GENERAL Jasper RGH FREEZE

[Aiosforos]

hello people, this is the 2nd console i do RGH hack, ive done several jtags before...
so lets start, i programmed cpld with jasper.jed, made the according changes on it with the resistor diodes capacitor etc, soldered it on the motherboard and hot glued to solid the connections, dumped nand, flashed xell to get cpu key, generated ggbuild 13604 for jasper with cpu key and 1blkey, flashed to xbox nand. and after that, console boots on rgh hack dashboard, but 8/10 times it freezes on boot screen or at dashboard.... tried redo the solderings on motherboard, changed resistor/capacirot/diodes on the cpld, remade and reflashed the ggbuild nand.... still nothing....

any help to solve this?

i must deliver the console tomorrow

also console was on dash 13599 before the RGH and it had LDV 9, and on the ggbuild i used 9 LDV, should i use 10? is that the problem?

 

[Martin C]

Why are you messing around with the CPLD? It's obviously not that or the glitch wouldn't work to begin with.

LDVs? Would it even boot with the wrong LDV? Probably not.

You've given absolutely no information and TBH, we're not here to help you make a profit from other people's work. I suggest you get reading.

 

[Aiosforos]

hmmm i didnt mention i get money for it on the first place, and 2ndly ive followed step by step the whole proccedure... can you tell me what info you need to give some assistance on what the hell is that freezing problem?

 

[M007P]

Format internal memory.. and try, my friend had same problem

 

[Martin C]

i must deliver the console tomorrow

If it's not for money they can wait until you resolve this. Don't put the urgency onto other people to fix this for you.

Check your original NAND dump for bad blocks, post exactly what steps you are using to build the image including files used and any messages encountered in ggbuild.

 

[Aiosforos]

this is the nand1 (original nand)
and updflash the ggbuild, also i used the normal ggbuild AND the GUI ggbuild from Rogero and still the same

also here is the log:

---------------------------------------------------------------
     ggBuild v0.33.273
---------------------------------------------------------------
data directory overridden from command line to '13604'
per build directory overridden from command line to 'my360'
file name overridden from command line to 'updflash.bin'

------ parsing user ini at '.\my360\options.ini' ------
loading file...done!
pre-parsing and sanitizing
done!
User options.ini loaded, 0xe6 bytes in memory
loading cpukey.txt from .\my360\cpukey.txt
CPU Key set to: 0xCB-------------------------------------------------------5B
setting 1blkey from ini: 0xDD------------------------------------------------
1BL Key set to: 0xDD------------------------------------------------ sum: 0x983 (expects: 0x983)
Using nonandmu option (ini file)
Using patchsmc option (ini file)

------ Checking .\my360\nanddump.bin ------
Loading NAND dump...done!
NAND dump is from a small block machine
NAND dump uses big block controller
parsing dump into user and spare...
bad block at 0x17e (raw offset 0x627c00), block ignored
block 0x17e was remapped to block 0x3ff at remap instance 0
done!
cleaning up stray remaps
done!
--remap summary--
0: source: 0x017e dest: 0x03ff
-----------------
decrypting KeyVault at address 0x4000 of size 0x4000
keyvault decrypted OK, will use if no kv.bin is provided
decrypting SMC at address 0x1000 of size 0x3000
SMC decrypted OK, will use if no external smc.bin is provided
seeking smc config in dump...found at offset 0xf7c000! Using if no smc config is provided.
CF slot 0 decrypted ok LDV 0x09 Pairing: 0x92ffbf
CF slot 1 decrypted ok LDV 0x08 Pairing: 0x92ffbf
setting LDV from image to 9
setting pairing data from image to 0x92ffbf
MobileB.dat found at page 0x485c, size 2048 (0x800) bytes
MobileC.dat found at page 0x38a0, size 512 (0x200) bytes
MobileD.dat found at page 0x36c8, size 2048 (0x800) bytes
MobileE.dat found at page 0xb00, size 2048 (0x800) bytes

