Found this nice tut on nzbmatrix forums so i thought it would help here.
Credit to: hybriduno
** NOTE : There is still no XBR_hack for jasper 256 and 512 yet.
The very first thing you need to check, is your xbox kernel. At the time of writing, the most recent kernel is : 2.0.8955.0
* Turn on your xbox and go to console settings.
* Go to system info, the kernel version is on top right.
As of 5/12/09 (December 5th 2009) If you have kernel 2.0.8495.0 or HIGHER, YOU CANNOT INSTALL XBReboot.
If you have kernel 2.0.7371.0 or lower, there is one more check to do, which requires you to read the nand chip with a homemade lpt nand reader. USB Version
** There is no other 100% way of knowing your CB version without reading the nand.
Follow this thread to build a cable, Simple Db-25/cat5 Lpt Nand Dump/flash Cable Tut
Use this site to determine which motherboard type you have : Xbox 360 revisions
Once the cable is ready and double checked, grab nandpro20b from Xbins (Make sure its version 2.0b)
Follow these steps to read your nand :
* Make sure port95nt.exe is installed, if it's not, install it (from nandpro20b folder) you might need to reboot.
* Plug your 360, but don't power it on.
* Plug the lpt cable
* Go to the nandpro20b folder and type :
* nandpro lpt: -r16 orig.bin
* MAKE SURE THAT THE FLASH CONFIG SAYS : FlashConfig:01198010 , if it doesn't , refer to troubleshooting at end of guide.
* Wait patiently...
* If there are errors, refer to trouble shooting at end of guide.
* If there are no errors, read the nand again :
* nandpro lpt: -r orig2.bin
* Reading it a 3rd time is not a bad idea.
Once you have a good dump , at any point you can restore it to your 360. Follow instructions at end of guide.
How to make sure you have a good dump :
* First , compare the dumps together using a hex editor or other tool, they should match 100%
* Grab Degraded from Xbins.
* Run Degraded and click settings, enter key you found using google "Degraded 1BL key" should pop right up.
* After you set the key click Valid next to it and set the File System Start to 39. Click ok.
* Open orig.bin
* If you get, cannot read file , you must edit the orig.bin file. Make a copy of it, origcopy.bin and open it up in your hex editor. At offset 0x0012 , you will see 2004 - 2007 Microsoft Corporation...
* Change it to : 2004 - 2005 Microsoft Corporation and it will open with Degraded :
(This picture shows an unexploitable CB version)
If Degraded shows you some bad blocks, refer to the bad blocks section at the end of the guide.
Check which version of CB you have.
Exploitable CB versions:
1888, 1902, 1903, 1920,1921: exploitable xenon
4558: exploitable Zephyr
5761, 5766, 5770: exploitable falcon
6712, 6723: exploitable jasper
These CB versions are patched so the JTAG/SMC Hack is no longer working: (CD = 8453 for all of them)
Xenon: 1922, 1923, 1940
Zephyr: 4571, 4572, 4578, 4579
Falcon/Opus: 5771
Jasper: 6750
More info here :
Xbox 360 Kernel
If you have an exploitable CB , then you are in luck , if you dont, then for now , there is nothing you can do but find another xbox 360.
So you have a 7371 or ealier kernel , and an exploitable CB you can install the JTAG HACK Refer to the picture for your motherboard under the Required Soldering topic. Once you wired your 360 this way, you install XBR to your nand.
*You 360 will not boot at this point, it needs code contained in XBR to boot with the JTAG hack.
Flashing XBR to your nand :
* Grab the XBR_8955 matching your board from Xbins
* Go to your nandpro20b folder
* nandpro orig.bin: -r16 rawkv.bin 1 1
* nandpro orig.bin: -r 16 rawconfig.bin 3de 2
* Now that you have extracted your keyvault and config blocks from your orig.bin, inject them in the xbr_8955.bin of your motherboard version :
* Rename the xbr_8955.bin of your board to xbr.bin to simplify things.
* nandpro xbr.bin: -w16 rawkv.bin 1 1
* nandpro xbr.bin: -w16 rawconfig.bin 3de 2
* Now that you've injected your keyvault and config into xbr.bin all you need to do is flash is back to your nand.
* nandpro lpt: -w16 xbr.bin
* Once done , unplug lpt cable from pc , turn on xbox and enjoy XBR.
* Problems? Refer to troubleshooting and end of guide.
Troubleshooting
I've gathered this from reading other people's posts, as i have not experienced any problems at all, except read errors above 0x200 while making first dump of my nand.
Nandpro / LPT notes : You should try to keep your cable as short as possible to avoid errors.
Nandpro FATAL ERROR :
* nandpro only works with certain USB adapters, and real LPT ports, not pci to lpt cards.
