RGH FiB3R's Glitch guide

DARKFiB3R

VIP Member
Dec 20, 2009
273
48
SE London
about.me
FiB3R's TX Glitch Guide (w.i.p.)




IMPORTANT: This guide is in the process of being updated for Multi Builder 0.95a
It might be a good idea to wait until I have finished updating the guide before using it.
Once finished, this message will be removed.

Guide currently based on Dashboard 2.0.15574.0
Always research before using this guide, if the currently available dashboard is higher than the one shown above.
I accept no responsibility for you being an idiot. Go slap your mother instead.

Warning

1. If you currently use the old JTAG/SMC hack or the new RGH, you may now update to a hacked version of 15574 without issue, starting from the Create your NAND Image section of this guide (RGH only)

2. If you don't use RGH but intend to by using this guide, make sure you are updated to a split cb version (phats14717 / 14719, slims ANY version below 15572)

3. You must take a full dump of your NAND, before updating any version higher the ones listed above, by following this guide.

4. It is also recommend that you get your CPU key. Do this, and you will always be able to glitch. Again, just follow this guide.


Required Hardware

  • Exploitable Xbox 360 (infographic)
  • NAND-X (with v3 code)
  • Device to update the NAND-X to v3 if needed (info)
  • NAND-X to CoolRunner JTAG Cable
  • TX CoolRunner
  • USB key (Formatted to FAT32)
  • Case opening tools
  • Fine tip soldering iron
  • Solder
  • Flux
Recommended

  • Tweezers
  • Wire cutters
  • Magnifying Glass
  • Bright Light/torch/lamp
  • Heat resistant tape/Hot Glue
  • Sticky back plastic
  • Cardboard tube
  • Safety scissors
  • Pritt-Stick
  • Glitter
  • A responsible adult

Required Applications/Files

  • NAND-X drivers (included with NandPro v2.0d / v3.0a)
  • NandPro v3.0a (Download)
  • DLPortIO (Download)
  • FlashMagic (for updating the NAND-X if needed) (Download)
  • Xecuter CoolRunner XSVF/JED Timing Files (Download)
  • 360 Multi Builder (Tortuga Cove) (v0.95a Download )
  • 360 flash dump tool 0.97 (Download)
  • Latest DashLaunch from (Xbins) XBOX 360\Development\system apps\dash_launch
  • Official 2.0.15574.0 dashboard update (Use UpdateSPY)

Prepare your Environment

1: Install the NAND-X drivers (info)

2: Update your NAND-X to v3 if needed (info)

3: Install Multi Builder

4: Create a new folder on your C: drive called nandpro3

5: Extract the following files/folder to C:\nandpro3



  • Nandpro30.rar
  • DLPortIO.rar
  • coolrunner_xsvf_jed.rar
  • 360_flash_tool_v0.97.rar
  • 2.0.XXXXX.0_USB.zip


**Note** Only the .xsvf files from coolrunner_xsvf_jed.rar are required for the TX Coolrunner. The .jed files are for other devices.

Dump/Read the NAND

Before dumping your NAND, it's probably a good idea to update your xbox to the latest "hackable" dashboard version. You can do this via Xbox Live, USB key or CD.
This is not really needed at this stage, but it's probably quicker to get it out of the way now, and will save you and extra step at the end of the guide.
(EDIT: Read WARNING: info at top the of this guide).

DO NOT update to any higher version than this guide is based on, just in case MS release and update that can disable this hack.
Apparently, that isn't something they can actually do with the Reset Glitch Hack (unlike the JTAG hack) But you never know.

So, with that out of the way, on to the good stuff...

Take the console apart and remove the motherboard from the metal cage (info)

Connect your NAND-X to the 360 motherboard by soldering your QSB's, Pin Headers, or direct cable connections to the correct points on your motherboard.

NAND-X Install Guides

Once you have your NAND-X wires installed, connect it to your PC via the USB cable...


