Xbox 360:R-JTOP: Difference between revisions

From ConsoleMods Wiki
Jump to navigation Jump to search
No edit summary
Line 1: Line 1:
[[Category:Xbox360]]
[[Category:Xbox360]]
{{Warning|The steps on this page are considered risky for your console, as there is a chance you can brick it. Please have someone else mod your console if you are not experienced in soldering!}}
{{Warning|The steps on this page are considered risky for your console, as there is a chance you can brick it. Please have someone else mod your console if you are not experienced in soldering!}}
The R-JTOP hack is an ''[https://github.com/DrSchottky/R-JTOP open source]'' modification that allows you to run unsigned code, mods, game backups, and homebrew on phat consoles. It works by glitching the CB fuse check when loading the old JTAGable CB, which allows JTAG (SMC Hack) to be performed like normal. It works the same way as the R-JTAG+ hack and achieves the same result through a different method. This should only be used if your console doesn’t work well with RGH 1.2. It is useful, as it can be done more cheaply than an R-JTAG, but it is lesser used and therefore you will not receive much support if you run into issues. It’s recommended to take a look at the [[Xbox_360:Exploit Chart|recommended exploit chart]] and see what hack is recommended for your console.
The R-JTOP hack is an ''[https://github.com/DrSchottky/R-JTOP open source]'' modification that allows you to run unsigned code, mods, game backups, and homebrew on phat consoles. It works by glitching the CB fuse check when loading the old JTAGable CB, which allows JTAG (SMC Hack) to be performed like normal. It works the same way as the R-JTAG+ hack and achieves the same result through a different method. '''This should only be used if your console doesn’t work well with [[Xbox 360:RGH/RGH1.2|RGH 1.2]]'''. It is useful, as it can be done more cheaply than an R-JTAG, but it is lesser used and therefore you will not receive much support if you run into issues. It’s recommended to take a look at the [[Xbox_360:Exploit Chart|recommended exploit chart]] and see what hack is recommended for your console.


'''Note that R-JTOP does not support Slim/E motherboards.'''
'''Note: R-JTOP does not support Slim/E motherboards.'''  


==Requirements==
==Requirements==
Line 11: Line 11:
To check that your console is exploitable, it must meet the following conditions. You must have:
To check that your console is exploitable, it must meet the following conditions. You must have:


# A fat console (Xenon, Zephyr, Falcon, Opus, or Jasper model). You can look at the back of your console and check [https://consolemods.org/wiki/File:Dcf9hQ4.png this chart] to find out what model you have.
#A fat console (Xenon, Zephyr, Falcon/Opus, or Jasper model). You can look at the back of your console and check [https://consolemods.org/wiki/File:Dcf9hQ4.png this chart] to find out what model you have.
#* Xenons and Zephyrs do not have any reports of them working although the original announcement post said "some work".
#*Xenons and Zephyrs do not have any reports of them working although the original announcement post said "some work". '''It is highly recommended to use [[Xbox 360:RGH/EXT CLK|EXT_CLK]] on these consoles.'''
#* If you have a Jasper, determine whether if there is Memory Unit built in. If it has 214MB of storage, it’s a 256MB NAND. If it has 451MB of storage, it is a 512MB NAND.
#*If you have a Jasper, determine whether if there is Memory Unit built in. If it has 214MB of storage, it’s a 256MB NAND. If it has 451MB of storage, it is a 512MB NAND.
# Your console on '''dashboard 15572 or higher'''. You can check this by navigating to Settings > Console Settings > Hover over System Info. Your dashboard version will be shown in the top right in the form 2.0.xxxxx.0, where xxxxx is your dashboard version.
#Your console on '''dashboard 15572 or higher'''. You can check this by navigating to Settings > Console Settings > Hover over System Info. Your dashboard version will be shown in the top right in the form 2.0.xxxxx.0, where xxxxx is your dashboard version.
#* If it is on a lower dashboard, you can update it to the latest.
#*If it is on a lower dashboard, you can update it to the latest.
# Soldering experience. The Xbox 360 is not a good place to learn to solder. Regardless of which dumping method you choose, you will need a soldering iron, solder, and flux.
# Soldering experience. The Xbox 360 is not a good place to learn to solder. Regardless of which dumping method you choose, you will need a soldering iron, solder, and flux.


Line 21: Line 21:


* A NAND reader that can program glitch chips (JR Programmer, NAND-X, or two Matrix USB NAND Flasher)
* A NAND reader that can program glitch chips (JR Programmer, NAND-X, or two Matrix USB NAND Flasher)
* A xc2c64a based glitch chip (CoolRunner 3, CoolRunner rev C/D, or Matrix Glitcher V1/V3) or the ability to compile [https://github.com/DrSchottky/R-JTOP the source] for another chip
*A xc2c64a based glitch chip (CoolRunner 3, CoolRunner rev C/D, or Matrix Glitcher) or the ability to compile [https://github.com/DrSchottky/R-JTOP the source] for another chip
* [https://github.com/Octal450/J-Runner-with-Extras/releases/latest J-Runner with Extras]
* [https://github.com/Octal450/J-Runner-with-Extras/releases/latest J-Runner with Extras] (Includes R-JTOP timing files for Falcon and Jasper. '''You will need to compile the source for Xenon and Zephyr timing files.)'''
* Equipment listed in the relevant R-JTOP specific wiring below
*Equipment listed in the relevant R-JTOP specific wiring below


==Reading your NAND==
== Reading your NAND==


There are six different methods to making a dump of your NAND chip: xFlasher 360, Nand-X, JR Programmer, Matrix USB NAND Flasher, Picoflasher, or a LPT cable. While an LPT cable can be used, they cannot be used to flash glitch chips, so you will need one of the other devices anyway. It's also not recommended, as it's extremely slow and requires more work than other options. Consider the pros and cons below and choose the method that’s right for you. Once you have decided on a method, select the guide below and follow it to get a NAND dump, patch the dump, and write the dump to your motherboard. Once you’ve completed one of the pages below, continue to the next section.
There are six different methods to making a dump of your NAND chip: xFlasher 360, Nand-X, JR Programmer, Matrix USB NAND Flasher, Picoflasher, or a LPT cable. While an LPT cable can be used, they cannot be used to flash glitch chips, so you will need one of the other devices anyway. It's also not recommended, as it's extremely slow and requires more work than other options. Consider the pros and cons below and choose the method that’s right for you. Once you have decided on a method, select the guide below and follow it to get a NAND dump, patch the dump, and write the dump to your motherboard. Once you’ve completed the page below, continue to the next section.
 
[[Xbox 360:Standard NAND|'''Tutorial for dumping the Xbox 360's NAND and writing XeLL to the console''']]


{| class="wikitable"
{| class="wikitable"
! Device
!Device
! Pros
!Pros
! Cons
!Cons
|-
|-
| '''[[Xbox 360:R-JTAG/J-Runner|xFlasher 360]]'''
| '''[[Xbox_360:XFlasher_360|xFlasher 360]]'''
|
|
* Reads NAND fast in 40 seconds to 4 minutes
* Reads NAND fast in 40 seconds to 4 minutes
* Can also program glitch chips
 
*Can also program glitch chips
*Actively supported
*Actively supported
*USB-C
*USB-C
Line 43: Line 46:
|
|
*Most expensive flasher
*Most expensive flasher
*Can't be used for flashing Sonus Sounds
|-
|-
| '''[[Xbox 360:R-JTAG/J-Runner|PicoFlasher]]'''
|'''[[Xbox_360:PicoFlasher|PicoFlasher]]'''
|
|
*Reads NAND fast in 1-8 minutes
* Reads NAND fast in 1-8 minutes
*One of the two options for Sonus sound programming
*Super cheap
*Super cheap
* Easy to find
*Easy to find
*Uses signed drivers
*Uses signed drivers
|
|
*Can't be used for programming glitch chips
*Can't easily be used to flash glitch chips
|-
|-
| '''[[Xbox 360:R-JTAG/J-Runner|Nand-X]]'''
| '''[[Xbox_360:Nand-X_Programmer|Nand-X]]'''
|
|
*Reads NAND in 2-8 minutes
*Reads NAND in 2-8 minutes
*Can also program glitch chips
*Can also program RGH glitch chips  
|
|
*More expensive than most NAND flashers
* More expensive than most NAND flashers
*Not much cheaper than the xFlasher
* Not much cheaper than the xFlasher
*Requires unsigned drivers
*Can't be used for flashing Sonus Sounds
* Requires unsigned drivers
|-
|-
|'''[[Xbox 360:R-JTAG/J-Runner|JR Programmer]]'''
|'''[[Xbox_360:JR_Programmer|JR Programmer]]'''
|
|  
*Reads NAND in 3-10 minutes
*Reads NAND in 3-10 minutes
*Can also program glitch chips
*Can also program glitch chips
*One of the two options for Sonus sound programming
*Cheap
*Cheap
*Easy to find
*Easy to find
|
|
*More expensive than PicoFlasher or Matrix
*More expensive than PicoFlasher or Matrix
*Can't be used for flashing Sonus Sounds
*Requires unsigned drivers
*Requires unsigned drivers
|-
|-
| '''[[Xbox 360:R-JTAG/J-Runner|Matrix USB NAND Flasher]]'''
|'''[[Xbox_360:Matrix_Programmer|Matrix USB NAND Flasher]]'''
|
|
*Reads NAND in 7-26 minutes
*Reads NAND in 7-26 minutes
Line 78: Line 86:
|
|
*Can’t be used for programming glitch chips [[Xbox_360:Matrix Programmer|unless you modify it]]
*Can’t be used for programming glitch chips [[Xbox_360:Matrix Programmer|unless you modify it]]
*Requires unsigned drivers
*Can't be used for flashing Sonus Sounds
*Requires unsigned drivers  
|-
|-
| '''[[Xbox 360:R-JTAG/LPT Cable|LPT Cable]]'''
|'''LPT Cable'''
|
|
*Cheap
*Cheap
*Doesn't require unsigned drivers
* Doesn't require unsigned drivers
 
