How to jtag + useful tips

Discussion in 'Firmware Modding Tutorials' started by XherpxDerpX, Aug 17, 2012 with 0 replies and 16,703 views.

Thread Status:
Not open for further replies.
  1. XherpxDerpX

    XherpxDerpX Getting There

    Messages:
    266
    Likes Received:
    46
    Hello Se7ensins this is my first tutorial so don't be to hard on me :tongue:

    Alright so first, before you jtag you want to make sure you can jtag your xbox.

    First, Boot up your xbox 360. Then, scroll over to system settings, click console settings, Then click system info.

    If your dash board is 2.0.8955.0 or lower, you can jtag.
    Now, look for your kernel. If it is 2.0.7371.0 or lower you can jtag.
    One more thing you can do... look behind your xbox and disconnect your power plug that goes into your xbox. Then look at the actual plug in your xbox and compare it to this photo to find out what motherboard you have. [​IMG]
    Xenon works best only because it's easy and takes Type 1 and 2 KV's
    If your new to this stuff a keyvault, more commonly known as a KV, is a file in your NAND. Microsoft uses this file to identify your console on XBOX LIVE. Or in other words, it is your ticket to playing online. If your KV is bad or banned, your console will not function on XBOX LIVE.
    Really Jasper is the best console to jtag because i almost never gets the RRoD but..




    Now time for the fun part.

    BUILDING LPT/RJ45 CABLE FOR YOUR XBOX 360 CONSOLE
    Now moving on.....we'll next need to create a simple DB-25 to RJ45 Cable to allow us to dump the NAND image from the Xbox 360 Console and write the new image back. Images below of what we will be building...​
    [​IMG]
    [​IMG]
    Contents Required to build this JTAG XBOX 360 cable (easily found at your local electrical outlet)​
    • 1 x RJ45 Extender
    • 1 x CAT5 Patch Lead (make sure it's CAT5 not CAT6)
    • 1 x DB 25 25 WAY Male Plug (LPT Printer Cable) + Hood Cover
    • 5 x 100ohm Resistors (as per the image above)
    • 2 x Switching Diodes for later on: Part No: BAT41 or 1N4148 or 1N4153
    Content Images Below:​
    [​IMG]
    We will prepare the DB25 Male Plug First....Study the image below.....​
    [​IMG]
    What we want to do here, is strip one end of the CAT5 Patch Lead, separate the wires and prepare them for soldering on the Xbox 360 Motherboard. The wire colors on the patch lead may not necessarily match the colors in the diagram below so be prepared to quickly draw up and make note of your own color configuration. Example: Orange on Diagram Above = Orange/White on Patch Lead....The idea is to have the wires soldered onto the board as per the diagram below, and the other end of the cable going into the RJ45 Joiner (NOTE: the joiner does not need to be glued to the Xbox 360 case as it is on the image below)....Here's a closer look once the wires are soldered to the Xbox 360. Take your time as you do not want to bridge any connections during this step!​
    [​IMG]
    Now we have completed this step, lets move onto the other end of the joiner. Basically we will yet again strip one end of the RJ45 Cable, prepare the wires for solder, and then solder to the DB25 Male Plug - Keeping in mind the color combination so we are routing them through the joiner correctly and matching the colors on the motherboard to the pins on the DB25 Plug as per the image below)​
    REMEMBER: There are 5 wires that need resistors soldered to the pins before them, the diagram below advises which ones they are, view the images of the Xbox 360 Mainboard below to get a better understanding of this step....​
    [​IMG]
    Pin Configuration on Xbox 360 JTAG DB25 Male Plug (take note of which is number 1)​
    [​IMG]
    Here's the completed and prepared Xbox 360 JTAG DB25 Male Plug with the Resistors in place....​
    [​IMG]
    Make sure none of the wires touch or are bridged....finally place the DB25 Cover on and you are ready to dump your NAND IMAGE using your Xbox 360 JTAG Cable :smile:
    [​IMG]
    Once the Cable has been built, you can proceed to dumping the NAND image of your console.

