Xbox 360:RGH/EXT CLK: Difference between revisions

From ConsoleMods Wiki
Jump to navigation Jump to search
No edit summary
 
(17 intermediate revisions by 2 users not shown)
Line 1: Line 1:
EXT_CLK is a modern RGH method by Octal450 that uses the EXT_CLK_EN point instead of CPU_PLL_BYPASS to allow reliable glitching of Xenons and Zephyr Xbox 360 consoles.
{{Warning|The steps on this page are considered risky for your console, as there is a chance you can brick it. Please have someone else mod your console if you are not experienced in soldering!}}EXT_CLK is a modern RGH method by Octal450 that uses the EXT_CLK_EN point instead of CPU_PLL_BYPASS to allow reliable glitching of Xenon and Zephyr Xbox 360 consoles.


== Equipment Needed ==
== Equipment Needed ==


* A glitch chip:
* A compatible glitch chip:
**'''It is highly recommended to use STBY_CLK instead of a built in oscillator with EXT_CLK, but if you wish to install a crystal on a glitch chip it's best to use a 48 MHz one.'''
** Coolrunner Rev A/B/C/D
** Coolrunner Rev A/B/C/D
** Matrix Glitcher
** Matrix Glitcher
** X360ACE V1/V2/V3
** X360ACE V1/V2/V3
** '''It is highly recommended to use STBY_CLK instead of a glitch chip's built in oscillator with EXT_CLK, but if you wish to install a crystal on a glitch chip or use a chip's preinstalled crystal it's best to use a 48 MHz one.'''
* A PC running Windows Vista or later
* A PC running Windows Vista or later
* A soldering iron, solder, and flux (MG 835 recommended)
* A soldering iron, solder, flux, and Isopropyl alcohol with cotton swabs
* Isopropyl alcohol (91% or higher recommended) and cotton swabs
** [[Recommended Soldering Equipment|Specific recommendatons can be found on this page]]
* A NAND & Glitch Chip Programmer:
* [[Xbox 360:Standard NAND#NAND Flasher Comparison|A NAND & Glitch Chip Flasher]]
** xFlasher 360
** NAND-X
**JR-Programmer
**Matrix Flasher
* [https://github.com/Octal450/J-Runner-with-Extras J-Runner with Extras] (Includes EXT_CLK Matrix/Coolrunner Timings)
* [https://github.com/Octal450/J-Runner-with-Extras J-Runner with Extras] (Includes EXT_CLK Matrix/Coolrunner Timings)
* [https://github.com/Octal450/Timing-Files/releases/tag/Timings EXT_CLK Timing Files] (X360ACE chips only)
* [https://github.com/Octal450/Timing-Files/releases/tag/Timings EXT_CLK Timing Files] (X360ACE chips only)
* '''A NAND Backup with XeLL written to the console'''
==Reading your NAND==
{{Xbox 360 NAND Flashers}}


==Programming the Glitch Chip==
# Plug the cable from your programmer into the chip programmer.
#* If you are using an xFlasher, ensure the switch is set to <code>SPI</code>.
#* CoolRunner: Slide switch to "PRG".
# Open J-Runner with Extras. Click "Program Timing File" in the upper left and select your console’s tab and the relevant radio button for EXT_CLK.
#* You can use the timing assistant in the bottom left to auto select a safe timing for your motherboard revision.
# Click "Program". When complete, unplug the cable from the glitch chip.
#* Coolrunner: Set the switch back to "NOR".
==Glitch Chip Installation==
==Glitch Chip Installation==


