Xbox 360:Standard NAND: Difference between revisions
Line 69: | Line 69: | ||
*Easy to find | *Easy to find | ||
| | | | ||
* | * Wire routing is more sensitive compared to other NAND flashers | ||
|- | |- | ||
|'''[[Xbox_360:Matrix_Programmer|Matrix USB NAND Flasher]]''' | |'''[[Xbox_360:Matrix_Programmer|Matrix USB NAND Flasher]]''' |
Revision as of 23:42, 29 January 2024
This guide will walk you through obtaining NAND dumps, creating a .bin/.ecc file for XeLL, and writing it to the console using a dedicated NAND flasher.
This guide applies to all motherboards except 4GB Corona motherboards. You can read the guide for 4GB Corona NANDs here.
If you would prefer to use an LPT cable for NAND dumping, you can view the corrisponding guide here.
Equipment Needed
- One of the following NAND programmers:
- xFlasher 360 by Element18592
- Raspberry Pi Pico (or other RP2040 based SBC) flashed with PicoFlasher
- JR Programmer
- NAND-X
- Matrix Flasher
- One of the following USB cable types to connect the NAND programmer to a computer:
- Mini-USB if you are using a NAND-X, Matrix, JR Programmer, or older xFlasher 360
- Micro-USB if a Raspberry Pi (or another RP2040 SBC with a micro USB port) for PicoFasher
- USB-C cable if using an newer xFlasher 360 or USB-C RP2040 SBC with PicoFlasher
- A soldering iron, solder, flux, and Isopropyl alcohol with cotton swabs
- If using a Matrix or Raspberry Pi Pico, 28AWG or 30AWG wire (Solid core recommended)
NAND Flasher Comparison
There are a few different tools for reading your NAND chip: xFlasher 360, Nand-X, JR Programmer, Matrix USB NAND Flasher, PicoFlasher, various SD card tools, or a LPT cable. Consider the pros and cons below and choose the method that’s right for you. The LPT cable method is not recommended as it's extremely slow, requires more work than other options, and cannot be used to program glitch chips.
Device | Pros | Cons |
---|---|---|
xFlasher 360 |
|
|
Nand-X |
|
|
JR Programmer |
|
|
PicoFlasher |
|
|
Matrix USB NAND Flasher |
|
|
LPT Cable |
|
|
Installing Drivers
- Download and extract J-Runner with Extras.
- Press Win+R and type
devmgmt.msc
and press Enter to open Device Manager. You can also get to it by searching for it in the Start menu. Plug the USB cable into both your programmer and your PC. Windows should find it and it will appear asJ-R PROGRAMMER
orNAND-X
or twoUSB Serial Port
entries under the "Other Devices" category in Device Manager. - Install drivers:
- (xFlasher): Launch J-Runner with Extras, plug in your xFlasher, and click the xFlasher menu and "Install Drivers".
- (JR Programmer / NAND-X / Matrix): If you are on Windows 10, you will need to disable signed driver enforcement. Once done, right-click the programmer’s name in Device Manager and select Update Driver Software… > Browse my computer for driver software > Browse… > navigate to your J-Runner folder > common > drivers > OK > Next. You may receive a popup saying that Windows can’t verify the publisher of the driver, select the option to install it anyway. It should successfully install and file your device under its own category in Device Manager. Your programmer’s LED light should also turn green.
Soldering to the Motherboard
xFlasher / JR Programmer / NAND-X
- Your kit will come with a cable with a white plug on one end and open wires on the other. Solder each wire according to the diagram below. Note that the wire colors may be different than the picture below in a knockoff kit, so go off of the wire position and not the color of the wires in that case.
- Once you’ve finished soldering, clean up any flux with isopropyl alcohol and cotton swabs.
Matrix
- Solder a wire to each of the labelled pads on the Matrix and to the corresponding pads marked J1D2/J2B1 (phat) or J2C1/J2C2 (slim) on the motherboard in the diagram below.
- Once you’ve finished soldering, clean up any flux with isopropyl alcohol and cotton swabs.
PicoFlasher
- Solder each wire (or connect a pin header wire) to each of the labeled pads on the Raspberry Pi pictured in one of the diagrams below, and then solder the other ends of the wires to each of the corrasponding pads on the motherboard.
- Once you’ve finished soldering, clean up any flux with isopropyl alcohol and cotton swabs.
Phat PicoFlasher
Trinity PicoFlasher
Corona 16MB PicoFlasher
(Corona Only) Solder Bridges
Ensure to check these resistors and solder as noted. You only need to bridge R2C7 & R2C6 when using RGH 2, S-RGH, or Muffin/Mufas.
