Xbox 360:RGH: Difference between revisions

From ConsoleMods Wiki
Jump to navigation Jump to search
m (Text replacement - "”" to """)
(→‎Requirements: upd file name)
 
(34 intermediate revisions by 7 users not shown)
Line 1: Line 1:
[[Category:Xbox360]]
[[Category:Xbox 360]]
{{Warning|The steps on this page are considered risky for your console, as there is a chance you can brick it. Please have someone else mod your console if you are not experienced in soldering!}}
{{Warning|The steps on this page are considered risky for your console, as there is a chance you can brick it. Please have someone else mod your console if you are not experienced in soldering!}}
Reset Glitch Hack (RGH) is a hardware modification which allows you to run unsigned code, mods, game backups, and homebrew. The hack relies on a vulnerability in the hardware found by GliGli that is triggered by sending a reset pulse to the processor at a specific moment, resulting in a power glitch that causes a bootloader hash check to return "valid" no matter what you have flashed in place of the stock bootloader. The timing of when and how long the pulse should be sent is dependent on the console and it may take some tweaking until it “glitches" and boots.
Reset Glitch Hack (RGH) is a hardware modification which allows you to run unsigned code, mods, game backups, and homebrew. The hack relies on a vulnerability in the hardware found by GliGli that is triggered by sending a reset pulse to the processor at a specific moment, resulting in a power glitch that causes a bootloader hash check to return "valid" no matter what you have flashed in place of the stock bootloader. The timing of when and how long the pulse should be sent is dependent on the console and it may take some tweaking until it "glitches" and boots.


The RGH variants are as follows:
The RGH variants are as follows:


* RGH1 is for Phat consoles with dashboard 14699 and lower. It uses CPU_PLL_BYPASS to slow down the CPU by 128x in order to precisely power glitch during a hash check on a bootloader..
* RGH1 is compatible with Phat consoles on dashboard 14699 or lower. It uses CPU_PLL_BYPASS to slow down the CPU by 128x in order to precisely power glitch during a hash check on a bootloader.
* RGH2 is for Slims (but also works for Non-Xenon Phats), which uses I2C slowdown instead of PLL slowdown, and works on any dashboard. However, it is considered more difficult to tune, and less consistent.
* RGH2 is for Slims (but also works for Non-Xenon Phats), which uses I2C slowdown instead of PLL slowdown, and works on any dashboard. However, it is considered more difficult to tune, and less consistent.
** RGH2+ is the same as RGH2, except that the slowdown is sent by the southbridge, instead of the glitch chip. The glitch chip asserts a remapped GPIO pin to tell the southbridge when to send slowdown/speedup. It is exclusive to some Team Xecuter chips.
** RGH2+ is the same as RGH2, except that the slowdown is sent by the southbridge, instead of the glitch chip. The glitch chip asserts a remapped GPIO pin to tell the southbridge when to send slowdown/speedup. It is exclusive to some Team Xecuter chips such as the CR4XL.
* RGH1.2 combines RGH1-like PLL slowdown with RGH2 software to allow reliable glitching of Phat consoles after 14699 dashboard.
* RGH1.2 combines RGH1-like PLL slowdown with Glitch2 images to allow reliable glitching of Falcon/Jasper consoles with split CB (post 14699 kernel) and works on any dashboard.
** RGH1.2 V2 ports this hack to Slim consoles as well as fixing a few issues on Jaspers. It is also tuned better than the original RGH 1, thus being preferrable.
* S-RGH (Speeded-Up RGH) is a tweaked and better version of RGH2 which is far more consistent and quick.
* S-RGH (Speeded-Up RGH) is a tweaked and better version of RGH2 which is far more consistent and quick.
** Muffin RGH is '''not recommended'''. It essentially is a less consistent method of glitching and does not boot as fast or consistently as S-RGH.
** Project Muffin is similar to S-RGH, but i2C slowdown is handled by the south bridge instead of the glitch chip. '''It is not recommended''', as it is essentially a less consistent method of glitching and does not boot as fast or consistently as S-RGH or Mufas.
 
** Project Mufas is essentially a significantly tweaked and better version of Muffin to have more optimized and more reliable glitching.
* EXT_CLK is similar to RGH 1.2, but uses the EXT_CLK_EN point instead of CPU_PLL_BYPASS to slow the CPU by roughly 10.6x. It is the best method for Xenon and Zephyr boards that have PLL-crash issues.
* RGH3 is the newest RGH variant, and the first to work without a glitch chip by using the SMC in the south bridge to do the glitching instead. Works with Falcon/Jasper Phats and Slims, however it appears to be more reliable with Slims.


