What's new

Tutorial How to unflag Xbox 360 [Tutorial] [No J-Tag Required)

  • Thread starter wolffboy212
  • Start date
  • Views 64,371
W

wolffboy212

Enthusiast
Messages
12
Reaction score
29
Points
60
Sin$
0
How to unflag Xbox 360! (So you don't get banned from being flagged)

Before you start!
I don't think this will work if you have a console ban! (Could be wrong(untested))
I don't think this will work if you have been online with your flagged xbox! (I herd they record it on their servers but could work(untested))


Background Story
I was flagged for failing the AP25 Challenge by trying to play NFS Hot Pursuit. After XVall told me I was flagged I figured this out.

Description
Basic idea is that when your Xbox flags its self and is not online its never sent to the Microsoft Servers it stays in the secdata of the NAND so you dump the NAND and change the value of the flag from flagged to unflagged and write the changed parts back to the Xbox and BAM! unflagged.

Requirements
- Some wire.
- Soldering Iron
- Soldering experience and confidence
- 5 100ohm 1/2watt Resisters
- 1 Switching Diode. I used 1N914 - 1N4148
- Computer with a LPT port(Printer port)
- LPT cable with a DB25 Male end
- Stuff required to take Xbox 360 apart

Programs
- XVal
- NandPro20b
- FindSecData
- NandCompare
- Windows computer with Command Prompt
- Xbins (if thats how you get the programs)

Steps
1. Take Xbox 360 apart, Totally apart so the mother board is no longer in the frame.
(If you don't know how to do this you probably shouldn't be doing this tutorial)

2. Solder NAND Lpt wire to Xbox 360 motherboard and dumping NAND.
Please refer to this How to JTag tutorial and dump NAND for soldering the Lpt wire and Dumping the NAND. DONT DO THE JTAG POINTS!
(Only thing i did different is compare NAND dumps with NandCompare)

3. Take good dump and run it in FindSecData
(Im asuming you know how to use the command line in this tutorial)

Putting NAND in FindSecData:
Code:
C:\Documents and Settings\----\Desktop\nand patch>findsecdata nandr.bin

findsecdata v0.61 2009-12-01 by boby2pc
Controller version 1
Last filetable change: 0x4D
ECC change: 0x4D Filetbl: 0x01D7 Secdata: 0x01D6 Timestamp: 3D6FB8A2 2010-11-15
ECC change: 0x4C Filetbl: 0x01D5 Secdata: 0x0226 Timestamp: 3D61A943 2010-11-01
ECC change: 0x42 Filetbl: 0x0225 Secdata: 0x038B Timestamp: 3C8F12DD 2010-04-15

Checking secdata:
038B containts not 0 values above offset 1024

Searching for recommended

Extracting secdata:
secdata01D6.bin
secdata0226.bin

Extracting filetables:
filetable01D7.bin
filetable01D5.bin

Creating patched secdata:
Patchedsecdata01D6.bin
Patchedsecdata0226.bin

Creating patched filetables:
Patchedfiletable01D7By01D5.bin

Use:
nandpro.exe lpt: -w16 Patchedsecdata0226.bin 1D6 1
nandpro.exe lpt: -w16 Patchedfiletable01D7By01D5.bin 1D7 1

Press ENTER

And Write fixed parts back!
Code:
C:\Nandpro20e>nandpro.exe lpt: -w16 Patchedsecdata0226.bin 1D6 1
NandPro v2.0e by Tiros

Testing LPT device address:0378
Using LPT device at address:0378
Flash Config: 0x01198010
Block Size: 16KB Block Limits: 0x0001D6..0x0001D6
File: Patchedsecdata0226.bin
Writing
01D6

C:\Nandpro20e>nandpro.exe lpt: -w16 Patchedfiletable01D7by01D5.bin 1D7 1
NandPro v2.0e by Tiros

Testing LPT device address:0378
Using LPT device at address:0378
Flash Config: 0x01198010
Block Size: 16KB Block Limits: 0x0001D7..0x0001D7
File: Patchedfiletable01D7by01D5.bin
Writing
01D7


If you have a Console with 256mb or 512mb NANDs adjust commands accordingly.

sindsecdata.jpg

Your Xbox should no longer be flagged!

If you have any questions or concerns e-mail me:
[email protected]

!REMEMBER! to UP my post if it helped you :smile:

-Dr Robb!
 
