What's new

Question Xbox 360 Programmed CPU (all fuse sets are 0 except Fuse00)

  • Thread starter devilhunter1990
  • Start date
  • Views 3,117
devilhunter1990

devilhunter1990

Enthusiast
Messages
303
Reaction score
37
Points
115
Sin$
7
Greetings,

A 4-5 months ago I posted a thread (now it has been archived https://www.se7ensins.com/forums/threads/new-xbox-cpu-with-0-efuses-all-fuses.1736634/) on how to setup a unprogrammed Xbox 360 (phat) as a dev unit, Im redoing the same but to make it as retail with 0 LDV, in other words you can run a blade dash / NXE retail and possibly run Jtag hack on it! Long story short, I was shocked when I found ebay listing for old dashboard consoles being sold 300$+ and decided to buy the CPU for 20$ and try it myself.

Now Im trying to boot a retail dashboard for this new CPU but with no avail, I can however, run devkit image through RGH2 . I assume this has to do with LDV and CFLDV .





Note that my CB LDV looks like FuseSet 02: 00000000F

Even though the recovery disk is dated in NOV 2008, it setup my cpu with CB LDV 8, now I believe Im stuck.

Here is the steps I followed,

1- RGH 1.2 or RGH2 install
2- Run a devkit image (use Xecuter's Fusion 1.09)
3- Insert XenonRecoveryDisk once the dashboard is booted ( it wont launch otherwise and kernel panic)
4- You can now set the console as devkit or as a retail (press Y for retail)
5- The console now will reboot
6- If you are using a slim console then you are fine, if you are running it on FAT, the console now is bricked (black screen) .
7-Creat ECC for RGH2 and write it
8-you will be greeted with Xell with all with a new CPU key ( CPU fuse line isnt 0 now)
9- ???????


This is where Im stuck, I do have all information but cant run any retail dashboard.


please share your thoughts.

Many thanks!

=============P.S=============

at step 4, if you go for a dev option, Fuse02 will be intact and reports all 0s. and you can run any remote recovery or recovery disk and install the latest leaked ver. of XDK. You can also remove all wires for both glitcher and nand reader.

I have one last unprogrammed CPU at hand if someone have a clue on how to modify recovery disk to burn certain fuseline.
 
Last edited:
devilhunter1990

devilhunter1990

Enthusiast
Messages
303
Reaction score
37
Points
115
Sin$
7
If I can run say any dashboard 7371 or below through RGH2 then I use a retail update, will it fail the CB LDV?

I also tried to run it with R-Jtop (R-Jtag) with AUD_Clamp, it doesnt work at all.
 
Last edited:
T

truemaster

Enthusiast
Messages
35
Reaction score
8
Points
55
Sin$
7
thats cool. a real way to downgrade xbox 360 and make it jtagable.i would like to know more. how to burn efusses for retail one? the cpu key? can i manualy burn an exact same one like the rgh2 cpu i have? or a new one will be created here an exaple of what i mean
my current one
fuseset 00: c0ffffffffffffff
fuseset 01: 0f0f0f0f0f0f0ff0 retail flag
fuseset 02: 000000f00f0f0000 3f means rgh1.2-rgh2-r-jtag
fuseset 03: 1111111111111111 not my real key obviously
fuseset 04: 1111111111111111 not my real key obviously
fuseset 05: 2222222222222222 not my real key obviously
fuseset 06: 2222222222222222 not my real key obviously
fuseset 07: ffffffffffffffff f here nean burn efusses
fuseset 08: ffffffff00000000 total 24f=ldv24
fuseset 09: 0000000000000000
fuseset 10: 0000000000000000
fuseset 11: 0000000000000000

and i aim for this
fuseset 00: c0ffffffffffffff
fuseset 01: 0f0f0f0f0f0f0ff0 retail flag
fuseset 02: 000000f000000000 1f for jtag
fuseset 03: 1111111111111111
fuseset 04: 1111111111111111
fuseset 05: 2222222222222222 if possible the same cpu key as my old cpu
fuseset 06: 2222222222222222
fuseset 07: f000000000000000 1f=ldv1 up to 7371 official dash i think
fuseset 08: 0000000000000000
fuseset 09: 0000000000000000
fuseset 10: 0000000000000000
fuseset 11: 0000000000000000

but if there is no way to generate an exact cpu key how to create a new kv? and were i can find 0ldv cpus?
i just cant stand people sell unoppen consoles really high in prize just because are jtagable. tis find is amazing
 
T

truemaster

Enthusiast
Messages
35
Reaction score
8
Points
55
Sin$
7
ive made a little research. since there is no kv for your new cpu you cant run retail only hacked image. there is a tautorial for that its called how to create a new nand when lost everything. your fuseset 02 has retail flag and 03 has 1 f that means a jtag and a jtag hacked image with 0 ldv would work i believe
 
devilhunter1990

devilhunter1990

Enthusiast
Messages
303
Reaction score
37
Points
115
Sin$
7
ive made a little research. since there is no kv for your new cpu you cant run retail only hacked image. there is a tautorial for that its called how to create a new nand when lost everything. your fuseset 02 has retail flag and 03 has 1 f that means a jtag and a jtag hacked image with 0 ldv would work i believe

There are two LDV(s)

1- CB LDV & the second is CF LDV.

