360 Flash Dump Tool V0.1

[HoRnEyDvL]

Another region code to add.
Unk 0201
Pal AUS

[Shaun]

Just to clarify something - the falcon (read new board with hdmi connector) theoretically can be downgraded but not been confirmed yet ?  If so then (hopefully) i will be in a position to do exactly this in the coming days. just nead to reread up and get my diy level shifters bought and up n running

[robinsod]

The Falcon boards feature new firmware & it seems to be vulnerable BUT the current Degraded builds incorrect images I hope to have a new version available soon.

[Shaun]

good then I shall build up the board and hopefully play sometime next week

[atiman]

Thx for amazing work Robinsod. I have a little question for you...
Is there a way to prevent the X: change? It's annoying for homebrewers...
I explain :
X: is (it seems) an heavily encrypted sequence made from a seed value which seems to be either the difference of theoretical lock down counter and actual lock down counter, or just a flag (false=0, true=-1).
(I got that from tmbinc when he analyzed my X: value given by my 4532 dashboard after reverting from a recent firwmare. Since I'm keeping resistor in place, I have to update older firmware with new lock down values before reflashing. And I get the X: matching the minus one value each time).

I think connecting to network by mistake may result in the recording of the X: value and the console ID and if X: changes you may be considered a cheater...

However homebrewers need to connect to PC (often configured as a DHCP server i.e ICS) to upload/download sources to compile (I'm a core user, no hard disk) and if cable is left, PC can connect to internet and establish link between console and MS, by mistake. Happened once as I was starting patched KK (asked me if I wanted to upgrade fw, right in middle of KK starting screen). I'm not a Live subscriber, and I don't plan to become one, for now. But who knows... maybe a game will absolutely require a patch and I may find myself in the need to connect to Live (I hesitated recently for the Blue Dragon patches that makes game a bit harder -a bit too easy is that game-).
So I don't even know if I'm already banned whereas I never subscribed to Live... So it would be safer (for others) if X: value was under control.
However I could upgrade to fall update (by doing first step of Live connection but without subscribing) with X: correct. Do you think banned consoles can't even get upgrades? I guess they can... But dunno in fact.

I've tried to restart from 1888 and the phenomenon happened again.
In the following I will write X:0 or X:-1 to say that X: is the normal value (seed 0) or X: is the abnormal value (seed -1).

1888 no X: at all (if I remember well) (LDC in efuses = 3), backup fw
update to 4532 => X:0 ok (LDC in efuses = 4), backup fw
update to fall update => X:0 ok (LDC in efuses = 5), backup fw
edit 4532 backup and set LDC to 5
reflash 4532 LDC 5 => X:1 bad... (risky when homebrewing with all cables)
reflash fall update backup => X:0

It's the same with any firmware versions... I think.

What do you think about this specific trouble?

[robinsod]

To be honest tmbinc is your man for this, I simply don't have the required level of understanding

I am happy to build tools that support whatever hack is currently popular with the following exceptions

1) No "stealth backups" - KK is all you need
2) No messing with XBL

[robinsod]

Version 0.88 NAND Tool

The flash image can now be patched with modified SMC code and the 2BL hash is fixed up to allow the 360 to boot. You can also modify the Pairing Data and LDV in the headers. You must have your CPU fuse data to use these features.

English: http://rapidshare.com/files/76961285/tool.88.English.rar.html

French: http://rapidshare.com/files/76961318/tool.88.french.rar.html

German: http://rapidshare.com/files/76961348/tool.88.German.rar.html

[amadeus]

Very cool! 

Would you say it now have all the features it should have, or are there things you would like to see?

Are there areas that needs development/research?

[robinsod]

I think the NAND tool is basically done, I may add code to extract a list of bad blocks as a text file & if we see any major changes in the way the 360s flash works i will update it otherwise it's about done. I may add direct support for Infectus/XD card programming.

Next area of interest is to be able to build customised flash images with the firmware components and updates I want. We cant modify the components but we can put them together in different ways. I also want to rework the code and turn it into a dll so other people can use it.

[Ell3X]

very nice

big thx for your hard work

[amadeus]

Next area of interest is to be able to build customised flash images with the firmware components and updates I want. We cant modify the components but we can put them together in different ways.

Do you mean take the hypervisor from one firmware and put it in another?

[HoRnEyDvL]

robinsod thanks for the update i see u added my region code in
Ill try dumping my second nand from my other 360 see how i go.

[Surrido]

HV from 4532 into 1888 would be handy...

[wans]

hey guys,

             looking for a little help using 360 flash tool V0.88.  I used dump32 from the linux livecd to dump my fuses.txt 1bl.bin and nand.bin.

I have entered my CPU key into the field gained from fuses.txt but if i try to open either 1bl or nand.bin i get the following error

Bad File length.

Everything appeared to go well during the dump, no hangs from either linux or the dump32 programe.

Any advice would be greatly appreciated.

[caster420]

Damn, appears the dump from Linux does not contain the ECC data and so can't be used with this application.

I believe the dump you get from linux, is the same dump you can get with Infectus or any other NAND programmer but you dont have a RAW dump that way, so you will be missing the extra 16 bytes of the nand. So does not maka sense to do that if you are gonna end up with an unusable dump.

Dont know if this is still valid, but its at the beginning of the thread and is likely your issue.

Caster.

[robinsod]

ECC-less dumps are no longer supported.

[tmbinc]

...which shouldn't be a problem as we now have the tool to dump with ECC (from linux).

[Ell3X]

this is not important , because nobody can flash the nand with linux.
so if someone would patch the dump , he need the infectus.

[amadeus]

I have used it under FC7 with Wine 0.9.49

[robinsod]

@tmbinc: We keep bumping heads, time to agree a common file format? I give in, being a mere technician and all ......