XBOX 360 JTAG TUTORIAL
IntroductionThis tutorial will show you how to preform the Jtag mod on all applicable xbox360 units. This tutorial will be taken from many sites all over the web. I recently preformed this hack on my xbox and had a lot of problems getting all the info together. I am going to try to make the most complete and up to date jtag tutorial available. Once again this is only for xboxes running a dashboard of ***7371 or lower.
This tutorial is derived from the crazy modder tutorial and other various sites, pics are new, or tagged by the various sites they were taken from. This is done to help create a complete tutorial.
Parts Needed - 5X100ohm 1/4w 5% resistors
- 3x1N914 - 1N4148
- 1xrj45 coupler
- 1xcat5 cable
- 1xdb25 (male) connector
- 30awg wire
- nandpro23e (will be in the DL package)
Tools Needed - Soldering Iron
- solder+flux
- razor knife
- dremel or metal snips
- hot glue gun
Software Needed Difficulty rating: 4/5
Average Time to Complete: 2-3 hours
step by step tutorial step 1Determine which type of mother board you have by looking at this picture.
step 2Make jtag connections, look at the picture below for your type of motherboard
edit: here is an alternate wiring method that has been found to replace the "all other board" pic. this this new "reverse" method, all connections for jtag are done on the bottom of the mobo and are easier to get to.
step3Make LPT cable connections this is the same for all motherboards.
step 4Mount a rj45 jack mounted under the HDD
step 5Then use one end of the Ethernet cable soldered to the motherboard connections,
Connect the other end (matching the colors) to the db25 plug.
At this point the physical modifications are done, if you are comfortable with your skills, close up the xbox and take a break. Move the xbox into a usable position plug the power adapter into the xbox and plug the lpt cable into the pc you will be using, dont turn the xbox on.
A few notes here as we move into programing.
1. There are different programs and versions of each to do this, but they all get us where we want to be in the end which is a freeboot up to date dashboard with xexmenu installed.
2. My machine used for dumping and flashing was running a xp os. as I assume units with a lpt port will be.
3. Familiarize your self with the dos commands we are using will help understand whats going on and why.
"C:\Nandpro20e\nandpro.exe lpt: -r16 nand1.bin" this is the command to read the nand.
"C:\" this designates the drive your using "Nandpro20e\" is the folder on that drive "nandpro20e,exe" is the program we are using "lpt" is the port "-r16" read/size" created file name
NAND Dump
Step 1You will need this:
Nandpro20eThe first thing you need to do is unzip nandpro20e into a folder of the same name. Then place that folder in the root of your computers HDD. start>computer>local disk...place folder here
step 2Now open a command prompt start>run>cmd
In the command prompt type "C:\Nandpro20e\nandpro.exe lpt: -r16 nand1.bin" without the quotes. Now you will know if you did it right or not. it should look very similar to the following picture, the last line should be a set of numbers that are counting up. Anything else and you need to check your wiring:
during the course of the read, you man get a "bad block xxx bad block xxx found at 3ff" message. This will be ok, write down the message so we can remap it later. You will also be able to get this from degraded or the 360 flash tool later if you need to.
step 2 ok after a half an hour or so, it should end at 003ff and await a new command. minimize your terminal and navigate to you nandpro20e folder. (the one we put on the root drive) **this is where things changed for me, and I think it depends on your os setup**in the nandpro20e you should see a new file called nand1.bin if you dont you can do a search for it. I found mine in start>computer>localdisk>documents and settings>matt Once you find the nand1.bin remember where on your hdd this was placed, all files will be in the same location. rename it to nand original.
step 3Now go back to your command prompt and dump another copy of the nand using the same command "C:\Nandpro20e\nandpro.exe lpt: -r16 nand1.bin" without the quotes. It will start counting again wait another half hour and it should finish just like last time. If you had a bad block in your last read, it should be in the same location as this one continue, we will fix that later.
Once you have two dumps of your nand, we need to make sure they are both identical. to do that we will use a hex editor to compare them.
step 4You will need this:
total commanderAfter installing Total Commander open it, click file>compare by content, a new window will open. In the first box open the nand original and in the second, open nand1. (or however you renamed them) If total commander states they are identical, you are good to go. If not check soldering and dump the nand again. once you have two identical dumps you can move forward.