==Requirements==
==Requirements==


Below are the requirements to RGH your Xbox 360. It’s recommended to read ahead and choose the NAND reading method and glitch chip specific wiring method that’s right for you, as you will need a NAND programmer and potentially more equipment depending on which methods you choose.
Below are the minimum requirements to RGH your Xbox 360. It’s recommended to read ahead and choose the NAND reading method and glitch chip specific wiring method that’s right for you, as you will need a NAND programmer and potentially more equipment depending on which methods you choose.


# Be experienced in soldering. The Xbox 360 is not a good place to learn to solder. Regardless of which reading method you choose, you will need a soldering iron, solder, and flux (MG 835 recommended)
# Be experienced in soldering. The Xbox 360 is not a good place to learn to solder. Regardless of which reading method you choose, you will need a soldering iron, solder, flux, and 28 AWG or 30 AWG wire (Solid core preferred). [[Recommended Soldering Equipment|Specific recommendatons can be found on this page]].
# Determine your motherboard model. All models are compatible except the Winchester motherboard. You can use [https://identify.octalsconsoleshop.com Octal’s Wizard] to determine your model or look at the back of your console and use [http://i.imgur.com/Dcf9hQ4.png this chart] and looking [http://web.archive.org/web/20190729184243/https://obrazki.elektroda.pl/5184821800_1418893002.jpg through the side vent of your console].
# Determine your motherboard model. All models are compatible except the Winchester motherboard. You can use [https://octal450.github.io/identify/ Octal’s Identification Wizard] or use the methods mentioned on the [[Xbox 360:Getting Started|Getting Started]] page to determine your model .
#* Corona: Determine if 16MB or 4GB NAND model by turning on the console, navigating to System Settings > Storage, and checking whether the onboard storage unit is 16MB or 4GB. Also determine if you need to buy a postfix adapter using [https://i.imgur.com/5lY3TID.png this diagram].
#* Corona: Determine if 16 MB or 4 GB NAND model by turning on the console, navigating to System Settings > Storage, and checking whether the onboard storage unit is 16MB or 4GB. Also determine if you need to buy a postfix adapter using [[:File:Full Postfix Guide.png|this diagram]].
# Use [[Xbox_360:Exploit Chart|the recommended exploit chart]] to determine what RGH version is best for your console.
# Use [[Xbox_360:Exploit Chart|the recommended exploit chart]] to determine what RGH version is best for your console.


==Reading your NAND==
==Reading your NAND==


There are a few different tools for reading your NAND chip: xFlasher 360, Nand-X, JR Programmer, Matrix USB NAND Flasher, various SD card tools, or a LPT cable. However, the 4GB Corona requires that you use an xFlasher 360 or a SD card tool. Consider the pros and cons below and choose the method that’s right for you. The LPT cable method is not listed here, as you will need one of these other flashers second device to program a glitch chip anyway.
===4 GB Corona/Waitsburg/Stingray===
 
{{Xbox 360 eMMC Flashers}}
===[[Xbox_360:4GB_NAND|4GB Corona]]===
 
{| class="wikitable"
! Device
! Pros
! Cons
|-
| '''xFlasher 360'''
|
* Reads NAND in 40 seconds to 4 minutes
* Can also program RGH glitch chips
* One of two options for 4GB NAND Corona
* Actively supported
|
|-
| '''SD Card Tools'''
|
* One of two options for 4GB NAND Corona
|
* You will need a programmer to program glitch chips
|}
 
===[[Xbox_360:Standard_NAND|All Other Motherboards]]===
 
{| class="wikitable"
! Device
! Pros
! Cons
|-
| '''xFlasher 360'''
|
* Reads NAND in 40 seconds to 4 minutes
* Can also program RGH glitch chips
* One of two options for 4GB NAND Corona
* Actively supported
|
* More expensive than JR Programmer
|-
| '''Nand-X'''
|
* Reads NAND in 2-8 minutes
* Can also program RGH glitch chips
|
* More expensive than JR Programmer and xFlasher 360
* Does not support 4GB Coronas
|-
| '''JR Programmer'''
|
* Reads NAND fast in 3-10 minutes
* Can also program RGH glitch chips
|
* More expensive than LPT cable
* Does not support 4GB Coronas
|-
| '''Matrix USB NAND Flasher'''
|
* Reads NAND in 7-26 minutes
* Cheap option
|
* Can’t be used for programming glitch chips [[Xbox_360:Matrix Programmer|unless you modify it]]
* Does not support 4GB Coronas
|}
 
==RGH Wiring==
 
===Phat===
 
====[[Xbox_360:RGH/RGH1|RGH1]]====
 
====[[Xbox_360:RGH/RGH1.2|RGH1.2]]====
 
====[[Xbox_360:RGH/RGH2|RGH2]]====


====[[Xbox_360:RGH/S-RGH|S-RGH]]====
===All Other NAND Types===
{{Xbox 360 NAND Flashers}}


