[JTAG/RGH] How to build a hacked NAND image from scratch.

JeEnYuS Sep 20, 2013

  1. JeEnYuS

    JeEnYuS Newbie
    0/47

    Joined:
    Jan 1, 2012
    Messages:
    122
    Likes Received:
    44
    Trophy Points:
    0
    Gender:
    Male
    Location:
    Canada
    Console:
    Xbox
    This tutorial is only for those of you who; lost all of their original and hacked nand dumps + erased/corrupted the nand/flash the wrong image to the nand.

    [SIZE=large]If you find yourself in this situation then this tutorial will walk you step by step to make your RGH/JTAG console boot again. This is a one size fit all solution.[/SIZE]

    [SIZE=large]Take note that because you've lost all of your nand dumps, you won't be able to restore your console to retail ever again unless you have your original "kv.bin" and you will be unable to use your dvd drive until you extract it's key and patch the kv.[/SIZE]


    [SIZE=x-large]Before getting started you will need the following;[/SIZE]

    1. usb spi nand programmer(nand-x, jr-programmer, any will do(eMMC R/W kit for corona 4gb)
    2. J-Runner the ultimate JTAG/RGH app DOWNLOAD
    3. Extracted nand files that match you motherboard model (download below)


    [SIZE=x-large]Step 1; Recovery of cpu key and LDV's[/SIZE]


    • [SIZE=medium]Download one of the clean extracted donor nand files according to your motherboard model and extract the containing folder to the location of your choice;[/SIZE]
    Don't use these files to unban your console, first you don't have the original cpu key and second they are all coming from banned consoles. You have been warned!


    Extracted Nand Files Download

    Hidden Content:
    You must reply before you can see the hidden data contained here.





    • [SIZE=medium]Next you need to solder/plug in your nand programmer wires onto the motherboard [/SIZE]
    • [SIZE=medium]Open J-Runner app an click on "show working folder" button located at the bottom right[/SIZE]

    [​IMG]


    • [SIZE=medium]Open the folder name "data" located inside /J-Runner/xeBuild/ folders[/SIZE]

    • [SIZE=medium]Open your extracted nand files folder [/SIZE][SIZE=medium]and copy and paste KV.bin, SMC.bin, smc_config.bin and fcrt.bin(if required) to data folder. It should look like this.[/SIZE]

    [SIZE=x-large][​IMG][/SIZE]


    • In J-Runner, copy and paste this cpu key F37C0CD50B928F4E67614ACD548A4E49 in the cpu key section.

    • Choose dashboard version according your hack type (for JTAG choose 7371 - for phat rgh1 choose 14699 - for R-JTAG choose 15574 - for phat RGH2 choose 14719 - for slim choose anything above 14719)

    • Select your motherboard nand type.

    • Select retail as your image type.

    • It should look like this.

    [​IMG]


    • In J-Runner under the Advanced tab click on Create an image without nanddump.bin

    [​IMG]



    • Then you will be ask to enter LDV just enter any number between 1 and 80 and click ok.


    [​IMG]



    • At this point the dummy image should be successfully created and automatically loaded in the "Load Source" section.

    • Now with your nand programmer properly connected to both you pc and motherboard click on "Write Nand".

    • Wait until J-Runner is finish writing the nand and select your "hack type" then click on "Create ECC" for rgh machine or "Create Xell-Reloaded" for JTAG/R-JTAG machine.

    • Now click on "Write ECC" or "Write Xell-Reloaded" depending on your hack type[SIZE=11pt].[/SIZE]


    [​IMG]

    [​IMG]



    • You are now ready to boot xell and recover your cpu key.
    • Disconnect the nand wires from the nand programmer and Power ON your console and wait for xell to boot.
    • .
    • Once xell as booted write down your cpu key, fuseset 02 and fuseset 07/08.


    [​IMG]



    Understanding and calculating LDV's
    • Calculating CF/CG ldv is fairly simple. Just count the number of "F" in fuseset 07 to fuseset 11. So in the example above we have a cf/cg lock down value of 2.