 
|
|
* Requires PC with a native parallel port and more equipment
*Requires PC with a native parallel port and more equipment
*More difficult
*More difficult
*Can’t be used for programming glitch chips
*Can’t be used for programming glitch chips
* Can't be used for flashing Sonus Sounds
*Takes 30-150 minutes to read NANDs
*Takes 30-150 minutes to read NANDs
|}
|}


==Programming the Glitch Chip==
==Programming the Glitch Chip ==


# Plug the cable from your programmer into the chip programmer.  
#Plug the cable from your programmer into the chip programmer.  
#* If you are using an xFlasher, ensure the switch is set to <code>SPI</code>
#* If you are using an xFlasher, ensure the switch is set to <code>SPI</code>
#* CoolRunner: Slide switch on the CoolRunner to "PRG".
#*CoolRunner: Slide switch on the CoolRunner to "PRG".
# Open J-Runner with Extras. Click "Program Timing File" in the upper left and select your console’s tab and the relevant radio button for R-JTOP.  
#Open J-Runner with Extras. Click "Program Timing File" in the upper left and select your console’s tab and the relevant radio button for R-JTOP.
# Click "Program". When complete, unplug the cable from the glitch chip.  
#Click "Program". When complete, unplug the cable from the glitch chip.
#* Coolrunner: Set the switch back to "NOR".
#*Coolrunner: Set the switch back to "NOR".
If you are using an X360ACE, you can follow flashing instructions [[Xbox 360:Programming Gowin-based X360ACE Chips|here]]
If you are using an X360ACE, you can follow flashing instructions [[Xbox 360:Programming Gowin-based X360ACE Chips|here]]


Line 107: Line 115:
The wiring for R-JTOP is the same as the wiring for the JTAG hack. Choose the guide that pertains to you:
The wiring for R-JTOP is the same as the wiring for the JTAG hack. Choose the guide that pertains to you:


===[[Xbox 360:JTAG/Xenon Method|Xenon Method]]===
===[[Xbox 360:JTAG/Xenon Method|Xenon Method]] ===  
* This is the only method for Xenon motherboards. Do not use it if you have a non-Xenon motherboard.
*This is the only method for Xenon motherboards. Do not use it if you have a non-Xenon motherboard.


===[[Xbox 360:JTAG/Boxxdr Method|Boxxdr Method]]===
===[[Xbox 360:JTAG/Boxxdr Method|Boxxdr Method]]===
* This method is for Zephyr, Opus, Falcon, or Jasper motherboards. This method may disable 5.1 audio output.
*This method is for Zephyr, Opus, Falcon, or Jasper motherboards. This method may disable 5.1 audio output.


===[[Xbox 360:JTAG/Boxxdr Method + Open Tray|Boxxdr Method + Open Tray]]===
===[[Xbox 360:JTAG/Boxxdr Method + Open Tray|Boxxdr Method + Open Tray]] ===
* Use this method if the Boxxdr method doesn’t boot, you receive E79 errors, or you have issues with HDMI. This method may cause your DVD drive to eject on bootup. Also, your console will reboot instead of shutting down if you turn off the console while a controller is charging via USB.
*Use this method if the Boxxdr method doesn’t boot, you receive E79 errors, or you have issues with HDMI. This method may cause your DVD drive to eject on bootup. Also, your console will reboot instead of shutting down if you turn off the console while a controller is charging via USB.