=== Motherboard Points ===
===Motherboard points===
====[[Xbox 360:RGH/Solder Points#Phat|Phat (Xenon/Non-Xenon)]]====
The points you need to solder to are similar to RGH 1.2, aside from using EXT_CLK instead of PLL.
The points you need to solder to are similar to RGH 1.2, aside from using EXT_CLK instead of PLL.
* [[:File:Y5p0dxP.jpg|3.3v]]
* 1.8V '''(Only if using an X360ACE)'''
** [[:File:1v8-Xenon.png|Xenon Motherboard]]
** [[:File:1v8-HDMI.png|HDMI or Opus Motherboard]]
* [[:File:EXT_CLK.png|EXT_CLK]]
* STBY_CLK
** [[:File:STBY_CLK-Xenon.png|Bottom ('''Only on Xenon''')]]
** [[:file:CLK.png|Bottom (HDMI or Opus phats, recommended)]]
** [[:file:PMlJpmS.jpg|Topside (HDMI or Opus phats, either boxed point works)]]
* POST
** [[:File:Post.png|Bottom]]
** [[:File:FT6U1 topside.png|Top]] (requires scraping)
* CPU_RST
** [[:File:PLL and RST.png|C7R112]]
***This point on Xenons has a capacitor installed. The capacitor will need to be removed.
** [[:File:VXi9LgC.jpg|R8C2]]
* GND
**[https://i.imgur.com/mLSd4ZX.png Near 3.3v] (clean installation)
**AV Port (A bit easier to solder)


===Glitch Chip Pinouts===
===Glitch Chip Pinouts===
Line 49: Line 39:
* C - STBY_CLK (remove oscillator if equipped)
* C - STBY_CLK (remove oscillator if equipped)
* F - EXT_CLK
* F - EXT_CLK
**If you have a Matrix that comes with an oscillator, it can be easily disabled if [https://weekendmodder.com/store/image/catalog/misc%20tools%20pics/2018-04-19_11-17-00.jpg this resistor] is removed instead of removing the entire oscillator.
**If you have a Matrix that comes with an oscillator, it can be easily disabled if [[:File:Matrix Glitcher's 0ohm Resistor for the Oscillator.jpeg|this resistor]] is removed instead of removing the entire oscillator.


==== Coolrunner ====
==== Coolrunner ====
* A - EXT_CLK
* A - EXT_CLK
* B - STBY_CLK (remove oscillator if equipped)
* B - STBY_CLK (remove oscillator if equipped)
** If you have a Rev D, its built on oscillator can be easily disabled if [[:File:Disable-enable-RevD-CLK.jpg|this resistor]] is removed instead of removing the entire oscillator.
* C - POST
* C - POST
* D - RST
* D - RST
Line 61: Line 52:
* D - RST
* D - RST
* F - EXT_CLK (22K ohm resistor required)
* F - EXT_CLK (22K ohm resistor required)
* [http://File:1v8-X360ACE.jpg Remember to remove the diode and connect 1.8V]
* [[:file:1v8-X360ACE.jpg|Remember to remove the diode and connect 1.8V]]
 
==Programming the Glitch Chip==


# Plug the cable from your programmer into the chip programmer.
#* If you are using an xFlasher, ensure the switch is set to <code>SPI</code>.
#* CoolRunner: Slide switch to "PRG".
# Open J-Runner with Extras. Click "Program Timing File" in the upper left and select your console’s tab and the relevant radio button for EXT_CLK.
#* You can use the timing assistant in the bottom left to auto select a safe timing for your motherboard revision.
# Click "Program". When complete, unplug the cable from the glitch chip.
#* Coolrunner: Set the switch back to "NOR".


