(adsbygoogle = window.adsbygoogle || []).push({}); Xbox 360 Exploit Guide

Written By- DuncanKeith



I, will keep this post updated daily:


I have created this tutorial based on questions I frequently see and parts of guides that I have found tend to be unclear or outdated. I know there are many guides that cover the content in this thread but I thought it was about time to make another super guide that covered many things. Also, what I mean by "Semi-Noob Friendly" is that I have included every step and have tried to make it comprehensive, but I have not dumb-ed it down to the lowest level possible and have not included every picture possible. I included any picture that is even partially important but not pictures of steps that aren't really needed. You will need some basic skill above just commonsense, and a little bit of intuition in order to follow this.
Each base hack method, program, or other form of work in this tutorial is not mine and credit goes to their respective creators (such as Team-Xecuter, Boxxdr, Team XeBuild, OggyUK, etc.). I have only explained to you why/how to do these methods, and added my own touch/explanation to them so that you could get the most out of them.
Please excuse any typos because parts of this were made at very late/early hours and I may have missed some while correcting them. Feel free to post a reply quoting the typo and I will fix it. Also please notify me if any links or pictures go down. I will be glad to fix them.
Tired of massive amount of tutorials on the subject of RGH/JTAG consoles? No luck finding a thread that has up-to-date information that fully explains the differences between the exploits and which one is good for you? Can't find a general guide that covers every part of the setup process, and can only find things about specific parts. Sick of seeing old and now incorrect tutorials with missing pictures? Then this tutorial is for you. There are too many bits and pieces missing from many tutorials and specifics for certain setups (like zephyr consoles) that are not covered. This tutorial is an attempt to bring it all together, clear up confusion, and show every reasonable (some just are old, not worth it, or pointless) option possible. It covers everything you need to know about both exploits, shows you which one is right for you, and walks you through each step for how to do them (for the standard hacks. If you need something specific like using the console without the DVD drive, or ROL board then this is not for you, however you can use this as a base and then at any point do things differently based on your needs).
I will try to update this thread as things change and as time moves forward. Also you may feel some pictures are too small for you to see very small pieces, so in case you didn't know you can click the pictures to make them their full size, and then again to reduce them.
Spoilers are nice but I want this to be a mostly full depth guide that isn't cluttered so I kept the spoilers as low as I could. I have the ones I have to keep it clean, so expand the sections that only apply to you.
Right now this tutorial is at dash 16747 (meaning the custom freeboot dash that you can update to once the console is exploited. An older dash might still needed to exploit the console in the first place. Refer to section 4 for this) which is the most recent dash.
This tutorial is going to be broken down into steps as follows:
1. What is the point of exploiting your console, and is it safe?
2. Do you have the skills/tools/materials to exploit your console?
3. Explanation of the hack methods, and their pros/cons
-Step 1: NAND dumping methods
-Step 2a: JTAG
-Step 2b: RGH
4. Determining which method to use
5. Modding tutorial for each method:
-Step 0: QSB or no QSB?
-Step 1: NAND dumping methods
-Step 2a: JTAG
-Step 2b: RGH
-Step 2c: R-JTAG
-Step 3: Xell
6. While your in there...
7. Software Setup
-Step 1: XEXmenu
-Step 2: Freestyle dash
-Step 3: Dashlaunch
-Step4 : XBOX1 Emulator
8. Afterwards
NOTE: Some items for particular methods are listed under their sections and not before hand. So if you want to order everything you will need before you get started, read through each section that corresponds to what you will be doing so that you know every part you will need.
Part 1: What is the point of exploiting your console, and is it safe?
Have you ever seen those crazy YouTube videos with people modding games like Halo, COD, and Just Cause 2 in ways you never thought was possible? Or do you want to go retro and play some old school games from your childhood or from before your time? Exploiting your Xbox 360 in this fashion will allow you to do things just like this. Exploiting your console involves making physical modifications to its internal hardware in order to circumvent Microsoft's security system. This must be done because by default Microsoft has limited what code can be run on Xbox's to only programs that are signed digitally by them and their partners. This was done for preventing piracy, online cheating, copyright infringement, avoiding fees (if you want to make a game for Xbox you have to pay fees to Microsoft, and this goes for all other companies), and other issues. The problem is that very fun and not so bad things can be done on a console that is not limited by a security system, but Microsoft and other console makers don't want to take the risk of the bad things happening. This is why console hackers exist, and this is why things are reversed engineered, so that you the end user can enjoy your devices to their maximum potential.
This is the list of all the things you can do with a JTAG/RGH exploited xbox:
*As I cannot remember ever single thing this list is somewhat incomplete and I will add to it as I remember or find new things that can be done​
Play almost any Xbox 360, original Xbox, or arcade game for free (though I won't tell you how to do this)
Get any DLC for free (though I won't tell you how to do this)
Use custom dashboards with many features over the original and customize their look
Use any sized hard drive in the hard drive port OR any sized external hard drive through USB (I HIGHLY RECOMMEND USING A LAPTOP DRIVE INSTEAD OF AN EXTERNAL USB BECAUSE IT MAKES THINGS EASIER, AS YOU CANNOT PUT DLC, ARCADE GAMES, OR ANYTHING ELSE THAT GOES IN THE "CONTENT" FOLDER ON AN EXTERNAL USB DRIVE! Though you can format part of an external USB drive as an Xbox MU but that is inefficient)
Mod many games in ways that can't be done on a retail with save game or other mods
Use custom apps created by the community to play movies, music, etc.
Play custom games made by the community that aren't available on a retail console
Take screenshots or video of your console without a capture card
Make your console run the same software (or a hybrid of) as development kits
Rip games to your hard drive and never need the discs
Play ANY original Xbox game instead of being limited by the retail emulator (though some games don't run very well)
Run linux on your xbox
Play a variety of emulators such as: MAME, Atari LYNX, SNES, NES, N64, Dreamcast, Sega Genesis, Intellivsion, Colecovison, DosBox, PS1, ScummVM, Amiga, NeoGeo, Gameboy, Gameboy Color, Gameboy Advance, and PCengine
Recover your DVD key
(RGH ONLY) Use a DemoN to do a dual NAND setup and have two consoles in one. One that can go on LIVE like a stock console, and one that is exploited and can do all of the above (DOESN"T WORK ON CORONA V2's/V4's)
On the topic of the exploitation being safe there are two are dangers. One danger is with the law. This is a very small danger but I am noting it for your safety and to cover ANY possible things that MAY happen. The chance that you will get in trouble legally is slim to none and you must do certain things to even have a remote chance at doing so. The two main things you need to worry about is piracy and sales. Piracy is possible with these modifications and is illegal, however it is unlikely you will get caught. Still, you are taking a chance if you pirate software. Also, if you start modifying tons of consoles and sell them on the wrong places (such as eBay) there is a slight possibility you will be reported. Under general use of an exploited console you are totally 99.99% safe and do not need to worry about any trouble with the law. Microsoft doesn't have time to care about every little person with an exploitable console and only cares about people who are big names in the hacking world, so you as a end user are fine as long as you don't do anything stupid. Even though the chances are extremely low I am not responsible for any trouble you get yourself into.​

On the other hand is the danger of breaking your console. It is in a sense hard to do so, but in another it is easy. If you do not have the proper skills to do these modifications you will most likely break your console. If you do not properly follow instructions you will most likely break your console. If you are not careful with your expensive merchandise you will most likely break your console. If you are horribly unlucky your console can also break. I mention that last part because there are some consoles that are so warped due to Microsoft's poor original design (phat consoles) that the simple action of disassembling your console can break it. You can get around this with even some of the weakest consoles by being very careful, but there are some that are just going to break when you open them and get extremely unlucky. AGAIN, the chance is very small but note it is a possibility. As long as you are careful and follow instructions you should be fine.

