Hello everyone. This is my first post after many month of lurking. Apologies if this post has too much/too little information; this was my first attempt at glitching an Xbox 360.
Tools used:
* Nand-X
* Coolrunner Rev C
Short history of Falcon board:
* Obtained used/broken off Ebay (about a year ago?).
* Fixed board by reballing GPU and Hana (gave to daughter)
* A couple of weeks ago, daughter complained that XBox would not turn on
* Reflowed Hana chip. Tested for a couple of hours, and it worked fine.
* Attempted RGH2 :facepalm:
I had a Coolrunner Rev C that I had bought a few months ago that I wanted to try out on the board while it was open. I realize that R-Jtag is a better solution (I have one coming).
Steps taken during failed RGH2 attempt.
* Checked Dashboard version: 2.0.16202.0
* Installed Nand-X.
* Dumped nand 4x. All dumps gave back the same md5.
* Sanity check that the dump looked good (hexdump showed MS header, etc).
* (!!!) Upgraded Dashboard version via USB thumbdrive: 16537 (I *forgot* to re-dump nand :facepalm
** While writing this post, I believe *this* is my issue. While diagnosing this issue, I had believed that I had dumped the nand AFTER this upgrade. However, looking at the timestamp of the $systemupdate folder on the USB thumbdrive, JR-Runner's Log.txt, and the timestamp on nanddump1.bin, I am 90% sure that this is where I screwed up.
* Updated Coolrunner Rev C for RGH2. File used: falconrgh2.xsvf
* Installed Coolrunner Rev C with RGH2 wiring.
* Used nanddump1.bin to generate ECC: image_00000000.ecc
** Could the use of the wrong dump also be the reason that my glitch attempt failed?
* Wrote ECC to nand.
* Glitch failed. Attempted various Coolrunner Rev C settings, all failed. (Green light turned on/off during attempts)
* Gave up, decided to revert to stock nand (which I now believe I did *not* dump...)
* Wrote back nanddump1.bin.
* Re-dumped nand 4x times to verify write. (All md5 values matched original dump)
* Set Coolrunner Rev C to PRG
* All boot attempts gave 0022 error. (after ~25 seconds)
* Removed all wiring from board.
* Pulled trace on R4B24. :facepalm:
* Repaired R4B24(Repair attempt pictures, below)
* All boot attempts gave 0022 error. (after ~25 seconds)
* Reballed GPU.
* Reflowed Hana.
* GPU/CPU ohm check (looked good)
* All boot attempts still give 0022 error. (after ~25 seconds)
JR-Runner Log file:
View attachment Log.txt
JR-Runner screen shot:
Based on my assumption at the time that the nand re-write was valid, I have run many inspections of the solder points, as well the R4B24 repair:
J1D2 top and bottom:
J1D2 Voltages/Resistances (with PSU plugged in, amber light):
Voltages: (J1D2.1 and J1D2.3 values do not seem consistent? Show 0V with oscilloscope, show various values with Multi-meter)
* 1: Oscilloscope: 0V. Multi-meter: 0.80V, 0.67V, 0V
* 2: 3.29V
* 3: Oscilloscope: 0V. Multi-meter: 0.80V, 0.67V, 0V
* 4: 0V
* 5: 5.11V
Resistances: (Again, J1D2.1 and J1D2.3 values do not seem consistent?)
* 1: 1.17 MegaOhm, 203.0 kOhm
* 2: 6.40 MegaOhm
* 3: 1.11 MegaOhm, 196.5 kOhm
* 4: 40.0 Ohm
* 5: 6.45 MegaOhm
J2B1 top and bottom:
J2B1 Voltages/Resistances (with PSU plugged in, amber light):
Voltages:
* 1: 0V
* 2: 0V
* 3: 0V
* 4: 3.30V
* 5: 3.07V
* 6: 0V
* 7: 3.30V
* 8: 0V
* 9: 3.30V
* 10: 3.30V
* 11: 3.30V
* 12: 0V
* 13: 5.14V
Resistances:
* 1: 10.1 MegaOhm
* 2: 10.1 MegaOhm
* 3: (open loop)
* 4: 6.40 MegaOhm
* 5: 6.41 MegaOhm
* 6: 5.71 kOhm
* 7: 6.41 MegaOhm
* 8: 2.55 kOhm (fluctuates on initial read)
* 9: 6.41 MegaOhm
* 10: 6.41 MegaOhm
* 11: 6.41 MegaOhm
* 12: 0 Ohm
* 13: 6.45 MegaOhm
J8C1 top and bottom:
J8C1 Voltages/Resistances (with PSU plugged in, amber light):
Voltages:
* 1-8: 0V
* 9: 3.30V
* 10: 0V
Resistances:
* 1: 55.1 kOhm
* 2: 6.61 kOhm
* 3: 203.0 Ohm
* 4: 480 kOhm
* 5: 0 Ohm
* 6: 480 kOhm
* 7: 480 kOhm
* 8: 480 kOhm
* 9: 400 kOhm
* 10: 480 kOhm
FT6U7:
R4B24 repair:
R4B24 waveforms (with PSU plugged in, amber light):
C4N27 on bottom of board:
Replacement resistor, right lead:
FT2R2 on bottom of board:
Replacement resistor, left lead:
C4N27 <-> FT2R2 Resistance: 32.8 Ohm
GPU Reball:
GPU Ohm Test:
* C5D5: 1.4 Ohm
CPU Ohm Test:
* C7E5: 3.2 Ohm
As mentioned previous, while writing this post I now believe the issue is in the lost nand after the 16537 update. What are my options at this point? I am guessing I need to succeed in a glitch in order to retrieve the CPU key, and use that to create a replacement image? Is the ECC image I generated from the 16202 nand dump usable?
