Mind
Enthusiast
Using Update My SMC you are now able to change the JTAG wiring (TMS and TDI) signals. This program will work with any HDMI console. Sorry for you guys out there that have messed up your Xenon JTAG points.
You can not use an "Easy freeBOOT" program when using Update My SMC so I will go over the details later on in the tutorial
NOTE: Sorry for the weird pictures, don't know why there is white around them.
Hope this helps!
- MIND
You can not use an "Easy freeBOOT" program when using Update My SMC so I will go over the details later on in the tutorial
Requirements
-A JTAG'd xbox or an exploitable xbox.
-These donor freeBOOT files: Here
-Update My SMC v0.2: Here
-Update My SMC v0.2b:Here
-Microsoft visual C++:Here
-The PDF for the new JTAG points: Here
-freeBOOT 0.32: Here
-9199 Files: Here
-The XBR file for your motherboard
-The normal JTAG hack requirements (LTP cable, USB NAND reader, diodes, all that fancy stuff)
-Patience, and lots of it.
-libeay32.dll if you have issues with ibuild
Step 1
Extract the Update My SMC v0.2 .rar to a folder on your desktop. For the sake of the tutorial I will name mine "Update My SMC"
Step 2
Open up the Update My SMC v0.2b .rar and navigate to the win32 folder. You will find smc_io.exe
Step 3
Extract the smc_io.exe to the tools folder of the Update My SMC (v0.2) that we extracted earlier. If extracted properly it should ask for a confirmation to overwrite the smc_io.exe that is already in v0.2. If it does not give you a prompt, extract the smc_io.exe from v0.2b to your desktop and cope and paste it into the tools folder, overwriting the old one.
Step 4
Now that you have Update My SMC updated and ready to go you are going to need to build an XBR image (making a new XBR image is necessary to flash freeBOOT later on). If you already have one you need to make a new one. Move the one you already have to a safe place to back it up then delete it (not the back up! The original one you had, that way we don't get the old one and the new XBR files mixed up). Make sure your original NAND dumps are in your nandpro folder. Also, make sure you have a new XBR image from Xbins in your nandpro folder matching your motherboard version. For the sake of this tutorial I will be calling the original NAND dump original1.bin (You only need one original NAND dump for this)
Open command prompt by going to Start>run>cmd>enter
Navigate to your nanpro folder (though the command prompt) and run the following commands (you should already know these commands, but I will include them in case you forgot).
nandpro original1.bin: -r16 rawkv.bin 1 1
nandpro original1.bin: -r16 rawconfig.bin 3de 2
nandpro XBR.bin: -w16 rawkv.bin 1 1
nandpro XBR.bin: -w16 rawconfig.bin 3de 2
Replace "16" if you have a 256 or 512mb console.
Step 5
Now that you have your new XBR image we are going to run it threw Update my SMC. Copy and paste XBR.bin (or what ever you named it) to the Update My SMC folder. Then rename it to smc.bin
Step 6
Run DumpSMC-fromANY_image.
Name of file is smc.bin
Chose your console type, mine is Zephyr so I will type 1 and press enter.
Then type Y and press enter.
You will then have an extracted and decrypted smc in the folder, with the name of your motherboard (zephyr,falcon,jasper and so on).
If you get a message saying you are missing a .dll file, so a google search and install it to system32, then repeat this step.
Step 7
Run update-my-SMC!
Type in smc.bin then enter.
Chose your console again.
When it asks you to chose the TMS and TDI signals chose option 4
Select option 1.
Select option 4.
It will then update your SMC encrypt it and inject it into your smc.bin file.
NOTE: The options we selected above are the options you would chose if you have a working point on ARGON_DATA (RF board) and a non working point on HDMI (DB1F1) if that is not the case select options to better suit your needs.
Step 8
Now that your new XBR image has an update smc (smc.bin) you need to flash this file to your console (Most of you should know how to do this. For those that don't here is a link to Eclipse's tutorial at the bottom of the page) . After its done flashing, unplug your USB NAND flasher, or LPT cable for the computer, and your xbox from the power supply and solder on the new JTAG connections. I wont cover how flash XBR in this tutorial seeing as you should already know how.