------ parsing ini at '.\13604\filelist.ini' ------
ini version 13604

ini: label [jasperbl] found
found (1) 'cb_6750.bin' crc: 0xf7afa8cc
found (2) 'cb_bnone.bin' crc: 0x00000000
found (3) 'cd_8453.bin' crc: 0x25e0acd0
found (4) 'ce_1888.bin' crc: 0xff9b60df
found (5) 'cf_13604.bin' crc: 0x639a4cd7
found (6) 'cg_13604.bin' crc: 0x7e9f5364

ini: label [flashfs] found
found (1) 'aac.xexp' crc: 0xdaed8bc7
found (2) 'bootanim.xex' crc: 0x8a7ab1b4
found (3) 'createprofile.xex' crc: 0xe19ca8c4
found (4) 'dash.xex' crc: 0xecdaf6c0
found (5) 'deviceselector.xex' crc: 0xaa4579d1
found (6) 'gamerprofile.xex' crc: 0xebc5fec3
found (7) 'hud.xex' crc: 0xe2410ee1
found (8) 'huduiskin.xex' crc: 0x390eac39
found (9) 'mfgbootlauncher.xex' crc: 0xf3637ed9
found (10) 'minimediaplayer.xex' crc: 0x23d28bb8
found (11) 'nomni.xexp' crc: 0xed7cd3f5
found (12) 'nomnifwk.xexp' crc: 0x2c6fd7e8
found (13) 'nomnifwm.xexp' crc: 0xaa978831
found (14) 'signin.xex' crc: 0xf7436a62
found (15) 'updater.xex' crc: 0xd0cd6753
found (16) 'vk.xex' crc: 0x65f4eec0
found (17) 'xam.xex' crc: 0x2a74ee0f
found (18) 'xenonclatin.xtt' crc: 0xd5d17ff5
found (19) 'xenonclatin.xttp' crc: 0x7a507ad1
found (20) 'xenonjklatin.xtt' crc: 0xdde4a14c
found (21) 'xenonjklatin.xttp' crc: 0x945b7092
found (22) 'ximecore.xex' crc: 0xccb87938
found (23) 'ximedic.xex' crc: 0x1d992bfb
found (24) 'ximedic.xexp' crc: 0x47a55af9
found (25) '..\launch.xex' crc: 0x00000000
found (26) '..\lhelper.xex' crc: 0x00000000

ini: label [security] found
found (1) 'crl.bin' crc: 0x00000000
found (2) 'dae.bin' crc: 0x00000000
found (3) 'extended.bin' crc: 0x00000000
found (4) 'fcrt.bin' crc: 0x00000000
found (5) 'secdata.bin' crc: 0x00000000
------ ini parsing completed ------

output name overridden to: updflash.bin

Writing initial header to flash image

------ Loading bootloaders and required security files ------
reading .\my360\smc.bin failed, using smc.bin from nand dump
reading .\my360\kv.bin failed, using kv.bin from nand dump
reading .\13604\cb_6750.bin (0x9a40 bytes) (crc32: 0xf7afa8cc ini: 0xf7afa8cc)
reading .\13604\cd_8453.bin (0x5780 bytes) (crc32: 0x25e0acd0 ini: 0x25e0acd0)
reading .\13604\ce_1888.bin (0x5606a b pad 0x56070 b) (crc32: 0xff9b60df ini: 0xff9b60df)
reading .\my360\xell-gggggg.bin (0x40000 bytes)
reading .\13604\cf_13604.bin (0x4450 bytes) (crc32: 0x639a4cd7 ini: 0x639a4cd7)
reading .\13604\cg_13604.bin (0x659e0 bytes) (crc32: 0x7e9f5364 ini: 0x7e9f5364)
reading .\13604\bin\patches_fat.bin (0x6dc bytes)
reading .\my360\smc_config.bin failed, using smc_config.bin from nand dump
-------------------
checking smc_config
-------------------
extracting config
------------------
SMC config info:
------------------
Target temps: Cpu:  80ψC Gpu:  71ψC Edram:  73ψC
Max temps   : Cpu:  95ψC Gpu:  90ψC Edram:  92ψC
Cpu Fan     : (auto)
Gpu Fan     : (auto)
MAC Address : 00:22:48:6f:cb:a6
AVRegion    : 0x00000300 (PAL50)
GameRegion  : 0x02fe (NTSC/EU)
DVDRegion   : 2
resetKey    : DDUX
---------------------
Checking ini for smc config data patches
smc was not patched
---------------------
done!