Any help on this issue would be greatly appreciated!
Tools used:
* Nand-X
* Coolrunner Rev C
Short history of Falcon board:
* Obtained used/broken off Ebay (about a year ago?).
* Fixed board by reballing GPU and Hana (gave to daughter)
* A couple of weeks ago, daughter complained that XBox would not turn on
* Reflowed Hana chip. Tested for a couple of hours, and it worked fine.
* Attempted RGH2 :facepalm:
I had a Coolrunner Rev C that I had bought a few months ago that I wanted to try out on the board while it was open. I realize that R-Jtag is a better solution (I have one coming).
Steps taken during failed RGH2 attempt.
* Checked Dashboard version: 2.0.16202.0
* Installed Nand-X.
* Dumped nand 4x. All dumps gave back the same md5.
* Sanity check that the dump looked good (hexdump showed MS header, etc).
* (!!!) Upgraded Dashboard version via USB thumbdrive: 16537 (I *forgot* to re-dump nand :facepalm
** While writing this post, I believe *this* is my issue. While diagnosing this issue, I had believed that I had dumped the nand AFTER this upgrade. However, looking at the timestamp of the $systemupdate folder on the USB thumbdrive, JR-Runner's Log.txt, and the timestamp on nanddump1.bin, I am 90% sure that this is where I screwed up.
* Updated Coolrunner Rev C for RGH2. File used: falconrgh2.xsvf
* Installed Coolrunner Rev C with RGH2 wiring.
* Used nanddump1.bin to generate ECC: image_00000000.ecc
** Could the use of the wrong dump also be the reason that my glitch attempt failed?
* Wrote ECC to nand.
* Glitch failed. Attempted various Coolrunner Rev C settings, all failed. (Green light turned on/off during attempts)
* Gave up, decided to revert to stock nand (which I now believe I did *not* dump...)
* Wrote back nanddump1.bin.
* Re-dumped nand 4x times to verify write. (All md5 values matched original dump)
* Set Coolrunner Rev C to PRG
* All boot attempts gave 0022 error. (after ~25 seconds)
* Removed all wiring from board.
* Pulled trace on R4B24. :facepalm:
* Repaired R4B24(Repair attempt pictures, below)
* All boot attempts gave 0022 error. (after ~25 seconds)
* Reballed GPU.
* Reflowed Hana.
* GPU/CPU ohm check (looked good)
* All boot attempts still give 0022 error. (after ~25 seconds)
JR-Runner Log file:
View attachment Log.txt
JR-Runner screen shot:
Based on my assumption at the time that the nand re-write was valid, I have run many inspections of the solder points, as well the R4B24 repair:
J1D2 top and bottom:
J1D2 Voltages/Resistances (with PSU plugged in, amber light):
Voltages: (J1D2.1 and J1D2.3 values do not seem consistent? Show 0V with oscilloscope, show various values with Multi-meter)
* 1: Oscilloscope: 0V. Multi-meter: 0.80V, 0.67V, 0V
* 2: 3.29V
* 3: Oscilloscope: 0V. Multi-meter: 0.80V, 0.67V, 0V
* 4: 0V
* 5: 5.11V
Resistances: (Again, J1D2.1 and J1D2.3 values do not seem consistent?)
* 1: 1.17 MegaOhm, 203.0 kOhm
* 2: 6.40 MegaOhm
* 3: 1.11 MegaOhm, 196.5 kOhm
* 4: 40.0 Ohm
* 5: 6.45 MegaOhm
J2B1 top and bottom:
J2B1 Voltages/Resistances (with PSU plugged in, amber light):
Voltages:
* 1: 0V
* 2: 0V
* 3: 0V
* 4: 3.30V
* 5: 3.07V
* 6: 0V
* 7: 3.30V
* 8: 0V
* 9: 3.30V
* 10: 3.30V
* 11: 3.30V
* 12: 0V
* 13: 5.14V
Resistances:
* 1: 10.1 MegaOhm
* 2: 10.1 MegaOhm
* 3: (open loop)
* 4: 6.40 MegaOhm
* 5: 6.41 MegaOhm
* 6: 5.71 kOhm
* 7: 6.41 MegaOhm
* 8: 2.55 kOhm (fluctuates on initial read)
* 9: 6.41 MegaOhm
* 10: 6.41 MegaOhm
* 11: 6.41 MegaOhm
* 12: 0 Ohm
* 13: 6.45 MegaOhm
J8C1 top and bottom:
J8C1 Voltages/Resistances (with PSU plugged in, amber light):
Voltages:
* 1-8: 0V
* 9: 3.30V
* 10: 0V
Resistances:
* 1: 55.1 kOhm
* 2: 6.61 kOhm
* 3: 203.0 Ohm
* 4: 480 kOhm
* 5: 0 Ohm
* 6: 480 kOhm
* 7: 480 kOhm
* 8: 480 kOhm
* 9: 400 kOhm
* 10: 480 kOhm
FT6U7:
R4B24 repair:
R4B24 waveforms (with PSU plugged in, amber light):
C4N27 on bottom of board:
Replacement resistor, right lead:
FT2R2 on bottom of board:
Replacement resistor, left lead:
C4N27 <-> FT2R2 Resistance: 32.8 Ohm
GPU Reball:
GPU Ohm Test:
* C5D5: 1.4 Ohm
CPU Ohm Test:
* C7E5: 3.2 Ohm
As mentioned previous, while writing this post I now believe the issue is in the lost nand after the 16537 update. What are my options at this point? I am guessing I need to succeed in a glitch in order to retrieve the CPU key, and use that to create a replacement image? Is the ECC image I generated from the 16202 nand dump usable?
Any help on this issue would be greatly appreciated!
Last edited:
