[TuT] How to change you JTAG wiring using Update My SMC - MIND

Using Update My SMC you are now able to change the JTAG wiring (TMS and TDI) signals. This program will work with any HDMI console. Sorry for you guys out there that have messed up your Xenon JTAG points.

You can not use an "Easy freeBOOT" program when using Update My SMC so I will go over the details later on in the tutorial

Requirements

-A JTAG'd xbox or an exploitable xbox.

-These donor freeBOOT files: Here

-Update My SMC v0.2: Here

-Update My SMC v0.2b:Here

-Microsoft visual C++:Here

-The PDF for the new JTAG points: Here

-freeBOOT 0.32: Here

-9199 Files: Here

-The XBR file for your motherboard

-The normal JTAG hack requirements (LTP cable, USB NAND reader, diodes, all that fancy stuff)

-Patience, and lots of it.

-libeay32.dll if you have issues with ibuild


Step 1

Extract the Update My SMC v0.2 .rar to a folder on your desktop. For the sake of the tutorial I will name mine "Update My SMC"



Step 2

Open up the Update My SMC v0.2b .rar and navigate to the win32 folder. You will find smc_io.exe



Step 3

Extract the smc_io.exe to the tools folder of the Update My SMC (v0.2) that we extracted earlier. If extracted properly it should ask for a confirmation to overwrite the smc_io.exe that is already in v0.2. If it does not give you a prompt, extract the smc_io.exe from v0.2b to your desktop and cope and paste it into the tools folder, overwriting the old one.



Step 4

Now that you have Update My SMC updated and ready to go you are going to need to build an XBR image (making a new XBR image is necessary to flash freeBOOT later on). If you already have one you need to make a new one. Move the one you already have to a safe place to back it up then delete it (not the back up! The original one you had, that way we don't get the old one and the new XBR files mixed up). Make sure your original NAND dumps are in your nandpro folder. Also, make sure you have a new XBR image from Xbins in your nandpro folder matching your motherboard version. For the sake of this tutorial I will be calling the original NAND dump original1.bin (You only need one original NAND dump for this)

Open command prompt by going to Start>run>cmd>enter

Navigate to your nanpro folder (though the command prompt) and run the following commands (you should already know these commands, but I will include them in case you forgot).

nandpro original1.bin: -r16 rawkv.bin 1 1
nandpro original1.bin: -r16 rawconfig.bin 3de 2

nandpro XBR.bin: -w16 rawkv.bin 1 1
nandpro XBR.bin: -w16 rawconfig.bin 3de 2

Replace "16" if you have a 256 or 512mb console.


Step 5

Now that you have your new XBR image we are going to run it threw Update my SMC. Copy and paste XBR.bin (or what ever you named it) to the Update My SMC folder. Then rename it to smc.bin



Step 6

Run DumpSMC-fromANY_image.

Name of file is smc.bin



Chose your console type, mine is Zephyr so I will type 1 and press enter.



Then type Y and press enter.



You will then have an extracted and decrypted smc in the folder, with the name of your motherboard (zephyr,falcon,jasper and so on).



If you get a message saying you are missing a .dll file, so a google search and install it to system32, then repeat this step.


Step 7

Run update-my-SMC!



Type in smc.bin then enter.



Chose your console again.



When it asks you to chose the TMS and TDI signals chose option 4



Select option 1.



Select option 4.



It will then update your SMC encrypt it and inject it into your smc.bin file.



NOTE: The options we selected above are the options you would chose if you have a working point on ARGON_DATA (RF board) and a non working point on HDMI (DB1F1) if that is not the case select options to better suit your needs.


Step 8

Now that your new XBR image has an update smc (smc.bin) you need to flash this file to your console (Most of you should know how to do this. For those that don't here is a link to Eclipse's tutorial at the bottom of the page) . After its done flashing, unplug your USB NAND flasher, or LPT cable for the computer, and your xbox from the power supply and solder on the new JTAG connections. I wont cover how flash XBR in this tutorial seeing as you should already know how.


Step 9

After five minutes, plug in the power, and the AV cables. Turn on your xbox using the power button. If it boots up properly you are all good to start building your freeBOOT image. If you receive E79, try booting from eject (with a DvD drive plugged in), if that doesn't work, unplug your power supply wait ten seconds, plug it back in try again. If you receive E79 again, it is either your soldering, or you had a bad flash. Remake your XBR image and re-update it.

Step 10

You are going to need to get a flash dump form your console so use Flash360 and follow the on screen instructions to create a flashdmp.bin file


Step 11

Extract the freeBOOT .32 .rar to a folder on your desktop and rename the folder freeboot.

Next extract the 9199 .rar file to the data folder of the freeboot folder.

Next open up the donor files, and find the file for your motherboard and CB version. Extract those file to the data section of the freeboot folder.

Finally copy (not move, COPY) your flashdmp.bin file from your USB/HDD and place it in the bin folder of the freeboot folder.

No pictures are needed for this step as it is very straight forward.


Step 12

Open command prompt and navigate to the freeboot folder and type this command:

ibuild x -d temp\ -b "1BL key" -p "CPU Key" bin\flashdmp.bin

If you get an error don't worry, we only need three files. Copy smc.bin, smc_config.bin and KV.bin from the temp folder to the data folder.

No pictures are needed for this step as it is very straight forward.


Step 13

Now that you have all the filed run the following command:

ibuild.exe c freeBOOT -c "console" -d data\ -p "CPU Key" -b "1BL Key" bin\image.bin bin\fuses.bin


Step 14

Go to the bin folder of freeboot and find image.bin (image.bin is your new freeBOOT image) and copy it to the nandpro folder. Rename it to what ever you want (the image.bin file I mean)


Step 15

Flash the new freeBOOT image to your NAND using nandpro (You should already know how to do this, if not there is the link to Eclipse's Tutorial at the bottom of this page). After the flash is done, unplug you LPT/USB NAND flash and the power cable and wait 5 minutes.

Step 16

Turn on your console with the power button and enjoy your freeBOOT!


Useful Links

http://www.se7ensins.com/forums/topic/108432-how-to-do-the-jtag-hackdump-nandxell/ - Eclipse's Tutorial on installing a LPT cable, dumping the NAND, and retrieving the CPU key.


Thanks

-Free60 for creating this awesome program
-Some random guy online for the donator files

NOTE: Sorry for the weird pictures, don't know why there is white around them.


Hope this helps!

- MIND

I was sure that the description and the title explained it, but This program allows you to change your JTAG soldering points for easier JTAGing

The PDF is in the .rar for Update My SMC v0.2b

If you are still having trouble finding it I added a link to download the PDF

The SMC is what sends/receives TDI and TMS signals. It is these signals that allow you to boot into a rebooter. The wires are soldered so there is a direct bridge between the two points and the timing is changed so the TDI and the TMS signals are sent and received before anything else, which causes the console to boot into yet again, the rebooter.

Hope I helped.

No during start up. The signal timings are changed so the modded SMC can send its signals first.

If you followed the TuT exactly like i wrote it you will be keeping the wire that goes to the RF board going to the RF board, and the wire that would go to DB1F1 would now go to OPEN_TRAY which is pin 3 on the DvD drive PSU.

No its not, its for people who have ruined their DB1F1 points.

I clearly stated that the new JTAG points are in the PDF.

I'm aware of that but this tutorial was made for people who have a bad BD1f1 point

I had personally tired the method you just mentioned and it is very risky. Im glad ths helped you