Xbox 360:RGH/RGH2: Difference between revisions
No edit summary |
|||
Line 139: | Line 139: | ||
#Check if the console boots to the Microsoft dashboard. If it successfully boots to the dashboard, it is an indication that you've successfully hacked your console. | #Check if the console boots to the Microsoft dashboard. If it successfully boots to the dashboard, it is an indication that you've successfully hacked your console. | ||
# Boot the console several times and ensure it boots consistently. If not, make sure your wiring is clean and neat and avoids noisy areas. Run the wires near the X-Clamps for best results. | # Boot the console several times and ensure it boots consistently. If not, make sure your wiring is clean and neat and avoids noisy areas. Run the wires near the X-Clamps for best results. | ||
#[[Xbox 360:RGH/ | #[[Xbox 360:RGH/RGH2#Tuning Boot Times|Tune boot times]] if necessary. | ||
#Continue in the [[Xbox 360:RGH/ | #Continue in the [[Xbox 360:RGH/RGH2#Cleaning Up|Cleaning Up section]]. | ||
==Writing a New NAND Image (XeLL)== | ==Writing a New NAND Image (XeLL)== | ||
{{Note|4 GB Corona varients do not support currently support NAND flashing through XeLL. If XeLL is the only thing flashed to the NAND, it is required to use a NAND flasher.}} | {{Note|4 GB Corona varients do not support currently support NAND flashing through XeLL. If XeLL is the only thing flashed to the NAND, it is required to use a NAND flasher.}} | ||
Line 149: | Line 149: | ||
#Turn it back on, and it should boot to the Microsoft dashboard, which is an indication that you've successfully hacked your console. | #Turn it back on, and it should boot to the Microsoft dashboard, which is an indication that you've successfully hacked your console. | ||
#Boot the console several times and ensure it boots consistently. If not, make sure your wiring is clean and neat and avoids noisy areas. Run the wires near the X-Clamps for best results. | #Boot the console several times and ensure it boots consistently. If not, make sure your wiring is clean and neat and avoids noisy areas. Run the wires near the X-Clamps for best results. | ||
#[[Xbox 360:RGH/ | #[[Xbox 360:RGH/RGH2#Tuning Boot Times|Tune boot times]] if necessary. | ||
#Continue in the [[Xbox 360:RGH/ | #Continue in the [[Xbox 360:RGH/RGH2#Cleaning Up|Cleaning Up section]]. | ||
==Tuning Boot Times== | ==Tuning Boot Times== | ||
As the glitch chip pulses, a green debug light will flash a pattern. Using this pattern, we can know roughly how to adjust the tuning. Let's start with some examples. The ideal is slightly "below" the edge of Long/Short, closer to Short. You want to see more Short than Long cycles. | As the glitch chip pulses, a green debug light will flash a pattern. Using this pattern, we can know roughly how to adjust the tuning. Let's start with some examples. The ideal is slightly "below" the edge of Long/Short, closer to Short. You want to see more Short than Long cycles. | ||
Line 172: | Line 172: | ||
*No Light Blinks or Always On | *No Light Blinks or Always On | ||
**............................................. | **............................................. | ||
**This means your wiring is bad, or the timing file was not written sucessfully. | **This means your wiring is bad, or the timing file was not written sucessfully. | ||
Revision as of 17:09, 31 January 2024
The steps on this page are considered risky for your console, as there is a chance you can brick it. Please have someone else mod your console if you are not experienced in soldering! |
RGH 2 is an outdated method of the Reset Glitch Hack. RGH 1.2, RGH 3, and S-RGH are much quicker and are thus recommended over RGH 2. EXT_CLK is recommended for Xenon and Zephyr consoles. |
RGH2 was designed for Slims, but it also works for non-Xenon Phats. It uses I2C slowdown instead of PLL slowdown, and works on any dashboard. However, it is considered more difficult to tune and less consistent than the improved S-RGH.
- RGH2+ is on Team Xecuter’s later chip firmwares (such as CR4XL) which uses I2C slowdown from the southbridge to glitch. It is not considered to be optimal.
Equipment Needed
- A compatible glitch chip:
- Coolrunner Rev A/B/C/D
- CR3 Lite
- Matrix Glitcher
- DGX
- X360ACE V1/V2/V3/V3+ (Comes pre-flashed with Corona RGH 2)
- X360ACE V4/V5 (Trinity/Corona only! Pre-flashed with timing file.)