* Check wiring, check pc BIOS settings for parallel port mode SPP (Normal) but users report nandpro working fine on most lpt settings.
* Is port95nt.exe installed? Run port95nt.exe again
* Try a different pc
Nandpro Flashconfig: 01198010 / reading errors :
* Are you using the diode as explained in the cable making tutorial? The diode is a hit and miss, if you receive config 01198010 then its not needed. The diode goes with the black line towards the board , and pin 11 of lpt port connected to the other leg.
* Shorten your wires
* Are you using the 5 resistors? Some boards require you to solder directly, without using the resistors. This will fix reading errors above 0x200 that some experience.
* Check solder joints, make sure they are clean and they are not touching each other.
Nandpro Error 250:
* Error 250: This , in my experience means that the block is full of 0's, and is not an error you should be concerned about if you come across it once or twice. Of course if you keep getting Error 250, there might be an error elsewhere , or maybe you've flashed 0's all over your nand.
RRoD / Blackscreen / Error 79 :
* Do you have an exploitable CB? People seem to only look at their dash board and see it's 7371 or lower and think they can install XBR without verifying their CB to see if JTAG hack will work.
* Did you inject the rawkv.bin into xbr.bin ? (nandpro xbr.bin: -w16 rawkv.bin 1 1)
* Did you inject the rawconfig.bin into xbr.bin ? (nandpro xbr.bin: -w16 rawconfig.bin 3de 2)
* Did you have Bad Blocks in your orig.bin ? Did you follow the Bad Block Installation notes?
Restoring your original nand.
* Make sure port95nt.exe is installed, if it's not, install it (from nandpro20b folder) you might need to reboot.
* Plug your 360, but don't power it on.
* Plug the lpt cable
* Go to the nandpro20b folder and type :
* nandpro lpt: -w16 orig.bin
* Your nand is back to its original state.
* Remove the JTAG HACK or the 360 won't boot.
Bad Blocks in the nand
If Degraded shows you some bad blocks, you will have to move the blocks from your xbr.bin to where they are remapped.
You can try this tool , although it wasn't tested much : Bad Block Remapper
If you want to do it manually, you have to do this:
* Take the picture above as example.
* It says: Note : Block 0x2CE found at 0x3F8
* This is where the bad block 0x2CE was remapped.
* nandpro xbr.bin: -r16 block2ce.bin 2ce 1 (Reads block 0x02CE and saves as block2ce.bin)
* nandpro xbr.bin: -w16 block2ce.bin 3f8 1 (Write block2ce.bin to 0x3f8 where block is remapped)
* You will have to do this for each block.
* Here is the "formula":
* nandpro xbr.bin -r16 blockXXX.bin XXX 1 (Where XXX is the bad block number)
* nandpro xbr.bin -w16 blockXXX.bin YYY 1 (Where YYY is the address where block is found in degraded)
Tips on finding a xbox with an exploitable CB version
* According to this post most boards manufactured after june 2009 should come with an unexploitable CB version so seek something earlier.
* Obviously, must be be pre summer 09' update (kernel 7371 and lower)
* Find your serial number inside your xbox by going to console settings , system info. This is the real serial number, if you bought the 360 second hand , nothing guarantees the information on the back being accurate.
There is one trick to find the manufactured date with the serial number, this site shows how. The last 5 digits of your serial number determines the date YWWFF 74902 would be 2007 week 49 (december) factory code : Mexico
* Even if it was manufactured before june 2009, if its a second hand console , maybe it was sent to microsoft at some point and it could have been update then.
Playing content from a hdd that wasn't signed to this console
# Unscrew your hard drive case until you have just the hard drive and plug it in a SATA port of your pc.
# Grab xplorer360 from xbins and execute it.
# Open Hard drive
# Go to partition 3
# Your games are in Content�000000000000
# Extract the content you want.
# Most xbla should be contained in a single file
# Hex edit one of the content file the title of the xbla or the dlc is usually at 0x412
# Grab Yaris-Swap from xbins
# Open content file and patch it
# Inject back into hdd using xplorer360
# xplorer360 is drag and drop, use it
# xplorer360 needs a modification in order to see 120gb drives properly
Diagrams:
http://i3.photobucket.com/albums/y64/faranheit/Xbox360_Model_Guide.jpg
http://www.ep-comps.com/free60/diagrams&tutorials/SPI_&_JTAG_diagram_(zephyr-falcon-opus-jasper).png
http://www.ep-comps.com/free60/diagrams&tutorials/xenon_diagram.jpg
http://www.ep-comps.com/free60/diagrams&tutorials/360_power_points.jpg
also note the commamnd is nandpro orig.bin: -r16 rawkv.bin 1 1
* nandpro orig.bin: -r16 rawconfig.bin 3de 2
the top command i pasted had a space between the -r 16[/quote]
Credit to: hybriduno
** NOTE : There is still no XBR_hack for jasper 256 and 512 yet.
The very first thing you need to check, is your xbox kernel. At the time of writing, the most recent kernel is : 2.0.8955.0
* Turn on your xbox and go to console settings.