W

wolffboy212

Enthusiast
Messages
12
Reaction score
29
Points
60
Sin$
0
Very very nice, is there an easier way to do this with a jtag?

I am not sure because I don't have a JTagged xbox my self but I would try doing the nand sd card thing and not soldering the lpt wire to the motherboard. sorry all I know ha
 
michael1026

michael1026

Member
Forum Addict Mr. Nice Guy
Messages
3,720
Reaction score
436
Points
490
Sin$
7
I am not sure because I don't have a JTagged xbox my self but I would try doing the nand sd card thing and not soldering the lpt wire to the motherboard. sorry all I know ha
Unshared KV+Fast way to do this=Never banned?
 
SupremeCippy

SupremeCippy

Getting There
Messages
1,538
Reaction score
184
Points
200
Sin$
0
good tut.. something i haven't seen in a while.

Unshared KV+Fast way to do this=Never banned?
this works by removing the data your xbox would tell the servers. that would be different as the servers flag your xbox as ur system dose not look right to them.
if it was possible you would need to real time edit your nand
 
Ells

Ells

#yoloswag
VIP
Retired
Messages
7,750
Reaction score
3,124
Points
795
Sin$
0
This is very interesting.

Thanks for your contribution.
 
TicTac

TicTac

Inhale the best, Exhale the stress
Messages
871
Reaction score
300
Points
195
Sin$
0
How is this even possible? after the 09' update all you can do is read your nand, not flash it back?
 
W

wolffboy212

Enthusiast
Messages
12
Reaction score
29
Points
60
Sin$
0
How is this even possible? after the 09' update all you can do is read your nand, not flash it back?

Im telling you it works. When I first did it and my X value came up clean I couldnt believe it too but it was unflagged and thus inspiring me to share it and help other people.

Hope someone else does it too soon
 
etownlax

etownlax

Getting There
Messages
1,604
Reaction score
192
Points
190
Sin$
0
good tut.. something i haven't seen in a while.


this works by removing the date your xbox would tell the servers. that would be different as the servers flag your xbox as ur system dose not look right to them.
if it was possible you would need to real time edit your nand

I highly doubt a jtag would store this information on its nand while signing in(unless ofcourse it had a flashed dvd drive and failed these AP25 checks). If anything, you would have to real time edit the xex's that are downloaded and ran when you sign in, and have them return all the right information(information as though it's a retail).

How is this even possible? after the 09' update all you can do is read your nand, not flash it back?

You can read, write, erase the nand all you want. It doesn't matter that dashboard update. The only thing that '09 update did was remove an exploit which rebooters take advantage of and burnt some e-fuses so you couldn't run any older dashboard which was exploitable.
 
K

Katy Perry

Enthusiast
Messages
486
Reaction score
39
Points
95
Sin$
7
Very Nice. Tutorial. I'm going to try this and see if it works. +1
 
E

EclipseModz

VIP
VIP
Retired
Messages
7,688
Reaction score
2,715
Points
655
Sin$
0
People asking how to do this on a JTAG. Its pointless to do..

Now on a retail its not a bad idea. Although if the server already has you processing for a ban then your screwed no matter what you do.
 
K

Katy Perry

Enthusiast
Messages
486
Reaction score
39
Points
95
Sin$
7
People asking how to do this on a JTAG. Its pointless to do..

Now on a retail its not a bad idea. Although if the server already has you processing for a ban then your screwed no matter what you do.
yea that's true, so would it even make a difference if you unflag it or not ?
 
E

EclipseModz

VIP
VIP
Retired
Messages
7,688
Reaction score
2,715
Points
655
Sin$
0
yea that's true, so would it even make a difference if you unflag it or not ?
If you were using the console offline at the time of the flag and haven't connected back to live. Then its going to make a difference.
 
michael1026

michael1026

Member
Forum Addict Mr. Nice Guy
Messages
3,720
Reaction score
436
Points
490
Sin$
7
If you were using the console offline at the time of the flag and haven't connected back to live. Then its going to make a difference.
So it wouldn't be pointless if you were to get off at the right time, play for about an hour, get off for a little bit, do this, repeat.
Edit: forgot about how kv's only last 30mins now :/
 
halopro77

halopro77

The Wombologist
Platinum Record Frame In Gold Bright Idea
Messages
1,713
Reaction score
575
Points
285
Sin$
7
all we need is a way to constantly modify the nand so we can keep changing the value to unflagged on a jtag...

Profit????
 
Top Bottom
Login
Register