==Glitch Chip Wiring==
==Glitch Chip Wiring==
 
[[File:1v8-X360ACE.jpg|thumb|X360ACE Diode]]
The wiring for R-JTOP is the same as the wiring for RGH 1.2.
The wiring for R-JTOP is the same as the wiring for RGH 1.2.


=== [[Xbox_360:RGH/Solder_Points#Phat|Motherboard Points]] ===
===[[Xbox_360:RGH/Solder_Points#Phat|Motherboard Points (Phat)]]===


=== Glitch Chip Diagrams ===
===Glitch Chip Diagrams===


==== [[:File:Coolrunnerrevcrgh12.jpg|Coolrunner Rev C or D]] ====
====[[:File:Coolrunnerrevcrgh12.jpg|Coolrunner Rev C or D]]====
*A - PLL
*A - PLL
*B - STBY_CLK (only if not using oscillator)
*B - STBY_CLK (only if not using oscillator)
Line 130: Line 138:
*D - RST
*D - RST


==== [[:File:Cr3litergh12.jpg|Coolrunner 3 Lite]] ====
====[[:File:Cr3litergh12.jpg|Coolrunner 3 Lite]] ====
*A - PLL
*A - PLL
*B - STBY_CLK (only if not using oscillator)
*B - STBY_CLK (only if not using oscillator)
* C - POST
*C - POST
*D - RST
*D - RST


==== [[:File:Matrixglitcherrgh12diagram.jpg|Matrix Glitcher]] ====
====[[:File:Matrixglitcherrgh12diagram.jpg|Matrix Glitcher]] ====
*A - RST
*A - RST
* B - POST
*B - POST
*C - STBY_CLK (only if not using oscillator)
*C - STBY_CLK (only if not using oscillator)
*F - PLL
*F - PLL


==== [[:File:Squirtrgh12installdiagram.jpg|Squirt]] ====
====[[:File:Squirtrgh12installdiagram.jpg|Squirt]]====  
*Squirt BGA 1.2: Disable the onboard 670pf and/or 480pf caps by removing R7 and R8
*Squirt BGA 1.2: Disable the onboard 670pf and/or 480pf caps by removing R7 and R8
*Squirt Reloaded 2.X: remove R2 and connect STBY_CLK
*Squirt Reloaded 2.X: remove R2 and connect STBY_CLK
Line 148: Line 156:
*Don't use POST or RST tuners
*Don't use POST or RST tuners


==== [[:File:X360acergh12phatinstalldiagram.png|X360ACE]] ====
====[[:File:X360acergh12phatinstalldiagram.png|X360ACE V1/V2/V3]]====
*C - POST
*C - POST
*D - RST
*D - RST
Line 154: Line 162:
*F - PLL (22K ohm resistor required)
*F - PLL (22K ohm resistor required)
*[[:File:1v8-X360ACE.jpg|Remember to remove the diode and connect 1.8V]]
*[[:File:1v8-X360ACE.jpg|Remember to remove the diode and connect 1.8V]]
*Note that the X360 ACE requires you to compile timing files for it
*'''Note that the X360 ACE requires you to compile timing files for it'''
 
==Decrypting the NAND ==
==Creating an XeBuild Image==
Once you have successfully obtained your CPU key, we can build an XeBuild image, which is a modified NAND built specifically for your console.
 
* If you want to use J-Runner with the console connected to LAN to get the CPU key, enter the IP address XeLL gives you into the lower right of the app. You can then click <code>Get CPU Key</code> and XeLL will automatically decrypt the retail NAND dump you backed up earlier.
You should now be able to turn on your Xbox 360 and boot into XeLL and see your CPU key. With that CPU key, we can build an XeBuild image, which is a NAND dump built specifically for your console. Ensure that you have written down your CPU key and have powered off your console.
*If you want to use XeLL's web page to get the CPU key, enter the Xbox's IP address in your preferred web browser. You will see information about the console, and the CPU key can be easily copy and pasted from this web page.
 
