X
xmp125a
Newbie
Hello,
TL;DR I want to revert the recently bought console from RGH to stock purely via Xell, no soldering. Want to know if the path I chose is viable.
I recently bought Xbox 360 slim (Corona I think), which was RGH modded previously, using CoolRunner RevB chip. I want to revert it back to stock console, so it can get online with no issues (I assume it is not blocked, but I don't care about it right now). I read A LOT about this so before a storm of comments on how I should not do this and that I am a n00b, a few facts:
1) I am Electrical Engineer, specialized among other things, in embedded systems. So I mostly know what I am doing, just need some additional info/verification from people who know more than me (I know very well what hypervisor is, I know how RGH works, etc)
2) In my country most if not all second hand Xbox360 are sold modded, people somehow prefer piracy to being online. So modded console is no use for me, but this is backup console for my daughter to put it in another location. She uses it to watch Netflix and Hulu cartoons (for that I need online access), playing JustDance, etc. Xbox 360 is so old that I can get original games for her cheap on Ebay.
4) Modded console is no advantage because everyone here is selling modded ones, not originals. It is difficult to get unmodded one.
Up to now, I did the following:
5) Determined the console runs Xell Reloaded, which freezed since the version installed does not support new DVD drives
6) Opened the console without breaking anything, disconnected DVD
7) Xell now boots, used it to retrieve raw flash (16 MB), Key vault, CPU key, fuses, DVD key. Have everything on PC.
8) Identifed that RGH mod was done using CoolRunner Rev B board.
9) Found the video that describes that Xell can be used to read AND program the flash. Cannot post link, but youtube video title is: How to Dump & Flash JTAG/RGH NAND from XeLL [Tutorial]
10) Naturally I don't have original NAND contents. The person who sold me the console very obviously did not do the mod himself and was totally clueless about what was even done to the console.
11) Found the thread that describes how one re-build the original NAND, titled How to recover from losing NAND (but have ECC written) (sorry can't post links)
12) Downloaded "Clean SMC pack" linked from that thread.
13) Checked the fuses and it seems that the console was never updated in any way (or long time ago?), consistent with being never online:
fuseset 02: f000000000000000
fuseset 07: f000000000000000
fuseset 08: 0000000000000000
fuseset 09: 0000000000000000
fuseset 10: 0000000000000000
fuseset 11: 0000000000000000
Is my interpretation correct?
My plan is:
13) Recreate the NAND contents from the data I have (raw flash (16 MB), Key vault, CPU key, fuses, DVD key)
14) Use Xell to effectively remove itself by flashing the NAND with recreated retail NAND
Problems I may run into, and would like the opinion on:
15) As I understand, ECC is 50 blocks of the NAND, where Xell resides. Is in my case the question what is in the ECC really important? I will be recreating the image without Xell anyway?
16) Since the main point of modding in my country is playing burned games, I assume DVD firmware has been modified as well. If I don't revert that BEFORE reverting to retail NAND, console will not boot, right?
17) How do I revert DVD drive firmware to retail without going online and get console blacklisted?
18) Do I need to remove CoolRunner board? As far as I understand RGH, it won't prevent retail hypervisor from booting, I would not like to de-solder unless absolutely neccessary.
19) Is console after doing all of the above safe to connect online without being blacklisted?
And finally, 18) Did I miss something important that will certainly brick the console?
Thanks for reading this far, if you made it!
TL;DR I want to revert the recently bought console from RGH to stock purely via Xell, no soldering. Want to know if the path I chose is viable.
I recently bought Xbox 360 slim (Corona I think), which was RGH modded previously, using CoolRunner RevB chip. I want to revert it back to stock console, so it can get online with no issues (I assume it is not blocked, but I don't care about it right now). I read A LOT about this so before a storm of comments on how I should not do this and that I am a n00b, a few facts:
1) I am Electrical Engineer, specialized among other things, in embedded systems. So I mostly know what I am doing, just need some additional info/verification from people who know more than me (I know very well what hypervisor is, I know how RGH works, etc)
2) In my country most if not all second hand Xbox360 are sold modded, people somehow prefer piracy to being online. So modded console is no use for me, but this is backup console for my daughter to put it in another location. She uses it to watch Netflix and Hulu cartoons (for that I need online access), playing JustDance, etc. Xbox 360 is so old that I can get original games for her cheap on Ebay.
4) Modded console is no advantage because everyone here is selling modded ones, not originals. It is difficult to get unmodded one.
Up to now, I did the following:
5) Determined the console runs Xell Reloaded, which freezed since the version installed does not support new DVD drives
6) Opened the console without breaking anything, disconnected DVD
7) Xell now boots, used it to retrieve raw flash (16 MB), Key vault, CPU key, fuses, DVD key. Have everything on PC.
8) Identifed that RGH mod was done using CoolRunner Rev B board.
9) Found the video that describes that Xell can be used to read AND program the flash. Cannot post link, but youtube video title is: How to Dump & Flash JTAG/RGH NAND from XeLL [Tutorial]
10) Naturally I don't have original NAND contents. The person who sold me the console very obviously did not do the mod himself and was totally clueless about what was even done to the console.
11) Found the thread that describes how one re-build the original NAND, titled How to recover from losing NAND (but have ECC written) (sorry can't post links)
12) Downloaded "Clean SMC pack" linked from that thread.
13) Checked the fuses and it seems that the console was never updated in any way (or long time ago?), consistent with being never online:
fuseset 02: f000000000000000
fuseset 07: f000000000000000
fuseset 08: 0000000000000000
fuseset 09: 0000000000000000
fuseset 10: 0000000000000000
fuseset 11: 0000000000000000
Is my interpretation correct?
My plan is:
13) Recreate the NAND contents from the data I have (raw flash (16 MB), Key vault, CPU key, fuses, DVD key)
14) Use Xell to effectively remove itself by flashing the NAND with recreated retail NAND
Problems I may run into, and would like the opinion on:
15) As I understand, ECC is 50 blocks of the NAND, where Xell resides. Is in my case the question what is in the ECC really important? I will be recreating the image without Xell anyway?
16) Since the main point of modding in my country is playing burned games, I assume DVD firmware has been modified as well. If I don't revert that BEFORE reverting to retail NAND, console will not boot, right?
17) How do I revert DVD drive firmware to retail without going online and get console blacklisted?
18) Do I need to remove CoolRunner board? As far as I understand RGH, it won't prevent retail hypervisor from booting, I would not like to de-solder unless absolutely neccessary.
19) Is console after doing all of the above safe to connect online without being blacklisted?
And finally, 18) Did I miss something important that will certainly brick the console?
Thanks for reading this far, if you made it!