[TUTORIAL]Reset Glitch Hack on Slim

I: Software and Hardware needed

Prerequisites :

1. Installed XillinX Lab Tools

​

Software :

1. Python and Pyton Crypto
2. Impact (from Xilinx Lab Tools)
3. NandPro (>= v2.0e)

​

Hardware :

1. USB SPI Programmer to dump/flash the Xbox360's NAND

1. A XC2C64A CoolRunner-II CPLD (aka Digilent C-mod), matching socket and a XilinX JTAG Programmer cable

1. A 220pF capacitor
2. Soldering material & Soldering experience
   

1. II: Dumping NAND

Step 1 : Use the following diagram to Solder your USB SPI Programmer to the Xbox 360 motherboard




Step 2 : Open windows’s command prompt and launch NandPro.

Step 3 : Dump your nand twice by using the read command for 16MB NAND :

Step 4 : Compare the two dumps with the following command (you can use md5checksum too) :

You should have something like FC : No difference found. If the two dumps don’t match, do a new dump and check again.


II: Installation of Python and Python Crypto


Step 1 : Install Python 2.7 (32bit!) with the default settings :








Step 2 : Install PyCrypto 2.3 with the default setting :







To enable python in windows’s command prompt, we will have to modify the environment variables .

Step 3 : Go in Control Panel > System > Advanced system settings



Step 4 : Click on environnement variables



Step 5 : Click on new in system variable




Step 6 : Add this for the name and the value of the variable :

III: Creating the Hackimage

Step 1 : Download this archive

Step 2 : Put your original NAND dump in the root of the gggggg-folder and create an output folder (in the root aswell).



Step 3 : Open windows’s command prompt again and navigate to the gggggg-folder, then type this python command (don’t forget to modify it with your NAND dump name) :

You should see the following :


The file image_00000000.ecc is located in the output folder now.



Step 4 : Copy this file into your nandpro folder and navigate to the folder via commandpromt again

Step 5 : Use the following command to flash the image to your console's NAND.

/!\ Pay attention that you have to use the +w16 switch and not the -w16 one /!\




The flashed file has a size of 50 blocks so you should see 004F when the flashing is over.

IV: Programming the CPLD

Step 1 : Power your CPLD with 3.3V on pin 20 and GND on pin 21. There are many solution to do this ... here are some of them :

Step 2 : Grab your LPT/USB XilinX JTAG programmer cable. If you don't have one, you can use GliGli's schematic to build a LPT JTAG Programmer. Connect the cable to the PC and the CPLD.




Step 3 : Launch "iMPACT" (from XilinX Lab Tools) and let's start the programming ... just follow the images.



















IV: The wiring

Step 1 : On the CPLD, remove the Resistor R2 and connect R2's upper pad to R1's lower pad.





Step 2 : Place the CPLD on the motherboard like you see on the picture. We recommand to use double coated tape + material to isolate the CPLD.



Step 3 : Use the following diagram to solder all needed connections. It’s recommended to use a socket!









V: ENJOY :033:

You can now start your console normally and see XeLL boot within 2 minutes. You can now enjoy running unsigned code on your slim.



VI: GREETZ


Time for the Gold Stars delivery:

★ GliGli for his patience and all the explanations he gave me.
★ GliGli and Tiros for the hack
★ Cancerous, Ced2911, Tuxuser et [cOz] for their helps and support.
​

Tutorial done by Razkar for Logic-Sunrise.com
Dont distribute/modify without permission!

​

​

 

Thank you so much!

Fuck better start ordering these boards before they run out.

 

If I had a 360 of my own I'd be going to town on it ASAP. I'd imagine this will get simpler over time.

After it has been done successfully the first time I assume it works 100% of the time afterwards?

 

someone want to try this one on dev's? for checking efuses in bricked kits?

 

read the readme, it says that it will succeed 25% of the time.

 

............

 

I did, but the wording is ambiguous enough that the question still requires an answer. If it 25% of the time at every attempt I wouldn't bother.

 

Yeah you think this will work for a bricked dev?

 

It work 100% all ways but the SHA1 Hash loop can fail 25% but after it does go threw it will work.

 

Most are Xenons

 

wonder where my bricked zephyr has wondered off to (here zephyr here boy i know u wove me really )

 

Hmm, also current freeboot can't somehow be booted right now?

 

i got a bricked zypher... i wonder if this will work :-D
itchy btw lol can u make another tut for fat xboxs ?

 

He didnt make it.

 

I'd have to assume that 25% will go to 100% with the advent of better code for the CPLD and perhaps usage of a more powerful CPLD. Though I can't parse the code and actually understand any of it.

 

*Sigh* Not going to reason with you.

 

I didn't make the tuto.

I just had the permission from Razkar to share it.

Remember,

Slim : All consoles

Fat : ONLY JASPER AND ZEPHYR.

It won't work on other motherboard !! (xenon)

 

Till MS patch it, and the reason why xenon don't work as the Hana is OLD.

 

..?

 

It's not patchable, this is an attack on the lowest level hardware/first bootloader.

-adrianc