------ Encrypting and finalizing bootloaders ------
SMC checksum: 5b3aed00
clean SMC found, type: Jasper 2.3
patching clean smc, type: Jasper 2.3 offset: 0x12ba
clean SMC hacked successfully
done!

------ Adding bootloaders to flash image ------
adding smc.bin to 0x00001000 len 0x3000
adding kv.bin to 0x00004000 len 0x4000
adding cb_6750.bin to 0x00008000 len 0x9a40
adding cb_bnone.bin to 0x00011a40 len 0x0
adding cd_8453.bin to 0x00011a40 len 0x5a40
adding ce_1888.bin to 0x00017480 len 0x56070
adding xell-gggggg.bin to 0x00070000 len 0x40000
adding cf_13604.bin to 0x000b0000 len 0x4450
adding cg_13604.bin to 0x000b4450 len 0x659e0
adding patches_fat.bin to 0x000c0010 len 0x3e8
Fixing up FS table...done!
Writing CG patch slot overflow data to sysupdate.xexp1...done!

------ adding 26 firmware files ------
reading .\13604\aac.xexp (0x4800 bytes) (crc32: 0xdaed8bc7 ini: 0xdaed8bc7)
reading .\13604\bootanim.xex (0x55000 bytes) (crc32: 0x8a7ab1b4 ini: 0x8a7ab1b4)
reading .\13604\createprofile.xex (0xc000 bytes) (crc32: 0xe19ca8c4 ini: 0xe19ca8c4)
reading .\13604\dash.xex (0x5e7000 bytes) (crc32: 0xecdaf6c0 ini: 0xecdaf6c0)
reading .\13604\deviceselector.xex (0x9000 bytes) (crc32: 0xaa4579d1 ini: 0xaa4579d1)
reading .\13604\gamerprofile.xex (0x1a000 bytes) (crc32: 0xebc5fec3 ini: 0xebc5fec3)
reading .\13604\hud.xex (0x1f000 bytes) (crc32: 0xe2410ee1 ini: 0xe2410ee1)
reading .\13604\huduiskin.xex (0x11000 bytes) (crc32: 0x390eac39 ini: 0x390eac39)
reading .\13604\mfgbootlauncher.xex (0x8000 bytes) (crc32: 0xf3637ed9 ini: 0xf3637ed9)
reading .\13604\minimediaplayer.xex (0xc000 bytes) (crc32: 0x23d28bb8 ini: 0x23d28bb8)
reading .\13604\nomni.xexp (0xd000 bytes) (crc32: 0xed7cd3f5 ini: 0xed7cd3f5)
reading .\13604\nomnifwk.xexp (0x2000 bytes) (crc32: 0x2c6fd7e8 ini: 0x2c6fd7e8)
reading .\13604\nomnifwm.xexp (0x5000 bytes) (crc32: 0xaa978831 ini: 0xaa978831)
reading .\13604\signin.xex (0x12000 bytes) (crc32: 0xf7436a62 ini: 0xf7436a62)
reading .\13604\updater.xex (0x8000 bytes) (crc32: 0xd0cd6753 ini: 0xd0cd6753)
reading .\13604\vk.xex (0x9000 bytes) (crc32: 0x65f4eec0 ini: 0x65f4eec0)
reading .\13604\xam.xex (0x218000 bytes) (crc32: 0x2a74ee0f ini: 0x2a74ee0f)
reading .\13604\xenonclatin.xtt (0x11b000 bytes) (crc32: 0xd5d17ff5 ini: 0xd5d17ff5)
reading .\13604\xenonclatin.xttp (0x18000 bytes) (crc32: 0x7a507ad1 ini: 0x7a507ad1)
reading .\13604\xenonjklatin.xtt (0x1a8000 bytes) (crc32: 0xdde4a14c ini: 0xdde4a14c)
reading .\13604\xenonjklatin.xttp (0x7000 bytes) (crc32: 0x945b7092 ini: 0x945b7092)
reading .\13604\ximecore.xex (0x15000 bytes) (crc32: 0xccb87938 ini: 0xccb87938)
reading .\13604\ximedic.xex (0x90000 bytes) (crc32: 0x1d992bfb ini: 0x1d992bfb)
reading .\13604\ximedic.xexp (0x2800 bytes) (crc32: 0x47a55af9 ini: 0x47a55af9)