==Testing the Console==
Once you've finished soldering, clean up any flux with isopropyl alcohol and cotton swabs. Partially re-assemble your Xbox 360, ensuring that:
*Heatsinks are attached (If they were removed for some reason)
*Fan(s) are in place and plugged in (On a phat console, the fans can be angled on top of the heatsinks to cool them for testing)
*The RF board is plugged into the front of the console
*An A/V or HDMI cable is plugged into the Xbox 360 and into a TV or monitor
*A power brick is plugged in to both the wall and Xbox 360
*(Optional) An ethernet cable is plugged into the Xbox 360 and a LAN (e.g. a switch, router, or directly to a PC)
Turn on your console, and it should boot into XeLL RELOADED within a minute. If you don't have an ethernet cable connected, write down (and/or take a picture of) the "CPU Key" listed on screen. If the console doesn't boot into XeLL, check all previous steps and double check your wiring accuracy and quality.
==Decrypting the NAND==
==Decrypting the NAND==
Once you have successfully obtained your CPU key, we can build an XeBuild image, which is a modified NAND built specifically for your console.
*If you want to use J-Runner with the console connected to LAN to get the CPU key, enter the IP address XeLL gives you into the lower right of the app. You can then click <code>Get CPU Key</code> and XeLL will automatically decrypt the retail NAND dump you backed up earlier.
*If you want to use XeLL's web page to get the CPU key, enter the Xbox's IP address in your preferred web browser. You will see information about the console, and the CPU key can be easily copy and pasted from this web page.
*If you didn't have access to an ethernet cable to plug the Xbox into a PC or LAN, you can manually type the CPU key into J-Runner in order to decrypt your original NAND dump.
==Writing New NAND Image (NAND Flasher)==
#Power down the console, and connect your programmer to the motherboard.
#*If you are using an xFlasher, ensure the switch is set to <code>SPI</code>.
#Open J-Runner and select <code>...</code> next to the Load Source field and select one of your original NAND dumps if not already selected. In the upper right of J-Runner, ensure the <code>Glitch2</code> radio button is selected.
#Click "Create XeBuild Image". This will take a few moments.
#Click "Write NAND".
#Disconnect your NAND programmer from the console's motherboard when the process completes.
#Check if the console boots to the Microsoft dashboard. If it successfully boots to the dashboard, it is an indication that you've successfully hacked your console.
#Boot the console several times and ensure it boots consistently. If not, make sure your wiring is clean and neat and avoids noisy areas. Run the wires near the X-Clamps for best results.
#[[Xbox 360:RGH/EXT CLK#Tuning Boot Times|Tune boot times]] if necessary.
#Continue in the [[Xbox 360:RGH/EXT CLK#Cleaning Up|Cleaning Up section]].
==Writing a New NAND Image (XeLL)==
#Open J-Runner and select <code>...</code> next to the Load Source field and select your nanddump1.bin or nanddump2.bin if not already selected. In the upper right corner of the window, select the dashboard version you chose for the patched dump that you wrote to the motherboard and make sure that the <code>Glitch2</code> radio button is selected.
#Click "Create XeBuild Image". This will take a few moments.
#Copy updflash.bin to a FAT32 formatted USB storage device and plug it into your powered-off console.
#Turn on your console. It will boot into XeLL and begin flashing your NAND. Once it has finished, it will power off your console.
#Turn it back on, and it should boot to the Microsoft dashboard, which is an indication that you've successfully hacked your console.
#Boot the console several times and ensure it boots consistently. If not, make sure your wiring is clean and neat and avoids noisy areas. Run the wires near the X-Clamps for best results.
#[[Xbox 360:RGH/EXT CLK#Tuning Boot Times|Tune boot times]] if necessary.
#Continue in the [[Xbox 360:RGH/EXT CLK#Cleaning Up|Cleaning Up section]].
== Tuning Boot Times ==


# Connect Ethernet and power on the console. The Coolrunner should blink once or more times, and then the console should start into XeLL RELOADED.
* If the light stays on at the end of a cycle:
# Once XeLL finishes, it will display your CPU key and some other info. There is also an IP address.
** This means that the checks were passed, but the console failed to start
# Enter the IP address into the box on the lower right of J-Runner and click "Get CPU Key". J-Runner will pull the info from the box, and decrypt the NANDs automatically.
** Probably the timing is too low, or the pulse length is too large
 
==Writing New NAND Image==
 
# Power down the console, and connect your programmer to the motherboard.
#* If you are using an xFlasher, ensure the switch is set to <code>SPI</code>.
# In the upper right of J-Runner, ensure the <code>Glitch2</code> radio button is selected. 
#* For Non-Xenon boards, select SMC+
# Click "Create XeBuild Image". This will take a few moments.
# Click "Write NAND".
# Disconnect your programmer when the process completes.
# Boot the console several times and ensure it boots consistently. If not, make sure your wiring is clean and neat and avoids noisy area. Run the wires near the X-Clamps for best results.
# Tune glitch chip timings if necessary.
# Return to the RGH main page and continue in the [[Xbox_360:RGH#Cleaning_Up|Cleaning Up section]].
 
