Console Modding------ ( Here you can talk about your favorite Consoles ) > Tutorials
Reset Glitch Hack RGH
Rodent:
Bump because i can , Reason I bumped is cause i updated the Matrix Glitcher chip for RGH 2.0 For phat consoles. when i get time i will add the R-Jtag to this or new tutorial
Rodent:
--- Quote ---Team Xecuter's Xenon Reset Glitch Hack
Categories: Featured Articles
We are happy to finally release the Xenon RGH Hack. This is by no means meant to be used for an everyday RGH as its as bad if not worse than a Zephyr, however it does work and will be perfect for those who have a Xenon where they lost their DVD key or an unbanned key vault.
Here is the readme included with the release:
Wiring
Generate your ecc image using the latest version of J-Runner and flash to your NAND (+w16 just like a regular RGH).
Program your TX CoolRunner (or whatever flavor RGH mod you are using) with the tx-xenon.xsvf or tx-xenon.jed file.
The Xenon has a capacitor on CPU_RST that was removed in later models. C7R112 (located near the xclamp under the CPU) must be de-soldered, and the CPU_RST wire from the TX CoolRunner(D) must be soldered to the left pad (non grounded pad).
A 47nf ( 0.047uf) capacitor needs to be added between PLL_BYPASS(+) and GND(-). (If you have a genuine TX CoolRunner REV B you can use the on-board by bridging the CAP jumper)
A 220-270pf capacitor should be added between CPU_RST(+) and GND(-) on the cpld. (If you have a genuine TX CoolRunner REV B this is already included in the design so not required)
An easy to follow picture guide can be found here: http://www.team-xecuter.com/coolrunner/install/phat_xenon.jpg
Troubleshooting
Using a TX CoolRunner Rev B, and after applying various troubleshooting measures we have had glitches ranging from instant to 20 minutes.
The debug LED should flash on for less than a second and repeat every 5 seconds. If your LED stays on or does not come on at all, it is usually because of something being wrong with PLL_BYPASS. Try different values of capacitors and wires. If you have enabled the CAP on REV B of the TX CoolRunner, simply un-bridge it and try a 47nF cap instead as per the instructions above.
If it still has not glitched after several hours, try different values of capacitors on CPU_RST of your RGH mod. A longer wire / low-loss 50 ohm double shielded cable may also help with this.
To help increase boot times and stability (on all RGH installs not just Xenon) we recommend that you try Low-Loss Double Shielded 50 ohm cable. It's very cheap to use and quite effective – so a quick shout out to www.xconsoles.com who supplied a batch of high quality cable for our development team to use. It's less than 75 cents a foot – not bad.
NOTE: Remember when programming the TX CoolRunner that the Xbox power is NOT connected and that the switch is set to PRG before you connect the JTAG cable. If you connect the JTAG cable and it is set to NOR with the Xbox power connected, it can damage your NAND-X and/or CoolRunner. When you have finished programming, switch it back to NOR and then power on the Xbox.
The Xenon Hack
Please note that this hack is not available on consoles updated to dashboards 14717 or 14719.
If you are seeing the debug led it means that the cpu is probably not crashing and the issue addressed by gligli/tiros has been fixed (This can of course be a false positive as sometimes the CPU could be crashing but the SMC restarts fine – we can never be 100% sure)
So far, this is really only useful for a one time cpu_key dump. There will undoubtedly be ways of optimizing this hack in the future and who knows, it may become a reliable glitch one day.
We would appreciate that you give as much feedback to our support forums as possible to help others achieve better results and to improve this method. For now we can leave this and go back to RGH2.0 for Zephyr, Falcon, Jasper and also of course, the Corona.
TX CoolRunner Support Forums: http://www.team-xecuter.com/forums/forumdisplay.php?f=174
Enjoy!
Xbox 360 Xenon RGH Hack brought to you by the Xecuter RGH Development Team
www.team-xecuter.com
Thanks
Thanks are extended to Tiros & Gligli, without your work none of this would have been possible.
A special thanks goes out to cOz – your work on Dashlaunch proved to be an invaluable contribution and we look froward to your next exciting project.
Greets: Team Jungle, Team FSD, Freeboot, Libxenon & RGLoader.
--- End quote ---
Just another update for those of you trying to retrieve keys on Xenons. i meant to add this a while ago just been very busy
*just tried this and found out mine has a spit CB_A 1926 CB_B1926 can not creat ecc.
Rodent:
For RGH2 Jasper and RGH2 Falcon run the wires like this using Slim Blue Wire
Coolrunner REV C
Remove the C8 Cap
and bridge points 2 and 3
switching the coolrunner to slim after programming it works the best for boot times
Program the coolrunner for jasper RGH2 with timing file A
Program the coolrunner for Falcon RGH2 with timing file B
images shown here for wiring this is a jasper 512mb bb i do them all the same way
for all jaspers 16mb and 256mb and falcon 16mb rgh 2 14717 and up dashboards to previous 16756
(sorry for the dirty pics)
nand dumps make sure its on RGH2 not R-jtag
shown here part 1 first boot times
Part1
http://youtu.be/O44iVkyL5U8
shown here part 2 consistant boot times
Part 2
http://youtu.be/xyOMrzn-NAw
shown here part 3 fully assembled and great boot times still
Part 3
http://youtu.be/icvb1nlrIV4
Falcon RGH2 just as the same wiring as the jasperShown here Part 1
http://youtu.be/GrvdxvbhQhk
Shown here part 2 fully assembled now 16 second boot time
Part 2
http://youtu.be/jKaygxGKuRY
Rodent:
Just another update for cheap nand programmer to program and to read/write the nand
I been talking to KingMike_OS and both of us are having issues with Matrix Triple nand if anyone has any info on how to read and write the nand with a Matrix Triple nand please post. having issues detecting the USB device that reads and writes the nand to the Triple nand chip
Gizmo613:
what programs are you using to program the nands? i know recent jrunner are not properly detecting other brand products.
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version