***** could not read .\13604\..\launch.xex, skipping *****

***** could not read .\13604\..\lhelper.xex, skipping *****

------ adding 5 security files ------
reading .\my360\crl.bin (0x9e0 bytes)
writing as crl.bin to flash
reading .\my360\dae.bin (0xad30 bytes)
writing as dae.bin to flash
reading .\my360\extended.bin (0x4000 bytes)
writing as extended.bin to flash
***** could not read fcrt.bin, skipping *****
reading .\my360\secdata.bin (0x400 bytes)
writing as secdata.bin to flash

------ checking for Mobile*.dat ------
MobileB.dat was found in dump, 0x800 bytes, adding type 0x31
MobileC.dat was found in dump, 0x200 bytes, adding type 0x32
MobileD.dat was found in dump, 0x800 bytes, adding type 0x33
MobileE.dat was found in dump, 0x800 bytes, adding type 0x34

------ adding smc_config.bin ------

------ finalizing image ------
Fixing up empty FS block entries...done!
Writing FS table to image...done!
fixing up big block controller on small block NAND LBA numbers...done!
calculating ECD bytes and assembling raw image...done!
remapping 1 blocks
    copying 0x4200 bytes of LBA 0x17e to block 0x3ff...zero fill origin...done!
done!
writing file 'updflash.bin' to disk...done!
updflash.bin written OK

---------------------------------------------------------------
updflash.bin glitch image built, info:
---------------------------------------------------------------
console  : jasper
NAND size: 16MiB
CPU Key  : C----------------------------------------------5B
1BL Key  : DD88AD0C9ED669E7B56794FB68563EFA
CF LDV   : 9
---------------------------------------------------------------
    ggBuild Finished. Have a nice day.
---------------------------------------------------------------

 

[seanr28]

will more than likly be your nand flash causing the issue, re-map the bad block then re-flash.

 

[Aiosforos]

remap it on stock nand, then create ggbuild and after remap it again on the ggbuild nand?

 

[seanr28]

as long as you have at least 2 good nand dumps, remap on stock nand and then rebuild with ggbuild and flash again

 

[Aiosforos]

i unmapped the bad block on the stock nand so it didnt show any bad blocks on flash tool, then i generated ggbuild nand, and i opened it on flash tool, and it had the bad block as expected
so i dont need to remap it right?

 

[Martin C]

No, you need to remap.

Build your NAND image as per normal (ggimage.bin for argument's sake)

then:

1. nandpro ggimage.bin -r16 bb1.bin 17e 1
2. nandpro ggimage.bin -w16 bb1.bin 3ff 1

Then write ggimage.bin to your NAND.

If this doesn't sort it, then do this step:

nandpro usb: -e16 17e 1

 

[Aiosforos]

ok martin so i unmap the bad block from stock nand to not show bad block, then i create ggimage and i manually remap block right?

brb in 10 to test it

 

[Martin C]

ok martin so i unmap the bad block from stock nand to not show bad block, then i create ggimage and i manually remap block right?

brb in 10 to test it

Why are you making this harder than it is?

Bad blocks are mapped at FACTORY. The marked block is then relocated to the reserved area.

So, take your NAND dump (untouched) and create your ggimage.bin from that. Then follow my steps.

If you don't understand what you're doing, read up on bad blocks.

 

[Aiosforos]

ok mate, ive countered several bad blocks on the past. but the thing that confuze me is that the ggbuild image has already the block remapped, nvm im writing the nand atm

 

[Martin C]

ah ok - you're right:

bad block at 0x17e (raw offset 0x627c00), block ignored
block 0x17e was remapped to block 0x3ff at remap instance 0
done!
cleaning up stray remaps


done!

so it looks like it's remapped.

Therefore if what you're doing doesn't work, try the step above to erase block 17e.

 

[Aiosforos]

ive remapped the blocks following all proccedure as you say and nothing,m it still freezes, now i tried erase the bad block and i get this:

Looking for usb interface device
Flash Config: 0x00023010
Block Size: 16KB Block Limits: 0x00017E..0x00017E
File:
Erasing
Error: 202 erasing block 17E

C:\Users\Aiosforos\Desktop\Nandpro20e>

still no hope it continues freezing

 

[Martin C]

build your NAND image again from the original dump.