*Note* The pins you see connected to the motherboard in the above picture, are the "legs" cut from resistors, soldered to the cables and covered in heat-shrink tubing.
For me personally, I find this the best method for doing multiple installs. Clean, fast, resilient and should last forever.


Make sure that the mains power is connected to the xbox, but do not turn the xbox on.
(while the power is connected, the xbox is in Standby mode, giving power to various components. This is needed in order to be able to communicate with the NAND)

Now, on your computer, open a command prompt and navigate to...

C:\nandpro3

Do that by hitting the start button, typing cmd and hitting Enter. Then type cd \nandpro3 and hit Enter.

Or.., hold the Shift key, and Right Click on a blank space inside the nandpro3 folder, then click "Open command window here"

(Windows 8, just Right Click > "Open Command Window Here as Administrator"




Now type (or Copy and Paste) the following commands, into the command window (same command for Phats or Slims, see Note)
This will dump/read your entire 16MB NAND twice, and save the dumps/files in the nandpro3 folder.

nandpro usb: -r16 nanddump.bin
nandpro usb: -r16 nanddump2.bin



*Note: For BB (Big Block) Jaspers (Jaspers with internal memory units of 256MB or 512MB) Change the commands to...

nandpro usb: -r64 nanddump.bin
nandpro usb: -r64 nanddump2.bin


(You only need to dump 64MB, the full 256MB or 512MB is not required)

**PRO TIP**

Once nandpro has found the USB interface device (the NAND-X) it will tell you the size of the NAND/internal memory

Flash Config: 00023010 = 16MB
Flash Config: 008A3020 = 256MB
Flash Config: 00AA3020 = 512MB
Now compare dumps by typing...

fc /b nanddump.bin nanddump2.bin

You should see...

FC: no differences found

If there are differences, check your soldering and try again until you have matching dumps.



**PRO TIP**

If you copy and paste the following 4 lines (including the blank line at the end), nandpro will perform all 3 operations automatically...

nandpro usb: -r16 nanddump.bin
nandpro usb: -r16 nanddump2.bin
fc /b nanddump.bin nanddump2.bin


or

nandpro usb: -r64 nanddump.bin
nandpro usb: -r64 nanddump2.bin
fc /b nanddump.bin nanddump2.bin


:)

Bad Blocks?

If bad blocks were found while dumping your NAND...



Open one of your NAND dumps in 360 flash dump tool 0.97

Don't worry if it says BADKV all over the place, this is normal because you haven't entered the CPU Key yet. (We will get to that later).

Check for a bad blocks tab, next to the file system tab.

If there is no bad blocks tab, you have no bad blocks.

If there IS a bad blocks tab, click on the tab and verify that it looks like this:

Note: Bad Block ID 0x0349 [Offset: 0x00D8D200]

-> Block ID 0x0349 found @ 0x3FD [Offset: 01073A00]


You should see the above 2 lines of text, for each bad block you have.

The numbers may be different of course, depending on which blocks are bad, but the point is, for each bad block, you should see that the block was found @ another block.

This means that you did have bad blocks, but they have been corrected by the NANDs error correction, so they are legit bad blocks, and not just read errors due to dodgy soldering.

Example of 3 corrected bad blocks...



If the errors are at block 0x50 or above, no further action needs to be taken, because…

"Many user reports indicate that using Xell-Reloaded/Rawflash v4 to flash the Dashboard image, has a much better result over flashing with hardware flashers.
This is because it helps to auto-remap the bad blocks in case they exist."

As we will be booting into Xell-Reloaded, which will use Rawflash v4 to flash the NAND later on, the bad blocks will be auto remapped for us.

But...

If you see:
Note: Bad Block ID 0x0349 [Offset: 0x00D8D200]

But no found @ location for the block, that means this bad block was the result of a read error with the NAND reader. Check your soldering and try again.

If you have Bad Blocks at 0x50 or below, check out Martin C's guide on how to manually remap them. (Info)

If all checks out, you now have 2 good NAND dumps.