The original SMC hack "J-tag" is based on a bug in CB part of the boot loader, my approach doesn't tackle burning CB LDV fuse value through using Xell ; for example. Unprogrammed Xbox 360 CPU (all values are 0) can boot either a special manufacturer mode through which CPU key is undefined and all values are 0s. But, it can only boot a dev kernel and possible a debug kernel if it ever exists. I should also note recovery disk has the algorithm to generate a valid CPU key for your CPU and also if you have DVD rom connected, the key is regenerated and the DVD rom is remarried.

The first line Fuse 01 determines whether your console is dev or retail, the third line is CB LDV and the rest is CPU key and CF LDV, if you can manage to run a dev dashboard like TX Fusion's through RGH2 / RGH1 of course , then by rnning a dev recovery disk then you get the option to either set the CPU as Dev or Retail , going for dev will leave CB LDV fuse line intact and it will burn the Fuse01 as a dev unit. If you however set it as a retail, it will set the CPU accordingly but CB LDV is determined by the hacked image you can use (in my case Fusions, and this fusion is running dashboard 13xxx and thus I got CB LDV of 8). If this CB LDV can be modified in the memory during the update , then yes you can have a blade dash running on this new CPU.

Note that you cant run a retail dashboard even through building a patched retail dashboard using Xebuild the console simply RROD.

To program those CPUs to run a retail low dashboard requires you to either run a very old and patched Dev Dashboard then run recovery disk , or maybe patch XeBuild image to bypass Fuse01 that of retail/Devkit (Im not really sure if Xebuild by passes fuse01 already).

I found a 7371 with patched bootloaders to run on RGH1, will test this and hope it can run this crazy CPU ( I still have one in my inventory).
My goal is to reduce the number of ebay listing of 300$ + Jasper consoles running blade dash / NXE dashboards.

Id rather to play some Xbox 360 games than figuring out how to run this **** XD
 
T

truemaster

Enthusiast
Messages
35
Reaction score
8
Points
55
Sin$
7
i cant agree more 300 for a blade dash or nxe box is overpriced. i have a jasper rgh1.2 that works fine. and a falcon rgh1 i would like to do some play and this cpu swap on falcon but only if can became jtgable. the way i see it that method make rgh1 cpu not jtag sadly but maybe xell can but dont know how to make it burn fusses as desired
 
Last edited:
devilhunter1990

devilhunter1990

Enthusiast
Messages
303
Reaction score
37
Points
115
Sin$
7
I bought a console for 10$ , it was a jasper with mfg 11th June 2009 with a damaged case to swap the cpu and redo the same but

2gvtq3l.jpg


14lrep3.jpg


It has an exploitable cb....

The drive was stuck firmly, got it fixed and the console is hardly been used, the poor kid tried to dismantle the Xbox.

The irony is I could t find jtagable xbox when I was looking for one !
 
Last edited:
devilhunter1990

devilhunter1990

Enthusiast
Messages
303
Reaction score
37
Points
115
Sin$
7
Once again I bought another console, swapped the CPU and I tried to flash it with a devkit nand dump to see how it will behave, still getting an RROD, you cant pass CB identification confirming what ddxcb ddxcb had previously mentioned.

I wonder what will happen if you bridge the points responsible to blow e-fuses or remove resistor R6T3 and then you run devkit recovery disk? in my understanding R6T3 is only responsible for CB LDV or other parts of e-fuses?


The 0 CPU can only boots dev kernel for some reason, I read somewhere in Free60 that there is a special kernel for the 0 CPU to load. For some reason, dev kernel doesnt halt 0 CPU to load.

I can load retail kernel if you "shadowboot" with a retail kernel bear in mind it will halt in XAM as well & also when you update your kernel when using shadow boot, the CB counter will increase according to the Nand CB not the shadowboot's. In other words, an RGH dev kernel of Dashboard 6xxx or 7xxx is needed to burn e-fuses & CB correctly.

I will be stuck here for a while I guess.
 
ddxcb

ddxcb

Contributor
Messages
1,647
Reaction score
275
Points
285
Sin$
0
Once again I bought another console, swapped the CPU and I tried to flash it with a devkit nand dump to see how it will behave, still getting an RROD, you cant pass CB identification confirming what ddxcb ddxcb had previously mentioned.

I wonder what will happen if you bridge the points responsible to blow e-fuses or remove resistor R6T3 and then you run devkit recovery disk? in my understanding R6T3 is only responsible for CB LDV or other parts of e-fuses?


The 0 CPU can only boots dev kernel for some reason, I read somewhere in Free60 that there is a special kernel for the 0 CPU to load. For some reason, dev kernel doesnt halt 0 CPU to load.