Save one copy of your nand, I put mine on a sd card and put it in my desk drawer for safe keeping.
Flashing xell to get cpu keystep 1We need is our cpu key. To get this we are going to briefly flash xell/free60 onto the xbox.
You will need the correct image for your mother board:
free60Extract the folder for your mobo, extract the .bin file for your mobo and place it in your same folder you found the original read of your nand. To make it easy, rename it to Xell.bin we will now flash Xell.bin onto the xbox 360 so we can get our cpu key.
step 2With your xbox plugged in (turned off), and the lpt cable plugged in, open your command promt again (start>run>cmd) and enter this without the quotes into the command line: "C:\Nandpro20e\nandpro.exe lpt: -w16 Xell.bin" This should not take very long as we are just flashing the first part of the nand.
step 3When this is done writing, unplug your lpt cable and turn on your xbox. You will want to have a camera ready to catch a image of your CPU key.
A BLUE SCREEN SHOULD COME UP AND LOOK LIKE THIS
OBVIOUSLY I MARKED OUT MY CPU KEY. NOW YOUR CPU KEY WILL BE A TOTAL OF 32 NUMBERS
AND OR LETTERS. SO PUT TOGETHER LINES 3/5 OR 4/6, AND THAT WILL BE YOUR CPU KEY. MAKE SURE TO TAKE A PICTURE OF THE SCREEN, OR WRITE REALLY FAST. OPEN NOTEPAD AND TYPE YOUR CPU KEY IN THERE. YOU WILL NEED THIS!!
Building a freeboot dashboardOk now that you have your cpu key we can build your freeboot image. We will first extract our kv.bin and config.bin from our nand, then use our nand and CPU key to create a freeboot image, then flash our kv and config on top of the new freeboot, fix any bad block errors, and finally flash the entire image onto our xbox. This tutorial is being created in October 2011. For the current xbox dashboard.
step 1Extract your kv from your nand1 file. To do this, open the command prompt (start>run>cmd)and type
"C:\Nandpro20e\nandpro.exe nand1.bin: -r16 kv.bin 1 1" without the quotes
step2Extract your config from your nand1 file. To do this open the command prompt (start>run>cmd)and type
"c:\Nandpro20e\nandpro.exe nand1.bin: -r16 config.bin 3de 2" no quotes
Now you have three files we need. nand1.bin, kv.bin, config.bin. we will also need our cpu key
step 3you will need this: the newest version of freeboot. (included with the 16179 dashboard update)
Open the freeboot program, enter your cpu key, and press create frooboot. it will ask you for your nand file, select your nand1 file and continue. Once it completes, you will have a new file called freeBOOT.bin in your nandpro20e ffolder.
step4Write your kv.bin and config.bin to your new freeBoot.bin file. To do this open the command prompt (start>run>cmd)and type:
"c:\Nandpro20e\nandpro.exe freeboot.bin: -w16 kv.bin 1 1
then type:
"c:\Nandpro20e\nandpro.exe freeboot.bin: -w16 config.bin 3de 2
step 5This next step is only necessary if you had errors in your nand read. If you did not have errors, proceed to the next step.
We need to remap your bad blocks. when you read your nand after reading, in the command promt there was a message that said:
"bad block at
???"
"bad block
??? found at 0x3ff"
(the question mark will be your hex number)
To do this we will use nandpro in the command prompt again. (start>run>cmd) then type:
"C:\nandpro20e\nandpro freeboot.bin: -r16
???.bin
??? 1"
Then type:
"C:\nandpro20e\nandpro.exe freeboot.bin: -w16
???.bin
??? 3FF 1"
If you have more bad blocks, you will want to do the same for those.
step 6Time to flash our completed freeBOOT.bin image to our xbox.
Hook up the xbox and plug in the lpt cable. Open a command prompt (start<run>cmd) then type:
"c:\nandpro20e\nandpro.exe lpt: -w16 freeboot.bin
After it completes the writing process, the job is done. Plug in an official memory card, hdd, or xbox formatted memory stick and turn on your xbox, it should boot into the current xbox dashboard. It should walk you through the initial xbox setup menu. At this point you are done with the lpt cable. The rest of programming can be done by usb, with a transfer cable using your official hdd, or a burned disk.
Your next set is to apply the official update, then install xex menu, dashlaunch and freestyle dash.
See below for any updates.
