Getting Started with Homebrew on Xbox 360 Ė XBReboot
In this writeup Iím going to try to explain the beginning users how to get going with homebrew, also in an attempt to get as many users going with homebrew Xbox 360. As it may look difficult and a lot of work to some, I on the other hand did not share this though at all. In fact I learned to solder on an old broken board from which I could still read the NAND with the LPT method. From there on I now succesfully and without much problems, prepped 1 Falcon and 1 Jasper with XBReboot v0.05 8955_1. Itís not really that difficult at all I can tell you, because if I can do it, anyone else could. Itís also been an good learning experience so far and everything is well documented. In this tutorial all youíll learn is to use LPT to read/write and get XBReboot going. Iím not going to make it too easy for you guys.
The Things-You-Need List:
- Low wattage soldering iron (+ some experience)
- Tin with lead
- Wires (I just stripped old IDE cables)
- Diodes 1N4148 (people have used others (i.e. 1N914))
- Resistors 100ohm 1/4W
- LPT DB25 Male connector (I just salvage from old LPT cables)
- PC with onboard LPT Port
- Nandpro 2.0b (never use outdated softwares people)
- An Xbox 360 with pre 8xxx dashboard and exploitable CB
- BadBlockMover from Redlin99 (in case you have any bad blocks on your backup nand image, use this app!)
Soldering the JTAG wires, and the LPT wires
You must first identify if you have a Xenon or another motherboard. Look at the 2 diagrams, and youíll find out soon enough. (*Note that the red/yellow/blue lines are the JTAG wiring to enable homebrew.) I always do the JTAG wiring connections first. I find it easy to add some leaded solder to the pads as itíll melt easier than stupid MS solder and makes soldering the wire to it more easy. I also like to add solder to the stripped wire. (*Note the orientation of the diodes! Black ring!)
In the diagram above, I do not require the diode on LPT pin 11, diode is used to get correct flashconfig in Nandpro)
NEW Xenon JTAG Wiring ( ^ = diode | = black ring) (The LPT wiring to do NAND dump is thesame on any Xbox 360)
Note that it is easy to mess up a pad with too much heat! Donít use heavy duty soldering irons! My wires are around 30 centimer, I do use the 100ohm resistors on the LPT connector (some donít). Hereís my first setup of a broken Xbox 360 board, just for practice, please use a LPT connector DB25 instead of shoving the wires in the port like this (It did work )
After youíre done soldering all wires itíd be wise to check the connections with a multimeter, but I have not yet needed to do this -with my poor soldering skills - I lol.. Also to avoid wires touching, I use paper tape to cover the wires up. To prevent connections from breaking itíd be wise to secure the wires with hot glue, or tape. Hereís my latest setup.
Reading NAND with Nandpro 2.0b through LPT port
If youíve made all the LPT connections as per diagram, and hooked up the LPT Male connector, itís time to try and read it through LPT. The LPT must be onboard your PCís motherboard! Download Nandpro 2.0b here, extract it, and install the port95nt.exe driver package. After having rebooted your PC , you hook up the Xbox 360 to the LPT port and then plug in only the power supply to the Xbox 360.
Go to Start > Run > type cmd , hit enter. In the Dosbox navigate to the nandpro directory. Type in the following:
NandPro lpt: -r16 nand1.bin
If all is good, Nandpro should find a flash, give you a flashconfig, and it should start to read from 0000 Ė 03FF It will take about 40 minutes with LPT. (If Jasper has 00023010 flash config itís OK)
If you canít get it to detect, try out different BIOS settings for the LPT port (What works for me is Normal mode), or look for people having the same problems with Nandpro (Google). Also run through your wiring again. Make sure you hooked all wires up OK, looked for bridges, and double check connections. People say to remove the resistors as well but I would not dare to say this as it could possibly fry something on your Xbox 360.
If you did manage to get it to dump, dump it a second time. Youíll need to compare all these dumps to make sure they match. I use Winhex use the compare function under Tools to compare both dumps 100% (or do whatever you wanna to do compare, MD5, CRC32). In Winhex also look for the Microsoft Copyright in the beginning of the file. Also get 360 Flash Tool 0.91 to check your nand dump. If you have 2 matching dumps and it opens up in FlashTool you can 99% be sure you have a correct nandbackup! (Very Important to have!)
Hereís what my image looks like opened up in 360 Flash Tool (already got the cpukey)
Preparing and flashing an XBReboot image
Hereís you are going to be making an XBReboot image for your consoletype, using your console specific keyvault. You will need to get the corresponding XBReboot image from Xbins!! If you flash the image of a Falcon to a Jasper youíre stupid. Always make sure you are prepping the right image for your Xbox 360 itís not hard to find out.
To extract the keyvault and configblock from your backup nand image use the following nandpro command:
nandpro nand1.bin: -r16 rawkv.bin 1 1 (where nand1.bin is your backupnand file)
nandpro nand1.bin: -R16 config.bin 3DE 2 (Note the capital letter!) T o write it to the XBReboot image use:
nandpro xbr.bin: -w16 rawkv.bin 1 1 (where xbr.bin is your XBRebooter image file)
nandpro xbr.bin: -W16 config.bin 3DE 2 (Note the capital letter!)
This is all you do to prepare your XBReboot image. If youíre done, hook up the Xbox 360 again, and start flashing with Nandpro with the following command:
NandPro lpt: -w16 xbr.bin
If all goes well, you should have an XBReboot 360 =) This is all that it takes. Really not that hard and fun to do.
Now you can get started with emulators such as MAME360, Beats of Rage, CPX3, XEXLoaders, playing games from USB Hard drives and the rest that is to come =) Or you could make your own software now. Somewhere in time to come Xbox Media Centre =) and Xlink Kai system link. Or you could start modding Halo 3, which is a lot of fun.
Some examples of homebrew:
Using Xell to get your CPU key
Once you have successfully booted into the 8955 dashboard, it is optional but recommended to dual boot your XBRebooter 360 into Xell to get your CPU key. You can do this by using the Xbox 360 DVD Media Remote to power up the console (use the Windows! Key) , or by using a wired controller in the rear USB port and holding X to boot into Xell (or you can use keyboard + windows key)
Picture of Xell booting:
Xell will display the fusesets, hurry up and make a picture. Either put Fuse set 3 and 4 together or put fuse set 5 and 6 together. This would be your CPU key, you can use this key to decrypt the keyvault using Flash Tool 0.91 and figure out the DVDKey and the OSIG string (in case the dvdkey is tragically lost due to unforesoon noob failure =P)
Now what are you waiting for. Get going on getting an exploitable Xbox 360 to do all these crazy homebrews with. Then ask Major Nelsson on official Xbox forum why you canít play co-op Final Fight with MAME360 on XboxLive? Or harass MS by advertising homebrew Xbox 360?, and putting up pics and vids of all this crazy stuff going on at the moment.. Thereís way more to come, so Iím holding my pants tight.. I just canít wait to see what all these talented people will come up with! Homebrew on Xbox 360 has been a wet dream for me the last 3 years!
Thanks to all the crazy hackers out there who have presented the general public with the ability to do homebrew Xbox 360. Iím very grateful! Also thanks for the pics everyone
If thereís any questions remaining please go to Xbox-scene, xboxhacker.net of free60.org for more information about this subject (HINT : Use the search function itís all there)