Xbox 360:Getting Started

From ConsoleMods Wiki
Jump to navigation Jump to search

Over the years, Xbox 360 consoles have had several motherboard revisions. It is important to identify the motherboard revision to see what exploits are compatible and work best with your console. The steps for the mod itself will also vary depending on the motherboard. The easiest way is to look at the motherboard's PSU connector (phat) or required amperage (phat or Slim). Octal450's identification wizard is a useful & user friendly tool for identifying an Xbox 360 motherboard. You can view the buying guide for more information on specific revisions and how to identify an Xbox 360's motherboard.

Xbox 360 ("phat")

Phat.png

If your console is running dashboard/kernel 2.0.7371 or lower, it will have access to the JTAG exploit. However, some Jasper consoles manufactured with 7371 were patched against the JTAG exploit, in which case their CB needs to be checked after a NAND dump. Refurbished Xenon consoles with Elpis GPUs will also usually have a JTAG patched CB.

If your console's dashboard/kernel is above 2.0.7371 and/or has a patched CB, you can use various Reset Glitch Hack methods. 2.0.14699 and lower on original consoles have access to RGH 1, but anything newer is also compatible with RGH 1.2, RGH 2 (non-Xenon), RGH 3, and EXT_CLK (Xenon/Zephyr). The newer RGH methods can also be used on 14699 and older dashboard versions.

There is also R-JTAG which requires dashboard/kernel 2.0.14719 or higher, and R-JTOP which requires dashboard/kernel 2.0.15572 or higher. They are essentially RGH but instead of glitching the CPU directly into a custom bootloader and into a modified NAND, they glitch the LDV check of the bootloader to boot into a JTAGable bootloader, and into a JTAG NAND. There is usually no need to use these methods over normal RGH, as they require more steps for little benefit.

Any DVD drive in an original console can be flashed without soldering. However, the Lite-On DG-16D2S requires a probe tool to retreive the DVD key without modifying the console's motherboard. If the console was JTAGed or RGHed, the DVD key can be retreived from XeLL.

All original consoles are also compatible with ODEs, but you will need to extract the DVD key. Getting the DVD key is the same process as if you wanted to flash it.

Xbox 360 S ("Slim")

Slim.png

S consoles can use most RGH methods, but cannot use R-JTAG/JTOP or the original SMC JTAG exploit since the CB bootloader in Slim CPUs aren't compatible with JTAGable Phat bootloaders. They also cannot use RGH 1.

DVD drives from S consoles are flashable if they came with a Lite-On DG-16D4S (usually came with Trinity and some early Corona consoles), but if they have a Hitachi DL10N (uncommon, but could come with any Slim motherboard) or DG-16D5S (usually Corona/Waitsburg slims) you need to buy an aftermarket DVD drive PCB and RGH the console to get the DVD key. The PCB in Lite-On drives also have some of the wires soldered to the PCB, but the Hitachi drives instead have ribbon cables for all connections so replacing the PCB for a Slim Hitachi drive is easier.

  • DG-16D4S drives with MXIC flash need a probe tool like the phat D2S, but uses a different type of probe tool. It must be a probe tool for a Slim 16D4S. Do not use a probe tool intended for a 16D2S and vise versa.
  • Some DG-16D4S drives come with a "Windbond" flash chip (example) which requires the infamous Kamikaze mod in order to flash custom firmware. It involves drilling a specific area on the chip to unlock write permissions.

All S consoles are compatible with ODE devices, but you will need to extract the DVD key. If your console has a Lite-On DG-16D5S or Hitachi DL10N, the only way to get the DVD key is to RGH the console.

Xbox 360 E

E.png

Stingray motherboards in the 360 E are similar to Corona/Waitsburg motherboards in 360 S, but with some features cut like the AV port and one of the USB ports. Thus, they also need a postfix adapter like on Waitsburg Slims and have the same RGH methods available.

DVD drives in Xbox 360 E's are usually a DG-16D5S, which are not flashable and the DVD key cannot be extracted. The same applies to the Hitachi DL10N. It is possible to get the DVD key with RGH, but flashing requires a PCB replacement. S/E Hitachi drives don't have any wires soldered to the PCB, so PCB replacements for those will be easier.

Stringray Xbox 360 E's can use ODEs, but you will need to RGH the console to get the DVD key.

Winchester boards are not exploitable in any way. This includes RGH/JTAG, drive flashing, and ODEs.

Choosing what kind of hack to use

RGH/JTAG

  • Various Reset Glitch Hack or JTAG methods will fully unlock the console for homebrew, emulators, unencrypted game backups, region free DVD movies/games, running Linux, etc.
  • Hacks that fully unlock the console like RGH or JTAG require soldering, and there is no software alternative.

Which RGH/JTAG method should I use?

The below chart highlights the recommended hack to use on each console. Xbox 360:Exploit Chart has a more detailed chart that shows many more RGH methods.

Dashboard Xenon Zephyr Falcon/Opus1 Jasper Tonasket5 Trinity Corona Winchester
≤73712 JTAG JTAG JTAG JTAG N/A N/A N/A N/A
>7371 EXT_CLK3 EXT_CLK RGH1.2 RGH1.2 RGH1.2 RGH1.24 or RGH34 RGH1.24 or RGH34 N/A

1 Opus is just Falcon without HDMI, so they are grouped togeather.

2 Must check CB via NAND dump to see if it is JTAGable. Most - but not all - consoles under 7371 and some on 7371 have an unpatched CB. This mainly effects Jasper systems, as some were manufactured with a patched CB when brand new.

3 RGH is not currently working on Elpis Xenons with Samsung RAM. A solution is being investigated, but it works on all other Xenons with Infineon/Qimonda RAM.

4 Requires scraping solder mask off of a tiny point (more difficult). S-RGH is a viable alternative that has easier soldering.

5 Most Tonasket consoles are more commonly known as Jaspers with Kronos GPUs. RGH methods are the same, but are never JTAG exploitable.

DVD Drive Flashing

  • An Xbox 360 with a DVD drive flashed with custom firmware will allow you to play retail game backups with burned DVDs, but will not allow access to homebrew, emulators, game mods, backups of digital games, or even a region unlock.
  • DVD drive flashing with a any phat or Slim DG-16D4S DVD drive does not require any soldering unlike JTAG or the Reset Glitch Hack.

Optical Disc Emulator

  • The Xbox 360 had a few optical disc emulators released for it, such as the XK3Y ODE, Wasabi360, and Boxzii. These devices allowed you to play .iso dumps of retail games through USB or eSATA storage.
  • ODEs have not been manufactured in a long time, and were expensive. Similarly to a flashed DVD drive, these didn't unlock the console for unsigned software and were only used for playing disc backups. They tend to not be very common on the used market either.

King Kong Exploit

Exclamation-circle-fill.svgThis hack is not recommended as it is very limited and only for very old dashboards. It is just listed here for completeness.


  • The King Kong Exploit used a modified copy of Peter Jackson's King Kong to allow the Xbox to boot into a Linux distribution. The KK exploit didn't allow access to homebrew outside of Linux.
  • This exploit did not permanently modify the console's operating system, and the game had to be loaded every time you wanted to use Linux.
  • Since the exploit relies on booting a modified game, the console either needed a DVD drive with modified firmware or a hotswap method in order to boot it.
  • The King Kong Exploit only worked on consoles with a 2.0.4532 or 2.0.4548 kernel/dashboard, and there's no method to downgrade a retail Xbox 360 to a kernel vulnerable to the KK exploit due to the CPU's eFuses.