== Tuning Boot Times ==


If the light stays on at the end of a cycle:
* If the light goes off at the end of a cycle but doesn't boot:
- This means that the checks were passed, but the console failed to start
** This means that the checks failed
- Probably the timing is too low, or the pulse length is too large
** Probably the timing is too high, or the pulse length is too small


If the light goes off at the end of a cycle but doesn't boot:
'''Note: Debug light behavior may be slightly misleading due to using POST_OUT bit 0.'''
- This means that the checks failed
==Cleaning Up==
- Probably the timing is too high, or the pulse length is too small
Remove your NAND programmer wires and clean the points. Clean all flux off the board, allow it to dry, and test it once more before re-assembling.
==Installing XeXMenu==
#Plug a flash drive into your Xbox 360 and navigate to Console Settings > Storage. Select the flash drive and allow it to format the flash drive as a system drive.
#Extract the <code>CODE9999</code> folder from the [http://www.mediafire.com/file/7orm0jrkncrzo1w/xexmenu12live.rar/file XeXMenu 1.2 rar] to your Desktop.
#Plug the flash drive into your PC. Create a new folder on the flash drive and name it <code>0000000000000000</code> (16 zeroes). Open the new folder, then drag the <code>CODE9999</code> folder into it.
#Select Drive > Close, then close Xplorer360. Safely eject your flash drive and plug it into your Xbox 360. Navigate to the Demos section of your dashboard, and it should list XeXMenu there. Select it to launch it.
You can install XeXMenu to your hard drive by going to Console Settings > Storage, and copying it from your flash drive to the hard drive.


Note that the debug light behavior may be slightly misleading due to using POST_OUT bit 0.
From here, you can install any homebrew or mods that you want. See [[Xbox_360:Recommendations|this page]] for a list of recommended modifications and applications to install.

Latest revision as of 20:01, 11 March 2024

Exclamation-triangle-fill.svgThe steps on this page are considered risky for your console, as there is a chance you can brick it. Please have someone else mod your console if you are not experienced in soldering!

EXT_CLK is a modern RGH method by Octal450 that uses the EXT_CLK_EN point instead of CPU_PLL_BYPASS to allow reliable glitching of Xenon and Zephyr Xbox 360 consoles.

Equipment Needed

  • A compatible glitch chip:
    • Coolrunner Rev A/B/C/D
    • Matrix Glitcher
    • X360ACE V1/V2/V3
    • It is highly recommended to use STBY_CLK instead of a glitch chip's built in oscillator with EXT_CLK, but if you wish to install a crystal on a glitch chip or use a chip's preinstalled crystal it's best to use a 48 MHz one.
  • A PC running Windows Vista or later
  • A soldering iron, solder, flux, and Isopropyl alcohol with cotton swabs
  • A NAND & Glitch Chip Flasher
  • J-Runner with Extras (Includes EXT_CLK Matrix/Coolrunner Timings)
  • EXT_CLK Timing Files (X360ACE chips only)
  • A NAND Backup with XeLL written to the console

Reading your NAND

There are a few different tools for reading your NAND chip: xFlasher 360, Nand-X, JR Programmer, Matrix USB NAND Flasher, PicoFlasher, various SD card tools, or a LPT cable. Consider the pros and cons below and choose the method that’s right for you. An LPT cable is not recommended as it's extremely slow, requires more work than other options, and cannot be used to program glitch chips.

A guide on how to dump and write to a standard NAND can be found here.

