety check.

As an extra safety check you could always measure the voltage output of your lpt port.  It'll be either 3.3 or 5v.  If it's 3.3v then you definitely wont be needing the resistors.  If it's 5v then the resistors would be a good idea but people have also had success reading and writing the nand with a 5v lpt without any resistors on the cable, so they aren't 100% necessary even if you do have a 5v lpt (more for precaution I guess than anything else).

[stuntpenguin007]

Dumping the nand right now  .  One more dump after that to ensure their identicle, and to check my cb, and then I'm set.  I'll come back later today with the results.

As for now, time to hit up xbins.

how do I tell nandpro to only flash the 1st 80 blocks?

[cmonkey]

If using LPT then :

nandpro lpt: -w16 my_image_file_to_be_flashed.bin 0 50  (50 in hex is 80 in decimal and nandpro parameters are given in hex)

If using USB then :

nandpro usb: -w16 my_image_file_to_be_flashed.bin 0 50

Have fun!

[stuntpenguin007]

Thanks to everyone who made this possible! I got it running.

Does it try boot off of a server, and then a disc or hdd or what?

Also, not sure If its just my xbox being stupid or not, but when it loads up and goes through that list of stuff like connecting to... dumping fusesets... Is the background supposed to be gray?  I thought in videos I'd seen it was blue.

I get some "read sector failed" errors at the bottom to.  Should I try reflash it?