Xbox 360:RGH/S-RGH: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
|||
| Line 195: | Line 195: | ||
# Enter the IP address into the box on the lower right of J-Runner and click "Get CPU Key". J-Runner will pull the info from the box, and decrypt the NANDs automatically. | # Enter the IP address into the box on the lower right of J-Runner and click "Get CPU Key". J-Runner will pull the info from the box, and decrypt the NANDs automatically. | ||
#* If you don't want to or aren't able to connect the Xbox 360 to a network or directly to the PC, you can also manually type in the CPU key from XeLL into J-Runner. | #* If you don't want to or aren't able to connect the Xbox 360 to a network or directly to the PC, you can also manually type in the CPU key from XeLL into J-Runner. | ||
==Writing New NAND Image (NAND Flasher)==#Power down the console, and connect your programmer to the motherboard.#*If you are using an xFlasher, ensure the switch is set to <code>SPI</code>. | |||
==Writing New NAND Image== | #Open J-Runner and select <code>...</code> next to the Load Source field and select one of your original NAND dumps if not already selected. In the upper right of J-Runner, ensure the <code>Glitch2</code> radio button is selected. | ||
# Power down the console, and connect your programmer to the motherboard. | #Click "Create XeBuild Image". This will take a few moments. | ||
#* If you are using an xFlasher, ensure the switch is set to <code> | #Click "Write NAND". | ||
#Disconnect your NAND programmer from the console's motherboard when the process completes. | |||
# Click | #Check if the console boots to the Microsoft dashboard. If it successfully boots to the dashboard, it is an indication that you've successfully hacked your console. | ||
# Click | #Boot the console several times and ensure it boots consistently. If not, make sure your wiring is clean and neat and avoids noisy areas. Run the wires near the X-Clamps for best results. | ||
# Disconnect your programmer from the console when the process completes. | #[[Xbox 360:RGH/RGH1.2#Tuning%20Boot%20Times|Tune boot times]] if necessary. | ||
# Boot the console several times and ensure it boots consistently. If not, make sure your wiring is clean and neat and avoids noisy | #Continue in the [[Xbox 360:RGH/RGH1.2#Cleaning Up|Cleaning Up section]]. | ||
# [[Xbox 360:RGH/ | ==Writing a New NAND Image (XeLL)== | ||
# Continue in the [[Xbox 360:RGH/ | {{Note|4 GB Corona varients do not support currently support NAND flashing through XeLL. If XeLL is the only thing flashed to the NAND, it is required to use a NAND flasher.}} | ||
#Open J-Runner and select <code>...</code> next to the Load Source field and select your nanddump1.bin or nanddump2.bin if not already selected. In the upper right corner of the window, select the dashboard version you chose for the patched dump that you wrote to the motherboard and make sure that the <code>Glitch2</code> radio button is selected. | |||
#Click <code>Create XeBuild Image</code>. This will take a few moments. | |||
#Copy updflash.bin to a FAT32 formatted USB storage device and plug it into your powered-off console. | |||
#Turn on your console. It will boot into XeLL and begin flashing your NAND. Once it has finished, it will power off your console. | |||
#Turn it back on, and it should boot to the Microsoft dashboard, which is an indication that you've successfully hacked your console. | |||
#Boot the console several times and ensure it boots consistently. If not, make sure your wiring is clean and neat and avoids noisy areas. Run the wires near the X-Clamps for best results. | |||
#[[Xbox 360:RGH/RGH1.2#Tuning%20Boot%20Times|Tune boot times]] if necessary. | |||
#Continue in the [[Xbox 360:RGH/RGH1.2#Cleaning Up|Cleaning Up section]]. | |||
== Tuning Boot Times == | == Tuning Boot Times == | ||
As the glitch chip pulses, a green debug light will flash a pattern. Using this pattern, we can know roughly how to adjust the tuning. Let's start with some examples. The ideal is slightly "below" the edge of Long/Short, closer to Short. You want to see more Short than Long cycles. | As the glitch chip pulses, a green debug light will flash a pattern. Using this pattern, we can know roughly how to adjust the tuning. Let's start with some examples. The ideal is slightly "below" the edge of Long/Short, closer to Short. You want to see more Short than Long cycles. | ||
Revision as of 23:46, 15 December 2023
 | The steps on this page are considered risky for your console, as there is a chance you can brick it. Please have someone else mod your console if you are not experienced in soldering! |
S-RGH (Sped-Up RGH) is an improved version of RGH2 which is far more reliable and quick. While non-Xenon phat consoles can use S-RGH, it is unreliable and will not be covered here.