* Go to system info, the kernel version is on top right.
As of 5/12/09 (December 5th 2009) If you have kernel 2.0.8495.0 or HIGHER, YOU CANNOT INSTALL XBReboot.
If you have kernel 2.0.7371.0 or lower, there is one more check to do, which requires you to read the nand chip with a homemade lpt nand reader. USB Version
** There is no other 100% way of knowing your CB version without reading the nand.
Follow this thread to build a cable, Simple Db-25/cat5 Lpt Nand Dump/flash Cable Tut
Use this site to determine which motherboard type you have : Xbox 360 revisions
Once the cable is ready and double checked, grab nandpro20b from Xbins (Make sure its version 2.0b)
Follow these steps to read your nand :
* Make sure port95nt.exe is installed, if it's not, install it (from nandpro20b folder) you might need to reboot.
* Plug your 360, but don't power it on.
* Plug the lpt cable
* Go to the nandpro20b folder and type :
* nandpro lpt: -r16 orig.bin
* MAKE SURE THAT THE FLASH CONFIG SAYS : FlashConfig:01198010 , if it doesn't , refer to troubleshooting at end of guide.
* Wait patiently...
* If there are errors, refer to trouble shooting at end of guide.
* If there are no errors, read the nand again :
* nandpro lpt: -r orig2.bin
* Reading it a 3rd time is not a bad idea.
Once you have a good dump , at any point you can restore it to your 360. Follow instructions at end of guide.
How to make sure you have a good dump :
* First , compare the dumps together using a hex editor or other tool, they should match 100%
* Grab Degraded from Xbins.
* Run Degraded and click settings, enter key you found using google "Degraded 1BL key" should pop right up.
* After you set the key click Valid next to it and set the File System Start to 39. Click ok.
* Open orig.bin
* If you get, cannot read file , you must edit the orig.bin file. Make a copy of it, origcopy.bin and open it up in your hex editor. At offset 0x0012 , you will see 2004 - 2007 Microsoft Corporation...
* Change it to : 2004 - 2005 Microsoft Corporation and it will open with Degraded :
(This picture shows an unexploitable CB version)
If Degraded shows you some bad blocks, refer to the bad blocks section at the end of the guide.
Check which version of CB you have.
Exploitable CB versions:
1888, 1902, 1903, 1920,1921: exploitable xenon
4558: exploitable Zephyr
5761, 5766, 5770: exploitable falcon
6712, 6723: exploitable jasper
These CB versions are patched so the JTAG/SMC Hack is no longer working: (CD = 8453 for all of them)
Xenon: 1922, 1923, 1940
Zephyr: 4571, 4572, 4578, 4579
Falcon/Opus: 5771
Jasper: 6750
More info here :
Xbox 360 Kernel
If you have an exploitable CB , then you are in luck , if you dont, then for now , there is nothing you can do but find another xbox 360.
So you have a 7371 or ealier kernel , and an exploitable CB you can install the JTAG HACK Refer to the picture for your motherboard under the Required Soldering topic. Once you wired your 360 this way, you install XBR to your nand.
*You 360 will not boot at this point, it needs code contained in XBR to boot with the JTAG hack.
Flashing XBR to your nand :
* Grab the XBR_8955 matching your board from Xbins
* Go to your nandpro20b folder
* nandpro orig.bin: -r16 rawkv.bin 1 1
* nandpro orig.bin: -r 16 rawconfig.bin 3de 2
* Now that you have extracted your keyvault and config blocks from your orig.bin, inject them in the xbr_8955.bin of your motherboard version :
* Rename the xbr_8955.bin of your board to xbr.bin to simplify things.
* nandpro xbr.bin: -w16 rawkv.bin 1 1
* nandpro xbr.bin: -w16 rawconfig.bin 3de 2
* Now that you've injected your keyvault and config into xbr.bin all you need to do is flash is back to your nand.
* nandpro lpt: -w16 xbr.bin
* Once done , unplug lpt cable from pc , turn on xbox and enjoy XBR.
* Problems? Refer to troubleshooting and end of guide.
Troubleshooting
I've gathered this from reading other people's posts, as i have not experienced any problems at all, except read errors above 0x200 while making first dump of my nand.
Nandpro / LPT notes : You should try to keep your cable as short as possible to avoid errors.
Nandpro FATAL ERROR :
* nandpro only works with certain USB adapters, and real LPT ports, not pci to lpt cards.