    • Calculating CB LDV can be a little bit more trickier. You have to take the right-most "F" and calculate how many character it is from the left. In the example above the right-most "F" is 5 characters from the left so we have a cb lock down value of 5.

    • [SIZE=11pt]Understanding CB LDV; Quote from Martin C @ TX [/SIZE]


    • The example above is from a Jasper with a cb ldv cseq of 5, remember that this value can be translated to a dashboard version. So by looking at the chart below we can determine that dashboard 7371 would be the highest compatible version for this particular console.
    [​IMG]




    [SIZE=x-large]Step 2; Building the fake OG nand image[/SIZE]


    • Now back in J-Runner, enter your cpu key in the cpu key section.
    • Select your dashboard according to your CB LDV cseq
    • Select Retail as Image type.
    • Select Motherboard nand type.
    • Click on the "Advanced" tab and on "create an image without nanddump.bin"


    [​IMG]



    • You will be ask for LDV, this is the cf/cg LDV so you enter what you have in fuseset 07/08 and click "OK".

    [​IMG]


    • You have now created a fake original nand image. Even though you won't be able to boot your console with this image it would still be a good idea to keep it somewhere safe.

    • With your new image loaded in the "Load Source" section and your cpu key in the "Cpu Key" section click on the "kv info" tab. You will notice that the info in there are obviously not from your console. So now would be a good time, for those who can, to extract your dvd drive key and patch the key vault with the appropriate dvd key.

    • Click on the "XB Settings" tab, click on "Advanced XeBuild Options", paste your dvd key in the "dvdkey" section, click "OK" then click the "Use Edited Options" check box.
    [​IMG]
    • For DG16D5S and DLN10N owners; the easiest and cheapest way to make your dvd drive functional would be to install a TX LTU 2 pcb.




    Final Part; Building/writing the hacked image



    • Back in J-Runner, with your new fake original nand image loaded in the "Load Source" section and cpu key in the "Cpu Key" section select hack image type(Jtag - rgh - rgh2 - r-jtag), select your desired dashboard(should be the latest which is 17150 at the moment), select motherboard nand type. You can also edit dashlaunch and xeBuild options at this point.

    • Click on create xeBuild image. You will see 3 or 4 warning messages poping up which will ask you if you want to delete kv.bin, smc.bin, fcrt.bin and smc_config.bin. Click yes on all of them.
    [​IMG]


    • With your nand programmer properly connected to both your console and pc click on "Write Nand"

    • Disconnect nand wires, Boot your console and have fun.



    If this tutorial have helped you in any way or if you only downloaded the extracted nand files please click on the "Like This" button and drop a thanks.
     
    • Like Like x 35
  2. le

    leovicio Newbie
    0/47

    Joined:
    Dec 7, 2013
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    0
    I have done everything but xell does not start
     
  3. JeEnYuS

    JeEnYuS Newbie
    0/47

    Joined:
    Jan 1, 2012
    Messages:
    122
    Likes Received:
    44
    Trophy Points:
    0
    Gender:
    Male
    Location:
    Canada
    Console:
    Xbox
    You must've done something wrong.

    What's your console and hack type???
     
  4. HOKKUSPOKKUS

    HOKKUSPOKKUS XPG
    105/188

    Joined:
    Jan 4, 2013
    Messages:
    1,207
    Likes Received:
    569
    Trophy Points:
    105
    Gender:
    Female
    Location:
    French /Paris :-)
    Console:
    Xbox
    F.A.N.T.A.S.T.i.C
    [​IMG]
     
    • Like Like x 1
  5. le

    leovicio Newbie
    0/47

    Joined:
    Dec 7, 2013
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    0
  6. De

    DellBoy Veni Vidi Vici Lifetime Gold
    235/282

    Joined:
    May 5, 2012
    Messages:
    4,228
    Likes Received:
    2,565
    Trophy Points:
    235
    Location:
    Under Your Bed
    Console:
    Xbox
  7. Renegade

    Renegade Super Special Awesome XPG Developer
    105/188

    Joined:
    Nov 19, 2009
    Messages:
    1,212
    Likes Received:
    893
    Trophy Points:
    105
    Gender:
    Male
    Location:
    United Kingdom
    Console:
    Xbox
    Unfortunately I've seen worse on many occasions.

