Xbox 360:Standard NAND

From ConsoleMods Wiki
Jump to navigation Jump to search

This guide will walk you through obtaining NAND dumps, creating a .bin/.ecc file for XeLL, and writing it to the console using a dedicated NAND flasher.

This guide applies to all motherboards except 4GB Corona motherboards. You can read the guide for 4GB Corona NANDs here.

If you would prefer to use an LPT cable for NAND dumping, you can view the corrisponding guide here.

Equipment Needed

  • One of the following NAND programmers:
    • xFlasher 360 by Element18592
    • Raspberry Pi Pico (or other RP2040 based SBC) flashed with PicoFlasher
    • JR Programmer
    • NAND-X
    • Matrix Flasher
  • One of the following USB cable types to connect the NAND programmer to a computer:
    • Mini-USB if you are using a NAND-X, Matrix, JR Programmer, or older xFlasher 360
    • Micro-USB if a Raspberry Pi (or another RP2040 SBC with a micro USB port) for PicoFasher
    • USB-C cable if using an newer xFlasher 360 or USB-C RP2040 SBC with PicoFlasher
  • A soldering iron, solder, flux, and Isopropyl alcohol with cotton swabs
  • If using a Matrix or Raspberry Pi Pico, 28AWG or 30AWG wire (Solid core recommended)

NAND Flasher Comparison

There are a few different tools for reading your NAND chip: xFlasher 360, Nand-X, JR Programmer, Matrix USB NAND Flasher, PicoFlasher, various SD card tools, or a LPT cable. Consider the pros and cons below and choose the method that’s right for you. The LPT cable method is not recommended as it's extremely slow, requires more work than other options, and cannot be used to program glitch chips.

Device Pros Cons
xFlasher 360
  • Reads NAND fast in 40 seconds to 4 minutes
  • Can also program glitch chips
  • One of four options for 4GB Corona
  • Actively supported
  • USB-C
  • Uses signed drivers
  • Most expensive flasher
  • Can't be used for flashing Sonus Sounds
PicoFlasher
  • Reads NAND fast in 1-8 minutes
  • One of four options for 4GB Corona
  • One of the two options for Sonus or Slim sound programming
  • Super cheap
  • Easy to find
  • Uses signed drivers
  • Wire routing is more sensitive compared to other NAND flashers
JR Programmer
  • Reads NAND in 3-10 minutes
  • Can also program glitch chips
  • One of the two options for Sonus or Slim sound programming
  • Cheap
  • Easy to find
  • More expensive than PicoFlasher
  • Requires unsigned drivers
Nand-X
  • Reads NAND in 2-8 minutes
  • Can also program RGH glitch chips
  • More expensive than most NAND flashers
  • Not much cheaper than the xFlasher
  • Does not support 4GB Coronas
  • Requires unsigned drivers
Matrix USB NAND Flasher
  • Reads NAND in 7-26 minutes
  • Super cheap
  • Can’t be used for programming glitch chips unless you modify it
  • Does not support 4GB Coronas
  • Requires unsigned drivers
LPT Cable
  • Cheap
  • Doesn't require unsigned drivers
  • Requires PC with a native parallel port and more equipment
  • More difficult
  • Can’t be used for programming glitch chips
  • Takes 30-150 minutes to read NANDs

Installing Drivers

  1. Download and extract J-Runner with Extras.
  2. Press Win+R and type devmgmt.msc and press Enter to open Device Manager. You can also get to it by searching for it in the Start menu. Plug the USB cable into both your programmer and your PC. Windows should find it and it will appear as J-R PROGRAMMER or NAND-X or two USB Serial Port entries under the "Other Devices" category in Device Manager.
  3. Install drivers:
    • (xFlasher): Launch J-Runner with Extras, plug in your xFlasher, and click the xFlasher menu and "Install Drivers".
    • (JR Programmer / NAND-X / Matrix): If you are on Windows 10, you will need to disable signed driver enforcement. Once done, right-click the programmer’s name in Device Manager and select Update Driver Software… > Browse my computer for driver software > Browse… > navigate to your J-Runner folder > common > drivers > OK > Next. You may receive a popup saying that Windows can’t verify the publisher of the driver, select the option to install it anyway. It should successfully install and file your device under its own category in Device Manager. Your programmer’s LED light should also turn green.

Soldering to the Motherboard

xFlasher / JR Programmer / NAND-X

  1. Your kit will come with a cable with a white plug on one end and open wires on the other. Solder each wire according to the diagram below. Note that the wire colors may be different than the picture below in a knockoff kit, so go off of the wire position and not the color of the wires in that case.
    JR-NAND-X.png
  2. Once you’ve finished soldering, clean up any flux with isopropyl alcohol and cotton swabs.

Matrix

  1. Solder a wire to each of the labelled pads on the Matrix and to the corresponding pads marked J1D2/J2B1 (phat) or J2C1/J2C2 (slim) on the motherboard in the diagram below. USB-NAND-Flasher1.png
  2. Once you’ve finished soldering, clean up any flux with isopropyl alcohol and cotton swabs.