KEEP THEM SAFE. FOREVER.

Create your XeLL/ECC Glitch image

Launch Multi Builder from your Start Menu/Screen
(When using Windows 8 x64, I got an error while creating the .ecc file. To resolve this issue, Right Click on Multi Builders icon, and choose Run as Administrator)

Wait a few seconds while Multi Builder checks for your files.




You will get a warning saying The file "nanddump.bin" is missing.


This is normal as we haven't copied it there yet.


Multi Builder will now automatically open the correct folder for you, which is...

C:\Program Files\Rogero\360 Multi Builder\Data\_my_Images

or for 64bit versions of windows...

C:\Program Files (x86)\Rogero\360 Multi Builder\Data\_my_Images

You will see a file instructing you to insert your nanddump.bin and cpukey.txt files. We don't have the CPU Key just yet, so ignore that part.

Copy your nanddump.bin file from the nandpro3 folder to the newly opened folder.





Once done, go back to Multi Builder and Press any key on your keyboard.

Press the number corresponding to your motherboard revision, and hit ENTER




Press 1
and hit ENTER to Build your Xell/ECC image




As you can see from the image above, Multi Builder will automatically use a donor CB if needed. Press ENTER to continue.


Sit back and watch 360 Multi Builder do it's stuff...



Your Image_00000000.ecc has now been created in Rogero\360 Multi Builder\Data\_my_Images
Three other files
will temporally appear in the folder. Multi Builder uses these to create your .ecc file.

Once finished, press any key to close 360 Multi Builder. The three extra files will automatically be deleted.


Flash the Reset Glitch Hack .ecc file to the NAND

Move the image_000000000.ecc file into the nandpro3 folder.




Back at the command Prompt, enter the following command for Slims and non BB Jaspers

nandpro usb: +w16 image_00000000.ecc

Or for BB Jaspers...

nandpro usb: +w64 image_00000000.ecc

*Note: it must be +w16 NOT -w16


The .ecc file has now been written to your NAND :)

Programming the TX CoolRunner

Disconnect the cables from the NAND-X (not sure if that's actually needed, but probably for the best) (the wires can stay soldered to the xbox for now)

Make sure the switch on the CoolRunner is set to PRG (program)


Connect the CoolRunner to your NAND-X using the NAND-X to CoolRunner JTAG Cable



Enter one of the following commands (corresponding to your motherboard revision) (info) into the command prompt window, and hit Enter.

NandPro xsvf: Trinity.xsvf
NandPro xsvf: Jasper.xsvf
NandPro xsvf: Falcon.xsvf
NandPro xsvf: Opus.xsvf
NandPro xsvf: Zephyr.xsvf


Once the CoolRunner is programmed, it will say "Successfully executed file", in the command prompt window, and the Green LED on the CoolRunner will turn off.




Now disconnect the CoolRunner from the NAND-X, and move switch to NOR (Normal)

Also make sure that the other switch is set to the correct position for your console type (Phat or Slim)

Install the TX CoolRunner
Now that you have good/matching NAND dumps, you have programmed the CoolRunner, and have created the Xell/ECC Glitch image, this is probably the best time to install the chip.

There is tons of information on how to install the chip available on this site already, so there is no point in repeating it here, just check out the links below.

Printer friendly, quick install guides (A4 paper, 300dpi) (LINK)

Various install methods and tips (LINK)

Retrieve your CPU Key

Now that your CoolRunner is fully programmed/installed, it's time to boot the console and retrieve the CPU Key.

At this point you only need to connect...


  • Power
  • Video
  • RF board/Power button
  • Fan and Shroud (recommended for phats)
  • Network cable (optional, recommended)

Once you have the above items connected, turn on the console.
(you do not need to boot with the eject button, because the console will only boot into XeLL (Xenon Linux Loader) at this time)

You should see a constant Red LED on the CoolRunner as soon as you connect power to the console, joined by a flashing Green LED when you turn it on.