*If you didn't have access to an ethernet cable to plug the Xbox into a PC or LAN, you can manually type the CPU key into J-Runner in order to decrypt your original NAND dump.
# Open J-Runner and select "…" next to the Load Source field and select your nanddump1.bin if not already selected. In the upper right corner of the window, select the dashboard version you chose for the patched dump that you wrote to the motherboard and make sure that the JTAG radio button is selected, the <code>R-JTAG</code> box has a check in it, and if you have a non-Xenon console, the <code>Aud_Clamp</code> box has a check in it.
==Writing a New NAND Image (NAND Flasher)==
# Select the "Create Image" button in the top left of the window. It may prompt you for your motherboard model, select it and click OK. It will build your image and save it to a numbered folder within the J-Runner directory as updflash.bin.
#Power down the console, and connect your programmer to the motherboard and computer.  
#* If you get an error during this step, see the troubleshooting section below.
#*If you are using an xFlasher, ensure the switch is set to <code>SPI</code>.
# Copy updflash.bin to a FAT32 formatted USB storage device and plug it into your powered-off console. Turn on your console and it will boot into XeLL and begin flashing your NAND. Once it has finished, it will power off your console. Turn it back on, and it should boot to the Microsoft dashboard, which is an indication that you’ve successfully hacked your console. You’re now free to install XEXmenu (instructions in section below).
#Open J-Runner and select <code>...</code> next to the Load Source field and either select your nanddump1.bin or nanddump2.bin if not already selected. In the upper right corner of the window, select the dashboard version you chose for the patched dump that you wrote to the motherboard and make sure that the <code>Jtag</code> radio button is selected.
You may want to leave your Xbox 360 disassembled so that you can:
#*Make sure the <code>R-JTAG</code> checkbox is enabled.
* ...[[Xbox_360:Disabling the eFuse Burning Circuit|disable the eFuse-blowing circuit]] so that you can't accidentally install official updates on your console.
#*If you have a non-Xenon console, the <code>Aud_clamp</code> checkbox should be enabled.
* ...check what it's running temperatures are so that you can judge whether it'd be a good idea to use [[Xbox_360:Cooling System Improvements|cooling mods]] to avoid overheating issues. This is recommended for all fat consoles, particularly Xenons.
#Click <code>Create XeBuild Image</code>. This will take a few moments.
 
#Click <code>Write NAND</code>.
 
#Disconnect your programmer when the process completes, and check if the console boots to the Microsoft dashboard. If it successfully boots to the dashboard, it is an indication that you've successfully hacked your console.
#*You may want to leave your Xbox 360 disassembled so that you can:
#**...[[Xbox_360:Disabling the eFuse Burning Circuit|disable the eFuse-blowing circuit]] so you can't accidentally install official updates on your console.
#**...check what temperatures it's running at so you can judge if you need to replace the thermal paste to avoid overly loud fans and/or overheating issues.
#Remove your NAND programmer wires and clean the points. Clean all flux off the board, allow it to dry, and test it once more before re-assembling. You're now free to install XEXMenu (instructions in section below).
==Writing a New NAND Image (XeLL with USB Storage)==
# Open J-Runner and select <code>...</code> next to the Load Source field and either select your nanddump1.bin or nanddump2.bin if not already selected. In the upper right corner of the window, select the dashboard version you chose for the patched dump that you wrote to the motherboard and make sure that the <code>Jtag</code> radio button is selected.
#*Make sure the <code>R-JTAG</code> checkbox is enabled.
#*If you have a non-Xenon console, the <code>Aud_clamp</code> checkbox should be enabled.
#Click <code>Create XeBuild Image</code>. This will take a few moments.
#Copy updflash.bin to a FAT32 formatted USB storage device and plug it into your powered-off console. Turn on your console and it will boot into XeLL and begin flashing your NAND. Once it has finished, it will power off your console. Turn it back on, and it should boot to the Microsoft dashboard, which is an indication that you've successfully hacked your console.
#*You may want to leave your Xbox 360 disassembled so that you can:
#**...[[Xbox_360:Disabling the eFuse Burning Circuit|disable the eFuse-blowing circuit]] so you can't accidentally install official updates on your console.
#**...check what temperatures it's running at so you can judge if you need to replace the thermal paste to avoid overly loud fans and/or overheating issues.
#Remove your NAND programmer wires (if they are still attached) and clean the points. Clean all flux off the board, allow it to dry, and test it once more before re-assembling. You're now free to install XEXMenu (instructions in section below).
==Installing XeXMenu==
==Installing XeXMenu==
# Plug a flash drive into your Xbox 360 and navigate to Console Settings > Storage. Select the flash drive and allow it to format the flash drive as a system drive.  
#Plug a flash drive into your Xbox 360 and navigate to Console Settings > Storage. Select the flash drive and allow it to format the flash drive as a system drive.
# Extract the `CODE9999` folder from the [http://www.mediafire.com/file/7orm0jrkncrzo1w/xexmenu12live.rar/file XeXMenu 1.2 rar] to your Desktop.
#Extract the <code>CODE9999</code> folder from the [http://www.mediafire.com/file/7orm0jrkncrzo1w/xexmenu12live.rar/file XeXMenu 1.2 rar] to your Desktop.
# Plug the flash drive into your PC. Open [http://www.mediafire.com/file/zb6ic4036c6nmpg/Xplorer360.exe/file Xplorer360] and select Drive > Open > Harddrive or Memcard. On the left-hand side, select Partition 3, then right-click the Content folder, select "New Folder", and name it `0000000000000000` (16 zeroes). Open the new folder, then drag the `CODE9999` folder into it.
#Plug the flash drive into your PC. Open [http://www.mediafire.com/file/zb6ic4036c6nmpg/Xplorer360.exe/file Xplorer360] and select Drive > Open > Harddrive or Memcard. On the left-hand side, select Partition 3, then right-click the <code>Content</code> folder, select <code>New Folder</code>, and name it <code>0000000000000000</code> (16 zeroes). Open the new folder, then drag the <code>CODE9999</code> folder into it.
# Select Drive > Close, then close Xplorer360. Safely eject your flash drive and plug it into your Xbox 360. Navigate to the Demos section of your dashboard, and it should list XeXMenu there. Select it to launch it.  
#Select Drive > Close, then close Xplorer360. Safely eject your flash drive and plug it into your Xbox 360. Navigate to the Demos section of your dashboard, and it should list XeXMenu there. Select it to launch it.  
#* You can install XeXMenu to your hard drive by going to Console Settings > Storage, and copying it from your flash drive to the hard drive.
#*You can install XeXMenu to your hard drive by going to Console Settings > Storage, and copying it from your flash drive to the hard drive.