* Check wiring, check pc BIOS settings for parallel port mode SPP (Normal) but users report nandpro working fine on most lpt settings.
* Is port95nt.exe installed? Run port95nt.exe again
* Try a different pc
Nandpro Flashconfig: 01198010 / reading errors :
* Are you using the diode as explained in the cable making tutorial? The diode is a hit and miss, if you receive config 01198010 then its not needed. The diode goes with the black line towards the board , and pin 11 of lpt port connected to the other leg.
* Shorten your wires
* Are you using the 5 resistors? Some boards require you to solder directly, without using the resistors. This will fix reading errors above 0x200 that some experience.
* Check solder joints, make sure they are clean and they are not touching each other.
Nandpro Error 250:
* Error 250: This , in my experience means that the block is full of 0's, and is not an error you should be concerned about if you come across it once or twice. Of course if you keep getting Error 250, there might be an error elsewhere , or maybe you've flashed 0's all over your nand.
RRoD / Blackscreen / Error 79 :
* Do you have an exploitable CB? People seem to only look at their dash board and see it's 7371 or lower and think they can install XBR without verifying their CB to see if JTAG hack will work.
* Did you inject the rawkv.bin into xbr.bin ? (nandpro xbr.bin: -w16 rawkv.bin 1 1)
* Did you inject the rawconfig.bin into xbr.bin ? (nandpro xbr.bin: -w16 rawconfig.bin 3de 2)
* Did you have Bad Blocks in your orig.bin ? Did you follow the Bad Block Installation notes?
Restoring your original nand.
* Make sure port95nt.exe is installed, if it's not, install it (from nandpro20b folder) you might need to reboot.
* Plug your 360, but don't power it on.
* Plug the lpt cable
* Go to the nandpro20b folder and type :
* nandpro lpt: -w16 orig.bin
* Your nand is back to its original state.
* Remove the JTAG HACK or the 360 won't boot.
Bad Blocks in the nand
If Degraded shows you some bad blocks, you will have to move the blocks from your xbr.bin to where they are remapped.
If you want to do it manually, you have to do this:
* Take the picture above as example.
* It says: Note : Block 0x2CE found at 0x3F8
* This is where the bad block 0x2CE was remapped.
* nandpro xbr.bin: -r16 block2ce.bin 2ce 1 (Reads block 0x02CE and saves as block2ce.bin)
* nandpro xbr.bin: -w16 block2ce.bin 3f8 1 (Write block2ce.bin to 0x3f8 where block is remapped)
* You will have to do this for each block.
* Here is the "formula":
* nandpro xbr.bin -r16 blockXXX.bin XXX 1 (Where XXX is the bad block number)
* nandpro xbr.bin -w16 blockXXX.bin YYY 1 (Where YYY is the address where block is found in degraded)
Tips on finding a xbox with an exploitable CB version
* According to this post most boards manufactured after june 2009 should come with an unexploitable CB version so seek something earlier.
* Obviously, must be be pre summer 09' update (kernel 7371 and lower)
* Find your serial number inside your xbox by going to console settings , system info. This is the real serial number, if you bought the 360 second hand , nothing guarantees the information on the back being accurate.
There is one trick to find the manufactured date with the serial number, this site shows how. The last 5 digits of your serial number determines the date YWWFF 74902 would be 2007 week 49 (december) factory code : Mexico
* Even if it was manufactured before june 2009, if its a second hand console , maybe it was sent to microsoft at some point and it could have been update then.
Playing content from a hdd that wasn't signed to this console
# Unscrew your hard drive case until you have just the hard drive and plug it in a SATA port of your pc.
# Grab xplorer360 from xbins and execute it.
# Open Hard drive
# Go to partition 3
# Your games are in Content�000000000000
# Extract the content you want.
# Most xbla should be contained in a single file
# Hex edit one of the content file the title of the xbla or the dlc is usually at 0x412
# Grab Yaris-Swap from xbins
# Open content file and patch it
# Inject back into hdd using xplorer360
# xplorer360 is drag and drop, use it
# xplorer360 needs a modification in order to see 120gb drives properly
Diagrams:
http://i3.photobucket.com/albums/y64/faranheit/Xbox360_Model_Guide.jpg
http://www.ep-comps.com/free60/diagrams&tutorials/SPI_&_JTAG_diagram_(zephyr-falcon-opus-jasper).png
http://www.ep-comps.com/free60/diagrams&tutorials/xenon_diagram.jpg
http://www.ep-comps.com/free60/diagrams&tutorials/360_power_points.jpg
also note the commamnd is nandpro orig.bin: -r16 rawkv.bin 1 1
* nandpro orig.bin: -r16 rawconfig.bin 3de 2
the top command i pasted had a space between the -r 16[/quote]
