**Snag the latest version of Jrunner v0.3 Beta (5) - it was just released recently** Step One: Have a copy of your current working or existing Nand and know your CPU key. The first thing you need is a copy of your nand! If you bought from a Seller who provided you with a CD along with your console, on that disc will be a copy of your Nanddump1.bin If you don't already have a copy of your nand, you can use a variety of methods to get it from your console: a)If on a phat or slim trinity you can use "Nand Flasher 360 v1.2" b)If on a Corona you can use "Simple 360 Nand Flasher w/4gb support" c)On any console that can boot Xell if you boot it with a network connection, and then type in that IP address into a web browser on the same local network you can actually pull a copy of your nand that way (may not work for Corona 4gb) For more information on dumping your nand from your Xbox hit the spoiler. Spoiler Method A from above (for all phats and Slim Trinity): Spoiler For Phats and Slim Trinities using "Nand Flasher 360 v1.2" is pretty easy. You can google and find a download of it easily. Load it onto a USB and hen it's as simple as using FSD file manager or XexMenu to browse to the default.xex and launching it. You'll get a window like this: It's straight forward - just click the "dump nandflash" button on the right side and wait. Don't press any buttons on the controller while this is happening. Then just power off the console and you'll find a "flashdmp.bin" or "nanddump.bin" in the nand flasher 360 folder on your USB. Method B from above (for Corona and Corona 4gb nands): It should be easy enough again to google and find a download of "simple nand flasher with 4gb support". Once again place the folder with the default.xex of the program on a USB. Using FSD or XexMenu browse to and launch the default.xex and on screen it should prompt you with several options like below: Spoiler Press X to dump your nand, wait for it to finish, then power off. If you put the USB back in your computer you'll find a flashdmp.bin or nanddump.bin in the folder along with simple nand flasher. Method C from above (should work on all consoles): Dumping your nand over the network is slow - you should only do this if for some reason none of the other methods work for you. For this to work you need to boot up Xell with a network cable plugged in (wifi will NOT work). When Xell is fully booted it will display an IP address towards the bottom that will be 192.168.X.X (the X's will be unique to your network). Simply take that IP address and type it into a web browser on a computer attached to the same network. You should get a page that looks like this: Spoiler Simply click the button to download your "raw flash" and name the file nanddump.bin and save it. This will take quite a while, and you have to leave your Xbox on and running Xell the whole time. You should be able to boot Xell by pressing the eject button with your console off to boot Xell and your CPU key will be displayed to you. Alternatively you should have it in a CPUkey.txt if you were provided with a backup of your nand files. Step Two: "Extract" the files that make up your Nand What we are trying to accomplish in this step is decrypting your nand to get at the files that make it up. In order to do this open up Jrunner and load your "nanddump1.bin" or "flashdmp.bin" file as Source. Then you'll need to put in your CPU key. You'll know that it's correct as long as the CPU key successfully decrypts the nand and reveals the info under the "KV Info" tab. If that info is missing/not populating then STOP! Spoiler Now simply click the Tools -> Extract Files Option. Make special note of the "Save location" that gets indicated in the output window If you browse to that location on your computer you should find these files: Step 3: Staging the files to build the new nand image with the new KV First thing you'll want to do at this point is close out of Jrunner completely, and then restart it so you are at a fresh blank window. From the blank Jrunner click on "Advanced" then "Create an image without nanddump.bin" you'll get a popup saying "kv.bin is missing" and then it should open the xebuild\data folder for your installation of Jrunner Spoiler Now, keep the xebuild/data folder open, as we are going to place the following files into it: 1) Your NEW KV.bin that you got from your KV seller. 2) The "smc_config.bin" from your ORIGINAL nand that we extracted earlier. 3) The "SMC_dec.bin" file from your ORIGINAL nand that we extracted earlier **but you need to rename it to just "SMC.bin" (take away the _dec). 4) The "fcrt_dec.bin" from your ORIGINAL nand that we extracted earlier **but you need to rename it to just "fcrt.bin" (take away the _dec). It should look something like this: Spoiler Step Four: Actually building the new nand image. At this point you probably still have Jrunner open on a blank window with nothing loaded, if not just fire Jrunner back up and make sure that there is nothing loaded in source or extra. Paste your CPU key into the CPU key are, and make sure that you have the appropriate type of hack selected in the upper right (JTAG,RGH1,RGH2) Spoiler Now simply click the "Advanced" then "create image without nanddump.bin" once again, this time since we've placed the files we won't get the error, but we'll get a popup asking us to "Choose LDV" LDV only matters on retail consoles, and retail consoles can't run replacement KVs so you can enter whatever you want. Just stick to "1", it doesn't really matter. You'll then be prompted for your console type, which is pretty easy - just pick the one that matches your console. You should then see the log go to town creating your new image. NOTE You will see this error in the log: ******* WARNING: could not verify pre-decrypted keyvault, please be sure your provided a valid kv.bin! This is completely normal! It's because the KV is different from the original. You should note in the log output that the "Build" should say the type of hack that you are using. If RGH1 it should say just "Glitch" if RGH2 it should say "Glitch (v2)" and so on. Make sure you double check this. Finally, in the log it will tell you where it wrote the newly created image, generally to the folder of the serial number of the console from the new KV, so just browse to that folder to find the new updflash.bin Spoiler And that's it! That newly created "updflash.bin" is the new KV with your CPU key and config files and is ready to be flashed to your console. Flash it with whatever method suits your fancy. (Xell, Nand Flasher 360, Simple Nand Flasher, or even hardware flash it). Optional Step: Making your DVD drive work with the new nand! If you followed the guide above exactly, you'll notice that your DVD drive information in the KV section of the newly created updflash.bin is actually that of the console that the new KV came out of, not of your original. Because of this if you flash that image "as is" the DVD drive will not work - you'll simply get the "Play DVD" option at the dashboard. If you want to fix that, it's very simple. Just load up the newly created "updflash.bin" file as source and paste in your CPU key if it doesn't populate automatically - then select "Advacned" then "Patch Nand" Spoiler In the dialog that appears, simply paste in your original DVD key, and select the proper OSIG that matches with your original nand (if you don't have these values saved somewhere you can load up your original nanddump.bin and save them). Spoiler Finally just make note of the log where it outputs the location of the new "updflash_patched.bin" file. You can rename it back to just plain old "updflash.bin" if you are going to flash it will Xell. Spoiler