From here, you can install any homebrew or mods that you want. See [[Xbox_360:Recommendations|this page]] for a list of recommended modifications and applications to install.
From here, you can install any homebrew or mods that you want. See [[Xbox_360:Recommendations|this page]] for a list of recommended modifications and applications to install.

Revision as of 00:24, 8 September 2023

Exclamation-triangle-fill.svgThe steps on this page are considered risky for your console, as there is a chance you can brick it. Please have someone else mod your console if you are not experienced in soldering!


The R-JTOP hack is an open source modification that allows you to run unsigned code, mods, game backups, and homebrew on phat consoles. It works by glitching the CB fuse check when loading the old JTAGable CB, which allows JTAG (SMC Hack) to be performed like normal. It works the same way as the R-JTAG+ hack and achieves the same result through a different method. This should only be used if your console doesn’t work well with RGH 1.2. It is useful, as it can be done more cheaply than an R-JTAG, but it is lesser used and therefore you will not receive much support if you run into issues. It’s recommended to take a look at the recommended exploit chart and see what hack is recommended for your console.

Note: R-JTOP does not support Slim/E motherboards.

Requirements

Below are the requirements to R-JTOP your Xbox 360. It’s recommended to read ahead and choose the NAND dumping method and R-JTOP specific wiring that’s right for you, as you will need a NAND programmer and potentially more equipment depending on which methods you choose.

To check that your console is exploitable, it must meet the following conditions. You must have:

  1. A fat console (Xenon, Zephyr, Falcon/Opus, or Jasper model). You can look at the back of your console and check this chart to find out what model you have.
    • Xenons and Zephyrs do not have any reports of them working although the original announcement post said "some work". It is highly recommended to use EXT_CLK on these consoles.
    • If you have a Jasper, determine whether if there is Memory Unit built in. If it has 214MB of storage, it’s a 256MB NAND. If it has 451MB of storage, it is a 512MB NAND.
  2. Your console on dashboard 15572 or higher. You can check this by navigating to Settings > Console Settings > Hover over System Info. Your dashboard version will be shown in the top right in the form 2.0.xxxxx.0, where xxxxx is your dashboard version.
    • If it is on a lower dashboard, you can update it to the latest.
  3. Soldering experience. The Xbox 360 is not a good place to learn to solder. Regardless of which dumping method you choose, you will need a soldering iron, solder, and flux.