Part 2: Do you have the skills/tools/materials to exploit your console?

If you are experienced with soldering and have a wide array of tools then you can stop right here you are good to go. If not keep reading. In order to make these modifications you need to be decent at soldering and have a general mechanical sense like for dissembling the console and remembering where everything goes. It is not particularly hard and as a soldering job is arguably a 4-5/10 but if you have very little or zero experience it could still be hard for you. There are a few points that are decently small and require precision and the overall project requires accuracy as well, so make sure you are not in over your head. I would not attempt this if you have no soldering experience (though I would be a hypocrite if I told you I did the same :wink: as my 2nd JTAG was my first time soldering), but if you are one of those people that picks things up quickly, are a tech-y person, and you understand the risks then go for it if you want. If you really want to do this but feel too nervous about your skills, practice on some old PCB boards (things you don't care about like old VCR's, etc.) by just soldering wires in random places. It also helps to have experience using tools like pliers, and a multimeter, and having experience stripping wires (which you should have if your experienced in soldering).

Simply, understand the risks involved and evaluate yourself before moving forward.

I also have a guide on soldering if you want to check it out: [url]https://www.**************/forums/threads/jtag-rgh-general-how-to-solder-properly-relative-to-the-xbox-360.919050/[/url]

These are the tools you will need to do these exploits:
*Tools in black are absolutely required, and tools in blue are highly recommended
A Soldering iron (preferably one that isn't complete crap and has a good tip)
Solder (with rosin core)
Solder Sucker/De-soldering Braid (if you screw up or need to change something, which is highly possible)
Torx 10 and 8 screwdriver
Flat head screwdriver (pretty small with the head being about a little less than a cm)
A case opening tool like this: You must login or register to view this content. (you don't need it but if you have extra cash it helps)
Flux (flux pens are nice, also absolutely needed if you don't have rosin core solder)
Multi-meter
Pliers (needle nose)
Box cutter knife/Exacto knife
Wire strippers (you can use a knife or scissors if you don't have any)
Hot glue gun
A lighter/Heat-gun (if your going to use heat-shrink)
A Windows XP/Vista/7 computer
These are the materials you will need to do these exploits:
*Materials in black are absolutely required, materials in blue are highly recommended, and specific materials need for each method will be listed under their respective section
Some form of wire (kynar is best and Radio Shacks "hook-up wire" isn't bad, also it is possible to have a combination of a setup that requires no extra wire but it is good to have just in case you mess up a wire; around 22-30 AWG is good)
Heat-shrink/Electrical Tape (helps keep things clean)
Isopropyl alcohol (helps to clean off points on the motherboard)
Q-tips (for using with the alcohol)
Thermal Paste (if you remove the heatsink. Arctic Silver is a good buy. Here is how to apply it: You must login or register to view this content.)
Also as a general note, you may need more supplies for your method. These can be picked up at Radio Shack or a similar electronic hobby store (unless otherwise noted).

Part 3: Explanation of the hack methods, and their pros/cons

*You may notice Step 0 and Step 3 have no explanations. This is simply because they are just parts you have to do and need no explanation.

Each of the hack methods effectively acheive the same results but have a few differences in their preparation and execution. There are two parts to each hack: One is dumping your NAND which is basically making a copy of your Xbox's OS/BIOS on your computer, and two is the actual hack itself that circumvents the security system. The methods of dumping your NAND are the same with both the RGH/JTAG/R-JTAG hack methods so they will be covered first.

*Pros are in blue, cons are in red

Step1: NAND dumping methods
There are four ways to dump your NAND. The LPT method, the USB-SPI method (there are a few devices that are of this type but for this tutorial I be covering Team Xecuters NAND-X and J-R Programmer as they are the best out there), the NAND R/W kit for 4GB Coronas only, and the DemoN for those who are installing it. If you are doing a dual NAND setup and installing the DemoN it has its own way to read/write to the NAND so you will be using that, and if you have a Corona V2/V4 you HAVE to use the Corona R/W KIT (SD Card Method). So if you don't have a Corona V2/V4, and aren't using a DemoN, here is the comparison.

-LPT Method:
Cheap: the materials only cost around 7 dollars
Involves soldering 7 wires to the Xbox and an LPT (the old purple printer port) plug with some resistors and a diode in between
Slow: Takes at least 30min to read your NAND AND is usually longer due to your OS configuration AND can be much more depending on your console
Takes some more time because you have to make it (you can buy one though if you want)
-NAND-X/J-R Programmer Method
Expensive: Costs around 40 dollars (NAND-X)/20 dollars (J-R Programmer)
Involves soldering a few wires/pins (7) into just the Xbox. The other end plugs into the device (and if your doing the RGH method and get the QSB's- you'll see what those are later- then you don't even have to solder, as it just plugs in on both sides)
Fast: Takes at least 5 minutes to read your NAND and can be a bit longer depending on your console
If you plan to do more than just one console it is worth the investment
Now for the exploit methods themselves:

JTAG
Easier to install, only requires 3 wires and a diode
Cheap: Only cost is a diode, and wires.
Normal boot times
Can only be done on phats (more likely to RROD) with the dashboard 7371 or earlier
Cannot run Xecuter Fusion (a custom NAND that is a hybrid of a dev NAND and retail NAND, but there are alternatives)
RGH
Harder to install, requires a chip and 6-7 wires, also some smaller points
Expensive: Chip with wires costs around 30 dollars, and addons for certain setups that can add up to much more
Longer boot times: Best being around 5 seconds with average being around 15-30 seconds and worst being 1-2 minutes
Can be done on phats (but better to use R-JTAG) or slims (very unlikely to RROD) with any dashboard
Can run Xecuter Fusion
Can use DemoN to do a dual NAND setup (about an extra 50-60 dollars) (DOESN'T WORK ON CORONA V2's/V4's)
R-JTAG
Harder to install, requires a chip and 6-7 wires, also some smaller points
Expensive: Chip with wires costs around 35 dollars, and addons for certain setups that can add up to much more
Decent Boot Times: On average they are around 10 seconds, sometimes instant boot
Can only be used on phats of any dash version
Can run Xecuter Fusion
Can use DemoN to do a dual NAND setup (about an extra 50-60 dollars) (DOESN'T WORK ON CORONA V2's/V4's)
Part 4: Determining which method to use

Now that you understand the differences between the methods, it is time to determine which one is right for you. The general rule of thumb is that if you can get your hands on a slim then RGH it as it will last you much longer. If you can only get a phat and it is above 7371 then your only choice is to RGH/R-JTAG it. If you have a phat that is at 7371 you have the choice of JTAG'ing or RGH'ing/R-JTAG'ing it, but due to the cons of the RGH/R-TAG without the benefit of it being a slim it makes more sense to JTAG it.