Step 9
After five minutes, plug in the power, and the AV cables. Turn on your xbox using the power button. If it boots up properly you are all good to start building your freeBOOT image. If you receive E79, try booting from eject (with a DvD drive plugged in), if that doesn't work, unplug your power supply wait ten seconds, plug it back in try again. If you receive E79 again, it is either your soldering, or you had a bad flash. Remake your XBR image and re-update it.
Step 10
You are going to need to get a flash dump form your console so use Flash360 and follow the on screen instructions to create a flashdmp.bin file
Step 11
Extract the freeBOOT .32 .rar to a folder on your desktop and rename the folder freeboot.
Next extract the 9199 .rar file to the data folder of the freeboot folder.
Next open up the donor files, and find the file for your motherboard and CB version. Extract those file to the data section of the freeboot folder.
Finally copy (not move, COPY) your flashdmp.bin file from your USB/HDD and place it in the bin folder of the freeboot folder.
No pictures are needed for this step as it is very straight forward.
Step 12
Open command prompt and navigate to the freeboot folder and type this command:
ibuild x -d temp\ -b "1BL key" -p "CPU Key" bin\flashdmp.bin
If you get an error don't worry, we only need three files. Copy smc.bin, smc_config.bin and KV.bin from the temp folder to the data folder.
No pictures are needed for this step as it is very straight forward.
Step 13
Now that you have all the filed run the following command:
ibuild.exe c freeBOOT -c "console" -d data\ -p "CPU Key" -b "1BL Key" bin\image.bin bin\fuses.bin
Step 14
Go to the bin folder of freeboot and find image.bin (image.bin is your new freeBOOT image) and copy it to the nandpro folder. Rename it to what ever you want (the image.bin file I mean)
Step 15
Flash the new freeBOOT image to your NAND using nandpro (You should already know how to do this, if not there is the link to Eclipse's Tutorial at the bottom of this page). After the flash is done, unplug you LPT/USB NAND flash and the power cable and wait 5 minutes.
Step 16
Turn on your console with the power button and enjoy your freeBOOT!
Useful Links
http://www.se7ensins.com/forums/topic/108432-how-to-do-the-jtag-hackdump-nandxell/ - Eclipse's Tutorial on installing a LPT cable, dumping the NAND, and retrieving the CPU key.
Thanks
-Free60 for creating this awesome program
-Some random guy online for the donator files
-A JTAG'd xbox or an exploitable xbox.
-These donor freeBOOT files: Here
-Update My SMC v0.2: Here
-Update My SMC v0.2b:Here
-Microsoft visual C++:Here
-The PDF for the new JTAG points: Here
-freeBOOT 0.32: Here
-9199 Files: Here
-The XBR file for your motherboard
-The normal JTAG hack requirements (LTP cable, USB NAND reader, diodes, all that fancy stuff)
-Patience, and lots of it.
-libeay32.dll if you have issues with ibuild
Step 1
Extract the Update My SMC v0.2 .rar to a folder on your desktop. For the sake of the tutorial I will name mine "Update My SMC"
Step 2
Open up the Update My SMC v0.2b .rar and navigate to the win32 folder. You will find smc_io.exe
Step 3
Extract the smc_io.exe to the tools folder of the Update My SMC (v0.2) that we extracted earlier. If extracted properly it should ask for a confirmation to overwrite the smc_io.exe that is already in v0.2. If it does not give you a prompt, extract the smc_io.exe from v0.2b to your desktop and cope and paste it into the tools folder, overwriting the old one.
Step 4
Now that you have Update My SMC updated and ready to go you are going to need to build an XBR image (making a new XBR image is necessary to flash freeBOOT later on). If you already have one you need to make a new one. Move the one you already have to a safe place to back it up then delete it (not the back up! The original one you had, that way we don't get the old one and the new XBR files mixed up). Make sure your original NAND dumps are in your nandpro folder. Also, make sure you have a new XBR image from Xbins in your nandpro folder matching your motherboard version. For the sake of this tutorial I will be calling the original NAND dump original1.bin (You only need one original NAND dump for this)
Open command prompt by going to Start>run>cmd>enter
Navigate to your nanpro folder (though the command prompt) and run the following commands (you should already know these commands, but I will include them in case you forgot).
nandpro original1.bin: -r16 rawkv.bin 1 1
nandpro original1.bin: -r16 rawconfig.bin 3de 2
nandpro XBR.bin: -w16 rawkv.bin 1 1
nandpro XBR.bin: -w16 rawconfig.bin 3de 2
Replace "16" if you have a 256 or 512mb console.
