Xbox 360:JTAG: Difference between revisions

From ConsoleMods Wiki
Jump to navigation Jump to search
Line 11: Line 11:


==Requirements==
==Requirements==
[[File:Dcf9hQ4.png|thumb|Xbox 360 Motherboard Identifcation Chart]]
Below are the requirements to JTAG your Xbox 360. It's recommended to read ahead and choose the NAND dumping method and JTAG-specific wiring method that's right for you, as you will need more equipment or a NAND programmer depending on the method you choose.
Below are the requirements to JTAG your Xbox 360. It's recommended to read ahead and choose the NAND dumping method and JTAG-specific wiring method that's right for you, as you will need more equipment or a NAND programmer depending on the method you choose.


To check that your console is exploitable, you must have:
To check if your console is exploitable, you must have:


# A fat console (Xenon, Zephyr, Falcon, Opus, or Jasper model). You can look at the back of your console and check [https://consolemods.org/wiki/File:Dcf9hQ4.png this chart] to find out what model you have.  
# A fat console (Xenon, Zephyr, Falcon, Opus, or Jasper model). You can look at the back of your console and check the motherboard identification chart to find out what model you have.  
#* If you have a Jasper, determine whether if there is Memory Unit built in. If it has 214MB of storage, it's a 256MB NAND. If it has 451MB of storage, it is a 512MB NAND.
#* If you have a Jasper, determine whether if there is Memory Unit built in. If it has 214MB of storage, it's a 256MB NAND. If it has 451MB of storage, it is a 512MB NAND.
# Your console on '''dashboard 7371 or lower'''. If you are on the original blades dashboard, that is sufficient. Otherwise, you can check this by navigating to Settings > Console Settings > Hover over System Info. Your dashboard version will be shown in the top right in the form 2.0.xxxxx.0, where xxxxx is your dashboard version.
# Your console on '''dashboard 7371 or lower'''. If you are on the original blades dashboard, that is sufficient. Otherwise, you can check this by navigating to Settings > Console Settings > Hover over System Info. Your dashboard version will be shown in the top right in the form 2.0.xxxxx.0, where xxxxx is your dashboard version.
Line 23: Line 24:
==Reading your NAND==
==Reading your NAND==


There are six different methods to making a dump of your NAND chip: xFlasher 360, Nand-X, JR Programmer, PicoFlasher, Matrix USB NAND Flasher, or a LPT cable. Consider the pros and cons below and choose the method that’s right for you. Once you have decided on a method, select the guide below and follow it to get a NAND dump, patch the dump, and write the dump to your motherboard. Once you’ve completed one of the pages below, continue to the next section.
There are six different methods to making a dump of your NAND chip: xFlasher 360, Nand-X, JR Programmer, PicoFlasher, Matrix USB NAND Flasher, or a LPT cable. Consider the pros and cons below and choose the method that’s right for you. Once you have decided on a method, select the guide below and follow it to get a NAND dump, patch the dump, and write the dump to your motherboard. Once you’ve successfully backed up and wrote XeLL to your NAND, continue to the next section.
 
'''[[Xbox_360:Standard_NAND|Tutorial for backing up and writing XeLL to the NAND]]'''


{| class="wikitable"
{| class="wikitable"
Line 30: Line 33:
! Cons
! Cons
|-
|-
| '''[[Xbox 360:JTAG/J-Runner|xFlasher 360]]'''
| '''[[Xbox_360:XFlasher_360|xFlasher 360]]'''
|
|
*Reads NAND fast in 40 seconds to 4 minutes
*Reads NAND fast in 40 seconds to 4 minutes
Line 40: Line 43:
*More expensive than JR Programmer or PicoFlasher
*More expensive than JR Programmer or PicoFlasher
|-
|-
| '''[[Xbox 360:JTAG/J-Runner|Nand-X]]'''
| '''[[Xbox 360:Nand-X Programmer|Nand-X]]'''
|*Reads NAND in 2-8 minutes
|
* Reads NAND in 2-8 minutes
 
