Need help building trinity RGH donor nand, only have cpu key and donor

flymods

Full Member
I have a trinity system with coolrunner installed that boots to xell perfectly but unfortunately I don't have the original nand. I do have a donor nand of another trinity with its matching cpu key, can anyone provide the process of injecting the cpu key into the donor and any other console specific information (LDV ect.) that will need to be added? I have the latest 360 flash tool and bin crypt I am just unsure what the process is for building a donor original nand is. Thanks in advance for any help.
 

Martin C

VIP Member
Jan 10, 2004
35,981
0
Scotland, UK
www.team-xecuter.com
What happened to your original NAND dump? Why didn't you save it somewhere?

Seems pointless to put a guide your way when you're not even able to keep an original NAND dump safe.....
 

flymods

Full Member
Martin,
The system isn't mine, The owner never got his original nand and one of his friends accidentally updated the dash from a game disc and it obviously stopped booting freeboot. Then he tried to "fix" it and wiped out whatever was flashed to it. I have done over a hundred jtags/RGH systems, I back everything up by serial number when I do a system myself and have never needed to use a donor. I was already able to flash a valid ecc file and get the cpu key and the LDV value is 2. I read some of your other posts about manually editing the config in multi builder which I know how to do, the part I'm unclear on is encrypting a donor with his cpu key. I never messed with unbanning keyvaults so my experience is limited. Any assistance would be greatly appreciated! Merry xmas
 

Martin C

VIP Member
Jan 10, 2004
35,981
0
Scotland, UK
www.team-xecuter.com
Oh so you're looking for someone to tell you how to fix something as you're offering it as a service?

So two options:

1. Do what I did. Read EVERYTHING. Learn how it all ties together and do it yourself.

2. Send it to someone else to fix.

I may seem a little 'un-festive', but it's becoming more and more apparent that the number of people asking for help on this stuff are so-called 'modders' who are looking to make money from free advice. Tell me why I or anyone else should go out of their way and do the legwork for free, just so you can return a working console for a profit?

I suggest you stop offering a service if it's something you can't do without asking help from others. The solution to your problem is pasted on about a dozen websites - this one including. I've personally written this step-by-step at least 3 or 4 times in the last 6 months.

Time to start reading!
 

flymods

Full Member
Oh so you're looking for someone to tell you how to fix something as you're offering it as a service?

So two options:

1. Do what I did. Read EVERYTHING. Learn how it all ties together and do it yourself.

2. Send it to someone else to fix.

I may seem a little 'un-festive', but it's becoming more and more apparent that the number of people asking for help on this stuff are so-called 'modders' who are looking to make money from free advice. Tell me why I or anyone else should go out of their way and do the legwork for free, just so you can return a working console for a profit?

I suggest you stop offering a service if it's something you can't do without asking help from others. The solution to your problem is pasted on about a dozen websites - this one including. I've personally written this step-by-step at least 3 or 4 times in the last 6 months.

Time to start reading!
I'm doing this for free not making a dime from it. I've searched google and the forums and haven't found anything that applies to a complete missing nand, most of the posts i've seen have been partial erases where someone only flashed the ecc file over the original and then just dumped that as a partial original. If you aren't willing to help don't post anything, no need to be rude when someone is asking for advice... If you have personally posted this so many times why not just paste a link? takes less time then insulting me and assuming I am making money from others.
 

Martin C

VIP Member
Jan 10, 2004
35,981
0
Scotland, UK
www.team-xecuter.com
Then search for it already! It's not rocket science and by looking for it yourself, you'll learn in future too. For someone who's done over a hundred JTAG/RGH's, this should be a walk in the park for someone of your intellect.
 
  • Like
Reactions: ponuod

flymods

Full Member
Then search for it already! It's not rocket science and by looking for it yourself, you'll learn in future too. For someone who's done over a hundred JTAG/RGH's, this should be a walk in the park for someone of your intellect.
I've been reading your posts for a while now (searched posts by your name). Can you answer me this question: Do I need to take a decrypted kv and encrypt this consoles cpu key to it in order to make a clean nand or can I just use the LDV, CB, and CPU key in multiboot to create a clean nand?

I have ready a lot of your posts, you seem like a nice guy and I see you have helped people a lot, I know answering the same question over and over again must piss you off and I certainly understand that. If you can just point me in the right direction I know I can figure it out.
 
  • Like
Reactions: ponuod

Martin C

VIP Member
Jan 10, 2004
35,981
0
Scotland, UK
www.team-xecuter.com
Ok - what you're looking to do is inject your existing decrypted keyvault into a donor NAND and re-encrypting with the destination's CPU key. If XeLL currently displays your DVD key then it's more than likely the right KV in there (block 1).

Once you have the above done, you rebuild using a custom LDV based on what you see in XeLL.
 