    DUMPING YOUR XBOX 360 NAND IMAGE
    • Download Xbins, grab NANDPRO from their FTP Server....
    • make sure to install port95nt.exe from the NANDPRO folder, restart PC..
    • Plug in your Xbox 360 Console but do not power it on.
    • Plug in the DB25 Male plug into your PC's Parallel Port
    • Run Command Prompt and route to the NANDPRO folder
    • Run Command: nandpro lpt: -r16 orig.bin
    • Note: FlashConfig should state FlashConfig:01198010, which means it is talking to your Xbox 360 NAND
    • Wait Patiently, depending on your console revision, this could take a long time, most older Xenons are ~45Mins per nand dump, new jaspers with 256mb/512mb take much longer.
    • If there are no errors read the dump again with the following command: nandpro lpt: -r16 orig2.bin
    VALIDATING YOUR XBOX 360 NAND IMAGE DUMP
    Now we need to confirm the Xbox 360 Nand Dumps you have made are valid for safekeeping....​
    First off, confirm your images are identical using a hex editor to make sure they match 100%​
    Then downloaded an application call degraded from Xbins​
    Run Degraded, Click on Settings​
    Open up another browser and google "Degraded 1BL key"​
    Enter the key you found in the google search results into the Degraded Settings​
    Click the Valid and set file system start to 39​
    Now open your Orig.bin file you created earlier, Upon opening the file, you shouldn't receive any bad blocks​
    Here's an image of an image dump....​
    [​IMG]
    IMPORTANT STEP!!!
    Now follow the guidelines below to confirm whether or not you can JTAG your Xbox 360 Console, even though you may have the correct dashboard on your Xbox 360 Console to JTAG, it doesn't mean you have an exploitable Xbox 360 CB, but there's a good chance it is.​
    Now in your Degraded Window, check which version CB you have got, and follow the chart below:​
    Exploitable Xbox 360 CB's which you can JTAG
    1888, 1902, 1903, 1920,1921: exploitable xenon​
    4558: exploitable Zephyr​
    5761, 5766, 5770: exploitable falcon​
    6712, 6723: exploitable jasper​
    Non Exploitable Xbox 360 CB's which cannot be JTAG
    Xenon: 1922, 1923, 1940​
    Zephyr: 4571, 4572, 4578, 4579​
    Falcon/Opus: 5771​
    Jasper: 6750​
    NOTE: The image above is non-exploitable so cannot run the Xbox 360 JTAG Hack
    Now confirm your Xbox 360 Console has an EXPLOITABLE CB, if it doesn't i'm afraid you'll have to try finding another Xbox 360 to work on....​
    XBOX 360 JTAG - THE FINAL PROCEDURE
    So you have an Exploitable CB and your Xbox 360 Dashboard version is 2.0.7371.0 or lower? Great you're in luck, now to the final part of the guide, installing the JTAG hack yourself. Depending on which Revision Xbox 360 you have the installation procedure for JTAG is a little different. To Trigger the Xbox 360 JTAG hack, you need to bridge 3 points on the Xbox 360 Motherboard, i will advise which points they are depending on Xbox 360 Revision...​
    The Xbox 360 JTAG Hack requires switching diodes between some of the points being bridged....Pictures below state where the diodes should be and in which direction, pay close attention to the arrows...​
    Switching Diode Part Numbers: BAT41 or 1N4148 or 1N4153​
    XBOX 360 XENON REVISION
    [​IMG]
    XBOX 360 FALCON, ZEPHYR, OPUS AND JASPER REVISIONS
    [​IMG]
    .....OK please note that once the hack is installed, your Xbox 360 will not boot until a hacked imaged has been dumped. Also note that the JTAG hack above and the 3 wires we just installed will permanently need to stay where they are.​
    WRITING THE HACKED XBOX 360 XBR IMAGE ONTO YOUR XBOX 360 CONSOLE
    • Open up Xbins, and download the XBR Image for your board type, eg. XBR_8955.bin
    • Connect your DB25 Male Plug to your PC
    • Go to command prompt and route to the NANDPRO folder
    • Run: nandpro orig.bin: -r16 rawkv.bin 1 1
    • Run: nandpro orig.bin: -r16 rawconfig.bin 3de 2
    • These two commands extract the keyvault and config blocks from your original nand, and now all you need to do is inject these into the hacked XBR image
    • Rename the XBR image you downloaded from Xbins to just xbr.bin
    • Command Prompt, Route to NANDPRO folder
    • Run: nandpro xbr.bin: -w16 rawkv.bin 1 1
    • Run: nandpro xbr.bin: -w16 rawconfig.bin 3de 2
    • And then finally flash back the New Hacked NAND Image with your original keyvault and config blocks to your Xbox 360
    • Run: nandpro lpt: -w16 xbr.bin
    Congats You now have a jtag!

    Tips:
    leave some suggestions so i can put some in.

    Credit:
    Some credit goes to mod360s

    DISCLAIMER: If as a result of following this tutorial you render your Xbox 360 damaged and/or inoperable, I accept no responsibility or liability for your loss. You follow this guide entirely at your own risk.

    "Copyright Disclaimer Under Section 107 of the Copyright Act 1976, allowance is made for "fair use" for purposes such as criticism, comment, news reporting, teaching, scholarship, and research. Fair use is a use permitted by copyright statute that might otherwise be infringing. Non-profit, educational or personal use tips the balance in favor of fair use."

    PM me or just leave a comment if you want to ask me something
    If this is in the wrong section mods could you please move it :smile:
    leave suggestions for me if i ever write another tutorial.
    - XhurpxDerpX
     
    bmanz78 and UC l Falcon l like this.
Thread Status:
Not open for further replies.