PicoFlasher

  1. Solder each wire (or connect a pin header wire) to each of the labeled pads on the Raspberry Pi pictured in one of the diagrams below, and then solder the other ends of the wires to each of the corrasponding pads on the motherboard.
  2. Once you’ve finished soldering, clean up any flux with isopropyl alcohol and cotton swabs.

Phat PicoFlasher

Diagram for Phat motherboards

Trinity PicoFlasher

Diagram for Trinity motherboards

Corona 16MB PicoFlasher

Diagram for Corona motherboards

(Corona Only) Solder Bridges

Ensure to check these resistors and solder as noted. You only need to bridge R2C7 & R2C6 when using RGH 2, S-RGH, or Muffin/Mufas.

Reading the NAND

  1. Plug your Xbox 360 power supply in, but do not turn the console on. You can leave the RF board disconnected to prevent turning it on by accident.
    • If you are using an xFlasher, set the switch to SPI.
  2. Plug the white end of the cable into the bottom port of the programmer. Plug the USB cable into the programmer and your PC.
  3. Launch J-Runner. Select "Read Nand" in the top left. It may prompt you for your Xbox 360’s model, make the correct selection and click OK. If everything is wired properly, it will read your NAND twice and automatically compare the dumps. If it says "Device Not Found" or anything about missing CB/CD files, see the troubleshooting steps at the bottom of this page. If you get messages about bad blocks, ignore them. When it has finished, it will tell you if the two dumps are an exact match. If they are, you can close J-Runner and proceed. If they aren’t, take more dumps until you get matching ones.
  4. Copy both of the dumps to a safe place such as cloud storage or send it to yourself in an email to keep them safe. They are located in the output folder in the J-Runner directory.

(Phat Only) Checking your CB if it's JTAGable

This section is only if you have a phat Xbox 360 that has a dashboard/kernel version of 2.0.7371.0 or lower.

Open J-Runner and select "…" next to the Load Source field and choose the nanddump1.bin or nanddump2.bin file. On the right-hand side, note the value next to the 2BL [CB] label. If your CB is on the list below, your console is JTAGable. Any newer CB which is not on the list will be patched.

Model Exploitable CB Versions
Xenon 1888, 1897, 1902, 1903, 1920, 1921, 8192
Xenon (Elpis) none*
Zephyr 4540, 4558, 4570, 4580
Falcon/Opus 5760, 5761, 5766, 5770
Jasper 6712 & 6723
Tonasket none

*Elpis Xenons come with a 7xxx CB, which are always patched against the JTAG hack.

Writing XeLL to the NAND

Windbond W641GG2KB-14 RAM on an Xbox 360 E
  1. In J-Runner, select "…" next to the Load Source field and choose your nanddump1.bin or nanddump2.bin.
  2. Select the appropriate radio button in the top right of the window:
    • JTAG - For JTAG, R-JTAG, or R-JTOP.
    • Glitch - For RGH1.
    • Glitch2 - For RGH1.2, RGH2, RGH3, EXT_CLK, Muffin/Mufas, or S-RGH.
    • Glitch2m - Same as Glitch2 but only used if your eFuses are in a non-bootable state.
  3. Put a check in the appropriate check box (if applicable) in the top right of the window:
    • If you are using JTAG, select JTAG and leave the R-JTAG checkbox unchecked.
      • If you are using R-JTAG or R-JTOP, the R-JTAG checkbox would be enabled.
      • If you are not on a Xenon console, select Aud_Clamp for either of these three modifications.
    • If you are using RGH 1.2 or S-RGH, select SMC+
    • If you are on a non-Xenon console with EXT_CLK, select SMC+
    • If you are using Project Mufas, select SMC+
    • If you are using RGH2 with an X360ACE, select SMC+
    • If you are using RGH2 or RGH2+ with a CR3/CR4, select CR4
    • If you are using RGH3, select RGH3
    • If you have an Xbox 360 E motherboard with Windbond W641GG2KB RAM, select WB 2K
  4. Select the Create XeLL button and wait for it to finish.
  5. Select the Write XeLL button, select your system, and press OK. It will write the XeLL to the first 50 blocks on the motherboard's NAND.
    • If it says "Device Not Found" or Flash Config 0x00000000, see the troubleshooting steps at the bottom of this page.
  6. Once it has successfully written to the motherboard, unplug the power cable from your Xbox 360 and unplug the USB cable from the computer and programmer.
  7. Go back the page you were originally on for wiring instructions.

Troubleshooting

  • "Device Not Found"
    • Re-insert the USB cable
    • Check that the drivers are properly installed
  • "Flash Config 0x00000000"
    • Check that your power brick is plugged in, with an amber colored LED, and that it is plugged into your console completely (console turned off).
    • Check your soldering to your motherboard. Each point should be solidly connected and have a shiny round joint.
    • Check that you’ve cleaned up any flux you had used. Depending on the type, it may be conductive and cause issues. MG 835 is strongly suggested to avoid this.
  • "Wrong Version"
    • Re-insert the USB cable
  • What should I do if I ripped off a soldering pad?
    • Look online for an alternate point to solder onto. Practice more on junk electronics before attempting to continue.