Also what is important is the motherboard type. When it comes to JTAG'ing every motherboard type is exploitable (as long as it has the right dash and is a phat) but each motherboards life span average is not the same. So if you are able to choose the type do so in this order: Jasper, Falcon, Opus, Zephyr, Xenon (listed in order of decreasing average life span). When it comes to RGH'ing/R-JTAG'ing every motherboard type is exploitable except for Xenon's (unless you just want your DVD key, because the boot time for Xenon's are so long it is impractical for everyday use). The average lifespan decrease still applies so if you can choose do so in this order: Trinity/Corona (both are the same in terms of life span and are slims), Jasper (phat), Falcon (phat), Opus (phat), Zephyr (phat), Xenon (phat).

Also note that if your on exactly 7371 there is a chance your CB was already patched which means it is not exploitable, and the only way to know for sure is to dump your NAND (this will be discussed after you have dumped your NAND)

Additionally when it comes to the RGH exploit there are actually two versions. RGH1 has better boot times but it stopped working after dash 14699 and only works on phat consoles (also some refurbs on this dash had their CB patched so that they cannot use RGH1 either). If you are on dash 14699 exactly you will have to check under the RGH section to see if your CB was patched and whether you can use the RGH1 wiring or not. Also, Zephyrs suck on both the RGH1 and 2 wiring so the best bet is to just R-JTAG them.

If you are buying a JTAG'able/RGH'able/R-JTAG'able then use the above to help you choose. If you just have a console sitting around or a friend has a spare etc., use the following to check if it is exploitable:

Check your motherboard revision with this:
You must login or register to view this content.

If you have a slim and it is 10.83A and made before August 2011 you have a Trinity, and if it is 9.86A and made in or after August 2011 you have a Corona. There are reportedly some Trinitys that are 9.86A so use the date as a double check (even if it is 9.86A if it was before Aug 2011 it is a Trinity). If you have a Corona and it was made in-between August 2011 and June 2012 and is the 250GB model it is a V1, and if it is a 4GB model it is a V2. If it was made in-between July 2012 and now and is the 250GB it is a V3, and if it is a 4GB model it is a V4. The NAND dumping processes on V2s/V4s is a little more complicated.

Also if you have a Jasper you need to determine what its internal memory is. If you have no internal memory unit (as in when you go to memory there is no MU with no hard drive or external MU plugged in) then you have a normal Jasper. But if you have a MU that is close to 256MBs when empty then you have a Jasper BB 256MB, and if your MU is close to 512MBs when empty than you have a Jasper BB 512MB.

Slim Identification Double Check:
The above dates from slims are about 95% reliable and have been estimated based on tons of users MFG date submissions. However, the only way to be 100% sure what kind of console you have is to open it and look at the motherboard since the power cable plugs are the same for all of them. So if you want to do so now or come back and check this once you know what you have to buy, check the spoiler for pictures of the slim motherboards
The Trinity has a HANA chip that was removed on all Coronas. If yours has a HANA chip it is definitely a Trinity

You must login or register to view this content.

Corona:
Look at the picture and focus on the "1" point. Use the 4 pictures and descriptions bellow the main picture to determine which version Corona you have

You must login or register to view this content.

Then go to System>Console Settings>System info to determine your dashboard version (your only interested in the bold part: 2.0.XXXXX.0)

Then use this flow chart to determine which method to use:

You must login or register to view this content.

Remember from this your motherboard type, dash version, and what exploit you are to use.

Also download J-runner: You must login or register to view this content. and extract it to your desktop as a folder named "J-Runner" (so that the folder hierarchy is J-Runner/JRunner.exe)
It is an excellent app provided by Team J-Runner that combines functions of many programs into one. We will be using it many times.

ALSO, if you have a phat and are planning on getting a DemoN for it you will have to R-JTAG regardless of what the chart says if you want to be able to use LIVE on the stock NAND because that requires at least dash 14719. If you don't plan on using LIVE you can use the RGH1 wiring with the DemoN. So if you plant to go online with your DemoN go update your console to 14719 now. DON'T try to update over LIVE, use the official USB/CD method: You must login or register to view this content.

If you are planning to RGH a Xenon to recover a DVD key it will work but take forever. I seriously suggest you wait for the R-JTAG hack for Xenons to be released. If you still want to do it though, just use the RGH1 wiring if you are at or bellow dash 14699 and the RGH2 wiring if you are above that.

If you find that you need to use the R-JTAG method, there is a kit that contains everything you will need (Chip, QSBs, and J-R Programmer) and will save you a few bucks so I recommend getting it: You must login or register to view this content.

Part 5: Modding tutorial for each method

OK! So this is the part where you see what exactly you need for your methods and when you actually get down to work. You will need to open your console at this point, which you can see how to do at these places:

Phat: You must login or register to view this content.
Slim: You must login or register to view this content.

When removing your motherboard don't grab it by the heatsinks!

NOTE! I will not be telling you how to ACTUALLY solder the points as you should already know how to do that! Just remember to be patient but quick, keep it clean, use flux where needed, etc.

First I will show you how to dump your NAND, and then I will show you how to install the exploit you need.

Step 0: QSB or no QSB?
Note that if the RGH is your exploit you need to decide now whether you want to buy the QSBs for your console, and if you want the QSBs you also need to do the NAND-X/J-R Programmer dump method as there isn't much reason to get the QSB's without the NAND-X/J-R Programmer . QSBs are a little board that goes on your console that makes wiring a little easier and reading your NAND a little easier, but they cost some money (around 10 bucks each). If you have a Corona V2/V4 you NEED the QSB for it, if you are using the R-JTAG hack you NEED the QSBs for the console (the starter and ultimate kit comes with them though), and if you have a Xenon there are no QSBs for you. Also, if you are getting a QSB for your console make sure it is the V3 one (The Corona V2/V4 QSB latest is V4)! (the links I provide are only examples, you don't need to buy them there, and this goes for future product links).

For RGH, skip if JTAG/R-JTAG is your method

QSB V3s for phat (except Xenon) (there are 2 pieces but it comes with both): You must login or register to view this content.
RGH QSB V3 for Trinity: You must login or register to view this content.
*There is a POST QSB for Trinitys (a 2nd QSB that goes on the bottom) but it doesn't really make a big difference so I will not talk about it
(CR3 Lite Only!) QSB V3 for Corona V1/V3: You must login or register to view this content. (see the upcoming note about the Coolrunner Rev C)
QSB V3 for Corona V2/V4: You must login or register to view this content. AND You must login or register to view this content. (They aren't selling the new ones in a kit yet so you have to buy the old one to get the cable. You only need the 2nd one if you have a V4 and want it to fit perfectly)

NOTE: If you are getting a Coolrunner Rev C because you cannot find a CR3 Lite or do not want one you will have to get the Crystal QSB since it doesn't come with the Rev C like it does on the CR3 Lite. ALSO if you are using a Rev C and have a corona v2/v4 you will need to install BOTH QSBs (The NAND R/W kit and the one with the Crystal). Under the RGH section I have a link to a Rev C bundle that comes with the Crystal QSB and more for just an extra 3 dollars. I highly recommend you get that, but here is the link for just the QSB with the Crystal: You must login or register to view this content.


The QSBs install like this (ignore wires/white arrows and only focus how the QSBs are soldered to the motherboard):
Phats:
-QSB 1
You must login or register to view this content.

-QSB 2
You must login or register to view this content.

