Xbox 360:RGH/RGH1.2: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
|||
| Line 1: | Line 1: | ||
[[Category:Xbox360]] | [[Category:Xbox360]] | ||
{{Warning|The steps on this page are considered risky for your console, as there is a chance you can brick it. Please have someone else mod your console if you are not experienced in soldering!}} | |||
RGH1.2 combines RGH1-like PLL slowdown with Glitch2 images to allow reliable glitching of Falcon/Jasper consoles with split CB (post 14699 kernel). RGH1.2 V2 ports this hack to Trinity/Corona consoles as well as fixing a few issues on Jaspers. | RGH1.2 combines RGH1-like PLL slowdown with Glitch2 images to allow reliable glitching of Falcon/Jasper consoles with split CB (post 14699 kernel). RGH1.2 V2 ports this hack to Trinity/Corona consoles as well as fixing a few issues on Jaspers. | ||
| Line 28: | Line 29: | ||
[[File:5lY3TID.png|thumb|858x858px|Postfix adapter diagram]] | [[File:5lY3TID.png|thumb|858x858px|Postfix adapter diagram]] | ||
On later Corona motherboards, the trace to the bottom POST pad has been removed, so you need to use a postfix adapter to be able to attach a pogo pin to the POST connection underneath the CPU. Use the provided diagram to determine if you need one or not. As shown in the diagram, you can install it by carefully sliding the larger piece of the adapter onto the left side of the CPU (when looking at the CPU from a readable position). Gently press the PCB inward toward the CPU to depress the pogo pin, and slide the smaller PCB part over the other side of the CPU, interlocking the two PCBs together. Solder the four anchor points on the edges of the postfix adapter to prevent it from coming loose. | On later Corona motherboards, the trace to the bottom POST pad has been removed, so you need to use a postfix adapter to be able to attach a pogo pin to the POST connection underneath the CPU. Use the provided diagram to determine if you need one or not. As shown in the diagram, you can install it by carefully sliding the larger piece of the adapter onto the left side of the CPU (when looking at the CPU from a readable position). Gently press the PCB inward toward the CPU to depress the pogo pin, and slide the smaller PCB part over the other side of the CPU, interlocking the two PCBs together. Solder the four anchor points on the edges of the postfix adapter to prevent it from coming loose. | ||
==Reading your NAND== | |||
There are a few different tools for reading your NAND chip: xFlasher 360, Nand-X, JR Programmer, Matrix USB NAND Flasher, PicoFlasher, various SD card tools, or a LPT cable. However, the 4GB Corona requires that you use an xFlasher 360, PicoFlasher, Element18592's 4GB USB tool, or an SD card tool. Consider the pros and cons below and choose the method that’s right for you. The LPT cable method is not recommended, as it's extremely slow, requires more work than other options, and cannot be used to program glitch chips. | |||
===[[Xbox_360:4GB_NAND|4GB Corona]]=== | |||
{| class="wikitable" | |||
! Device | |||
! Pros | |||
! Cons | |||
|- | |||
| '''xFlasher 360''' | |||
| | |||
* Reads NAND fast in 40 seconds to 4 minutes | |||
* Can also program glitch chips | |||
* Actively supported | |||
* USB-C | |||
| | |||
* More expensive than SD Card tools or PicoFlasher | |||
|- | |||
|'''PicoFlasher''' | |||
| | |||
* Reads NAND in 1-8 minutes | |||
* Super cheap | |||
* Easy to find | |||
| | |||
* You will need a programmer to program glitch chips | |||
|- | |||
| '''4GB USB Tool''' | |||
| | |||
* Cheap | |||
| | |||
* You will need a programmer to program glitch chips | |||
|- | |||
| '''SD Card Tool''' | |||
| | |||
* Super cheap | |||
* Easy to find | |||
| | |||
* You will need a programmer to program glitch chips | |||
|} | |||
===[[Xbox_360:Standard_NAND|All Other Motherboards]]=== | |||
{| class="wikitable" | |||
! Device | |||
! Pros | |||
! Cons | |||
|- | |||
| '''xFlasher 360''' | |||
| | |||
* Reads NAND fast in 40 seconds to 4 minutes | |||
* Can also program glitch chips | |||
* One of four options for 4GB Corona | |||
* Actively supported | |||
* USB-C | |||
* Uses signed drivers | |||
| | |||
* Most expensive flasher | |||
* Can't be used for flashing Sonus Sounds | |||
|- | |||
| '''PicoFlasher''' | |||
| | |||
* Reads NAND fast in 1-8 minutes | |||
* One of four options for 4GB Corona | |||
* One of the two options for Sonus or Slim sound programming | |||
* Super cheap | |||
* Easy to find | |||
* Uses signed drivers | |||
| | |||
* Can't easily be used to flash glitch chips | |||
|- | |||
| '''Nand-X''' | |||
| | |||
* Reads NAND in 2-8 minutes | |||