I can load retail kernel if you "shadowboot" with a retail kernel bear in mind it will halt in XAM as well & also when you update your kernel when using shadow boot, the CB counter will increase according to the Nand CB not the shadowboot's. In other words, an RGH dev kernel of Dashboard 6xxx or 7xxx is needed to burn e-fuses & CB correctly.

I will be stuck here for a while I guess.
The R6T3 is for the eFuse for all the fuses.

the reason retail fails to boot if the fuses isnt set up correctly. dev ignore most of the checks, hence it can boot with mostly blanked fuses.
 
devilhunter1990

devilhunter1990

Enthusiast
Messages
303
Reaction score
37
Points
115
Sin$
7
The R6T3 is for the eFuse for all the fuses.
Thanks a lot sit! you saved me lot of headache.
the reason retail fails to boot if the fuses isnt set up correctly. dev ignore most of the checks, hence it can boot with mostly blanked fuses.
actually Jtag Xell is working on this 0 CPU. Im trying to build a devkit img with of course a jtagable CB and then if I run the recovery disk it wont screw up my CB LDV again.

Benjamin Rush

there is no need for you to use RGH-2 on a your console (zephyr) when Xell (jtag img) can load normally even when the CB LDV is 0.
 
devilhunter1990

devilhunter1990

Enthusiast
Messages
303
Reaction score
37
Points
115
Sin$
7
The R6T3 is for the eFuse for all the fuses.

the reason retail fails to boot if the fuses isnt set up correctly. dev ignore most of the checks, hence it can boot with mostly blanked fuses.
And thanks a lot sir, you saved me lot of trouble.

How you have this much insight of the subject !?

Clever boy
 
devilhunter1990

devilhunter1990

Enthusiast
Messages
303
Reaction score
37
Points
115
Sin$
7
Got a question here, any idea how to reassign a KV of a devkit image with a 0 KV? RGL sadly refuses to build an image with 0 CPU key in it. Also, why an RGH2 0 KV Devkit image boots normally when a Jtag 0 KV devkit image stucks somewhere? I tried R-Jtag to by pass old CB authentication still fails and yields black screen (Xell works however)
 
devilhunter1990

devilhunter1990

Enthusiast
Messages
303
Reaction score
37
Points
115
Sin$
7
Update:

Managed to create a Dev img using Xebuild, I have used the provided sample dev ini, but I used the latest dev bootloaders and patched the latest file system.

I tried it the system gives E79

 
devilhunter1990

devilhunter1990

Enthusiast
Messages
303
Reaction score
37
Points
115
Sin$
7
Update:

I can now run a recovery disk on this 0 CPU, I have to take a a nand dump of an OLD DevKit Image and rebuild it so that when I select retail option via recovery disk the new CB will be Jtagable and aslo can run "blade dash" and older firmware.

For those who have bricked there XDK, they can flash this image and through recovery disk, make sure to insert the disk before powering on the console.

Also as a bonus, you can have my xebuild dev image folder and if you want to build your own image.

https://www.mediafire.com/file/ogjosa97u25b688/DevKitRECOVERYJASPER.bin/file

Devkit Xebuild folder (just place it in xebuild folder)

https://www.mediafire.com/file/dvvcs3muj355fc6/17489_Dev_Image.rar/file
 
Last edited:
devilhunter1990

devilhunter1990

Enthusiast
Messages
303
Reaction score
37
Points
115
Sin$
7
Finally Im able to run 6719 Dev Kernel on this crazy unprogrammed CPU.

This is Xebuild output & dashboard pictures, note for some reason BootAnimation.xex is crashing, thus you have to wait for the xbox to run Xam then you can insert the recovery disk.

 
devilhunter1990

devilhunter1990

Enthusiast
Messages
303
Reaction score
37
Points
115
Sin$
7
But for whatever reason, the devkit recovery disk gives you the option to flash your console as Retail Or Devkit, I have selected Retail but then this has happened



it burnt Fuse01 as a devkit for some bulls*** reason.

at this point custom patches for xebuild is required to build retail CB with sc,sd,se dev bootloaders and file system; this has been done by Xecuter Fusion's team.

I tried fusion's Jtag img on 0 CPU and it just black screen no post and console doesnt reboot. and I dont think recovery disk was booting.
 
ddxcb

ddxcb

Contributor
Messages
1,647
Reaction score
275
Points
285
Sin$
0
But for whatever reason, the devkit recovery disk gives you the option to flash your console as Retail Or Devkit, I have selected Retail but then this has happened



it burnt Fuse01 as a devkit for some bulls*** reason.

at this point custom patches for xebuild is required to build retail CB with sc,sd,se dev bootloaders and file system; this has been done by Xecuter Fusion's team.

I tried fusion's Jtag img on 0 CPU and it just black screen no post and console doesnt reboot. and I dont think recovery disk was booting.

I thought the recovery disk option for either dev/retail was just modifying dashboard.xbx (might get the name wrong) to set to xshell.xex for dev or dash.xex for retail.
 
Top Bottom
Login
Register