Trinity:
You must login or register to view this content.

Corona V1/V3 (the Crystal one looks a little different but installs the same):
You must login or register to view this content.

Corona V2/V4 (this is on the bottom, pictures show a V4 but the spot is the same for V2s):

You must login or register to view this content.

I know these pictures aren't the greatest but that is all there is on the net. Just remember that anywhere there is a solder pad that is on the edge of a QSB something most-likely needs to be soldered to it. The solder pads that are not on the edges are not used until later.

Step 1: NAND dumping methods
The hope is to leave this section with a Orig.bin image.

First look at these pictures, because in each method (LPT, NAND-X, and J-R Programmer only; Corona R/W Kit and DemoN don't use these pictures and use their own which you will find under their sections) I will reference points to solder to on the board and these are those points. For each point I will refer to them by color. The colors are the same for both each so just apply it to whether you have a phat or a slim. If you have a Corona V2 the QSB is how you are going to read your NAND so that should have already be installed, and you can ignore these pictures. Additionally, if you have a Corona V3 or V4 you will need to bridge some points so make sure you visit that section first.

You must login or register to view this content.

You must login or register to view this content.

You must login or register to view this content.

If within this part you see your NAND has bad blocks, don't worry as J-Runner remaps them for you!

Resistor Bridging (for Corona V3s/V4s):
*SKIP THIS IF YOU DON'T HAVE A CORONA V3/V4.
You need to bridge point R2C10 if you have a V3, and points R2C6/R2C7 if you have a V3 or V4 (if the resistors are missing there):

You must login or register to view this content.

LPT:
This is the cheapest but longest method. You are going to need the following:
(5x) 100 ohm 1/2W Resistors
1N914/4148 Switching Diode
25-Position Male D-Sub Connector
25-Position D-Sub Connector Hood (not needed but keeps it clean and safe from shorts external shorts)
Wire (from material list)
A computer with the old school 25pin purple printer/LPT port
The 25pin Male D-Sub Connector has a side with pins recessed and a side with pins that stick out and have holes. The following picture shows the side with holes, and on this side you are going to solder 1 of the 100K ohm 1/2W resistors to pink, light blue, yellow, blue, and red (direction does not mater).

You must login or register to view this content.

plug to their corresponding colors (just match them with the ones on the board), EXCEPT that the wire coming the the orange point will have the 1N914/4148 Switching Diode on it. The diode has a black line on it that is slightly closer to one side, and that side is the one that MUST be soldered to the motherboard, while the other side will be soldered to the wire coming from the orange point on the 25pin plug. Keep the wires as short as you can while still having enough length to reach from the Xbox to your computers port without putting too much tension on the wires.

Now that you have done this, you simply need plug the 25pin plug into your computer (while having your Xbox resting on some surface), and then plug in your Xbox's power brick but DO NOT turn the console on.

Then download the following:
-Nandpro V3.0a: You must login or register to view this content.
-If you have a 64bit system you also need this: You must login or register to view this content.

Extract Nandpro into a folder (called Nandpro30) on your desktop (you need WinRAR/7zip to do this) and if you have a 64bit OS extract InpOutx64.dll from the 2nd file into that folder as well, and if you have a 32bit OS once you extract the folder you must run port95.exe and install it. Then open a command prompt by searching (Windows 7/Vista) for "cmd" it or going to Run (All Windows) and entering "cmd". Then you are going to type "cd desktop\Nandpro30" and press enter, and then run this command:
nandpro lpt: -rX nand.bin

where X is based on your console. If you have a Xenon, Zephyr, Opus, Falcon, Jasper, Trinity, or Corona V1 then X=16 If you have a Jasper BB 256MB or 512MB then X=64 (this can take a VERY long time for BB Jaspers)

In the end you will end up with something like this:

You must login or register to view this content.

Now simply press enter and it should start reading, which you can see by the the 4digit alphanumeric code at the bottom that starts at 0000 and will slowly go up by 1. Once it reaches 03FF (more for BB Jaspers) it will stop and show another command line. If it didn't work then 1)You didn't run port95 or copy in InpOutx64.dll or 2) You didn't solder correctly or 3) Your Xbox's power isn't plugged in

Now you are going to run the command again except instead of "nand.bin" at the end you are going to have "nand2.bin". This is to get 2 dumps and compare them to make sure they match, which guarantees that it is correct (lots of waiting for Jasper BBs). Now open J-runner and click the "..." next to "source file" and select nand.bin and for the "..." next to "additional file" select nand2.bin (these are both in the nandpro30 folder). It should tell you it is an exact match in the log. If not keep dumping until you get two that match and once you get a pair that matches backup one of them somewhere as "Orig_NAND.bin" and keep it safe. Then rename the other matching dump to nanddump1.bin and move it to the "output" folder within the "J-Runner" folder that is on your desktop. Then open J-Runner and click the "..." next to "Source File" and open the nanddump1.bin you just moved.

Keep your Xbox plugged into your computer and it's power, and keep J-Runner open but close Nandpro. Then move on to Part 2a if you are using the JTAG method or Part 2b if you are using the RGH method.

NAND-X/J-R Programmer
Spoiler
This is the fastest and easiest method, but you need one of these: You must login or register to view this content.

When you receive your NAND-X/J-R Programmer it will come with a plug that simply has wires or has black plastic with legs at the end, and a plug that has wires with a few ends that are colored green, blue, and white.
If you have the QSB's installed you simply plug the wire with the colored ends into your NAND-X//J-R Programmer (bottom port if your facing the top of it) and then the colored ends into their respective plugs on the QSBs (the colors match, though the blue and green can be a bit hard to tell apart so look carefully, AND there are 2 white plugs, one with 2 pins which isn't the one you want and one with 3 pins which is the one you want) and skip the next paragraph.

If you don't have the QSBs or you are JTAG'ing you need to solder the wires/legs (depending on what yours comes with) directly to the points. Use the following picture to see what wires/legs to solder to which points:
You must login or register to view this content.

It is possible that your cable will have different colors (though unlikely). If that is the case simply match the wires based on where they connect to the white end. For example, if the cable that is blue in my picture is green for you, still match it with the blue point on the board

Then plug the other end into your NAND-X/J-R Programmer (bottom port if your facing the top).

Plug in your NAND-X/J-R Programmer with the mini-USB cable to your computer. Now you need to install your NAND-X/J-R Programmer drivers. Use this page to do that: You must login or register to view this content.

Then open J-Runner. Now click "Read Nand" at the top. It should auto detect your console type and start reading. If it doesn't and instead brings up a list, select your console type, and JasperBB owners it will bring up a prompt where you must select your MU size (256MB or 512MB), and then click OK. It should start reading. If it doesn't in either cases then check your soldering, make sure your drivers are installed, and make sure everything is plugged in. When it is done reading twice it should automatically add your nand dumps to the "Source File" and "Additional File" fields and compare them which you can see by the text "NANDs are the same" in the log. If they are not the same keep trying until they are (you might have to restart the program to do this). Then make a backup (copy don't move) of the "nanddump1.bin" file (this is in the "output folder" within your "J-Runner" folder on your desktop) as "Orig_NAND.bin" and keep it safe.

Keep your Xbox plugged into your computer and its power, and keep J-Runner open. Then move on to Part 2a if you are using the JTAG method, Part 2b if you are using the RGH method, or Part 2c if you are using the R-JTAG method.