Step 5
Now that you have your new XBR image we are going to run it threw Update my SMC. Copy and paste XBR.bin (or what ever you named it) to the Update My SMC folder. Then rename it to smc.bin
Step 6
Run DumpSMC-fromANY_image.
Name of file is smc.bin
Chose your console type, mine is Zephyr so I will type 1 and press enter.
Then type Y and press enter.
You will then have an extracted and decrypted smc in the folder, with the name of your motherboard (zephyr,falcon,jasper and so on).
If you get a message saying you are missing a .dll file, so a google search and install it to system32, then repeat this step.
Step 7
Run update-my-SMC!
Type in smc.bin then enter.
Chose your console again.
When it asks you to chose the TMS and TDI signals chose option 4
Select option 1.
Select option 4.
It will then update your SMC encrypt it and inject it into your smc.bin file.
NOTE: The options we selected above are the options you would chose if you have a working point on ARGON_DATA (RF board) and a non working point on HDMI (DB1F1) if that is not the case select options to better suit your needs.
Step 8
Now that your new XBR image has an update smc (smc.bin) you need to flash this file to your console (Most of you should know how to do this. For those that don't here is a link to Eclipse's tutorial at the bottom of the page) . After its done flashing, unplug your USB NAND flasher, or LPT cable for the computer, and your xbox from the power supply and solder on the new JTAG connections. I wont cover how flash XBR in this tutorial seeing as you should already know how.
Step 9
After five minutes, plug in the power, and the AV cables. Turn on your xbox using the power button. If it boots up properly you are all good to start building your freeBOOT image. If you receive E79, try booting from eject (with a DvD drive plugged in), if that doesn't work, unplug your power supply wait ten seconds, plug it back in try again. If you receive E79 again, it is either your soldering, or you had a bad flash. Remake your XBR image and re-update it.
Step 10
You are going to need to get a flash dump form your console so use Flash360 and follow the on screen instructions to create a flashdmp.bin file
Step 11
Extract the freeBOOT .32 .rar to a folder on your desktop and rename the folder freeboot.
Next extract the 9199 .rar file to the data folder of the freeboot folder.
Next open up the donor files, and find the file for your motherboard and CB version. Extract those file to the data section of the freeboot folder.
Finally copy (not move, COPY) your flashdmp.bin file from your USB/HDD and place it in the bin folder of the freeboot folder.
No pictures are needed for this step as it is very straight forward.
Step 12
Open command prompt and navigate to the freeboot folder and type this command:
ibuild x -d temp\ -b "1BL key" -p "CPU Key" bin\flashdmp.bin
If you get an error don't worry, we only need three files. Copy smc.bin, smc_config.bin and KV.bin from the temp folder to the data folder.
No pictures are needed for this step as it is very straight forward.
Step 13
Now that you have all the filed run the following command:
ibuild.exe c freeBOOT -c "console" -d data\ -p "CPU Key" -b "1BL Key" bin\image.bin bin\fuses.bin
Step 14
Go to the bin folder of freeboot and find image.bin (image.bin is your new freeBOOT image) and copy it to the nandpro folder. Rename it to what ever you want (the image.bin file I mean)
Step 15
Flash the new freeBOOT image to your NAND using nandpro (You should already know how to do this, if not there is the link to Eclipse's Tutorial at the bottom of this page). After the flash is done, unplug you LPT/USB NAND flash and the power cable and wait 5 minutes.
Step 16
Turn on your console with the power button and enjoy your freeBOOT!
Useful Links
http://www.se7ensins.com/forums/topic/108432-how-to-do-the-jtag-hackdump-nandxell/ - Eclipse's Tutorial on installing a LPT cable, dumping the NAND, and retrieving the CPU key.
Thanks
-Free60 for creating this awesome program
-Some random guy online for the donator files
NOTE: Sorry for the weird pictures, don't know why there is white around them.
Hope this helps!
- MIND
