RGH LDVs and why they are important

Martin C

VIP Member
Jan 10, 2004
36,034
0
Scotland, UK
www.team-xecuter.com
UPDATE 10/04/2013: This guide was largely out-dated now due to RGH images being dealt with the same as JTAG ones: Fuseset 07, 08, 09, 10, 11 are now ignored. I've therefore updated it with more relevant information.

The 360 protects itself from downgrades by using an efuse system. This is an efuse:

efuse1.png

It's microscopic and resides in the 360's CPU. There are loads of them in the CPU - not just one. Depending on what update is being applied, a combination of efuses are 'programmed' with a value, which is a permanent PHYSICAL change which cannot be undone. We therefore refer to the result of this as an LDV - Lock Down Value.

There are lines of fuses in the CPU to deal with different tasks. XeLL is a homebrew 'app' which allows the values of the these fuses to be read. Here's an example of the lines of fuses from a CPU (via XeLL):

Code:
fuseset 00: c0ffffffffffffff
fuseset 01: 0f0f0f0f0f0f0ff0
[B]fuseset 02: 000f00f000000000[/B]
[B]fuseset 03: e1aaa32e361107f9[/B]
fuseset 04: e1aaa32e361107f9
[B]fuseset 05: 2955f6f2ae1db069[/B]
fuseset 06: 2955f6f2ae1db069
[B]fuseset 07: ffffff0000000000
fuseset 08: 0000000000000000[/B]
[B]fuseset 09: 0000000000000000
fuseset 10: 0000000000000000
fuseset 11: 0000000000000000[/B]
The lines we're interested in are:

fuseset 02: CB LDV.
fuseset 03 + 05: CPU Key (you can also use 04 + 06 for this however some consoles have been known to list different values for 03/04 and 05/06, so you need to check this on a case by case basis. On most consoles, they should match)

fuseset 07, 08, 09, 10, 11: CF/CG LDV.

So let's go over the basics.

Whatever you see in XeLL for the fuselines is LAW. It's a direct read of the CPU which, as I said, is a physical state of the efuses. 03, 04, 05, 06 are all static - these will NEVER change. They are set at factory.

The ones you need to watch for when building a retail NAND (or repairing a console which has a wrongly configured NAND) are 02, 07 and 08 as these are the ones which can change, depending on what's happened to the console.

So lets start with the easier one: 07, 08, 09, 10, 11 - CF/CG LDV.

Every time your console takes a dashboard update, the value of CF/CG LDV increments by 1. This is registered by an 'f' replacing a '0' in the fuseline. In the sample above, there are 6 'f's starting at 07, meaning the console's CF/CG LDV is 6. The fuses are able to record up to a CF/CG LDV of 80, after which point the value cannot increase any more as there are no more efuses to program.

Once you have the CPU key, this value can be directly entered into J-Runner to build a new image.

It's gets a little trickier with CB LDV.

This value is NOT updated every dashboard version and is not directly reflected in any apps. However, the value can be translated to a CB/dashboard version. The position of the rightmost 'f' in fuseset 02 dictates the cseq number. In the example above, the right-most 'f' is 7 characters along from the left, so it has a cseq of '7'.

Use this information with the below chart:

8973191b3ec2a749e62ccc14d27dad2d.png

and you'll be able to work out it's from a Falcon or Jasper console, but more importantly you'll know the highest dashboard which can be used in this state is 14699. My RGH Roadmap for Noobies lists the dashboard ranges more comprehensively.

Important: You cannot 'edit' your image to use a different CB for a retail NAND. It MUST match the entry as found in XeLL, otherwise it'll fail to boot. You'll see me mention CB/LDV boot failures in a few posts and this is exactly what it means. This is why it's impossible to revert a retail console from 14699 to 7371, but is possible to go from 16203 back to 15572.
 
Last edited:

RROD!

VIP Member
Apr 13, 2011
788
0
nice work there buddy seems lots of ppl getting hit by this i think this will help lots
 

SOloNon

Noob Account
Oct 2, 2011
62
0
Oh ... martin really thanks to you . but if we cant even boot in to xell then what must to do ?
 

dannyperez

Noob Account
Oct 9, 2011
132
0
Ireland
Oh ... martin really thanks to you . but if we cant even boot in to xell then what must to do ?
"1. It's possible to sort this out without being able to boot XeLL. If you only have the CPU key for example and no longer have the ability to run XeLL, take the LAST KNOWN DUMP for the console and open in 360 Flash Dump Tool. Note the highest LDV number. Now follow the steps above and increment the LDV number by one each time, so build and flash to the console - rinse and repeat until it boots"

take your time when you read ;)
 
  • Like
Reactions: ablegepu

SOloNon

Noob Account
Oct 2, 2011
62
0
"1. It's possible to sort this out without being able to boot XeLL. If you only have the CPU key for example and no longer have the ability to run XeLL, take the LAST KNOWN DUMP for the console and open in 360 Flash Dump Tool. Note the highest LDV number. Now follow the steps above and increment the LDV number by one each time, so build and flash to the console - rinse and repeat until it boots"

take your time when you read ;)
If you only have the CPU key
... ( i dont have cpu key )
take your time to read too ...
 
Last edited:

SOloNon

Noob Account
Oct 2, 2011
62
0
Your post says nothing about not having the CPU key. Don't turn this thread into an argument.
Sry I wouldn't . i said i can't even boot in to xell ... forget that any way , there is no way to figure that without cpu key ?
 

Martin C

VIP Member
Jan 10, 2004
36,034
0
Scotland, UK
www.team-xecuter.com
Sry I wouldn't . i said i can't even boot in to xell ... forget that any way , there is no way to figure that without cpu key ?
Booting into XeLL and having the CPU key are two entirely different things. You can have one without the other.

There is nothing to 'figure out'. You need the CPU key as your built image needs to be re-encrypted to work on your console. No CPU key = not possible.
 

jtagpabble

Noob Account
Nov 4, 2011
2
0
UK
thanks for this tut and i hope it works for me, a couple of questions

first off i need to say i cant boot to xell, i know the tut says its possible but how do i actual flash over the new image?

also i loaded up a previous working nand in flash dump tool and my ldv says "0", so i edited the options ini and added "0" saved then exited

I built the new image and the display box at the end says my ldv value "2". Im confused about this because the tut says the number should match.

Any advice would be great, thanks
 

Martin C

VIP Member
Jan 10, 2004
36,034
0
Scotland, UK
www.team-xecuter.com
thanks for this tut and i hope it works for me, a couple of questions

first off i need to say i cant boot to xell, i know the tut says its possible but how do i actual flash over the new image?

also i loaded up a previous working nand in flash dump tool and my ldv says "0", so i edited the options ini and added "0" saved then exited

I built the new image and the display box at the end says my ldv value "2". Im confused about this because the tut says the number should match.

Any advice would be great, thanks
I'm confused as even after reading my post, you're asking questions which have already been asked. Read it again.

As for reflashing the NAND, you can use nandpro.
 

Support Our Sponsors