    But Leovicio, you have answered the question on your own. The Solder job on that is beyond awful. That is why it won't boot.
     
    • Like Like x 3
  8. le

    leovicio Newbie
    0/47

    Joined:
    Dec 7, 2013
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    0
    I did the best I could
    I'll redo and put new photos
     
  9. ha

    hajektom1 Newbie
    0/47

    Joined:
    Dec 26, 2013
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    0
    Hello,
    CoolRunner must also be connected and programmed?
    Thank you in advance for your answer, and sorry for the English, I'm from Czech Republic.
     
  10. JeEnYuS

    JeEnYuS Newbie
    0/47

    Joined:
    Jan 1, 2012
    Messages:
    122
    Likes Received:
    44
    Trophy Points:
    0
    Gender:
    Male
    Location:
    Canada
    Console:
    Xbox
    Correct.
     
  11. si

    sidewyz Newbie
    0/47

    Joined:
    Dec 28, 2013
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    0
    Total noob question, at what point does the coolrunner get programmed?
     
  12. pe

    peanutking Newbie
    0/47

    Joined:
    Jul 31, 2012
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    0
    Console:
    Xbox
    How would you lose everything or how do i keep from messing my jtag up like this
     
  13. sensi420

    sensi420 Contributor TeamXPG
    205/282

    Joined:
    May 20, 2012
    Messages:
    2,535
    Likes Received:
    5,092
    Trophy Points:
    205
    Location:
    In your kitchen drinking your MILK!!!
    Console:
    Xbox
    Best practice is to email yourself a copy of your nand and cpu key for future use, burn a backup on a blank CD or DVD, just keep a backup period.
    And install and leave in the nandx/jrprogrammer/spi reader wires that way you can reflash nand without having to open case repeatedly.

    You flash the coolrunner before you install it.His tutorial is for everything after a coolrunner is installed
     
  14. pe

    peanutking Newbie
    0/47

    Joined:
    Jul 31, 2012
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    0
    Console:
    Xbox
    Thanks for the info :)
     
  15. ha

    hajektom1 Newbie
    0/47

    Joined:
    Dec 26, 2013
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    0
    Hello,
    xbox still does not load into Xell, but when writing to the NAND me J-runner lists two errors Error: 202 writing block 20C and Error: 202 writing block 344. It maybe because of that?
    Thank you.
     
  16. JeEnYuS

    JeEnYuS Newbie
    0/47

    Joined:
    Jan 1, 2012
    Messages:
    122
    Likes Received:
    44
    Trophy Points:
    0
    Gender:
    Male
    Location:
    Canada
    Console:
    Xbox
    If your bad blocks were located within the first 50 blocks then yes it could be a problem but this is not your case.

    Describe you entire setup(console type, hack type, glitch chip model, etc...)
     
    • Like Like x 1
  17. ha

    hajektom1 Newbie
    0/47

    Joined:
    Dec 26, 2013
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    0
    It is a slim version, NAND Trinity, RGH2.
    Thank you.
     
  18. JeEnYuS

    JeEnYuS Newbie
    0/47

    Joined:
    Jan 1, 2012
    Messages:
    122
    Likes Received:
    44
    Trophy Points:
    0
    Gender:
    Male
    Location:
    Canada
    Console:
    Xbox
    Is the debug led on the glitch chip blinking every 5 seconds or so?

    Can you post your j-runner log.
     
  19. Xatoku

    Xatoku Good News Everyone! Lifetime Gold
    0/47

    Joined:
    Mar 15, 2012
    Messages:
    1,282
    Likes Received:
    299
    Trophy Points:
    0
    Gender:
    Male
    Location:
    Planet Express HQ
    Console:
    Xbox
    If that's the case it could possibly be CPU_RST solder issue i had the same issue and this was the case. Just a reminder make sure you have touched your and prior to thinking its a nand issue.
     
  20. An

    Andr0id1o1 Newbie
    0/47

    Joined:
    Feb 7, 2014
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    0
    Good day how can i get my dvd key
     

Share This Page

Close