SD-Card (Corona V2/V4)

You will need an SD-Card reader for this.

This is relativity simple since your QSB is already in. Simply attach the cable and "SD-Card", plug it into your reader, and then plug in the Xbox's power supply but DO NOT TURN IT ON.
Then open J-Runner

Click the small box with the text "NAND Type". Then select "Corona 4GB". Then click the button towards the top that says "Read NAND". You should now be here:

You must login or register to view this content.

Select your device in the list, then click Read. Once it is done it should read a second one for you and then automatically compare them in the log which you can see by the text "NANDs are the same". If not change the output file name to nanddump2.bin and do it again, and then manually add both nand dumps (These files are in your "output" folder within your "J-Runner folder" on your desktop) to the "source file" and "additional file" fields, and then click "Nand Compare". You should get the "NANDs are the same" message. If in either case if the NAND's don't match try again until they do (you might have to restart the program to do this). Then make a backup (copy don't move) of the "nanddump1.bin" file as "Orig_NAND.bin" and keep it safe.

Keep your Xbox plugged into your computer and it's power, and keep J-Runner open. Then move on to Part 2b since you are using the RGH method.

DemoN
*NOTE: This DemoN tutorial assumes that you are using the DemoN so that you can have a stock image that can go on LIVE. If you want to do something else with the other NAND then substitute the LIVE NAND in the tutorial with whatever you want to use
If you went with a dual NAND setup and are installing the DemoN then you will being using it to dump your NAND image.

What you need:
DemoN (Phat consoles get SB even if you have a BB Jasper, the sites have it mislabeled): You must login or register to view this content.
Corona QSB (If you have a Corona V1/V3) (You must be signed in to see this): You must login or register to view this content.
DemoN 256MB/512MB Phat BB NAND Upgrade Kit (if you have a BB Jasper): You must login or register to view this content.
Mini USB Cable (if you don't already have one): You must login or register to view this content.
DemoN Drivers: You must login or register to view this content.


Phat Install:

Overall it is going to look like this:

You must login or register to view this content.

First, if you are using a BB Japser solder on the conversion kit like so:

You must login or register to view this content.

Then, use the following diagram/pictures to solder the DemoN to the underside of the board. Pink spots are where the DemoN is anchored directly to the board, and the other colors are places for wires to run so just match the colors/numbers. Orange and brown wires don't have labels on the 1st diagram but you can see where they go in the other pictures. They are the optional remote power and sync wires respectively:

You must login or register to view this content.

You must login or register to view this content.

*Ignore the Yellow wire here. Its part of the Coolrunner.

Trinity (Slim) Install:
Overall this is what it is gonna look like, but ignore the QSB with the thick white cable and yellow cable (its something you wont be installing):

You must login or register to view this content.

Use the following diagram/pictures to solder the DemoN to the underside of the board. Pink spots are where the DemoN is anchored directly to the board, and the other colors are places for wires to run so just match the colors/numbers. Orange and brown wires don't have labels on the 1st diagram but you can see where they go in the other pictures. They are the optional remote power and sync wires respectively:

You must login or register to view this content.

You must login or register to view this content.

You must login or register to view this content.

Corona V1/V3 (Slim) Install:

*Thanks ZerOneX for some of these pictures
First, in order to make the DemoN fit on the Corona, you are going to have to install the QSB.

Install the QSB here. All the points that are labeled where it is soldered to the board, and the unlabeled ones are where you solder the DemoN to it:

You must login or register to view this content.

Then the DemoN goes on top of it like this:

You must login or register to view this content.

Now overall it is gonna look like this:

You must login or register to view this content.

Use the following pictures to solder the DemoN to the board. There is no diagram, but the pictures should suffice. Also you might want to tape down the side of the board with the orange wires because it lacks a solder joint so it isn't held down on that side (some people use part of the Coolrunners adhesive pad):

You must login or register to view this content.

You must login or register to view this content.

*This wire wasn't in the previous picture, but you can see it in the overall one. It goes right next to the orange wire

Now that your DemoN has been installed, it is time to get a dump of your NAND, but MAKE SURE THAT THE SWITCH IS ON "Xbox". First you will need to plug in the thing so you will need to temporarily plug in the ribbon cable (that goes to the daughterboard) and the daughterboard (you may also want to ground the daughterboard temporarily to be safe. Then plug your mini-USB cable into that, and the other end into your PC.

Open J-Runner. It should detected your DemoN. You will know it did because you will get an extra drop-down menu at the top labeled "DemoN", and it will show the DemoN logo. Next, make sure that in the lower right coroner where it says "Flash" it shows "Xbox360" not "DemoN", and if it does show "DemoN" simply click the "DemoN" menu and select "Toggle NAND" and it will switch. Now click "Read Nand" at the top. It should auto detect your console type and start reading. If it doesn't and instead brings up a list, select your console type, and JasperBB owners it will bring up a prompt where you must select your MU size (256MB or 512MB), and then click OK. It should start reading. If it doesn't in either cases then check your soldering, make sure your drivers are installed, and make sure everything is plugged in. When it is done reading twice it should automatically add your NAND dumps to the "Source File" and "Additional File" fields and compare them which you can see by the text "NANDs are the same" in the log. If they are not the same keep trying until they are (you might have to restart the program to do this). Then make a backup (copy don't move) of the "nanddump1.bin" file (this is in the "output folder" within your "J-Runner" folder on your desktop) as "Orig_NAND.bin" and keep it safe.

Now that you have a NAND backup, keep your DemoN plugged move onto Step 2b: RGH if you are using the RGH method or Step 2c: R-JTAG if you are using the R-JTAG method
Step 2a: JTAG
Now if you are on exactly dash 7371 (and therefore trying to JTAG) it is time to find out if you Xbox is JTAG'able. If this doesn't apply to you skip this. In J-Runner (it should still be open with your motherboard type selected and your NAND dump selected under "Source File") look over the the middle right and check out in the "Nand Info" section where is says "2BL [CB]". Look at what your CB is and see if it is in this list:
-Xenon: 1922, 1923, 1940, 7373
-Zephyr: 4571, 4572, 4578, 4579, 4580
-Falcon/Opus: 5771
-Jasper: 6750

If your CB is on this list it is patched and not JTAG'able. If it is not on this list you are good to go.

Checklist:
Your here because you found in the flow chart that your exploit method is the JTAG method (dash is 7371 or less and console is a phat)
You have Orig.bin NAND dump backed up
Your CB is not on the list of patched CBs
There are three main ways to JTAG your console:
1. The Xenon Method (only for Xenon consoles)
2. The Boxxdr Method (Zephyrs, Opus, Falcon, and Jasper)
3. The Boxxdr Method plus DVD Tray (Zephyrs, Opus, Falcon, and Jasper)

There are more variations of these methods but these are the only ones you need to care about as the Boxxdr method is the most stable. If you have a Xenon motherboard you do its one and only method, if you have any other motherboard you do the 2nd method (Boxxdr). In general the default method should work for you so go for it, but some consoles will rarely require the Boxxdr Method plus the DVD tray point. So if you get to the part with booting Xell and the console doesn't boot, you frequently get E79's, or you have problems with HDMI and really want it come back here and check out the 3rd method.