You will also need:

  • A NAND reader that can program glitch chips (JR Programmer, NAND-X, or two Matrix USB NAND Flasher)
  • A xc2c64a based glitch chip (CoolRunner 3, CoolRunner rev C/D, or Matrix Glitcher) or the ability to compile the source for another chip
  • J-Runner with Extras (Includes R-JTOP timing files for Falcon and Jasper. You will need to compile the source for Xenon and Zephyr timing files.)
  • Equipment listed in the relevant R-JTOP specific wiring below

Reading your NAND

There are six different methods to making a dump of your NAND chip: xFlasher 360, Nand-X, JR Programmer, Matrix USB NAND Flasher, Picoflasher, or a LPT cable. While an LPT cable can be used, they cannot be used to flash glitch chips, so you will need one of the other devices anyway. It's also not recommended, as it's extremely slow and requires more work than other options. Consider the pros and cons below and choose the method that’s right for you. Once you have decided on a method, select the guide below and follow it to get a NAND dump, patch the dump, and write the dump to your motherboard. Once you’ve completed the page below, continue to the next section.

Tutorial for dumping the Xbox 360's NAND and writing XeLL to the console

Device Pros Cons
xFlasher 360
  • Reads NAND fast in 40 seconds to 4 minutes
  • Can also program glitch chips
  • Actively supported
  • USB-C
  • Uses signed drivers
  • Most expensive flasher
  • Can't be used for flashing Sonus Sounds
PicoFlasher
  • Reads NAND fast in 1-8 minutes
  • One of the two options for Sonus sound programming
  • Super cheap
  • Easy to find
  • Uses signed drivers
  • Can't easily be used to flash glitch chips
Nand-X
  • Reads NAND in 2-8 minutes
  • Can also program RGH glitch chips
  • More expensive than most NAND flashers
  • Not much cheaper than the xFlasher
  • Can't be used for flashing Sonus Sounds
  • Requires unsigned drivers
JR Programmer
  • Reads NAND in 3-10 minutes
  • Can also program glitch chips
  • One of the two options for Sonus sound programming
  • Cheap
  • Easy to find
  • More expensive than PicoFlasher or Matrix
  • Can't be used for flashing Sonus Sounds
  • Requires unsigned drivers
Matrix USB NAND Flasher
  • Reads NAND in 7-26 minutes
  • Super cheap
  • Can’t be used for programming glitch chips unless you modify it
  • Can't be used for flashing Sonus Sounds
  • Requires unsigned drivers
LPT Cable
  • Cheap
  • Doesn't require unsigned drivers
  • Requires PC with a native parallel port and more equipment
  • More difficult
  • Can’t be used for programming glitch chips
  • Can't be used for flashing Sonus Sounds
  • Takes 30-150 minutes to read NANDs

Programming the Glitch Chip

  1. Plug the cable from your programmer into the chip programmer.
    • If you are using an xFlasher, ensure the switch is set to SPI
    • CoolRunner: Slide switch on the CoolRunner to "PRG".
  2. Open J-Runner with Extras. Click "Program Timing File" in the upper left and select your console’s tab and the relevant radio button for R-JTOP.
  3. Click "Program". When complete, unplug the cable from the glitch chip.
    • Coolrunner: Set the switch back to "NOR".

If you are using an X360ACE, you can follow flashing instructions here

R-JTOP Specific Wiring

The wiring for R-JTOP is the same as the wiring for the JTAG hack. Choose the guide that pertains to you:

Xenon Method

  • This is the only method for Xenon motherboards. Do not use it if you have a non-Xenon motherboard.

Boxxdr Method

  • This method is for Zephyr, Opus, Falcon, or Jasper motherboards. This method may disable 5.1 audio output.

Boxxdr Method + Open Tray

  • Use this method if the Boxxdr method doesn’t boot, you receive E79 errors, or you have issues with HDMI. This method may cause your DVD drive to eject on bootup. Also, your console will reboot instead of shutting down if you turn off the console while a controller is charging via USB.

Glitch Chip Wiring

X360ACE Diode

The wiring for R-JTOP is the same as the wiring for RGH 1.2.

Motherboard Points (Phat)

Glitch Chip Diagrams

Coolrunner Rev C or D

  • A - PLL
  • B - STBY_CLK (only if not using oscillator)
  • C - POST
  • D - RST

Coolrunner 3 Lite

  • A - PLL
  • B - STBY_CLK (only if not using oscillator)
  • C - POST
  • D - RST

Matrix Glitcher

  • A - RST
  • B - POST
  • C - STBY_CLK (only if not using oscillator)
  • F - PLL

Squirt

  • Squirt BGA 1.2: Disable the onboard 670pf and/or 480pf caps by removing R7 and R8
  • Squirt Reloaded 2.X: remove R2 and connect STBY_CLK
  • Pinout follows written labels
  • Don't use POST or RST tuners

X360ACE V1/V2/V3

Decrypting the NAND

Once you have successfully obtained your CPU key, we can build an XeBuild image, which is a modified NAND built specifically for your console.

