PS3Hax Network - Playstation 3 Hacks and Mods - View Single Post - Free60: Dangerous Xbox360 Update Killing to-be released Homebrew Hack

thon0925 · 08-19-2009

I can't say a "noob proof" guide is really possible here, but i'll do my best. This hack works with all current 360 motherboard revisions, as long as their not on a 8XXX kernel, but the JTAG is gone in Zephyr and up, and no alternative points have been released yet. Follow my above post to install the GPIO to JTAG connection. Once that is done, it is highly advisable to remove r6t3 (also in above post) to prevent a malicious program/mistake from permanently bricking the 360. After these steps are taken, you need a way to read/write to the NAND chip. This requires an Infectus flasher, Cygnos360 V2 or a recently released LPT hack. I opted for the LPT hack, as it was the cheapest way to get the job done.

This image shows the connection points for the GPIO to JTAG and the LPT hack. The numbers just show what pin# it is, the colors show where you need to connect wires. Once the necessary connections are made, use NandPro by Tiros, to read/write the NAND. This setup is a hit and miss, it only worked on 1/3 computers, for me and many other people are having problems, but Tiros is looking into it. Most computer LPT ports run at 5 volts, where the 360 motherboard runs at 3.3, so 100 ohm resistors are recommended, see the pic for details. My setup worked fine without resistors, but it's safer if you use resistors. Anyways, you must first make a backup of the stock NAND, run "NandPro lpt: -r16 stock1.bin". After this is done, run "NandPro lpt: -r16 stock2.bin". Compare the files with "fc stock1.bin stock2.bin /b". If it reports no differences, then you just made a 1:1 copy of the stock NAND. Now it's time to flash the hacked image to the 360. To get the hacked image, you must use imgbuild by Tmbinc, to create a hacked image. Their is a pre-built image (Xenon Only) on Xbins, but it contains M$ code. To flash your image use "NandPro lpt: -w16 hack.bin". This will write hack.bin to the 360. Once this is completed, run "NandPro lpt: -r16 hacktest.bin", then "fc hack.bin hacktest.bin /b". If they are identical, then you just flashed the exploit onto the 360. If your JTAG is setup properly, you should have no problems. Currently Xell only supports the VGA adapter, so you must use that until Tmbinc can find a work around.
When the LPT method came out, my local computer shop, with the necessary cable, was closed, so I took a redneck approach.

Make fun of it all you want, but it worked

I'm still waiting for heatsinks and a VGA cable to come in from Ebay, so I should be able to show off Xell soon :D

08-19-2009	#8
thon0925 Member Join Date: May 2008 Posts: 123 Likes: 4 Liked 8 Times in 6 Posts Mentioned: 0 Post(s) Tagged: 0 Thread(s)	I can't say a "noob proof" guide is really possible here, but i'll do my best. This hack works with all current 360 motherboard revisions, as long as their not on a 8XXX kernel, but the JTAG is gone in Zephyr and up, and no alternative points have been released yet. Follow my above post to install the GPIO to JTAG connection. Once that is done, it is highly advisable to remove r6t3 (also in above post) to prevent a malicious program/mistake from permanently bricking the 360. After these steps are taken, you need a way to read/write to the NAND chip. This requires an Infectus flasher, Cygnos360 V2 or a recently released LPT hack. I opted for the LPT hack, as it was the cheapest way to get the job done. This image shows the connection points for the GPIO to JTAG and the LPT hack. The numbers just show what pin# it is, the colors show where you need to connect wires. Once the necessary connections are made, use NandPro by Tiros, to read/write the NAND. This setup is a hit and miss, it only worked on 1/3 computers, for me and many other people are having problems, but Tiros is looking into it. Most computer LPT ports run at 5 volts, where the 360 motherboard runs at 3.3, so 100 ohm resistors are recommended, see the pic for details. My setup worked fine without resistors, but it's safer if you use resistors. Anyways, you must first make a backup of the stock NAND, run "NandPro lpt: -r16 stock1.bin". After this is done, run "NandPro lpt: -r16 stock2.bin". Compare the files with "fc stock1.bin stock2.bin /b". If it reports no differences, then you just made a 1:1 copy of the stock NAND. Now it's time to flash the hacked image to the 360. To get the hacked image, you must use imgbuild by Tmbinc, to create a hacked image. Their is a pre-built image (Xenon Only) on Xbins, but it contains M$ code. To flash your image use "NandPro lpt: -w16 hack.bin". This will write hack.bin to the 360. Once this is completed, run "NandPro lpt: -r16 hacktest.bin", then "fc hack.bin hacktest.bin /b". If they are identical, then you just flashed the exploit onto the 360. If your JTAG is setup properly, you should have no problems. Currently Xell only supports the VGA adapter, so you must use that until Tmbinc can find a work around. When the LPT method came out, my local computer shop, with the necessary cable, was closed, so I took a redneck approach. Make fun of it all you want, but it worked I'm still waiting for heatsinks and a VGA cable to come in from Ebay, so I should be able to show off Xell soon :D __________________ Folding at Home team 78548