Device Pros Cons
xFlasher 360
  • Reads NAND fast in 40 seconds to 4 minutes
  • Can also program glitch chips
  • One of four options for 4GB Corona
  • Actively supported
  • USB-C
  • Uses signed drivers
  • Most expensive flasher
  • Can't be used for flashing Sonus Sounds
PicoFlasher
  • Reads NAND fast in 1-8 minutes
  • One of four options for 4GB Corona
  • One of the two options for Sonus or Slim sound programming
  • Super cheap
  • Easy to find
  • Uses signed drivers
  • Wire routing is more sensitive compared to other NAND flashers
JR Programmer
  • Reads NAND in 3-10 minutes
  • Can also program glitch chips
  • One of the two options for Sonus or Slim sound programming
  • Cheap
  • Easy to find
  • More expensive than PicoFlasher
  • Requires unsigned drivers
Nand-X
  • Reads NAND in 2-8 minutes
  • Can also program RGH glitch chips
  • More expensive than most NAND flashers
  • Not much cheaper than the xFlasher
  • Does not support 4GB Coronas
  • Requires unsigned drivers
  • Can't be used for flashing Sonus Sounds
Matrix USB NAND Flasher
  • Reads NAND in 7-26 minutes
  • Super cheap
  • Can’t be used for programming glitch chips unless you modify it
  • Does not support 4GB Coronas
  • Requires unsigned drivers
  • Can't be used for flashing Sonus Sounds
LPT Cable
  • Cheap
  • Doesn't require unsigned drivers
  • Requires PC with a native parallel port and more equipment
  • More difficult
  • Can’t be used for programming glitch chips
  • Can't be used for flashing Sonus Sounds
  • Takes 30-150 minutes to read NANDs

Programming the Glitch Chip

  1. Plug the cable from your programmer into the chip programmer.
    • If you are using an xFlasher, ensure the switch is set to SPI.
    • CoolRunner: Slide switch to "PRG".
  2. Open J-Runner with Extras. Click "Program Timing File" in the upper left and select your console’s tab and the relevant radio button for EXT_CLK.
    • You can use the timing assistant in the bottom left to auto select a safe timing for your motherboard revision.
  3. Click "Program". When complete, unplug the cable from the glitch chip.
    • Coolrunner: Set the switch back to "NOR".

Glitch Chip Installation

Motherboard points

Phat (Xenon/Non-Xenon)

The points you need to solder to are similar to RGH 1.2, aside from using EXT_CLK instead of PLL.

Glitch Chip Pinouts

Matrix

  • A - RST
  • B - POST
  • C - STBY_CLK (remove oscillator if equipped)
  • F - EXT_CLK
    • If you have a Matrix that comes with an oscillator, it can be easily disabled if this resistor is removed instead of removing the entire oscillator.

Coolrunner

  • A - EXT_CLK
  • B - STBY_CLK (remove oscillator if equipped)
    • If you have a Rev D, its built on oscillator can be easily disabled if this resistor is removed instead of removing the entire oscillator.
  • C - POST
  • D - RST

X360ACE (V1/V2/V3), DGX


Testing the Console

Once you've finished soldering, clean up any flux with isopropyl alcohol and cotton swabs. Partially re-assemble your Xbox 360, ensuring that:

  • Heatsinks are attached (If they were removed for some reason)
  • Fan(s) are in place and plugged in (On a phat console, the fans can be angled on top of the heatsinks to cool them for testing)
  • The RF board is plugged into the front of the console
  • An A/V or HDMI cable is plugged into the Xbox 360 and into a TV or monitor
  • A power brick is plugged in to both the wall and Xbox 360
  • (Optional) An ethernet cable is plugged into the Xbox 360 and a LAN (e.g. a switch, router, or directly to a PC)

Turn on your console, and it should boot into XeLL RELOADED within a minute. If you don't have an ethernet cable connected, write down (and/or take a picture of) the "CPU Key" listed on screen. If the console doesn't boot into XeLL, check all previous steps and double check your wiring accuracy and quality.

Decrypting the NAND

Once you have successfully obtained your CPU key, we can build an XeBuild image, which is a modified NAND built specifically for your console.