Method 1 (Xenon):
What you need:
Wire (from materials list)
(2x)1N914/4148 Switching Diode
In J-Runner (it should still be open with your motherboard type selected and your NAND dump selected under "Source File") in the upper right section titled "XeBuildOptions" click the drop down and select "Add Dash". In the window that appears check off "16747" and click "Add Dashes". Then in the same drop down select "16747" as it will now be in the list, and then select "JTAG" so it's bubble is filled. Now back in the upper left click "Create Xell-Reloaded". The log should say "Xell File Created Successfully xenon.bin".

Now follow which one applies to you:
A) You used the LPT method to dump your NAND
B) You used the NAND-X/J-R Programmer method you dump your NAND

A) Keep J-Runner open, and copy the xenon.bin file from the output folder in the J-Runner folder on your desktop into the Nandpro30 folder. The open a Command Prompt again ("cmd") and type "cd desktop\Nandpro30" and press enter, and then type in this command:
nandpro lpt: -w16 xenon.bin
You will end up with something like this:

You must login or register to view this content.

Now simply press enter and it should start writing, which you can see by the the 4digit alphanumeric code at the bottom that starts at 0000 and will slowly go up by 1. Once it reaches 004F (more for BB Jaspers) it will stop and show another command line. If it didn't work then 1)Check your soldering or 2) Your Xbox's power isn't plugged in

Now that this is done you can close Nandpro and remove your LPT plug from your computer and your Xbox. We won't be needing it any longer. Also, unplug the Xbox's power.
---END OF A---
B) In J-Runner click "Write Xell Reloaded" and you should see it start writing in the log. If not then make sure your NAND-X/J-R Programmer is still connected to your computer and the motherboard and the Xbox's power is plugged in. When it reaches 03FF it will complete.

Now that this is done you can disconnect the NAND-X/J-R Programmer from your computer and your Xbox. Also, unplug the Xbox's power.
--END OF B--

Now use this diagram to solder the actual JTAG wires:

You must login or register to view this content.

The red line is a simple jumper wire while the yellow and blue are bridging wires with one switching diode each. For both the blue and yellow wires, the end of the diode that has the black line closer to it MUST be soldered to the motherboard by J1F1, while the wire is soldered to the other end of the diode and then to its respective point by J2D2. Once this is done, put your Xbox back to together to the point where the motherboard is in the metal shell, the fans are in and the fan shroud is on, and the front Ring of Light board is plugged in. Then move on to Step 3.

Method 2 (Boxxdr - All other consoles):

What you need:
Wire (from materials list)
(2x) 10K Ohm 1/2watt or 1/4watt Resistors
(2x) 2N3904 Transistors
Heat shrink is a must here
In J-Runner (it should still be open with your motherboard type selected and your NAND dump selected under "Source File") in the upper right section titled "XeBuildOptions" click the drop down and select "Add Dash". In the window that appears check off "16747" and click "Add Dashes". Then in the same drop down select "16747" as it will now be in the list, and then select "JTAG" so it's bubble is filled. Also check off the "Aud_Clamp?" option. Now back in the upper left click "Create Xell-Reloaded". The log should say "Xell File Created Successfully [motherboard type]_hack_aud_clamp.bin".

Now follow which one applies to you:
A) You used the LPT method to dump your NAND
B) You used the NAND-X/J-R Programmer method you dump your NAND

A) Keep J-Runner open, and copy the [motherboard type]_hack_aud_clamp.bin file from the output folder in the J-Runner folder on your desktop into the Nandpro30 folder. The open a Command Prompt again ("cmd") and type "cd desktop\Nandpro30" and press enter, and then type in this command:

nandpro lpt: -wX [motherboard type]_hack_aud_clamp.bin
where X is based on your console. If you have a Xenon, Zephyr, Opus, Falcon, or Jasper then X=16 If you have a Jasper BB 256MB or 512MB then X=64 (this can take a VERY long time for BB Jaspers)

In the end you will end up with something like this:

You must login or register to view this content.

Now simply press enter and it should start writing, which you can see by the the 4digit alphanumeric code at the bottom that starts at 0000 and will slowly go up by 1. Once it reaches 004F it will stop and show another command line. If it didn't work then 1)Check your soldering or 2) Your Xbox's power isn't plugged in

Now that this is done you can close Nandpro and remove your LPT plug from your computer and your Xbox. We won't be needing it any longer. Also, unplug the Xbox's power.
---END OF A---
B) In J-Runner click "Write Xell Reloaded" and you should see it start writing in the log. If not then make sure your NAND-X/J-R Programmer is still connected to your computer and the motherboard and the Xbox's power is plugged in. When it reaches 03FF (more for BB Jaspers) it will complete.

Now that this is done you can disconnect the NAND-X/J-R Programmer from your computer and your Xbox. Also, unplug the Xbox's power.
--END OF B--

For the actual soldering this is the area of the board you will be focusing on, and you can either remove the solder from these points (like in the picture), or push the legs of the components through them:

You must login or register to view this content.

You need to insert the resistors into the points shown and bend their legs back like such,but leave enough of the legs sticking out the bottom so that you can fold them together like in the next picture:

You must login or register to view this content.

You must login or register to view this content.

Now you are going to solder in the transistors so that their labels are facing away from the heatsink, their bottom legs are in their respective holes, their middle legs are soldered to the bent back legs of the resistors, and their top legs have nothing. It will look like this:

You must login or register to view this content.
Then you are going to solder each wire to their respective point on the bottom

You must login or register to view this content.

You must login or register to view this content.

Once this is done, put your Xbox back to together to the point where the motherboard is in the metal shell, the fans are in and the fan shroud is on, and the front Ring of Light board is plugged in. Then move on to Step 3.

Method 3 (Boxxdr plus DVD tray):

If you have had troubles with booting, freezing, or HDMI then you should be returning here. It is extremely rare that a person needs this wiring so I will not be directly disusing it (this tutorial is long enough) so check out this page and find the section about "Open_tray" if you really need it:
You must login or register to view this content.


Rest Of Post (Added: Saturday June 20th 2015 8:23 CDST)
Step 2b: RGH
Checklist:
Your here because you found in the flow chart that your exploit method is the RGH method (dash higher than 7371, and console is a slim or a Xenon)
You have Orig.bin NAND dump backed up
What you need now:
Slim Proto Chip: This is the best method to use for slim consoles. It is the easiest to get working and has the best boot times. The other instructions for slims are here if you get your hands on some old chips but otherwise there is no reason you shouldn't use a Slim Proto. There is a V1 and a V2. The V2 is a bit better and easy to find (while the V1s are rare) but a V1 will work fine if you get your hands on one.
Coolrunner: There are basically two ways to go with the Coolrunners if you can't get a Slim Proto or have a phat that you want to RGH1. A CR3 Lite or a Coolrunner Rev C with its addons. The CR3 Lite is essentially the rev C and its addons so it is a lot easier to use but there are 2 problems with it. First, it doesn't work as well as the rev C on Trinitys, and second TX has stopped making them so they are hard to get. Basically if you can get a CR3 Lite and don't have a Trinity get it. Otherwise if you have a Trinity or cannot find a CR3 Lite then get a Coolrunner Rev C.
Slim Proto V2: You must login or register to view this content.
CR3 Lite - You must login or register to view this content.
Coolrunner Rev C - You must login or register to view this content. or You must login or register to view this content.
IF YOU DON'T HAVE A NAND-X/J-R Programmer OR DemoN, you will need this: You must login or register to view this content. you can make one:You must login or register to view this content.
IF YOU HAVE A NAND-X but it didn't come with the NAND-X/J-R Programmer to coolrunner cable you need this: You must login or register to view this content.
IF YOU HAVE A CORONA V3/V4 YOU WILL NEED THE POST_OUT FIX: You must login or register to view this content.