Equipment Needed
- A compatible glitch chip:
- X360ACE V1/V2/V3
- DGX v1.0S
- Coolrunner Rev C/D (Only works with Trinity)
- Matrix (Only works with Trinity)
- A PC running Windows Vista or later
- A soldering iron, solder, flux, and Isopropyl alcohol with cotton swabs
- A NAND and glitch chip programmer
- Postfix Adapter v2 (for a Corona that needs a postfix adapter)
- J-Runner with Extras
- If using a Matrix/Coolrunner, use these timing files
- A NAND Backup with XeLL written to the console
(Corona Only) Postfix Adapter
File:5lY3TID.png
Postfix adapter diagram
On later Corona motherboards, the trace to the bottom POST pad has been removed, so you need to use a postfix adapter to be able to attach a pogo pin to the POST connection underneath the CPU. Use the provided diagram to determine if you need one or not. As shown in the diagram, you can install it by carefully sliding the larger piece of the adapter onto the left side of the CPU (when looking at the CPU from a readable position). Gently press the PCB inward toward the CPU to depress the pogo pin, and slide the smaller PCB part over the other side of the CPU, interlocking the two PCBs together. Solder the four anchor points on the edges of the postfix adapter to prevent it from coming loose.
Reading your NAND
There are a few different tools for reading your NAND chip: xFlasher 360, Nand-X, JR Programmer, Matrix USB NAND Flasher, PicoFlasher, various SD card tools, or a LPT cable. However, the 4GB Corona requires that you use an xFlasher 360, PicoFlasher, Element18592's 4GB USB tool, or an SD card tool. Consider the pros and cons below and choose the method that’s right for you. The LPT cable method is not recommended, as it's extremely slow, requires more work than other options, and cannot be used to program glitch chips.
4GB Corona
| Device | Pros | Cons |
|---|---|---|
| xFlasher 360 |
|
|
| PicoFlasher |
|
|
| 4GB USB Tool |
|
|
| SD Card Tool |
|
|
Trinity & 16 MB Corona
| Device | Pros | Cons |
|---|---|---|
| xFlasher 360 |
|
|
| Nand-X |
|
|
| JR Programmer |
|
|
| PicoFlasher |
|
|
| Matrix USB NAND Flasher |
|
|
| LPT Cable |
|
|
Glitch Chip Installation
Motherboard Points
Slim (Trinity)
Slim or E (Corona/Waitsburg/Stingray)
Glitch Chip Pinouts
X360ACE (V1/V2/V3), DGX
- C - POST
- D - RST
- E - i2C_SCL
- F - i2C_SDA
Matrix
- A - RST
- B - POST
- C - STBY_CLK (only if not using oscillator)
- If you have a Matrix that comes with an oscillator, it can be easily disabled if this resistor is removed instead of removing the entire oscillator.
- D - i2C_SDA
- E - i2C_SCL
Coolrunner Rev C/D
- B - STBY_CLK (only if not using oscillator)
- If you have a Rev D, its built on oscillator can be easily disabled if this resistor is removed instead of removing the entire oscillator.
- C - POST
- D - RST
- E - i2C_SCL
- F - i2C_SDA
Glitch Chip Diagrams
Matrix (Trinity)
Coolrunner Rev C/D (Trinity)
X360 ACE (Trinity)
X360 ACE (Corona)
DGX/RGX (Trinity/Corona without Postfix)
DGX/RGX (Corona with Postfix)
Programming the Glitch Chip
- Plug the cable from your programmer into the chip programmer.
- If you are using an xFlasher, ensure the switch is set to
SPI. - CoolRunner: Slide switch to "PRG".
- If you are using an xFlasher, ensure the switch is set to
- Open J-Runner with Extras. Click "Program Timing File" in the upper left, select the S-RGH tab, and the relevant radio button for S-RGH timing file.
- You can use the timing assistant in the bottom left to auto select a safe timing for your motherboard revision.
- When complete, unplug the cable from the glitch chip.
- Coolrunner: Set the switch back to "NOR".
Decrypting the NAND
- Connect Ethernet and power on the console. The glitch chip should blink once or more times, and then the console should start into XeLL RELOADED.