- A PC running Windows Vista or later
- A soldering iron, solder, flux, and Isopropyl alcohol with cotton swabs
- A NAND and glitch chip programmer
- J-Runner with Extras
- Appropriate timing files
- If using a Zephyr and X360ACE V1/V2/V3, use these timing files
- If using a Trinity and Matrix/Coolrunner, use these timing files
Reading your NAND
There are many hardware flashers available for reading and writing NANDs. While an LPT cable can be used, it is not recommended as it's extremely slow and requires more work than other options while not also supporting 4 GB Coronas. You can view more details on how to dump the NAND and and creating the appropriate version of XeLL for your console at the following guides:
Tutorial for backing up the NAND and creating XeLL (16 MB NAND)
Tutorial for backing up the NAND and creating XeLL (4 GB Corona)
Tutorial for backing up the NAND and creating XeLL (LPT Cable)
(Corona Only) Postfix Adapter
On later Corona motherboards, the POST pad and trace has been hidden, so you need to use a postfix adapter to be able to attach a pogo pin to the POST connection underneath the CPU. You can use the following diagram to determine if you need the adapter or not. As shown in the diagram, you can install it by carefully sliding the larger piece of the adapter onto the left side of the CPU (when looking at the CPU from a readable position). Gently press the PCB inward toward the CPU to depress the pogo pin, and slide the smaller PCB part over the other side of the CPU, interlocking the two PCBs together. Solder the four anchor points on the edges of the postfix adapter to prevent it from coming loose.
Programming the Glitch Chip
- Plug the cable from your programmer into the chip programmer.
- If you are using an xFlasher, ensure the switch is set to
SPI
. - CoolRunner: Slide switch to "PRG".
- If you are using an xFlasher, ensure the switch is set to
- Open J-Runner with Extras. Click "Program Timing File" in the upper left and select the click the arrow next to the "Program" button, then click "Select File" to flash your selected RGH 2 timing file.
- When complete, unplug the cable from the glitch chip.
- Coolrunner: Set the switch back to "NOR".
Glitch Chip Installation
Note: RGH 2 on Corona consoles requires a glich chip with a built in oscillator. STBY_CLK will be unused when using a chip's oscillator.
Motherboard Points
Phat
Slim (Trinity)
Slim & E (Corona/Waitsburg/Stingray)
Glitch Chip Pinouts
Coolrunner Rev C/D, and CR3 Lite
- B - STBY_CLK (only if not using oscillator)
- C - POST
- D - RST
- E - i2C_SCL
- F - i2C_SDA
Matrix
- A - RST
- B - POST
- C - STBY_CLK (only if not using oscillator)
- If you have a Matrix that comes with an oscillator, it can be easily disabled if this resistor is removed instead of removing the entire oscillator.
- D - i2C_SDA
- E - i2C_SCL
X360ACE (V1/V2/V3/V3+), DGX
- C - POST
- D - RST
- E - i2C_SCL
- F - i2C_SDA
- Remember to remove the diode and connect 1.8V on Phat
X360ACE V4/V5, DGX Stone
- A - RST
- B - POST
- C1 - CPU_CLK_DP
- C2 - CPU_CLK_DN
- D - i2C_SDA
- E - i2C_SCL
Glitch Chip Diagrams
Phat
CoolRunner rev C/D
CoolRunner 3 Lite
Matrix Glitcher
Slim (Trinity)
CoolRunner Rev C & CR3 Lite (Trinity)
X360ACE V4.1 (Trinity)
X360ACE V5 (Trinity)
Slim & E (Corona/Waitsburg/Stingray)
CoolRunner Rev C & CR3 Lite (Corona without Postfix)
CoolRunner Rev C & CR3 Lite (Corona with Postfix)
X360ACE
V1
V2
V3
V3+
V4
V4.1
V5
DGX v1.0S (S/E)
Decrypting the NAND
Once you have successfully obtained your CPU key, we can build an XeBuild image, which is a modified NAND built specifically for your console.
- If you want to use J-Runner with the console connected to LAN to get the CPU key, enter the IP address XeLL gives you into the lower right of the app. You can then click
Get CPU Key
and XeLL will automatically decrypt the retail NAND dump you backed up earlier. - If you want to use XeLL's web page to get the CPU key, enter the Xbox's IP address in your preferred web browser. You will see information about the console, and the CPU key can be easily copy and pasted from this web page.
