What's new

Question Downgrading

I

ISAKM

Enthusiast
Messages
46
Reaction score
3
Points
55
Sin$
0
So far I understand that if I wanna downgrade I just build image in XeBuild, but how do I get the files needed? I mean XeBuild 1.21 has all the folders with dash numbers but only 17559 can be built like wth...
Post automatically merged:

Noone knows? lol
 
Last edited:
I

ISAKM

Enthusiast
Messages
46
Reaction score
3
Points
55
Sin$
0
So far I understand that if I wanna downgrade I just build image in XeBuild, but how do I get the files needed? I mean XeBuild 1.21 has all the folders with dash numbers but only 17559 can be built like wth...
Post automatically merged:

Noone knows? lol
Just tell me how come on
 
danik2b

danik2b

Enthusiast
Messages
63
Solutions
3
Reaction score
8
Points
65
Sin$
0
I am looking for 14717 as I have a Trinity and if I understand it right I cant go past manufacturing date right?

From my understanding, you want to downgrade the dash from the latest one to something like the NXE or Blades?
This is impossible if you've already updated the console, there are some e-fuses on the cpu that physically blow up to prevent downgrading.

You can find an older xebuild to give you older versions, but it won't work.

Only way to downgrade is to install a new cpu chip.
 
I

ISAKM

Enthusiast
Messages
46
Reaction score
3
Points
55
Sin$
0
From my understanding, you want to downgrade the dash from the latest one to something like the NXE or Blades?
This is impossible if you've already updated the console, there are some e-fuses on the cpu that physically blow up to prevent downgrading.

You can find an older xebuild to give you older versions, but it won't work.

Only way to downgrade is to install a new cpu chip.
But if I have understand it right RGH consoles can bypass the e-fuses right? so e-fuses doesnt matter
https://free60project.github.io/wiki/Fusesets.html
 
Last edited:
danik2b

danik2b

Enthusiast
Messages
63
Solutions
3
Reaction score
8
Points
65
Sin$
0
But if I have understand it right RGH consoles can bypass the e-fuses right? so e-fuses doesnt matter
https://free60project.github.io/wiki/Fusesets.html

No, because the fuses are within the chip itself, replacing the whole chip would be required. You can't use software to get around the physical e-fuses being blown.
Read the information in fuseset 0x02 & 0xB below. 0xB does mention that you can downgrade... but I personally haven't done it(unless that fuse set isn't used?)

0x02
This is the lockdown counter for the 2BL/CB (The 2nd Bootloader, stored in NAND Flash) One of these are burned everytime the console updates it’s bootloader (Which isn’t very often) this is the reason that there is no way to recover a JTAG that has been updated to 2.0.8***.0, even is you have the CPU key, (2BL is encrypted with the CPU/1BL key, but is signed with Microsoft’s private key so you can’t change the lockdown counter in the NAND. The bootloader will fail signature checks, and panic)

0xB
These make up the console’s “Lockdown Counter.” They are blown after each dashboard update starting with the update from 4532/4548 to 4598. They prevent a previous version of the dashboard from being run on an updated console. There are enough eFUSEs in this section for Microsoft to update the console roughly 80 times. The lockdown counter of this console is at FFFF00000…, this means that it has recieved 4 dashboard updates since 2.0.4548.0 ran on it. Microsoft originally intended to only blow an eFUSE when a system update patched a critical vulnerability (Like the Hypervisor vulnerability in 4532 and 4548) but has now decided to blow an eFUSE with every update since the update to 4598. In the NAND’s 6BL(CF) section, there is another lockdown counter that should(Under normal circumstances) match the fuselines on the CPU. If it doesn’t match, the console will panic on boot, and will show a RRoD. Now, here’s the good part! If we know the CPU key of the console, we can decrypt the 6BL, and change the lockdown counter in the NAND to match the one on the console, and therefore run an older dashboard. Since the 6BL isn’t signed with Microsoft’s private key, we can edit it as we please, so long as we have our CPU key.
 
Last edited:
Top Bottom
Login
Register