- Once XeLL finishes, it will display your CPU key and some other info. There is also an IP address.
- Enter the IP address into the box on the lower right of J-Runner and click "Get CPU Key". J-Runner will pull the info from the box, and decrypt the NANDs automatically.
- If you don't want to or aren't able to connect the Xbox 360 to a network or directly to the PC, you can also manually type in the CPU key from XeLL into J-Runner.
==Writing New NAND Image (NAND Flasher)==#Power down the console, and connect your programmer to the motherboard.#*If you are using an xFlasher, ensure the switch is set to SPI.
- Open J-Runner and select
...next to the Load Source field and select one of your original NAND dumps if not already selected. In the upper right of J-Runner, ensure theGlitch2radio button is selected. - Click "Create XeBuild Image". This will take a few moments.
- Click "Write NAND".
- Disconnect your NAND programmer from the console's motherboard when the process completes.
- Check if the console boots to the Microsoft dashboard. If it successfully boots to the dashboard, it is an indication that you've successfully hacked your console.
- Boot the console several times and ensure it boots consistently. If not, make sure your wiring is clean and neat and avoids noisy areas. Run the wires near the X-Clamps for best results.
- Tune boot times if necessary.
- Continue in the Cleaning Up section.
Writing a New NAND Image (XeLL)
 | 4 GB Corona varients do not support currently support NAND flashing through XeLL. If XeLL is the only thing flashed to the NAND, it is required to use a NAND flasher. |
- Open J-Runner and select
...next to the Load Source field and select your nanddump1.bin or nanddump2.bin if not already selected. In the upper right corner of the window, select the dashboard version you chose for the patched dump that you wrote to the motherboard and make sure that theGlitch2radio button is selected. - Click
Create XeBuild Image. This will take a few moments. - Copy updflash.bin to a FAT32 formatted USB storage device and plug it into your powered-off console.
- Turn on your console. It will boot into XeLL and begin flashing your NAND. Once it has finished, it will power off your console.
- Turn it back on, and it should boot to the Microsoft dashboard, which is an indication that you've successfully hacked your console.
- Boot the console several times and ensure it boots consistently. If not, make sure your wiring is clean and neat and avoids noisy areas. Run the wires near the X-Clamps for best results.
- Tune boot times if necessary.
- Continue in the Cleaning Up section.
Tuning Boot Times
As the glitch chip pulses, a green debug light will flash a pattern. Using this pattern, we can know roughly how to adjust the tuning. Let's start with some examples. The ideal is slightly "below" the edge of Long/Short, closer to Short. You want to see more Short than Long cycles.
If you get good light behavior, mostly Short but also Long sometimes, but the console still does not boot well, try to recreate this scenerio with other timings/pulse length. If using Corona with Xecuter Postfix V2, try moving wire to a bigger number pad. This will allow you to adjust for the length of POST.
- 2 Short Blinks, then Short
- .....##...##...................##............
- This means that the checks were passed, but the console failed to start.
- The timing is probably is too low, or the pulse length is too large.
- 2 Short Blinks, then Long
- .....##...##...................##############
- This means that the checks failed.
- The timing is probably too high, or the pulse length is too small.
- 4 Short Blinks, then Long
- .....##...##...................##...##...................##############
- This means there is a problem with RST wiring problem causing pulse length to be very big. Try to use alternate points or longer wire.
- No Light Blinks or Always On
- This means either your wiring is bad, or the timing file was not written sucessfully.
Cleaning Up
Remove your NAND programmer wires and clean the points. Clean all flux off the board, allow it to dry, and test it once more before re-assembling.
Installing XeXMenu
- Plug a flash drive into your Xbox 360 and navigate to Console Settings > Storage. Select the flash drive and allow it to format the flash drive as a system drive.
- Extract the
CODE9999folder from the XeXMenu 1.2 rar to your Desktop. - Plug the flash drive into your PC. Create a new folder on the flash drive and name it
0000000000000000(16 zeroes). Open the new folder, then drag theCODE9999folder into it. - Select Drive > Close, then close Xplorer360. Safely eject your flash drive and plug it into your Xbox 360. Navigate to the Demos section of your dashboard, and it should list XeXMenu there. Select it to launch it.
You can install XeXMenu to your hard drive by going to Console Settings > Storage, and copying it from your flash drive to the hard drive.
From here, you can install any homebrew or mods that you want. See this page for a list of recommended modifications and applications to install.