Reading the NAND
- Plug your Xbox 360 power supply in, but do not turn the console on. You can leave the RF board disconnected to prevent turning it on by accident.
- If you are using an xFlasher, set the switch to
SPI
.
- If you are using an xFlasher, set the switch to
- Plug the white end of the cable into the bottom port of the programmer. Plug the USB cable into the programmer and your PC.
- Launch J-Runner. Select "Read Nand" in the top left. It may prompt you for your Xbox 360’s model, make the correct selection and click OK. If everything is wired properly, it will read your NAND twice and automatically compare the dumps. If it says "Device Not Found" or anything about missing CB/CD files, see the troubleshooting steps at the bottom of this page. If you get messages about bad blocks, ignore them. When it has finished, it will tell you if the two dumps are an exact match. If they are, you can close J-Runner and proceed. If they aren’t, take more dumps until you get matching ones.
- Copy both of the dumps to a safe place such as cloud storage or send it to yourself in an email to keep them safe. They are located in the
output
folder in the J-Runner directory.
(Phat Only) Checking your CB if it's JTAGable
This section is only if you have a phat Xbox 360 that has a dashboard/kernel version of 2.0.7371.0 or lower.
Open J-Runner and select "…" next to the Load Source field and choose the nanddump1.bin
or nanddump2.bin
file. On the right-hand side, note the value next to the 2BL [CB]
label. If your CB is on the list below, your console is JTAGable. Any newer CB which is not on the list will be patched.
Model | Exploitable CB Versions |
---|---|
Xenon | 1888, 1897, 1902, 1903, 1920, 1921, 8192 |
Xenon (Elpis) | none* |
Zephyr | 4540, 4558, 4570, 4580 |
Falcon/Opus | 5760, 5761, 5766, 5770 |
Jasper | 6712 & 6723 |
Tonasket | none |
*Elpis Xenons come with a 7xxx CB, which are always patched against the JTAG hack.
Writing XeLL to the NAND
- In J-Runner, select "…" next to the Load Source field and choose your
nanddump1.bin
ornanddump2.bin
. - Select the appropriate radio button in the top right of the window:
JTAG
- For JTAG, R-JTAG, or R-JTOP.Glitch
- For RGH1.Glitch2
- For RGH1.2, RGH2, RGH3, EXT_CLK, Muffin/Mufas, or S-RGH.Glitch2m
- Same as Glitch2 but only used if your eFuses are in a non-bootable state.
- Put a check in the appropriate check box (if applicable) in the top right of the window:
- If you are using JTAG, select
JTAG
and leave the R-JTAG checkbox unchecked.- If you are using R-JTAG or R-JTOP, the
R-JTAG
checkbox would be enabled. - If you are not on a Xenon console, select
Aud_Clamp
for either of these three modifications.
- If you are using R-JTAG or R-JTOP, the
- If you are using RGH 1.2 or S-RGH, select
SMC+
- If you are on a non-Xenon console with EXT_CLK, select
SMC+
- If you are using Project Mufas, select
SMC+
- If you are using RGH2 with an X360ACE, select
SMC+
- If you are using RGH2 or RGH2+ with a CR3/CR4, select
CR4
- If you are using RGH3, select
RGH3
- If you have an Xbox 360 E motherboard with Windbond W641GG2KB RAM, select
WB 2K
- If you are using JTAG, select
- Select the
Create XeLL
button and wait for it to finish. - Select the
Write XeLL
button, select your system, and press OK. It will write the XeLL to the first 50 blocks on the motherboard's NAND.- If it says "Device Not Found" or Flash Config 0x00000000, see the troubleshooting steps at the bottom of this page.
- Once it has successfully written to the motherboard, unplug the power cable from your Xbox 360 and unplug the USB cable from the computer and programmer.
- Go back the page you were originally on for wiring instructions.
Troubleshooting
- "Device Not Found"
- Re-insert the USB cable
- Check that the drivers are properly installed
- "Flash Config 0x00000000"
- Check that your power brick is plugged in, with an amber colored LED, and that it is plugged into your console completely (console turned off).
- Check your soldering to your motherboard. Each point should be solidly connected and have a shiny round joint.
- Check that you’ve cleaned up any flux you had used. Depending on the type, it may be conductive and cause issues. MG 835 is strongly suggested to avoid this.
- "Wrong Version"
- Re-insert the USB cable
- What should I do if I ripped off a soldering pad?
- Look online for an alternate point to solder onto. Practice more on junk electronics before attempting to continue.