*Can also program glitch chips
*Can also program glitch chips
|
|
Line 48: Line 53:
*Requires unsigned drivers
*Requires unsigned drivers
|-
|-
| '''[[Xbox 360:JTAG/J-Runner|JR Programmer]]'''
| '''[[Xbox_360:JR_Programmer|JR Programmer]]'''
|*Reads NAND in 3-10 minutes
|
* Reads NAND in 3-10 minutes
 
*Can also program glitch chips
*Can also program glitch chips
*Cheap  
*Cheap  
*Easy to find
*Easy to find
|
|
*More expensive than LPT cable'' or PicoFlasher''
*More expensive than LPT cable or PicoFlasher
*Requires unsigned drivers
*Requires unsigned drivers
|-
|-
Line 66: Line 73:
*Can't be used for programming glitch chips
*Can't be used for programming glitch chips
|-
|-
| '''[[Xbox 360:JTAG/J-Runner|Matrix USB NAND Flasher]]'''
| '''[[Xbox_360:Matrix_Programmer|Matrix USB NAND Flasher]]'''
|
|
*Reads NAND in 7-26 minutes
*Reads NAND in 7-26 minutes
Line 98: Line 105:


==Creating an XeBuild Image==
==Creating an XeBuild Image==
You should now be able to turn on your Xbox 360 and boot into XeLL and see your CPU key. With that CPU key, we can build an XeBuild image, which is a NAND dump built specifically for your console. Ensure that you have written down your CPU key and have powered off your console.
You should now be able to turn on your Xbox 360 and boot into XeLL to see your CPU key. With that CPU key, we can build an XeBuild image, which is a NAND dump built specifically for your console. Ensure that you have written down your CPU key and have powered off your console.


# Open J-Runner and select "..." next to the Load Source field and select your nanddump1.bin if not already selected. In the upper right corner of the window, select the dashboard version you chose for the patched dump that you wrote to the motherboard and make sure that the "Jtag" radio button is selected, and if you have a non-Xenon console the `Aud_clamp?` box has a check in it.
# Open J-Runner and select "..." next to the Load Source field and either select your nanddump1.bin or nanddump2.bin  if not already selected. In the upper right corner of the window, select the dashboard version you chose for the patched dump that you wrote to the motherboard and make sure that the "Jtag" radio button is selected. If you have a non-Xenon console, the `Aud_clamp` checkbox should be enabled.
# Select the "Create Image" button in the top left of the window. It may prompt you for your motherboard model, select it and click OK. It will build your image and save it to a numbered folder within the J-Runner directory as updflash.bin.
# Select the "Create Image" button in the top left of the window. It may prompt you for your motherboard model, select it and click OK. It will build your image and save it to a numbered folder within the J-Runner directory as updflash.bin.
#* If you get an error during this step, see the troubleshooting section below.
#* If you get an error during this step, see the troubleshooting section below.
# Copy updflash.bin to a FAT32 formatted USB storage device and plug it into your powered-off console. Turn on your console and it will boot into XeLL and begin flashing your NAND. Once it has finished, it will power off your console. Turn it back on, and it should boot to the Microsoft dashboard, which is an indication that you've successfully hacked your console. You're now free to install XEXmenu (instructions in section below).
# Copy updflash.bin to a FAT32 formatted USB storage device and plug it into your powered-off console. Turn on your console and it will boot into XeLL and begin flashing your NAND. Once it has finished, it will power off your console. Turn it back on, and it should boot to the Microsoft dashboard, which is an indication that you've successfully hacked your console. You're now free to install XEXmenu (instructions in section below).
#* You may want to leave your Xbox 360 disassembled so that you can:
#* You may want to leave your Xbox 360 disassembled so that you can:
#** ...[[Xbox_360:Disabling the eFuse Burning Circuit|disable the eFuse-blowing circuit]] so that you can't accidentally install official updates on your console.
#** ...[[Xbox_360:Disabling the eFuse Burning Circuit|disable the eFuse-blowing circuit]] so you can't accidentally install official updates on your console.
#** ...check what it's running temperatures are so that you can judge whether it'd be a good idea to use [[Xbox_360:Cooling System Improvements|cooling mods]] to avoid overheating issues. This is recommended for all fat consoles, particularly Xenons.
#** ...check what temperatures it's running at so that you can judge if you need to replace the thermal paste to avoid overly loud fans and/or overheating issues.


