Random Jtag Qustion

[coolshrimp]

just a random idea but.

can we use RGH to get the cpu key on say a falcon then remove coolrunner

then create an original freeboot image and boot with original jtag wiring

seeing as before we could not do it cause we could not get cpu key but we now get it with RGH.

so really you use coolrunner to get the key then jtag like you normaly would as if dash where 7371 or lower.

 

[MightyShots]

But why when they are the same RGH/JTAG just different ways of enabling it thats all, basically lol


Sent from my iPhone 4 using Tapatalk

 

[N.E.Modz]

just a random idea but.

can we use RGH to get the cpu key on say a falcon then remove coolrunner

then create an original freeboot image and boot with original jtag wiring

seeing as before we could not do it cause we could not get cpu key but we now get it with RGH.

so really you use coolrunner to get the key then jtag like you normaly would as if dash where 7371 or lower.

shouldnt see why not as you would have already dumped nand & you had verified dash was 7371 or lower and cb was exploitable

But if the dash & CB was already exploitable, why would you need to fit coolrunner ?

dale

 

[diaboliq20]

I think coolshrip means - once we get the CPU key, can the console be clasically JTAG'd on any kernel?
I'm by no means an expert, but I wouldn't have thought that would work?

 

[coolshrimp]

say you have console thats dash 13604 you cannot get the key with original method.
so you have to use a coolrunner.

but now that you got the CPU-Key. can you remove the coolrunner. and jtag original way as to save $20 per console.

 

[chris110980]

Wouldn't that mean you'd have to be able to downgrade the dash to 7371 to load an exploitable kernel for the JTAG first? If so, I can possibly see there being an issue regarding eFuses that would've been killed since that dash.

 

[Dimrain13]

Wouldn't that mean you'd have to be able to downgrade the dash to 7371 to load an exploitable kernel for the JTAG first? If so, I can possibly see there being an issue regarding eFuses that would've been killed since that dash.

Thats what I was thinking but if we could find a way to make the E-Fuse work again...

 

[tr4ckerz]

It's a good question coolshrimp, I thought for a minute that could be possible, but now I think it isn't. The problem would be eFuses that are blown away since post-7371 dash.

If it wouldn't, then you would be still able to Jtag your console in case of accidental oficial M$ update, but it was said in every place that once you run such update on your Jtag'd console, your Jtag is then gone forever. Even when you still have your CPU key from your previously dumped NAND.

 

[coolshrimp]

It's a good question coolshrimp, I thought for a minute that could be possible, but now I think it isn't. The problem would be eFuses that are blown away since post-7371 dash.

If it wouldn't, then you would be still able to Jtag your console in case of accidental oficial M$ update, but it was said in every place that once you run such update on your Jtag'd console, your Jtag is then gone forever. Even when you still have your CPU key from your previously dumped NAND.

true true was just an idea.

also why dosent coolrunner work on xenon?

 

[diaboliq20]

true true was just an idea.

also why dosent coolrunner work on xenon?

RGH exploits the HANA - Xenon boards only have ANA chips mate

 

[Evil0ne]

true true was just an idea.

also why dosent coolrunner work on xenon?

"Xenon was tried once, it seemed asserting CPU_PLL_BYPASS on them crashed the ppc (not sure if it was asserting or deasserting), the HANA+I2C way can't work too because on Xenons, 100Mhz dp clock is provided by a fixed frequency chip, it changed with Zephyrs."

---------- Post added at 22:01 ---------- Previous post was at 21:53 ----------

RGH exploits the HANA - Xenon boards only have ANA chips mate

yea....no.....

 

[DJM30w]

This is a great question coolshrimp, although it makes my brain turn upside down trying to think of the possibilities of what you're asking. Maybe someone will be able to solve this or at least come up with something for this!

 

[srt4fun]

Free60 gives a great description of the Fusesets here :wink:
Fuseset 02 is the real killer!