The flashing Green LED indicates that Glitch attempts are taking place.

If you do not see this happening, turn the console off, and refer to the FAQ at the bottom of this guide.

Once the Glitch is successful, you will be greeted on screen with the awesomeness that is XeLL-Reloaded

You may now retrieve your CPU Key, either by copying it from the screen




Or by connecting the Xbox to your LAN via an Ethernet cable, and downloading the info from XeLL-Reloaded via it's http web interface.

Using your web browser, connect to the IP address shown next to network config: For example: http://192.168.1.47



From XeLL-Reloaded's web interface...

  • Download your keyvault
  • Copy and paste the info from fuses into a .txt file
  • Copy and Paste your CPU Key and DVD key at the bottom of that .txt file, and save as fuses.txt
  • Copy ONLY the numbers/letters from your cpu key, and past them into a new .txt file
  • Save this file as cpukey.txt




As you can see above, your CPU Key is made up of two fuseset lines, i.e 03 + 05, or 03 +06, ect.

Your LDV (Lock Down Value) starts on line 07, the amount of f's = the value, so in the above image, the LDV value is 2

For more info regarding LDV, check out Martin C's post (info)

Create your NAND Image

Move cpukey.txt to…

Rogero\360 Multi Builder\Data\_my_Images

Launch 360 Multi Builder again. As you have already created your NAND dump, press 1 to continue.



Press the number corresponding to your motherboard revision, and hit ENTER



As you now have your CPU Key in the _my_Images folder, press 1 to continue.



You are now given the option to create a RGH, or a stock NAND image (Retail Image). For the purpose of this guide, you want to choose 1



Unless you have a specific reason, Press 1 and hit Enter to build your image with FCRT check active.



You are now given the option to include DashLaunch in you NAND image

Option 1: This will make the console boot straight into FreeStyle Dash (if you install FSD to the location shown, i.e Hdd:\FSD\ )
If you hold A while the console is booting, it will launch NXE.

(Holding RB will always boot NXE no matter what other options you have set.)

Option 2: This option allows you to manually set the function of various buttons while the console is booting.

In this example, I have set button A to boot FSD, button B to boot XeXMenu, and I have left Default blank so that the console will boot NXE if no buttons are held while the console is booting

Hdd:\FSD\default.xex
Hdd:\Content\0000000000000000\C0DE9999\00080000\C0DE99990F586558

DashLaunch Optinons

After Choosing your boot options, you will be faced with about a million other DashLaunch options, unfortunately, the forum/board software won't allow me to include an explanation of all the dashlaunch options here, because this post contains too many characters :/

If you download the latest version of DashLaunch, you can find a description of all the options in file... info_launch.ini


If you always use the same custom paths and other DashLaunch options when building your images, you can manually edit a launch_default.ini file, and copy it to the following location for future use... C:\Program Files (x86)\Rogero\360 Multi Builder\Data\15574\

That way, you can always choose option 1, and have your preferred options set each time, without having to remember wtf they do.

Actually, it doesn't look like Multi Builder gives you all the options available for DashLaunch, so you are probably better off creating a launch_default.ini file anyway.

Once you finish with the DashLaunch options and hit Enter, Multi Builder will create your new "hacked" NAND image (updflash.bin) and save it in C:\Program Files (x86)\Rogero\360 Multi Builder\Data\_my_Images

Flash your NAND



As you now have the latest version of XeLL-Reloaded with Rawflash v4 built-in, follow the instructions in option 1, i.e.

Copy updflash.bin from 360_Multi_Builder\Data\_my_Images to a USB key

If the console is still running, with XeLL-Reloaded on screen, insert the USB key now.

XeLL-Reloaded will find xenon.elf and use the built in Rawflash v4 it to flash updflash.bin to your NAND. (if it doesn't do this automatically, turn the console off, and on again)

(again, still no need to boot with the eject button at this time)



Once you see "Image written, shut down now!" on your screen, turn off the console and remover the power for at least 30 seconds, and remove the USB key.