==Installing XeXMenu==
==Installing XeXMenu==

Revision as of 23:29, 9 August 2023

Exclamation-triangle-fill.svgThe steps on this page are considered risky for your console, as there is a chance you can brick it. Please have someone else mod your console if you are not experienced in soldering!


The JTAG (aka SMC) hack was the first permanent modification that allows you to run unsigned code, mods, game backups, and homebrew on your phat console. The hack relies on vulnerabilities in the CB bootloader, which are only present on dashboards 7371 and lower. If you are on a higher dashboard, take a look at the recommended exploit chart and see what hack is right for you.

Note that this guide is a condensation of multiple JTAG guides, most notably the oblivioncth's Xbox 360 Ultimate Exploit Guide, Xecuter's JTAG guide, M AzeeM K's Alternate JTAG guide, X-Splinter's Matrix USB Flasher guide, as well as personal experience.

While it's recommended to read through this guide in its entirety, a video guide for JTAG can be found on MrMario2011's channel.

Note that JTAG does not support Slim/E motherboards.


Requirements

Xbox 360 Motherboard Identifcation Chart

Below are the requirements to JTAG your Xbox 360. It's recommended to read ahead and choose the NAND dumping method and JTAG-specific wiring method that's right for you, as you will need more equipment or a NAND programmer depending on the method you choose.

To check if your console is exploitable, you must have:

  1. A fat console (Xenon, Zephyr, Falcon, Opus, or Jasper model). You can look at the back of your console and check the motherboard identification chart to find out what model you have.
    • If you have a Jasper, determine whether if there is Memory Unit built in. If it has 214MB of storage, it's a 256MB NAND. If it has 451MB of storage, it is a 512MB NAND.
  2. Your console on dashboard 7371 or lower. If you are on the original blades dashboard, that is sufficient. Otherwise, you can check this by navigating to Settings > Console Settings > Hover over System Info. Your dashboard version will be shown in the top right in the form 2.0.xxxxx.0, where xxxxx is your dashboard version.
    • If it is on dashboard 7371, the system may not be JTAGable. You can only find out by dumping your NAND.
  3. Soldering experience. The Xbox 360 is not a good place to learn to solder. Regardless of which dumping method you choose, you will need a soldering iron, solder, and flux.

Reading your NAND

There are six different methods to making a dump of your NAND chip: xFlasher 360, Nand-X, JR Programmer, PicoFlasher, Matrix USB NAND Flasher, or a LPT cable. Consider the pros and cons below and choose the method that’s right for you. Once you have decided on a method, select the guide below and follow it to get a NAND dump, patch the dump, and write the dump to your motherboard. Once you’ve successfully backed up and wrote XeLL to your NAND, continue to the next section.