===Slim / E===


====[[Xbox_360:RGH/RGH2|RGH2]]====
==RGH Methods==


====[[Xbox_360:RGH/S-RGH|S-RGH]]====
===[[Xbox 360:RGH/RGH1|RGH1]]===


==Cleaning Up==
=== [[Xbox 360:RGH/RGH1.2|RGH1.2]] ===


Remove your NAND programmer wires and clean the points. Clean all flux off the board, allow it to dry, and test it once more before re-assembling.
===[[Xbox_360:RGH/RGH2|RGH2]]===


==Installing XeXMenu==
===[[Xbox_360:RGH/S-RGH|S-RGH]]===


# Plug a flash drive into your Xbox 360 and navigate to Console Settings > Storage. Select the flash drive and allow it to format the flash drive as a system drive.
===[[Xbox 360:RGH/Mufas|Project Mufas]]===
# Extract the <code>CODE9999</code> folder from the [http://www.mediafire.com/file/7orm0jrkncrzo1w/xexmenu12live.rar/file XeXMenu 1.2 rar] to your Desktop.
# Plug the flash drive into your PC. Open [http://www.mediafire.com/file/zb6ic4036c6nmpg/Xplorer360.exe/file Xplorer360] and select Drive > Open > Harddrive or Memcard. On the left-hand side, select Partition 3, then right-click the Content folder, select “New Folder", and name it <code>0000000000000000</code> (16 zeroes). Open the new folder, then drag the <code>CODE9999</code> folder into it.
# Select Drive > Close, then close Xplorer360. Safely eject your flash drive and plug it into your Xbox 360. Navigate to the Demos section of your dashboard, and it should list XeXMenu there. Select it to launch it.


* You can install XeXMenu to your hard drive by going to Console Settings > Storage, and copying it from your flash drive to the hard drive.
===[[Xbox_360:RGH/EXT_CLK|EXT_CLK]]===


From here, you can install any homebrew or mods that you want. See [[Xbox_360:Recommendations|this page]] for a list of recommended modifications and applications to install.
===[[Xbox_360:RGH/RGH3|RGH3]]===

Latest revision as of 19:00, 20 October 2024

Exclamation-triangle-fill.svgThe steps on this page are considered risky for your console, as there is a chance you can brick it. Please have someone else mod your console if you are not experienced in soldering!


Reset Glitch Hack (RGH) is a hardware modification which allows you to run unsigned code, mods, game backups, and homebrew. The hack relies on a vulnerability in the hardware found by GliGli that is triggered by sending a reset pulse to the processor at a specific moment, resulting in a power glitch that causes a bootloader hash check to return "valid" no matter what you have flashed in place of the stock bootloader. The timing of when and how long the pulse should be sent is dependent on the console and it may take some tweaking until it "glitches" and boots.

The RGH variants are as follows:

  • RGH1 is compatible with Phat consoles on dashboard 14699 or lower. It uses CPU_PLL_BYPASS to slow down the CPU by 128x in order to precisely power glitch during a hash check on a bootloader.
  • RGH2 is for Slims (but also works for Non-Xenon Phats), which uses I2C slowdown instead of PLL slowdown, and works on any dashboard. However, it is considered more difficult to tune, and less consistent.
    • RGH2+ is the same as RGH2, except that the slowdown is sent by the southbridge, instead of the glitch chip. The glitch chip asserts a remapped GPIO pin to tell the southbridge when to send slowdown/speedup. It is exclusive to some Team Xecuter chips such as the CR4XL.
  • RGH1.2 combines RGH1-like PLL slowdown with Glitch2 images to allow reliable glitching of Falcon/Jasper consoles with split CB (post 14699 kernel) and works on any dashboard.
    • RGH1.2 V2 ports this hack to Slim consoles as well as fixing a few issues on Jaspers. It is also tuned better than the original RGH 1, thus being preferrable.
  • S-RGH (Speeded-Up RGH) is a tweaked and better version of RGH2 which is far more consistent and quick.
    • Project Muffin is similar to S-RGH, but i2C slowdown is handled by the south bridge instead of the glitch chip. It is not recommended, as it is essentially a less consistent method of glitching and does not boot as fast or consistently as S-RGH or Mufas.
    • Project Mufas is essentially a significantly tweaked and better version of Muffin to have more optimized and more reliable glitching.
  • EXT_CLK is similar to RGH 1.2, but uses the EXT_CLK_EN point instead of CPU_PLL_BYPASS to slow the CPU by roughly 10.6x. It is the best method for Xenon and Zephyr boards that have PLL-crash issues.
  • RGH3 is the newest RGH variant, and the first to work without a glitch chip by using the SMC in the south bridge to do the glitching instead. Works with Falcon/Jasper Phats and Slims, however it appears to be more reliable with Slims.