- If you didn't have access to an ethernet cable to plug the Xbox into a PC or LAN, you can manually type the CPU key into J-Runner in order to decrypt your original NAND dump.
Writing New NAND Image (NAND Flasher)
- Power down the console, and connect your programmer to the motherboard.
- If you are using an xFlasher, ensure the switch is set to
SPI
.
- If you are using an xFlasher, ensure the switch is set to
- Open J-Runner and select
...
next to the Load Source field and select one of your original NAND dumps if not already selected. In the upper right of J-Runner, ensure theGlitch2
radio button is selected. - Click "Create XeBuild Image". This will take a few moments.
- Click "Write NAND".
- Disconnect your NAND programmer from the console's motherboard when the process completes.
- Check if the console boots to the Microsoft dashboard. If it successfully boots to the dashboard, it is an indication that you've successfully hacked your console.
- Boot the console several times and ensure it boots consistently. If not, make sure your wiring is clean and neat and avoids noisy areas. Run the wires near the X-Clamps for best results.
- Tune boot times if necessary.
- Continue in the Cleaning Up section.
Writing a New NAND Image (XeLL)
4 GB Corona varients do not support currently support NAND flashing through XeLL. If XeLL is the only thing flashed to the NAND, it is required to use a NAND flasher. |
- Open J-Runner and select
...
next to the Load Source field and select your nanddump1.bin or nanddump2.bin if not already selected. In the upper right corner of the window, select the dashboard version you chose for the patched dump that you wrote to the motherboard and make sure that theGlitch2
radio button is selected. - Click "Create XeBuild Image". This will take a few moments.
- Copy updflash.bin to a FAT32 formatted USB storage device and plug it into your powered-off console.
- Turn on your console. It will boot into XeLL and begin flashing your NAND. Once it has finished, it will power off your console.
- Turn it back on, and it should boot to the Microsoft dashboard, which is an indication that you've successfully hacked your console.
- Boot the console several times and ensure it boots consistently. If not, make sure your wiring is clean and neat and avoids noisy areas. Run the wires near the X-Clamps for best results.
- Tune boot times if necessary.
- Continue in the Cleaning Up section.
Tuning Boot Times
As the glitch chip pulses, a green debug light will flash a pattern. Using this pattern, we can know roughly how to adjust the tuning. Let's start with some examples. The ideal is slightly "below" the edge of Long/Short, closer to Short. You want to see more Short than Long cycles.
If you get good light behavior, mostly Short but also Long sometimes, but the console still does not boot well, try to recreate this scenerio with other timing/pulse length. If using a Corona with Xecuter Postfix V2, try moving wire to a bigger number pad. This will adjust for you the length of POST.
- 2 Short Blinks, then Short
- .....##...##...................##............
- This means that the checks were passed, but the console failed to start.
- Probably the timing is too low, or the pulse length is too large.
- 2 Short Blinks, then Long
- .....##...##...................##############
- This means that the checks failed.
- Probably the timing is too high, or the pulse length is too small.
- 4 Short Blinks, then Long
- .....##...##...................##...##...................##############
- This means there is a problem with RST wiring problem causing pulse length to be very big. Try to use alternate points or longer wire.
- No Light Blinks or Always On
- .............................................
- This means your wiring is bad, or the timing file was not written sucessfully.
Cleaning Up
Remove your NAND programmer wires and clean the points. Clean all flux off the board, allow it to dry, and test it once more before re-assembling.
Installing XeXMenu
- Plug a flash drive into your Xbox 360 and navigate to Console Settings > Storage. Select the flash drive and allow it to format the flash drive as a system drive.
- Extract the
CODE9999
folder from the XeXMenu 1.2 rar to your Desktop. - Plug the flash drive into your PC. Open Xplorer360 and select Drive > Open > Harddrive or Memcard. On the left-hand side, select Partition 3, then right-click the Content folder, select "New Folder", and name it
0000000000000000
(16 zeroes). Open the new folder, then drag theCODE9999
folder into it. - Select Drive > Close, then close Xplorer360. Safely eject your flash drive and plug it into your Xbox 360. Navigate to the Demos section of your dashboard, and it should list XeXMenu there. Select it to launch it.
You can install XeXMenu to your hard drive by going to Console Settings > Storage, and copying it from your flash drive to the hard drive.
From here, you can install any homebrew or mods that you want. See this page for a list of recommended modifications and applications to install.