* Can also program RGH glitch chips | |||
| | |||
* More expensive than most NAND flashers | |||
* Not much cheaper than the xFlasher | |||
* Does not support 4GB Coronas | |||
* Requires unsigned drivers | |||
|- | |||
| '''JR Programmer''' | |||
| | |||
* Reads NAND in 3-10 minutes | |||
* Can also program glitch chips | |||
* One of the two options for Sonus or Slim sound programming | |||
* Cheap | |||
* Easy to find | |||
| | |||
* More expensive than PicoFlasher or Matrix | |||
* Does not support 4GB Coronas | |||
* Requires unsigned drivers | |||
|- | |||
| '''Matrix USB NAND Flasher''' | |||
| | |||
* Reads NAND in 7-26 minutes | |||
* Super cheap | |||
| | |||
* Can’t be used for programming glitch chips [[Xbox_360:Matrix Programmer|unless you modify it]] | |||
* Does not support 4GB Coronas | |||
* Requires unsigned drivers | |||
|- | |||
|'''LPT Cable''' | |||
| | |||
* Cheap | |||
* Doesn't require unsigned drivers | |||
| | |||
* Requires PC with a native parallel port and more equipment | |||
* More difficult | |||
* Can’t be used for programming glitch chips | |||
* Takes 30-150 minutes to read NANDs | |||
|} | |||
==Glitch Chip Installation== | ==Glitch Chip Installation== | ||
===Motherboard Points=== | ===Motherboard Points=== | ||
Revision as of 06:13, 18 November 2023
 | The steps on this page are considered risky for your console, as there is a chance you can brick it. Please have someone else mod your console if you are not experienced in soldering! |
RGH1.2 combines RGH1-like PLL slowdown with Glitch2 images to allow reliable glitching of Falcon/Jasper consoles with split CB (post 14699 kernel). RGH1.2 V2 ports this hack to Trinity/Corona consoles as well as fixing a few issues on Jaspers.
Equipment Needed
- A compatible glitch chip:
- Coolrunner Rev A/B/C/D
- CR3 Lite
- Matrix Glitcher
- Squirt BGA/Reloaded
- X360ACE V1/V2/V3
- X360ACE V3+/V4/V5 (Trinity/Corona only)
- DGX
- A PC running Windows Vista or later
- A soldering iron, solder, flux, and Isopropyl alcohol with cotton swabs
- A NAND and glitch chip programmer:
- A NAND Backup with XeLL written to the console
- J-Runner with Extras (Includes RGH1.2 V2 Matrix/Coolrunner Timings)
- RGH1.2 V2 Timing Files (X360ACE/Squirt chips only)
(Corona Only) Postfix Adapter
File:5lY3TID.png
Postfix adapter diagram
On later Corona motherboards, the trace to the bottom POST pad has been removed, so you need to use a postfix adapter to be able to attach a pogo pin to the POST connection underneath the CPU. Use the provided diagram to determine if you need one or not. As shown in the diagram, you can install it by carefully sliding the larger piece of the adapter onto the left side of the CPU (when looking at the CPU from a readable position). Gently press the PCB inward toward the CPU to depress the pogo pin, and slide the smaller PCB part over the other side of the CPU, interlocking the two PCBs together. Solder the four anchor points on the edges of the postfix adapter to prevent it from coming loose.
Reading your NAND
There are a few different tools for reading your NAND chip: xFlasher 360, Nand-X, JR Programmer, Matrix USB NAND Flasher, PicoFlasher, various SD card tools, or a LPT cable. However, the 4GB Corona requires that you use an xFlasher 360, PicoFlasher, Element18592's 4GB USB tool, or an SD card tool. Consider the pros and cons below and choose the method that’s right for you. The LPT cable method is not recommended, as it's extremely slow, requires more work than other options, and cannot be used to program glitch chips.
4GB Corona
| Device | Pros | Cons |
|---|---|---|
| xFlasher 360 |
|
|
| PicoFlasher |
|
|
| 4GB USB Tool |
|
|
| SD Card Tool |
|
|
All Other Motherboards
| Device | Pros | Cons |
|---|---|---|
| xFlasher 360 |
|
|
| PicoFlasher |
|
|
| Nand-X |
|
|
| JR Programmer |
|
|
| Matrix USB NAND Flasher |
|
|
| LPT Cable |
|
|
Glitch Chip Installation
Motherboard Points
Phat
Slim (Trinity)
Slim or E (Corona/Waitsburg/Stingray)
Glitch Chip Pinouts
Note: RGH 1.2 on Corona consoles requires a glich chip with a built in oscillator. STBY_CLK will be unused when using a chip's oscillator.
Coolrunner Rev A/B/C/D
- B - STBY_CLK (only if not using oscillator)
- C - POST
- D - RST
- E - PLL (10K ohm resistor recommended on Slim)
CR3 Lite
- B - STBY_CLK (only if not using oscillator)
- C - POST
- D - RST
- E - PLL (10K ohm resistor recommended on Slim)
Matrix Glitcher
- A - RST
- B - POST
- C - STBY_CLK (only if not using oscillator)
- If you have a Matrix that comes with an oscillator, it can be easily disabled if this resistor is removed instead of removing the entire oscillator.