  • If you want to use J-Runner with the console connected to LAN to get the CPU key, enter the IP address XeLL gives you into the lower right of the app. You can then click Get CPU Key and XeLL will automatically decrypt the retail NAND dump you backed up earlier.
  • If you want to use XeLL's web page to get the CPU key, enter the Xbox's IP address in your preferred web browser. You will see information about the console, and the CPU key can be easily copy and pasted from this web page.
  • If you didn't have access to an ethernet cable to plug the Xbox into a PC or LAN, you can manually type the CPU key into J-Runner in order to decrypt your original NAND dump.

Writing a New NAND Image (NAND Flasher)

  1. Power down the console, and connect your programmer to the motherboard and computer.  
    • If you are using an xFlasher, ensure the switch is set to SPI.
  2. Open J-Runner and select ... next to the Load Source field and either select your nanddump1.bin or nanddump2.bin if not already selected. In the upper right corner of the window, select the dashboard version you chose for the patched dump that you wrote to the motherboard and make sure that the Jtag radio button is selected.
    • Make sure the R-JTAG checkbox is enabled.
    • If you have a non-Xenon console, the Aud_clamp checkbox should be enabled.
  3. Click Create XeBuild Image. This will take a few moments.
  4. Click Write NAND.
  5. Disconnect your programmer when the process completes, and check if the console boots to the Microsoft dashboard. If it successfully boots to the dashboard, it is an indication that you've successfully hacked your console.
    • You may want to leave your Xbox 360 disassembled so that you can:
      • ...disable the eFuse-blowing circuit so you can't accidentally install official updates on your console.
      • ...check what temperatures it's running at so you can judge if you need to replace the thermal paste to avoid overly loud fans and/or overheating issues.
  6. Remove your NAND programmer wires and clean the points. Clean all flux off the board, allow it to dry, and test it once more before re-assembling. You're now free to install XEXMenu (instructions in section below).

Writing a New NAND Image (XeLL with USB Storage)

  1. Open J-Runner and select ... next to the Load Source field and either select your nanddump1.bin or nanddump2.bin if not already selected. In the upper right corner of the window, select the dashboard version you chose for the patched dump that you wrote to the motherboard and make sure that the Jtag radio button is selected.
    • Make sure the R-JTAG checkbox is enabled.
    • If you have a non-Xenon console, the Aud_clamp checkbox should be enabled.
  2. Click Create XeBuild Image. This will take a few moments.
  3. Copy updflash.bin to a FAT32 formatted USB storage device and plug it into your powered-off console. Turn on your console and it will boot into XeLL and begin flashing your NAND. Once it has finished, it will power off your console. Turn it back on, and it should boot to the Microsoft dashboard, which is an indication that you've successfully hacked your console.
    • You may want to leave your Xbox 360 disassembled so that you can:
      • ...disable the eFuse-blowing circuit so you can't accidentally install official updates on your console.
      • ...check what temperatures it's running at so you can judge if you need to replace the thermal paste to avoid overly loud fans and/or overheating issues.
  4. Remove your NAND programmer wires (if they are still attached) and clean the points. Clean all flux off the board, allow it to dry, and test it once more before re-assembling. You're now free to install XEXMenu (instructions in section below).

Installing XeXMenu

  1. Plug a flash drive into your Xbox 360 and navigate to Console Settings > Storage. Select the flash drive and allow it to format the flash drive as a system drive.
  2. Extract the CODE9999 folder from the XeXMenu 1.2 rar to your Desktop.
  3. Plug the flash drive into your PC. Open Xplorer360 and select Drive > Open > Harddrive or Memcard. On the left-hand side, select Partition 3, then right-click the Content folder, select New Folder, and name it 0000000000000000 (16 zeroes). Open the new folder, then drag the CODE9999 folder into it.
  4. Select Drive > Close, then close Xplorer360. Safely eject your flash drive and plug it into your Xbox 360. Navigate to the Demos section of your dashboard, and it should list XeXMenu there. Select it to launch it.
    • You can install XeXMenu to your hard drive by going to Console Settings > Storage, and copying it from your flash drive to the hard drive.

From here, you can install any homebrew or mods that you want. See this page for a list of recommended modifications and applications to install.

Retrieved from "https://consolemods.org/wiki/index.php?title=Xbox_360:R-JTOP&oldid=27382"