  • Like
Reactions: ponuod

flymods

Full Member
Ok, so here is where I'm stuck:
-I took my donor nand and opened it up with its matching CPU key in 360 flash dump tool.
-I then used bincrypt to decrypt the other systems KV.
-Then I imported the KV into the donor with the "import" button in flash dump tool
-Everything looks good, the correct DVD key is listed (I read the DVD FW to match it with the system).

Now I have the correct KV in my donor but I am unsure how to lock it with the correct cpu key, its still locked to the cpu key of the donor. Am I missing something easy? I'm assuming I can do it with 360 flash dump tool, is there something else I need to use? Thanks for any help.
 
  • Like
Reactions: ponuod

flymods

Full Member
Just saw I was using an older version of 360 flash dump tool that didn't have the "rebuild image" option under patch. I got the donor locked and am going to manually set the LDV value and try and build a freeboot image now.
 
  • Like
Reactions: ponuod

flymods

Full Member
Well I patched the nand with the correct kv and then built the freeboot image using the newly created original from the donor. I set the LVD value manually to 2, the image built fine but after flashing it to the system it just attempts to boot them get a flashing red light. Any ideas? posing logs below and my fuses:

fuseset 00: c0ffffffffffffff
fuseset 01: 0f0f0f0f0f0ff0f0
fuseset 02: f000000000000000
fuseset 03: 5debba912a45cf1b
fuseset 04: 5debba912a45cf1b
fuseset 05: f31642815e748875
fuseset 06: f31642815e748875
fuseset 07: ff00000000000000
fuseset 08: 0000000000000000
fuseset 09: 0000000000000000
fuseset 10: 0000000000000000
fuseset 11: 0000000000000000
 
  • Like
Reactions: ponuod

Martin C

VIP Member
Jan 10, 2004
35,981
0
Scotland, UK
www.team-xecuter.com
could be one of two things:

1. Bad blocks not already identified (dump 3ff, 3fe, 3fd etc to see if there's any data there).

2. Possibly this:
"
fcrt.bin found in sector 0x353 size 0x4000...
******* ERROR: FCRT hash check failed, could not decrypt!
verify failed! Discarding data.
"

You may need to extract this manually from the donor NAND and copy the decrypted version to my360 folder.
 
  • Like
Reactions: ponuod

flymods

Full Member
I think I know where part of the problem is. The keyvault I have been using was from my donor and I put the dvd key and cpu key into it previously. Lets assume I don't have a good kv to use, can I build a new one from my donor? If I open up a fresh donor nand in 360 flash dump tool that has no bad blocks can I just go to the "patch" menu and add in my cpu key and dvd key? what about the lock down values? I know from the above that my ldv is 2 but why are there 3 different value on this screen (2BL, 6BL patch 0, 6BL patch 1)? Sorry if these are dump questions and thanks again for the help thus far.
 
  • Like
Reactions: ponuod

Martin C

VIP Member
Jan 10, 2004
35,981
0
Scotland, UK
www.team-xecuter.com
So what happened to the ecc file which was there previously? Did you not save it before starting work on it? Not understand the importance of the keyvault? getting confused as this is unfolding more and more...
 
  • Like
Reactions: ponuod

flymods

Full Member
Sorry for the confusion, earlier I said I had a valid ecc file which I shouldn't have said. I was confusing it booting xell with having an ecc file. If I had the ecc file I would have the kv and I would be good however I never had the ecc or the original kv.

The system was sent to me after the owner already messed with trying to flash a donor and god only knows that else. Is there anything I can do to get it working again?

I realize this is a sub-optimal situation and believe me if it was my fault I would take the blame and any scrutiny but I backup everything when I do a system and this is the first time i've had to deal with a system where I didn't have at least some sort of backup....
 
  • Like
Reactions: ponuod

flymods

Full Member
I'm able to extract the fcrt.bin through flash dump tool but its encrypted, how do I decrypt the fcrt.bin? Once encrypted I should be able to just add it to the "my 360 folder" and adjust the LDV value in the options ini correct?
 
  • Like
Reactions: ponuod

flymods

Full Member
I'm assuming you're referring to "fcrt extractor v0.03" I ran the command to extract the fcrt using his tool and it worked however its encrypted just like extracting it from 360 flash tool. How can I decrypt the fcrt.bin from the donor? more importantly if I'm using the donor nand why do I need to decrypt the fcrt? In your experience have you been able to build a donor nand with only a cpu key, dvd key, and ldv value? With the older jtag if you could boot xell you could revive any dead system. Sorry for all the questions I would just really like to get this thing working.
 
  • Like
Reactions: ponuod

Martin C

VIP Member
Jan 10, 2004
35,981
0
Scotland, UK
www.team-xecuter.com
Yes, I've gotten RGH systems working with a donor KV, NAND and CPU fuse values.

The new dashlaunch install should prevent the fcrt.bin being an issue, as currently I don't think it can be decrypted. So build the image with a donor KV and NAND, everything re-encrypted and ensure dashlaunch 2.28 has been installed afterwards.
 
  • Like
Reactions: ponuod