Tutorial for backing up and writing XeLL to the NAND

Method Pros Cons
xFlasher 360
  • Reads NAND fast in 40 seconds to 4 minutes
  • Can also program glitch chips
  • Actively supported
  • Doesn't require unsigned drivers
  • USB-C
  • More expensive than JR Programmer or PicoFlasher
Nand-X
  • Reads NAND in 2-8 minutes
  • Can also program glitch chips
  • More expensive than JR Programmer
  • Not much cheaper than xFlasher 360
  • Requires unsigned drivers
JR Programmer
  • Reads NAND in 3-10 minutes
  • Can also program glitch chips
  • Cheap
  • Easy to find
  • More expensive than LPT cable or PicoFlasher
  • Requires unsigned drivers
PicoFlasher
  • Reads NAND in 1-8 minutes
  • Super cheap
  • Doesn't require unsigned drivers
  • Easy to find
  • Can't be used for programming glitch chips
Matrix USB NAND Flasher
  • Reads NAND in 7-26 minutes
  • Cheap
LPT Cable
  • Cheap
  • Doesn't require unsigned drivers
  • Requires PC with parallel port and more equipment
  • More difficult
  • Can’t be used for programming RGH glitch chips
  • Takes 30-150 minutes to read NANDs

JTAG-Specific Wiring

Choose the guide that pertains to you:

Xenon Method

  • This is the only method for Xenon motherboards. Do not use it if you have a non-Xenon motherboard.

Boxxdr Method

  • This method is for Zephyr, Opus, Falcon, or Jasper motherboards. This method may disable 5.1 audio output.

Boxxdr Method + Open_Tray

  • Use this method if the Boxxdr method doesn't boot, you receive E79 errors, or you have issues with HDMI. This method may cause your DVD drive to eject on bootup. Also, your console will reboot instead of shutting down if you turn off the console while a controller is charging via USB.

Creating an XeBuild Image

You should now be able to turn on your Xbox 360 and boot into XeLL to see your CPU key. With that CPU key, we can build an XeBuild image, which is a NAND dump built specifically for your console. Ensure that you have written down your CPU key and have powered off your console.

  1. Open J-Runner and select "..." next to the Load Source field and either select your nanddump1.bin or nanddump2.bin if not already selected. In the upper right corner of the window, select the dashboard version you chose for the patched dump that you wrote to the motherboard and make sure that the "Jtag" radio button is selected. If you have a non-Xenon console, the Aud_clamp checkbox should be enabled.
  2. Select the "Create Image" button in the top left of the window. It may prompt you for your motherboard model, select it and click OK. It will build your image and save it to a numbered folder within the J-Runner directory as updflash.bin.
    • If you get an error during this step, see the troubleshooting section below.
  3. Copy updflash.bin to a FAT32 formatted USB storage device and plug it into your powered-off console. Turn on your console and it will boot into XeLL and begin flashing your NAND. Once it has finished, it will power off your console. Turn it back on, and it should boot to the Microsoft dashboard, which is an indication that you've successfully hacked your console. You're now free to install XEXmenu (instructions in section below).
    • You may want to leave your Xbox 360 disassembled so that you can:
      • ...disable the eFuse-blowing circuit so you can't accidentally install official updates on your console.
      • ...check what temperatures it's running at so that you can judge if you need to replace the thermal paste to avoid overly loud fans and/or overheating issues.

Installing XeXMenu

  1. Plug a flash drive into your Xbox 360 and navigate to Console Settings > Storage. Select the flash drive and allow it to format the flash drive as a system drive.
  2. Extract the CODE9999 folder from the XeXMenu 1.2 rar to your Desktop.
  3. Plug the flash drive into your PC. Open Xplorer360 and select Drive > Open > Harddrive or Memcard. On the left-hand side, select Partition 3, then right-click the Content folder, select "New Folder", and name it 0000000000000000 (16 zeroes). Open the new folder, then drag the CODE9999 folder into it.
  4. Select Drive > Close, then close Xplorer360. Safely eject your flash drive and plug it into your Xbox 360. Navigate to the Demos section of your dashboard, and it should list XeXMenu there. Select it to launch it.
    • You can install XeXMenu to your hard drive by going to Console Settings > Storage, and copying it from your flash drive to the hard drive.

From here, you can install any homebrew or mods that you want. See this page for a list of recommended modifications and applications to install.

Retrieved from "https://consolemods.org/wiki/index.php?title=Xbox_360:JTAG&oldid=25368"