Help on getting XBR onto cygnos v2?

[daba210]

Hello all,

I have XBR v3a working on my Falcon v3.0 motherboard, using the new 1.03 firmware and 1.08 toolbox, I will explain in a minute how I achieved this.

First off though: For those wondering why just injecting the patched SMC generated by the Cygnos toolbox doesn't work, the SMC only makes up 3000 of the 4200 parts the first block consists of, without the rest you'll get E-79.

So how do we get an SMC patched first block? Simple, we pinch it from xbins :p.

1) Download Cygnos360 v2 Xell Images Collection & the required XBR image from Xbins.
2) Replace the KV and Config blocks in the XBR image with the ones from your original dump using NANDPRO.
3) Extract the first block from the Falcon XELL using nandpro, name it smc.bin
4) Flash smc.bin to the XBR image, don't worry about defining blocks, as its only 1 block long anyway 
5) Power cycle your box and away your go!

Regards.

Dale.

[p1nky]

...and search for "SWITCH" and replace it with something different so that the Cygnos doesn't always switch over to the 2nd NAND when booting, so you can eg have a NTSC XBR in the onboard NAND and a PAL XBR in the cygnos NAND. 
you need to extract the sector and re-insert it with nandpro tho, so that the ECC data gets corrected after changing the string, otherwise the cygnos toolbox refuses to flash it.

[daba210]

Hi,

That isn't required if your only running XBR v3a on the Cygnos's NAND, with your stock NAND on the on-board NAND flash.

Also the 'switch' is initiated by XBR, not the Cygnos. XBR uses a lot of Freeboot's code, and freeboot has a 'switch' parameter as you must have 'hack.bin' flashed to one NAND (usually stock) and your rebooter on the other (usually Cygnos).

Regards.

Dale.

[p1nky]

tbh I don't really see a point in running a stock firmware on the first NAND, what are you going to do with it!? you can't have the real 8599 in there and you can't play online with older ones so what purpose could it possibly serve?

[daba210]

Hello,

The 'point' wasn't what I was addressing, in your previous post you were appending to my process, which was incorrect, I was simply clarifying that for anyone reading the post.

For speculative purposes I would say you could keep hack.bin on the original Firmware and just run off the Cygnos XBR v3a, this also works without needing to patch the switch, then you can switch between Freeboot and XBR with a single write instead of 2.

Regards.

Dale.

[p1nky]

ok let's rephrase:

if u don't want the fqn light on all the time when running XBR or if u want to have at least some actual use of having 2 NANDs by having PAL in one and NTSC in the other then flash XBR to the internal NAND and modify the SWITCH command

of course you could also patch the xex of region locked games instead and live with the light on and have it only in the 2nd NAND and use the first NAND for something... completely useless

[danthaman]

How about working on a way to minmise the ban-ability of a clean 8955 nand to go online with(keeping xbr on cyg-nand), I've been told elsewhere that I would get detected and banned, but what would actually get detected?? My understanding is the JATG is 'injected' at boot so if that can be disabled for booting from box's nand then voltages on JTAG ports should be fine. With R6t3 gone and all the backups one can get so easily thru USB (not to mention the new toolbox 1.09 and fw 1.03 that make it so easy to install even the most stubborn XBR updates) I'm not worried about being banned , I mean what difference would it make other than having a KV burned??

Anyone else intertested in seeing how far we might push it???  Let's all make dual-nand fun again!! 

[utar]

How about working on a way to minmise the ban-ability of a clean 8955 nand to go online with(keeping xbr on cyg-nand), I've been told elsewhere that I would get detected and banned, but what would actually get detected?? My understanding is the JATG is 'injected' at boot so if that can be disabled for booting from box's nand then voltages on JTAG ports should be fine. With R6t3 gone and all the backups one can get so easily thru USB (not to mention the new toolbox 1.09 and fw 1.03 that make it so easy to install even the most stubborn XBR updates) I'm not worried about being banned , I mean what difference would it make other than having a KV burned??

Anyone else intertested in seeing how far we might push it???  Let's all make dual-nand fun again!! 

Won't work.

You can't upgrade to a clean 8955 without blowing the efuse which revokes the cb on which the hack replies upon. You will never be able to go on Live with a hacker kernel.

[Arakon]

hmm.. what smc.bin are you guys using? if I try to use XBR v3 on a cygnos v2 with 1.03 FW and the cygnos jtag wiring, I only ever get a center light and nothing else. I tried extracting the smc from the xell_zephyr.bin for cygnos from xbins and adding it, no change. if I flash that xell directly, it works.

[daba210]

Hi Arakon, I didn't bother extracting the smc from the xELL package, just the entire first block so the ECC didn't get shot to bits.

I know you know, so not being patronising just for anyone else reading the thread:

nandpro directory\>nandpro xell.bin: -r16 smc.bin 0 1
nandpro directory\>nandpro xbr.bin: -w16 smc.bin 0 1

Then flashed that to the Cygnos360 v2, power cycled and all worked fine.

Have had cases where the Zepher xELL did not work, in which case try using the Falcon xELL's first block, as for a reason I still haven't figured out - it works.

Regards.

Dale.