Requirements

Below are the minimum requirements to RGH your Xbox 360. It’s recommended to read ahead and choose the NAND reading method and glitch chip specific wiring method that’s right for you, as you will need a NAND programmer and potentially more equipment depending on which methods you choose.

  1. Be experienced in soldering. The Xbox 360 is not a good place to learn to solder. Regardless of which reading method you choose, you will need a soldering iron, solder, flux, and 28 AWG or 30 AWG wire (Solid core preferred). Specific recommendatons can be found on this page.
  2. Determine your motherboard model. All models are compatible except the Winchester motherboard. You can use Octal’s Identification Wizard or use the methods mentioned on the Getting Started page to determine your model .
    • Corona: Determine if 16 MB or 4 GB NAND model by turning on the console, navigating to System Settings > Storage, and checking whether the onboard storage unit is 16MB or 4GB. Also determine if you need to buy a postfix adapter using this diagram.
  3. Use the recommended exploit chart to determine what RGH version is best for your console.

Reading your NAND

4 GB Corona/Waitsburg/Stingray

4 GB Xbox 360 S/E SKUs made after mid 2011 use an MMC NAND (Corona) or eMMC chip (Waitsburg/Stingray/Winchester) and require different tools to dump and flash the NAND compared to the 16/64/256/512 MB NAND chips. These 4 GB consoles require that you use an xFlasher 360, PicoFlasher, Element18592's 4GB USB tool, or an SD card tool. Consider the pros and cons below and choose the method that’s right for you.

A guide on how to dump and write to a 4 GB NAND can be found here.

Device Pros Cons
xFlasher 360
  • Reads NAND fast in 40 seconds to 4 minutes
  • Can also program glitch chips
  • Actively supported
  • USB-C
  • More expensive than other options
PicoFlasher
  • Usually has inconsistent dumping behavior
4GB USB Tool
  • Reads NAND fast in 40 seconds to 4 minutes (same as xFlasher)
  • Cheap
  • Comes with a header for the NAND pads, making future NAND reading easier
  • You will need a programmer to flash glitch chips
SD Card Tool (any brand)
  • Super cheap
  • Easy to find
  • Easy to DIY
  • You will need a dedicated programmer to flash glitch chips
  • Sometimes has inconsistent compatibility with SD card readers

All Other NAND Types

There are a few different tools for reading your NAND chip: xFlasher 360, Nand-X, JR Programmer, Matrix USB NAND Flasher, PicoFlasher, various SD card tools, or a LPT cable. Consider the pros and cons below and choose the method that’s right for you. An LPT cable is not recommended as it's extremely slow, requires more work than other options, and cannot be used to program glitch chips.

A guide on how to dump and write to a standard NAND can be found here.

Device Pros Cons
xFlasher 360
  • Reads NAND fast in 40 seconds to 4 minutes
  • Can also program glitch chips
  • One of four options for 4GB NANDs
  • Actively supported
  • USB-C
  • Most expensive flasher
  • Not sold on common marketplaces like Amazon or AliExpress
  • Can't be used for flashing Sonus Sounds
PicoFlasher
  • Reads NAND fast in 1-8 minutes
  • One of four options for 4GB NANDs
  • One of the two options for Sonus flashing
  • Super cheap
  • Easy to find
  • Can flash glitch chips with this J-Runner Fork
  • Due to how the currently available PicoFlasher firmware is programmed, it often has many bugs with getting consistently good non-corrupt NAND dumps or being detected by J-Runner.
  • Can sometimes have spotty reliability on Xbox 360 motherboards due to their SPI and eMMC logic being up to 5v, whereas the Pico uses 3.3v.
JR Programmer
  • Reads NAND in 3-10 minutes
  • Can also program glitch chips
  • One of the two options for Sonus flashing
  • Cheap
  • Easy to find
  • More expensive and less common than PicoFlasher
  • Does not support 4GB NANDs
Nand-X
  • Reads NAND in 2-8 minutes
  • Can also program RGH glitch chips
  • More expensive than most NAND flashers
  • Does not support 4GB NANDs
  • Can't be used for flashing Sonus Sounds
Matrix USB NAND Flasher
  • Cheap
  • Can’t be used for programming glitch chips unless you modify it
  • Does not support 4GB NANDs
  • Requires unsigned drivers
  • Reads NAND in 7-26 minutes, which is quite a bit slower than most options
  • Can't be used for flashing Sonus Sounds
LPT Cable
  • Cheap
  • Requires PC with a native parallel port and more equipment
  • More difficult
  • Does not support 4GB NANDs
  • Can’t be used for programming glitch chips
  • Can't be used for Sonus flashing
  • Takes 30-150 minutes to read NANDs


RGH Methods

RGH1

RGH1.2

RGH2

S-RGH

Project Mufas

EXT_CLK

RGH3