NOTE: If you are using a Slim Proto, and have a Corona V3/V4, and don't have a DemoN you will NOT need a NAND-X/J-R Programmer because its only purpose for non-DemoN V3/V4s is to program the chip but the protos come pre-programmed
NOTE: There is another Coolrunner, the CR3 Pro that is available for purchase. I will not be talking about it in this guide however because its setup is a bit different and it is intended for advance users. Plus the Proto is better anyway

Now if you are on dash 14699 exactly and you have a phat you need to check your CB version (skip if you are above or bellow this dash) to see if you can use the RGH1 method for faster boot times. In J-Runner simply look to the right under "NAND info" and check your "2BL [CB]" version. If your CB version is any of the following or higher than you unfortunately need to use the R-JTAG method:
- Zephyr CB 4577, 4575
- Falcon/Opus CB 5772, 5773
- Jasper CB 6752, 6753

In J-Runner (it should still be open with your motherboard type selected and your NAND dump selected under "Source File") in the upper right section titled "XeBuildOptions" click the drop down and select "Add Dash". In the window that appears check off "16747" and click "Add Dashes". Then in the same drop down select "16747" as it will now be in the list, and then select "Glitch" so it's bubble is filled. Then look in the drop down just bellow that where it says "RGH". If you are using the RGH1 wiring then leave it as is, but if you are using the RGH2 wiring then change it to RGH2.

Now there are four scenarios you could have at this point:
1) You have a NAND-X/J-R Programmer and used it to read your NAND
2) You don't have the NAND-X/J-R Programmer and read your NAND with LPT
3) You have a Corona V2/V4 and therefore don't own a NAND-X/J-R Programmer
4) You have a DemoN and used that to read your NAND

NOTE!: You'll know if your Coolrunner is getting power if the red and green lights come on, and the green light will turn off once it programs. Additionally, if for some reason J-Runner does not automatically select the right .xsvf files for you and brings up the selection prompt you must select the timing file manually. If you have a Falcon select "Falcon" and if you have a Trinity select "Trinity". If you have any other console you can use A, B or C (and if you want try each one to see which gives the best boot times. Also if you are using a DemoN make sure you check off "DemoN Installed" at the bottom.

NOTE2: Even if you have a Corona V2/V4 if you want to spend the extra money you can buy a NAND-X/J-R Programmer and use that to program the Coolrunner instead of the LPT cable. Just follow number one instead.

NOTE3: If you are using a Slim Proto chip follow the next steps normally but SKIP any part that talks about programming the chip/coolrunner as they come pre-programmed.

1)
If you have the NAND-X/J-R Programmer simply plug in the Coolrunner to it with the NAND-X to coolrunner cable, and then plug the NAND-X/J-R Programmer into your computer like so (in the picture is the coolrunner rev c. but the Coolrunner plugs in the same way):
You must login or register to view this content.
Now once both are plugged in make sure "USB" is selected under "CoolRunner Programming" in the upper left, the Coolrunner switch is set to PRG, and unplug the NAND reading cable that is in the side of your NAND-X/J-R Programmer (don't deattach/desolder it from the board!) and then click "Flash CoolRunner". Once it is done you can detach the Coolrunner and "NAND-X/J-R Programmer to Coolrunner Cable" and set them aside.Now plug the NAND reading cable back into the NAND-X/J-R Programmer. Now, in J-Runner click "Create ECC" in the upper left, and make sure there are no errors in the log (there really shouldn't be so if you get one google it). Then click "Write ECC" in the upper left and wait for it to finish. Then you can disconnect the NAND-X/J-R Programmer from your console and computer and move onto the next step. Also, unplug the Xbox's power.
--END OF 1--

2)
If you don't have the NAND-X/J-R Programmer you need to attach the LPT cable you bought or made to your cool runner. If you bought the pre-made one it connects so that you can see the metal contacts (so they are facing up), and if you made one wire it up as shown in the schematic. Usually the pre-made cable comes with a sticker so you can make sure its facing the right way. Yours may be different. Also if you bought the pre-made one you will see that it doesn't have an external power source like the homemade one. Some computers LPT ports provide enough power on their own but if it doesn't work you have to connect the included 2 wire power cable to the Coolrunner and the cut the plug of the other end and get 3.3v from the xbox's DVD port (you can go strait from the port-but if you do don't solder or you may never get the plug back in-or use an old DVD drive power cable). You wire the black to ground and the red to the 3.3v pin. Then simply plug in the xbox's power brick (but don't turn it on) and it should power your Coolrunner while on standby.

DVD port power:
You must login or register to view this content.

Then make sure the switch is set to NOR, and "LPT" is selected under "CoolRunner Programming".
You also need to specify your LPT port, though usually the default value is correct. If the default doesn't work you need to go to the "Device Manager" in windows, find your LPT port in it, which will look something like this:
You must login or register to view this content.

and then right click on it and select "Properties" and then go to the resources tab. For the number you find ignore the "0x" and just put the rest in. Now click "Flash CoolRunner" and when it finishes you can unplug the coolrunner and its power and set them aside. Now, in J-Runner click "Create ECC" in the upper left and make sure there are no errors (there really shouldn't be so if you get one google it). Now open your J-Runner folder and then "output" in their copy the "image_00000000.ecc" file to the Nandpro30 folder. Then reopen a command prompt and cd to your Nandpro30 folder again (you should know how to do this now) and then type this command:
nandpro lpt: +w16 image_00000000.ecc

It will look like this:
You must login or register to view this content.

Then press enter and it will write up to 004F so it should go fast. When done disconnect the LPT cable and move onto the next step. Also, unplug the Xbox's power.
--END OF 2--

3)
If you have a Corona V2/V4 you will be following a method similar to scenario 1:
Attach the LPT cable you bought or made to program your cool runner. If you bought the pre-made one it connects so that you cannot see the metal contacts (so they are facing down), and if you made one wire it up as shown in the schematic. Also if you bought the pre-made one you will see that it doesn't have an external power source like the homemade one. Some computers LPT ports provide enough power on their own but if it doesn't work you have to connect the included 2 wire power cable to the Coolrunner and the cut the plug of the other end and get 3.3v from the xbox's DVD port (you can go strait from the port-but if you do don't solder or you may never get the plug back in-or use an old DVD drive power cable). You wire the black to ground and the red to the 3.3v pin. Then simply plug in the xbox's power brick (but don't turn it on) and it should power your Coolrunner while on standby.

DVD port power:
You must login or register to view this content.

