Reset Glitch using donors ??

[AudioProUK]

OK i`ve had a console come in today that a nood brought in for a glitch . he`s had ago at dumping himself and in short has erased the nand without dumping it :facepalm:

Can i use a donor nand to create an image for this or is it done for ? I said i`d have a go but was unsure what the result would be . I`d like to try and get it running as he`s only young and at least he`s done the right thing in stopping once he`d realised he`s fecked up . Thankfully he didnt get round to trying to install the chip !!

I`d know how to go about it with a normal jtag but wanna get some pointers before diving into this .

Any suggestions ?

 

[BL4K3Y]

You could build a NAND image if you had a working key vault, there are tools out there to create and encrypt them but it can get complicated if you don't know what you are doing.

 

[AudioProUK]

yeah i`m pretty savvy with the workings of a KV . Can i just create an image like i would for a standard jtag and go from there .

 

[BL4K3Y]

All I can say is look up "keyvault modder" and "bincrypt".

 

[Martin C]

Have KV hash checks been disabled on 13604 RGH?

 

[AudioProUK]

Ive got bincrypt . Keyvault modder needs the cpu key doesnt it ? I dont have that because the nand has been wiped and i`m trying to create the image_00000000.ecc

 

[RavinNinja]

Well id say get ur ass over to xbox hacker , think you might be up s*** creek no expert tho with no kv / config

 

[AudioProUK]

Cheers i`ll see what they come up with

 

[Martin C]

Take a decrypted kv.bin.

Encrypt with your console's CPU key.

Inject the new kv into a donor image (location 0x001).

Use this image to build an RGH one.

 

[AudioProUK]

I dont have the CPU key this is the problem mate

He wiped the nand before dumping it and so i`ve not got anything to make a image_00000000.ecc file with .

 

[Martin C]

I dont have the CPU key this is the problem mate

He wiped the nand before dumping it and so i`ve not got anything to make a image_00000000.ecc file with .

So what board do you have? A donor ecc for the same board should work.

 

[AudioProUK]

It`s a zephyr . i`ve got another zephyr nand herei can use so i can just use that to create the .ecc , get the cpu key and inject that into a nand , just like i would if i were doing a standard JTAG right ?

That was kinda what i was aking from post 1 ..hehe ..

Cool thanks martin c

 

[AudioProUK]

Well that doesnt appear to work . The coolrunner is flashing away every 5 sec so i`m guessing thats ok , but no reloaded boot . mmmmm

 

[Martin C]

Zephyrs are not the easiest to glitch. Treat it like a BB Jasper!