Then

nandpro updflash.bin: -r16 bb1.bin 17e 1
nandpro updflash.bin: -r16 bb2.bin 3ff 1

then

fc /b bb1.bin bb2.bin

Hopefully you get no differences encountered.

 

[Aiosforos]

ok 1 min

---------- Post added at 13:41 ---------- Previous post was at 13:38 ----------

done, showed a ton of differences

 

[Martin C]

Does the first column just show 00s or FFs?

 

[Aiosforos]

here they are:

 000040CC: 00 D7
000040CD: 00 88
000040CE: 00 74
000040CF: 00 5A
000040D0: 00 0E
000040D1: 00 EC
000040D2: 00 98
000040D3: 00 3F
000040D4: 00 FC
000040D5: 00 0B
000040D6: 00 FD
000040D7: 00 68
000040D8: 00 E0
000040D9: 00 EA
000040DA: 00 CF
000040DB: 00 0D
000040DC: 00 5B
000040DD: 00 0D
000040DE: 00 D6
000040DF: 00 E9
000040E0: 00 3D
000040E1: 00 88
000040E2: 00 31
000040E3: 00 6A
000040E4: 00 A8
000040E5: 00 07
000040E6: 00 46
000040E7: 00 1D
000040E8: 00 FC
000040E9: 00 51
000040EA: 00 CC
000040EB: 00 1D
000040EC: 00 EE
000040ED: 00 10
000040EE: 00 E5
000040EF: 00 7E
000040F0: 00 1C
000040F1: 00 7F
000040F2: 00 C9
000040F3: 00 7D
000040F4: 00 85
000040F5: 00 11
000040F6: 00 37
000040F7: 00 55
000040F8: 00 45
000040F9: 00 D4
000040FA: 00 BB
000040FB: 00 6D
000040FC: 00 88
000040FD: 00 34
000040FE: 00 76
000040FF: 00 1D
00004100: 00 E1
00004101: 00 08
00004102: 00 EF
00004103: 00 E7
00004104: 00 DE
00004105: 00 75
00004106: 00 10
00004107: 00 6A
00004108: 00 1E
00004109: 00 58
0000410A: 00 DC
0000410B: 00 DA
0000410C: 00 11
0000410D: 00 B6
0000410E: 00 2D
0000410F: 00 2E
00004110: 00 81
00004111: 00 E4
00004112: 00 7A
00004113: 00 3C
00004114: 00 48
00004115: 00 3B
00004116: 00 FC
00004117: 00 AE
00004118: 00 2A
00004119: 00 C0
0000411A: 00 60
0000411B: 00 AC
0000411C: 00 21
0000411D: 00 87
0000411E: 00 B6
0000411F: 00 05
00004120: 00 B8
00004121: 00 20
00004122: 00 F5
00004123: 00 FA
00004124: 00 23
00004125: 00 80
00004126: 00 3D
00004127: 00 64
00004128: 00 D2
00004129: 00 EA
0000412A: 00 F1
0000412B: 00 E0
0000412C: 00 74
0000412D: 00 8E
0000412E: 00 5E
0000412F: 00 FC
00004130: 00 F2
00004131: 00 E8
00004132: 00 F1
00004133: 00 F8
00004134: 00 21
00004135: 00 86
00004136: 00 9F
00004137: 00 3F
00004138: 00 89
00004139: 00 9E
0000413A: 00 DD
0000413B: 00 9D
0000413C: 00 AB
0000413D: 00 D1
0000413E: 00 B9
0000413F: 00 68
00004140: 00 03
00004141: 00 35
00004142: 00 80
00004143: 00 AC
00004144: 00 30
00004145: 00 4E
00004146: 00 21
00004147: 00 04
00004148: 00 0B
00004149: 00 73
0000414A: 00 B9
0000414B: 00 81
0000414C: 00 B4
0000414D: 00 C6
0000414E: 00 06
0000414F: 00 E5
00004150: 00 86
00004151: 00 03
00004152: 00 16
00004154: 00 95
