Project: Xbox 360 rebooter

[MastaG]

This maybe a stupid question but..
Would it be possible to compile the rebooter into an elf-file so it can be loaded by xmenu?
With a small modification for people not having a cygnos2, making it display a message like: "now switch to your second nand, press A to continue".
Then we just have to flash 8498image.bin to our second nand/tsop/xdcard and have to power of linux, emulators, homebrew AND the latest dash for games without having to reflash or alter the Xell each time.

[B1N4RY]

I believe that is possible, but it is unaccomplish-able, or rather difficult if the author of the rebooter decides to keep the project closed-sourced.

[Shaun]

not at all, assuming it does work correctly, a matter of analysing what the process is to bring the system up and running to a working state can be applied to anything, be it automatically or via a xell menu option.

[ddxcb]

well i got the ibuild moddifyied to build any kernal but the problem is that i cant get a hold of the xex for a certin dash

[viericrespo]

Has anyone been able to downgrade after using the FreeBoot rebooter? 

I have a working backup (tested) of a Falcon 7371 Kernel that now gives me 3RL when I try to flash it to the NAND.

Could it be CB related?

CB of the kernel backup is 5770, and 5771 in the 8498 image of the rebooter.

Regards

[B1N4RY]

I was able to downgrade back to my 4532 dump fine after using the rebooter. Please note that I have removed R6T3, just in case.

[viericrespo]

I was able to downgrade back to my 4532 dump fine after using the rebooter. Please note that I have removed R6T3, just in case.

Errr I didn't remove R6T3, do you mean that my fuse count has been increased after using the rebooter? 

[le_uberfry]

I believe that is possible, but it is unaccomplish-able, or rather difficult if the author of the rebooter decides to keep the project closed-sourced.

Or maybe you should just look a page or two back, Redline99 posted a method to run it w/o cygnos.
If you're looking for a candycoated version, tough $#!t, you will have no use in rebooter if you can't even do those trivial mods.

[cory1492]

Overreactions to the wrong post aside, someone capable/knowledgeable enough about the 360 to be able to modify freeboot source to reset all the hardware something like xmenu initializes and uses... probably wouldn't need source (or a chainloader.)

Errr I didn't remove R6T3, do you mean that my fuse count has been increased after using the rebooter? 

I'm fairly certain I read somewhere (from back when the first fuse increment was discovered in an updater) around here that the kernel will try to increment the fuses if needed before spewing an error/E79 message, it's a good bet if you didn't follow freeboot's instruction to remove the resistor you won't be using freeboot again.

[B1N4RY]

Or maybe you should just look a page or two back, Redline99 posted a method to run it w/o cygnos.

I was replying to this question, smartass

Would it be possible to compile the rebooter into an elf-file so it can be loaded by xmenu?

[MastaG]

Ok, I've seen Redline's post too in this thread but it's gone?
So there is a bin\freeboot.bin and bin\xell-2f.bin, the last one will get loaded when you boot with the tray open.
bin\freeboot.bin will be loaded on boot with the tray closed and will send a command to the cygnos2 to change to it's own nand at some point to boot 8498.
I believe that's where he posted a work-around to insert a timer so we can manually switch to our second flash.
Is the tray signalling also something that's implemented in the cygnos?
Because the wiki on free60.org states that we have a xell-1f.bin and xell-backup.bin but they should be identical, that gives me the idea that we could use two different XeLL builds and choose which one to use (by booting with tray open or closed).

[Redline99]

http://www.xboxhacker.net/index.php?topic=12629.msg85087#msg85087
I talk about my not using the cygnos here.

[viericrespo]

Errr I didn't remove R6T3, do you mean that my fuse count has been increased after using the rebooter? 

I'm fairly certain I read somewhere (from back when the first fuse increment was discovered in an updater) around here that the kernel will try to increment the fuses if needed before spewing an error/E79 message, it's a good bet if you didn't follow freeboot's instruction to remove the resistor you won't be using freeboot again.

Well, I think that removing the resistor isn't a good idea due to my solding capabilities 

I'm still thinking that the problem could be in the CB 5771 required for falcon boards, which can't lets us going back to a lower CB (5770).

Anyway and just for testing, is there any method for knowing the actual fuses count (through XeLL or Linux)?

Regards

[le_uberfry]

You're joking, right?

[viericrespo]

You're joking, right?

I'm sorry but I don't catch it. What do you mean?

[le_uberfry]

Erm, fuses being printed right on startup?

[viericrespo]

Erm, fuses being printed right on startup?

Wow, you're totally right. I'm feeling freakin' stupid now

Well, I suppose that the fuse count is at the 8th line (fuseset 07) of the XeLL booting screen.

I've checked it and I have 5 f's at the start of the line, which match to the LDV value of my nand backup.

So, could the problem reside in the 5771 CB?

Regards and thanks again le_uberfry 

[cory1492]

Well, if you used freeboot successfully to start 6xxx dash, didn't remove R6T3, and can still boot xell loader - the good news is that the "exploit closing" fuse wasn't touched as you are still coming from the exploitable CB (5770) to run xell. I'd suspect corruption of your backup dump, an issue when writing it to NAND, or (which you already checked) LDV mismatch.

[viericrespo]

Well, if you used freeboot successfully to start 6xxx dash, didn't remove R6T3, and can still boot xell loader - the good news is that the "exploit closing" fuse wasn't touched as you are still coming from the exploitable CB (5770) to run xell. I'd suspect corruption of your backup dump, an issue when writing it to NAND, or (which you already checked) LDV mismatch.

Very thx for your answer cory1492 

Well, the nand backup isn't corrupted as far I've made several backups (which were succesfully tested before running the rebooter).

About an issue writing the backup to the NAND.... I've made the test flashing it via USB (Cygnos mod) and via Linux (lflash), with the same result (3RL).

The LDV values mismatch, is an issue that I still don't understand very well... let me explain:

- These are the values of the 7371 NAND Backup:

CB 5770      Pairing: 94391D      LDV: 0
CD 5770      Patch 0: 7371      LDV: 5
CE 1888      Patch 1: 7363      LDV: 4

- These are the values of the 8498 NAND image generated by ibuild:

CB 5771      Pairing: B615B8      LDV: 0
CD 8453      Patch 0: 8498      LDV: 4
CE 1888      Patch 1: - (Greyed out)   LDV: - (Greyed out)

As you can see, LDV values mismatch between the two images. But, for some reason, rebooter works fine and the backup don't.

Any ideas of where the problem could be?

Regards

[80Y]

hi all,

First, thanks all for your job, it's amazing

I would like test the rebooter on my xenon, my cygnos v2 is fitted in my Xbox 360 and works great

To build my 8498 kernel, I need to extract my nand, already done ... but "smc.bin" & "smc_config.bin" are missing ! How do you get them ?

I used the last version of Flash Tool, the arnezami one

I also tried Bincrypt2 (thx Redline99) to extract Config Blocks, the .bin is too big, I got an error with ibuild :

Code:

ibuild 0.03 - coded by ikari

ERROR: File "smc_config.bin" has a size of 32768 bytes. Expected size is 16384 bytes.
ERROR: Unhandled exception.

If you have any informations, please let me know

Thx from France