Then make sure the switch is set to NOR, and "LPT" is selected under "CoolRunner Programming".
You also need to specify your LPT port, though usually the default value is correct. If the default doesn't work you need to go to the "Device Manager" in windows, find your LPT port in it, which will look something like this:

You must login or register to view this content.

and then right click on it and select "Properties" and then go to the resources tab. For the number you find ignore the "0x" and just put the rest in. Now click "Flash CoolRunner" and when it finishes you can unplug the Coolrunner and its power and set them aside. Now, in J-Runner click "Create ECC" in the upper left, and make sure there are no errors in the log (there really shouldn't be so if you get one google it). Then click "Write ECC" in the upper left. It will pop-up with that special read/write menu, and if it didn't start writing automatically just make sure the ECC is loaded into the bar and click "Write" and wait for it to finish. Then you can disconnect the R/W Kit cable from your Xbox and computer, and move onto the next step. Also, unplug the Xbox's power.
--END OF 3--


4)

Luckily for you the DemoN can be used to program the Coolrunner as well as read the NAND.
Plug in the Coolrunner to the DemoN using the included ribbon cable. There are two cables but one is smaller than the other so it is easy to tell which one is the right one. Now once that is plugged in make sure "USB" is selected under "CoolRunner Programming" in the upper left, the Coolrunner switch is set to PRG, and the DemoN and Coolrunners power lights are on. Then click "Flash CoolRunner". Once it is done you can detach the Coolrunner from the DemoN and set it aside. Now, in J-Runner click "Create ECC" in the upper left, and make sure there are no errors in the log (there really shouldn't be so if you get one Google it). Then in the DemoN drop down menu click "Toggle NAND" and then make sure that at the bottom of J-Runner it shows that the DemoNs NAND is selected. Now click "Write ECC" in the upper left and wait for it to finish. Then you can disconnect the DemoN's USB cable from your computer, switch the device switch to "Xbox" instead of "PC", and move onto the next step

NOTE: If you went with a Coolrunner Rev C follow the same steps as above, but you must modify the Coolrunner so that it can connect to the DemoN in this fashion (the board that plugs into the Coolrunner Rev C comes with the DemoN):

You must login or register to view this content.

Plug the board in and then solder the EN connection from the board to the Coolrunner

NOTE2: There are some users who have reported that they aren't able to program the DemoN until the Coolrunner is soldered into the motherboard. If you cannot program the DemoN now continue on and once you have installed the Coolrunner into the board then try programming it.
--END OF 4--


Installing the POST_OUT fix (for Corona V3s/V4s):
*SKIP THIS IF YOU DON'T HAVE A CORONA V3/V4.

If you have a Corona V3/V4 you will need to install the POST_OUT fix on order to regain the yellow wire/C connection. You have to remove the heatsink in order to do this (see the slim opening guide you used to open the console) It goes on relatively simply like so (use the solder anchors to fix it in place):

You must login or register to view this content.

Wiring/Jumper Settings for Coolrunner:
The wiring/jumper settings will differ depending on whether you have a phat, a trinity, or a corona v1/v2. Standard soldering rules apply, simply make all the connections in the pictures and place the Coolrunner where indicated. Also you may run into a wire being too short. If that is the case, extend it with your own wire. Additionally you will notice that for each of these diagrams the "Ground" location points to the AV port. Simply solder the ground wire in-between the top of the port and next to one of the prongs that sticks up (in the corner they create). Any arrows you see pointing to a hole means that the wires of that color are to be sent through it to the other side of the board.

NOTE: If you have a Coolrunner Rev C and its addons instead of a Coolrunner Lite you will need to wire in the addons so I will go over these now.

CPU Signal Cleaner (RGH1 and 2):
*Can be used with the RGH1 or 2 wiring but isn't really needed on RGH1 setups. Highly recommended for RGH2 setups!

As you can see this is where to place the cleaner on either system type:

You must login or register to view this content.

You must login or register to view this content.

Just cut off a small part of your blue CPU_RST cable and use it to solder "D" on the Coolrunner to "D" on the CPU Signal Cleaner and then solder "CPU_RST" on the cleaner to the actual CPU_RST point on the motherboard with the rest of the blue cable. Switch settings will be shown under each motherboards (Phat, Trinity, Corona) sections.

Multi-Cap Addon (RGH1 ONLY):
This only applies to RGH1 setups so if you are using the RGH2 wiring leave it off.
This is how you install the addon:

You must login or register to view this content.

Switch settings will be shown under each motherboards (Phat, Trinity, Corona) sections.

Phat:
Wiring
Place the Coolrunner with its sticky pad here (it is on the AV port; Rev C is smaller but goes in same place)
You must login or register to view this content.

RGH 1:

There are now two possibilities. You either have the QSB's or you don't. Whatever you have you are going to refer to the same diagrams, but for QSB owners you are going to wire the 3V3, and B wires to the points labeled on the QSB's instead (for the 3V3 wire it is the one with the large text not the small text):

You must login or register to view this content.

RGH 2:
Since you have a Xenon you must install the wires alone to these points:

You must login or register to view this content.

If you have trouble soldering to B (if you aren't using the QSBs and only wires), here is a good alternate point for both RGH1 and RGH2 Wiring

FT3N2

You must login or register to view this content.

If you have trouble booting, here are different techniques for laying wires: You must login or register to view this content.



If you have trouble with a Zephyr: You must login or register to view this content.


It is important that your run CPU_RST along the bottom of the board because the top has too much interference.
Jumper Settings:

CR3 Lite:
Refer to the following picture:

You must login or register to view this content.

For non-Jaspers:
LK1 - Short the points
LK2 - Leave alone
LK3 - Leave Alone (Short if using RGH1 wiring)
LK4 - Leave alone

For Jaspers:
LK1 - Short the points
LK2 - Short the points
LK3 - Leave Alone (Short if using RGH1 wiring)
LK4 - Leave alone

For all phats:
-8 switch (S2) dip: Set one and five on (up position) and the rest off. Then later try combos of 2,3, and 4, and 6,7,8 (2 on at a time) if you want to try to improve glitch times.
-6 switch (S4) dip: Set 1 on and the rest off. Then later try different ones on (one at a time) if you want to try to improve glitch times.
-Set the operation switch to "Phat" (if you have slow times try "Slim" later)


Coolrunner Rev C:
Refer to the following picture:

You must login or register to view this content.

Jumper 1: JP closed for RGH1, open for RGH2
Jumper 2: Try both and see what works best for you
Jumper 3: Usually needed on only Jasper, but you can try it on any phat

Rev C Addons:

CPU Signal Cleaner -

You must login or register to view this content.

Try combos of 1 on for each dip switch (i.e. 1K and 470p, not 1K and 2K). Only one on at a time!

Multi-Cap Addon -

You must login or register to view this content.

Now, put the motherboard back into the metal shell, reattach the heatsink if you removed it (remember to use thermal paste), and plug in the front ROL board, then move on to Step 3: Xell


Trinity:
I will integrate these instructions when I get the chance but for now here is how to use the Slim Proto: You must login or register to view this content.

Everything else in this section is for the older methods.

More Will Be Added Tomorrow!

Good shit dude, that's a lot of information.

Props to anyone who reads this.

:p thanks for that it will help a lot of people

It's crazy how complicated its to mod an Xbox. All we have to do is buy a 3.55 ps3 or simply downgrade.

its not hard when u get use to it, and its fun unlike PS3 i see another modder on every game

Thank, you all of my lovely friends i've got about 3-10 more sections coming.

Wow, this tutorial is extremely detailed, thanks for this, I may RGH my Xbox 360 that is currently collecting dust.

If, you need any help doing that shoot me a pm for my Skype and ill tell you what to do the whole way through it,

More Infomaton has been added!