What's new

Question Restoring RGH back to retail using SW methods (Xell), non-noob

X

xmp125a

Newbie
Messages
1
Reaction score
0
Points
20
Sin$
7
Hello,

TL;DR I want to revert the recently bought console from RGH to stock purely via Xell, no soldering. Want to know if the path I chose is viable.

I recently bought Xbox 360 slim (Corona I think), which was RGH modded previously, using CoolRunner RevB chip. I want to revert it back to stock console, so it can get online with no issues (I assume it is not blocked, but I don't care about it right now). I read A LOT about this so before a storm of comments on how I should not do this and that I am a n00b, a few facts:

1) I am Electrical Engineer, specialized among other things, in embedded systems. So I mostly know what I am doing, just need some additional info/verification from people who know more than me :smile: (I know very well what hypervisor is, I know how RGH works, etc)
2) In my country most if not all second hand Xbox360 are sold modded, people somehow prefer piracy to being online. So modded console is no use for me, but this is backup console for my daughter to put it in another location. She uses it to watch Netflix and Hulu cartoons (for that I need online access), playing JustDance, etc. Xbox 360 is so old that I can get original games for her cheap on Ebay.
4) Modded console is no advantage because everyone here is selling modded ones, not originals. It is difficult to get unmodded one.

Up to now, I did the following:
5) Determined the console runs Xell Reloaded, which freezed since the version installed does not support new DVD drives
6) Opened the console without breaking anything, disconnected DVD
7) Xell now boots, used it to retrieve raw flash (16 MB), Key vault, CPU key, fuses, DVD key. Have everything on PC.
8) Identifed that RGH mod was done using CoolRunner Rev B board.
9) Found the video that describes that Xell can be used to read AND program the flash. Cannot post link, but youtube video title is: How to Dump & Flash JTAG/RGH NAND from XeLL [Tutorial]
10) Naturally I don't have original NAND contents. The person who sold me the console very obviously did not do the mod himself and was totally clueless about what was even done to the console.
11) Found the thread that describes how one re-build the original NAND, titled How to recover from losing NAND (but have ECC written) (sorry can't post links)
12) Downloaded "Clean SMC pack" linked from that thread.
13) Checked the fuses and it seems that the console was never updated in any way (or long time ago?), consistent with being never online:

fuseset 02: f000000000000000
fuseset 07: f000000000000000
fuseset 08: 0000000000000000
fuseset 09: 0000000000000000
fuseset 10: 0000000000000000
fuseset 11: 0000000000000000

Is my interpretation correct?

My plan is:
13) Recreate the NAND contents from the data I have (raw flash (16 MB), Key vault, CPU key, fuses, DVD key)
14) Use Xell to effectively remove itself by flashing the NAND with recreated retail NAND

Problems I may run into, and would like the opinion on:

15) As I understand, ECC is 50 blocks of the NAND, where Xell resides. Is in my case the question what is in the ECC really important? I will be recreating the image without Xell anyway?
16) Since the main point of modding in my country is playing burned games, I assume DVD firmware has been modified as well. If I don't revert that BEFORE reverting to retail NAND, console will not boot, right?
17) How do I revert DVD drive firmware to retail without going online and get console blacklisted?
18) Do I need to remove CoolRunner board? As far as I understand RGH, it won't prevent retail hypervisor from booting, I would not like to de-solder unless absolutely neccessary.
19) Is console after doing all of the above safe to connect online without being blacklisted?

And finally, 18) Did I miss something important that will certainly brick the console?

Thanks for reading this far, if you made it!
 
Z

Zerker24

Enthusiast
Messages
945
Reaction score
206
Points
170
Sin$
0
The only way a stock nand will work is if your console is still on its original KV and that kv is not banned.

I know you said you're knowledgeable, but I am going through all the info as much as I can. This is in case someone else needs the information.

First, you need to determine if your console is a Corona, and if its a 16mb nand or 4gb (here or here). You need this info because xell cannot write to a 4gb nand. I believe you can with a app called "Simple Nand Flasher" though.

Second, you need to make your retail nand using the stock cpu/dvd key. Hopefully the DVD key still matches (no reason it shouldn't, but you never know). Then place that new nand file on a flash drive and name it "updflash.bin". Then start boot xell or simple nand flasher (read above) and it should write your retail nand.

Third, you will most likely need to remove the modchip. Some timing files allow the console to boot retail, but some don't. Due to this being a coolrunner, there should be a nor/program switch. If you flip that to prog it will disable the chip. Personally I would de-solder all the wires, but the switch is a quick and dirty way lol.

Now, I wouldn't worry about the dvd drive being flashed. As long as it's the original (or at least as the consoles DVD key flashed to it) you will be fine. There is no risk of a ban from a flashed drive. If it's not using the original dvd key it won't be able to play games from disk, but the rest of the console will function as normal.
 
SGCSam

SGCSam

Enthusiast
Messages
275
Solutions
1
Reaction score
25
Points
95
Sin$
7
The only way a stock nand will work is if your console is still on its original KV and that kv is not banned.

I know you said you're knowledgeable, but I am going through all the info as much as I can. This is in case someone else needs the information.

First, you need to determine if your console is a Corona, and if its a 16mb nand or 4gb (here or here). You need this info because xell cannot write to a 4gb nand. I believe you can with a app called "Simple Nand Flasher" though.

Second, you need to make your retail nand using the stock cpu/dvd key. Hopefully the DVD key still matches (no reason it shouldn't, but you never know). Then place that new nand file on a flash drive and name it "updflash.bin". Then start boot xell or simple nand flasher (read above) and it should write your retail nand.

Third, you will most likely need to remove the modchip. Some timing files allow the console to boot retail, but some don't. Due to this being a coolrunner, there should be a nor/program switch. If you flip that to prog it will disable the chip. Personally I would de-solder all the wires, but the switch is a quick and dirty way lol.

Now, I wouldn't worry about the dvd drive being flashed. As long as it's the original (or at least as the consoles DVD key flashed to it) you will be fine. There is no risk of a ban from a flashed drive. If it's not using the original dvd key it won't be able to play games from disk, but the rest of the console will function as normal.
Just out of interest, any particular reason why you'd recommend desoldering all of the wires vs flipping the switch to the Coolrunner?

IMO, I would just flip the switch OR desolder the VCC wire ONLY. This way, if you ever want to re-RGH the console, you'd simply reflip the switch or solder the single VCC wire back, vs the entire wire install. It just seems more logical to me as it saves time and effort while ensuring the chip can't re-enable itself and accidentally try to glitch while you have a retail NAND written to the console.
 
Z

Zerker24

Enthusiast
Messages
945
Reaction score
206
Points
170
Sin$
0
Just out of interest, any particular reason why you'd recommend desoldering all of the wires vs flipping the switch to the Coolrunner?

IMO, I would just flip the switch OR desolder the VCC wire ONLY. This way, if you ever want to re-RGH the console, you'd simply reflip the switch or solder the single VCC wire back, vs the entire wire install. It just seems more logical to me as it saves time and effort while ensuring the chip can't re-enable itself and accidentally try to glitch while you have a retail NAND written to the console.
No, there is no particular reason to be honest lol. I agree, it would be easier to RGH the console again at some point if you just flip the switch. I just don't find it difficult to do the install so I don't think about these things lol.
 
Top Bottom
Login
Register