  • If you want to use J-Runner with the console connected to LAN to get the CPU key, enter the IP address XeLL gives you into the lower right of the app. You can then click Get CPU Key and XeLL will automatically decrypt the retail NAND dump you backed up earlier.
  • If you want to use XeLL's web page to get the CPU key, enter the Xbox's IP address in your preferred web browser. You will see information about the console, and the CPU key can be easily copy and pasted from this web page.
  • If you didn't have access to an ethernet cable to plug the Xbox into a PC or LAN, you can manually type the CPU key into J-Runner in order to decrypt your original NAND dump.

Writing New NAND Image (NAND Flasher)

  1. Power down the console, and connect your programmer to the motherboard.
    • If you are using an xFlasher, ensure the switch is set to SPI.
  2. Open J-Runner and select ... next to the Load Source field and select one of your original NAND dumps if not already selected. In the upper right of J-Runner, ensure the Glitch2 radio button is selected.
  3. Click "Create XeBuild Image". This will take a few moments.
  4. Click "Write NAND".
  5. Disconnect your NAND programmer from the console's motherboard when the process completes.
  6. Check if the console boots to the Microsoft dashboard. If it successfully boots to the dashboard, it is an indication that you've successfully hacked your console.
  7. Boot the console several times and ensure it boots consistently. If not, make sure your wiring is clean and neat and avoids noisy areas. Run the wires near the X-Clamps for best results.
  8. Tune boot times if necessary.
  9. Continue in the Cleaning Up section.

Writing a New NAND Image (XeLL)

  1. Open J-Runner and select ... next to the Load Source field and select your nanddump1.bin or nanddump2.bin if not already selected. In the upper right corner of the window, select the dashboard version you chose for the patched dump that you wrote to the motherboard and make sure that the Glitch2 radio button is selected.
  2. Click "Create XeBuild Image". This will take a few moments.
  3. Copy updflash.bin to a FAT32 formatted USB storage device and plug it into your powered-off console.
  4. Turn on your console. It will boot into XeLL and begin flashing your NAND. Once it has finished, it will power off your console.
  5. Turn it back on, and it should boot to the Microsoft dashboard, which is an indication that you've successfully hacked your console.
  6. Boot the console several times and ensure it boots consistently. If not, make sure your wiring is clean and neat and avoids noisy areas. Run the wires near the X-Clamps for best results.
  7. Tune boot times if necessary.
  8. Continue in the Cleaning Up section.

Tuning Boot Times

  • If the light stays on at the end of a cycle:
    • This means that the checks were passed, but the console failed to start
    • Probably the timing is too low, or the pulse length is too large
  • If the light goes off at the end of a cycle but doesn't boot:
    • This means that the checks failed
    • Probably the timing is too high, or the pulse length is too small

Note: Debug light behavior may be slightly misleading due to using POST_OUT bit 0.

Cleaning Up

Remove your NAND programmer wires and clean the points. Clean all flux off the board, allow it to dry, and test it once more before re-assembling.

Installing XeXMenu

  1. Plug a flash drive into your Xbox 360 and navigate to Console Settings > Storage. Select the flash drive and allow it to format the flash drive as a system drive.
  2. Extract the CODE9999 folder from the XeXMenu 1.2 rar to your Desktop.
  3. Plug the flash drive into your PC. Create a new folder on the flash drive and name it 0000000000000000 (16 zeroes). Open the new folder, then drag the CODE9999 folder into it.
  4. Select Drive > Close, then close Xplorer360. Safely eject your flash drive and plug it into your Xbox 360. Navigate to the Demos section of your dashboard, and it should list XeXMenu there. Select it to launch it.

You can install XeXMenu to your hard drive by going to Console Settings > Storage, and copying it from your flash drive to the hard drive.

From here, you can install any homebrew or mods that you want. See this page for a list of recommended modifications and applications to install.

Retrieved from "https://consolemods.org/wiki/index.php?title=Xbox_360:RGH/EXT_CLK&oldid=41012"