00004155: 00 A4
00004156: 00 FB
00004157: 00 41
00004158: 00 78
00004159: 00 5C
0000415A: 00 50
0000415B: 00 8A
0000415C: 00 8B
0000415D: 00 39
0000415E: 00 FA
0000415F: 00 F7
00004160: 00 16
00004161: 00 4A
00004162: 00 44
00004163: 00 86
00004164: 00 C2
00004165: 00 F1
00004166: 00 5C
00004167: 00 45
00004168: 00 F7
00004169: 00 BE
0000416A: 00 C5
0000416B: 00 57
0000416C: 00 F7
0000416D: 00 5A
0000416E: 00 33
0000416F: 00 CC
00004170: 00 EB
00004171: 00 AC
00004172: 00 1F
00004173: 00 2B
00004174: 00 8E
00004175: 00 A6
00004176: 00 17
00004177: 00 85
00004178: 00 EB
00004179: 00 59
0000417A: 00 5E
0000417B: 00 40
0000417C: 00 D4
0000417D: 00 0D
0000417E: 00 0B
0000417F: 00 F7
00004180: 00 0F
00004181: 00 47
00004182: 00 73
00004183: 00 4C
00004184: 00 94
00004185: 00 77
00004186: 00 7A
00004187: 00 A4
00004188: 00 C8
00004189: 00 45
0000418A: 00 34
0000418B: 00 5C
0000418C: 00 31
0000418D: 00 9F
0000418E: 00 4C
0000418F: 00 9E
00004190: 00 4C
00004191: 00 EC
00004192: 00 DD
00004193: 00 62
00004194: 00 1F
00004195: 00 0D
00004196: 00 2F
00004197: 00 72
00004198: 00 66
00004199: 00 E7
0000419A: 00 47
0000419B: 00 B6
0000419C: 00 B7
0000419D: 00 CE
0000419E: 00 A9
0000419F: 00 67
000041A0: 00 0E
000041A1: 00 AD
000041A2: 00 21
000041A3: 00 5E
000041A4: 00 0F
000041A5: 00 56
000041A6: 00 03
000041A7: 00 48
000041A8: 00 06
000041A9: 00 43
000041AA: 00 0A
000041AB: 00 6A
000041AC: 00 94
000041AD: 00 BB
000041AE: 00 6B
000041AF: 00 0E
000041B0: 00 07
000041B1: 00 64
000041B2: 00 33
000041B3: 00 FB
000041B4: 00 D4
000041B5: 00 56
000041B6: 00 2B
000041B7: 00 B0
000041B8: 00 2F
000041B9: 00 42
000041BA: 00 EB
000041BB: 00 C6
000041BC: 00 EF
000041BD: 00 9C
000041BE: 00 35
000041BF: 00 A9
000041C0: 00 A1
000041C1: 00 9B
000041C2: 00 1D
000041C3: 00 41
000041C4: 00 86
000041C5: 00 D6
000041C6: 00 C7
000041C7: 00 58
000041C8: 00 F2
000041C9: 00 E4
000041CA: 00 D2
000041CB: 00 27
000041CC: 00 2F
000041CD: 00 79
000041CE: 00 D0
000041CF: 00 F7
000041D0: 00 69
000041D1: 00 A5
000041D2: 00 F4
000041D3: 00 CA
000041D4: 00 68
000041D5: 00 D5
000041D6: 00 4E
000041D7: 00 75
000041D8: 00 75
000041D9: 00 3B
000041DA: 00 C7
000041DB: 00 29
000041DC: 00 AA
000041DD: 00 7A
000041DE: 00 BF
000041DF: 00 B7
000041E0: 00 D0
000041E1: 00 F9
000041E2: 00 F1
000041E3: 00 2F
000041E4: 00 FE
000041E5: 00 C4
000041E6: 00 16
000041E7: 00 1E
000041E8: 00 EF
000041E9: 00 5A
000041EA: 00 1B
000041EB: 00 D3
000041EC: 00 C2
000041ED: 00 1C
000041EE: 00 79
000041EF: 00 CA
000041F1: 00 7E
000041F2: 00 01
000041F5: 00 FF
000041FC: 00 40
000041FD: 00 4D
000041FE: 00 91
000041FF: 00 E2