- F - PLL (10K ohm resistor recommended on Slim)
Squirt
- (Phat) Squirt BGA 1.2: Disable the onboard 670pf and/or 480pf caps by removing R7 and R8
- (Phat) Squirt Reloaded 2.X: remove R2 and connect STBY_CLK
- (Slim) Squirt Reloaded 2.X: remove R2 and connect STBY_CLK or remove 100 MHz and add 48 MHz oscillator
- (Slim) Use SCL pad for PLL
- Pinout follows written labels
- Don't use POST or RST tuners
X360ACE (V1/V2/V3/V3+), DGX
- C - POST
- D - RST
- E - STBY_CLK (only if not using oscillator version)
- F - PLL (22K ohm resistor required on Phat, 10K ohm resistor recommended on Slim)
- Remember to remove the diode and connect 1.8V on Phat
X360ACE V4/V5
- A - RST
- B - POST
- C1 - CPU_CLK_DP
- C2 - CPU_CLK_DN
- D - PLL (10K ohm resistor required on Slim)
Glitch Chip Diagrams
Phat
Slim
Programming the Glitch Chip
- Plug the cable from your programmer into the chip programmer.
- If you are using an xFlasher, ensure the switch is set to
SPI. - CoolRunner: Slide switch to "PRG".
- If you are using an xFlasher, ensure the switch is set to
- Open J-Runner with Extras. Click "Program Timing File" in the upper left and select your console’s tab and the relevant radio button for RGH 1.2.
- You can use the timing assistant in the bottom left to auto select a safe timing for your motherboard revision.
- Click "Program". When complete, unplug the cable from the glitch chip.
- Coolrunner: Set the switch back to "NOR".
X360ACE V3+/V4/V5
- xFlasher or other Gowin compatible programmer required in order to program these chips
- Programming Instructions
Decrypting the NAND
- Connect Ethernet and power on the console. The glitch chip should blink once or more times, and then the console should start into XeLL RELOADED.
- Once XeLL finishes, it will display your CPU key and some other info. There is also an IP address.
- Enter the IP address into the box on the lower right of J-Runner and click "Get CPU Key". J-Runner will pull the info from the box, and decrypt the NANDs automatically.
Writing New NAND Image
- Power down the console, and connect your programmer to the motherboard.
- If you are using an xFlasher, ensure the switch is set to
SPI.
- If you are using an xFlasher, ensure the switch is set to
- In the upper right of J-Runner, ensure the
Glitch2radio button is selected.- Enable
SMC+for better boot times.
- Enable
- Click
Create XeBuild Image. This will take a few moments. - Click
Write NAND. - Disconnect your programmer when the process completes.
- Boot the console several times and ensure it boots consistently. If not, make sure your wiring is clean and neat and avoids noisy area. Run the wires near the X-Clamps for best results.
- Tune boot times if necessary.
- Return to the RGH main page and continue in the Cleaning Up section.
Tuning Boot Times
Jasper Consoles
- If the console does not glitch reliably even after tuning the value, add 68nf-100nf capacitor (ex: 683 cap or SMD cap) from PLL to GND.
- Onboard 100nf on Coolrunner Rev-C may be used by bridging CAP.
- Onboard 100nf on Squirt Reloaded 2.X may be used by bridging J5.
- If adding a cap, PLL will be more sensitive to noise. If you have strange blinking, be sure that your wire is routed away from clock signals.
- For X360ACE/DGX make sure the capacitor is after the 22K Ohm resistor.
Tuning Glitch Chip Timings (Phat)
Start at the top of the recommended range (noted in J-Runner's timing assistant and commented in the extra timings folders) and work down until you get good boots. On chips with crystals, the optimal timing will depend on the crystal (how close it is to its rated frequency)
- If the light stays on at the end of a cycle:
- This means that the checks were passed, but the console failed to start
- The timing is probably too low, or the pulse length is too large
- If the light goes off at the end of a cycle but doesn't boot:
- This means that the checks failed
- the timing is too high, or the pulse length is too small
Note: The debug light behavior may be slightly misleading due to using POST_OUT bit 0.
Tuning Glitch Chip Timings (Slim)
Start at the top of the recommended range (noted in J-Runner's timing assistant and commented in the extra timings folders) and work down until you get good boots
On chips with crystals, the optimal timing will depend on the crystal (how close it is to its rated frequency)
- 2 Short Blinks, then Short
- .....##...##...................##............
- This means that the checks were passed, but the console failed to start
- The timing is probably too low
- 2 Short Blinks, then Long
- .....##...##...................##############
- If the light stays on at the end of a cycle:
- This means that the checks failed
- The timing is probably too high or far too low