You can use this time to put the motherboard back in the cage, and reconnect your HDD, and DVD drive.

Replace the power, and boot the console. You are now running a hacked dash


If all is well, fully reassemble the console.

Finishing Up

Depending on the dashboard version you were on before you started, you may need to perform an update in order to get Avatars/Kinect working correctly.

If that is the case, put the USB key back in your PC, and delete the files from it.

Now place the $systemupdate folder from the official 2.0.14699.0 update, on the USB Key

If you chose to create your NAND image with DashLaunch patches included (as you should have), then rename

$systemupdate to $$ystemupdate otherwise the update wont install, because DashLaunch is configured to block updates by default.

Make sure your xbox has some storage space for the update files, like a HDD or internal memory

Insert the USB key into the 360, and allow it to perform the update.

You are now ready to start installing all sorts of homebrew win, but before you do that, make backup copies of the following files, and put them somewhere safe.

nanddump.bin
nanddump2.bin
image_00000000.ecc
keyvault.bin
Fuses.txt
cpukey.txt
nandflash.bin
nandflash.bin.log

If created, also backup fcrt.bin and fcrt.bin.meta

Add them to a .zip/.rar file, and then email them to yourself, so that they are stored online, as well as locally.

After making your backup, delete the original files, so that you have clean working folders for any future Glitches you may do.

Updating

If your console is already Glitched and running a hacked Dashboard, and you just want to update to the latest, follow this guide starting from the Create your NAND Image section.


FAQ

COMING SOON
(that's what she said)


LINK
LINK
LINK

Waffle

Thanks to blackwolf over at EMS for part of this guide, taken from here… http://www.elitemods...al-by-blackwolf And anybody else I may have nicked bits from, here and there


Thanks to Rogero for the awesomeness that is Multi Builder.

Thanks to Team Xecuter for the amazing hardware they have been bringing to this scene for years.

And obviously a huge thanks to all the other creators and contributors of the underlying software and knowledge used in this guide, of which there are many, not least of course, the legend that is gligli

This guide and Multi Builder wouldn't be here without the many years of work involved in making all this even possible in the first place.

I compiled this guide to fit my own needs, but I thought that if I padded it out a bit, it may be helpful to others who have the same TX based setup. Apparently, people have found it kinda handy :D

If there is anything I have left out, or I have made any mistakes (even spelling errors/typos), please let me know so I can fix it. Thanks.

 
Last edited:

vydex

VIP Member
Mar 21, 2006
197
0
United Kingdom
Great Guide Fibre excellent work Ive been waiting and age for someone to post something like this. A couple of nice pics for those of us who are dumb might go a long way to make this the most awesome coolrunner guide out there my friend excellent work.
 

Mickey3177

VIP Member
Feb 2, 2011
302
0
Las Vegas USA
to much to read dude,i was thinkin of having a go myself but now i seen this ill let a pro sort it but thanks anyway lol
It really isn't that hard to do, the guide goes over everything, some things you might not have to do but if find his guide hard to follow it might be a good idea to hand it off to a pro
 

morbidj

Full Member
Feb 24, 2004
39
0
DenCO
Great guide, thank you for taking the time to put this guide together.. Sure we can all use "search" but hey why search and read through 10 threads!!! ?
 

dayjo43

Junior Member
Feb 8, 2011
20
0
Very nice DARKFiB3R. The way the sections are laid out makes each step very easy to find and follow.
 

Fisteh

Noob Account
Mar 4, 2007
1
0
Australia
Thanks FiB3R, was a few points near the end of the tutorial that you covered extremely well, that I couldn't "get" from other's guides. Not rocket science when explained well. Good Job!
:biggrin:
 

abyss

VIP Member
Dec 16, 2010
187
0
Belgium
verry nice guide dude ;D

so what is your advice should i rgh it at 9199 dash and then update it with an image?

or first update to newest dash and then rgh it?

greetings
 
  • Like
Reactions: texrob261