Getting Started with Homebrew on Xbox 360 – XBReboot

Getting Started with Homebrew on Xbox 360 – XBReboot
In this writeup I’m going to try to explain the beginning users how to get going with homebrew, also in an attempt to get
as many users going with homebrew Xbox 360. As it may look difficult and a lot of work to some, I on the other hand did
not share this though at all. In fact I learned to solder on an old broken board from which I could still read the NAND
with the LPT method. From there on I now succesfully and without much problems, prepped 3 Falcons and 2 Jaspers
with XBReboot v0.05 8955_3. It’s not really that difficult at all I can tell you, because if I can do it, anyone else could. It’s
also been an good learning experience so far and everything is well documented. In this tutorial all you’ll learn is to use
LPT to read/write and get XBReboot going. I’m not going to make it too easy for you guys.
The Things-You-Need List:
- Low wattage soldering iron (+ some experience)
- Tin with lead
- Wires (I just stripped old IDE cables)
- Diodes 1N4148 (people have used others (i.e. 1N914))
- Resistors 100ohm 1/4W
- LPT DB25 Male connector (I just salvage from old LPT cables)
- PC with onboard compatible LPT Port
- Nandpro 2.0b (never use outdated softwares people)
-
An Xbox 360 with pre 8xxx dashboard and exploitable CB
-
BadBlockMover from Redlin99 (in case you have bad blocks on your 16MB backup nand image, use this app!)
(In case of bad blocks on 256/512mb nands, you’ll need to manually remap them (google))
Soldering the JTAG wires, and the LPT wires
You must first identify if you have a Xenon or another motherboard. Look at the 2 diagrams, and you’ll find out soon
enough. (*Note that the red/yellow/blue lines are the JTAG wiring to enable homebrew.) I always do the JTAG wiring
connections first. I find it easy to add some leaded solder to the pads as it’ll melt easier than stupid MS solder and
makes soldering the wire to it more easy. I also like to add solder to the stripped wire. (*Note the orientation of the
diodes! Black ring!)
In the diagram above, I do not require the diode on LPT pin 11, diode is used to get correct flashconfig in Nandpro)
NEW Xenon JTAG Wiring ( ^ = diode | = black ring) (The LPT wiring to do NAND dump is thesame on any Xbox 360)
Note that it is easy to mess up a pad with too much heat! Don’t use heavy duty soldering irons! My wires are around 30
centimer, I do use the 100ohm resistors on the LPT connector (some don’t). Here’s my first setup of a broken Xbox 360
board, just for practice, please use a LPT connector DB25 instead of shoving the wires in the port like this (It did work ;) )
After you’re done soldering all wires it’d be wise to check the connections with a multimeter, but I have not yet needed
to do this -with my poor soldering skills - I lol.. Also to avoid wires touching, I use paper tape to cover the wires up. To
prevent connections from breaking it’d be wise to secure the wires with hot glue, or tape. Here’s my latest setup.
Reading NAND with Nandpro 2.0b through LPT port
If you’ve made all the LPT connections as per diagram, and hooked up the LPT Male connector, it’s time to try and read
it through LPT. The LPT must be onboard your PC’s motherboard! Download Nandpro 2.0b here, extract it, and install
the port95nt.exe driver package. After having rebooted your PC , you hook up the Xbox 360 to the LPT port and then
plug in only the power supply to the Xbox 360.
Go to Start > Run > type cmd , hit enter. In the Dosbox navigate to the nandpro directory. Type in the following:
NandPro lpt: -r16 nand1.bin
For big block arcades (256/512mb nands) all you need is the first 64MB (the rest of the nand is memory partition):
NandPro lpt: -r64 nand1.bin
If all is good, Nandpro should find a flash, give you a flashconfig, and it should start to read. It will take about 40 minutes
with LPT with 16MB, 3 hours with 256/512MB. (16MB Jasper has 00023010 flash config it’s OK - if in doubt google your
flashconfig)
If you can’t get it to detect, try out different BIOS settings for the LPT port (What works for me is Normal mode), or look
for people having the same problems with Nandpro (Google). Also run through your wiring again. Make sure you hooked
all wires up OK, looked for bridges, and double check connections. People say to remove the resistors as well but I would
not dare to say this as it could possibly fry something on your Xbox 360.
If you did manage to get it to dump, dump it a second time. You’ll need to compare all these dumps to make sure they
match. I use Winhex use the compare function under Tools to compare both dumps 100% (or do whatever you wanna
to do compare, MD5, CRC32). Also get 360 Flash Tool 0.91 to check your nand dump. If you have 2 matching dumps and
it opens up in FlashTool you can 99% be sure you have a correct nandbackup! (Very Important to have!) I’m lucky
enough to have a LPT port (K7NF2-RAID) that always get perfect read/writes.
Here’s what my image looks like opened up in 360 Flash Tool (already got the cpukey)
Preparing and flashing an XBReboot image
Here you are going to be making an XBReboot image for your consoletype, using your console specific keyvault and
configblocks. You will need to get the corresponding XBReboot image from Xbins!! If you flash the image of a Falcon to
a Jasper you’re stupid. Always make sure you are prepping the right image for your Xbox 360 it’s not hard to find out.
To read the keyvault and configblock from your backup nand image use the following nandpro command:
nandpro nand1.bin: -r16 rawkv.bin 1 1
(where nand1.bin is your backupnand file)
nandpro nand1.bin: -r16 rawcf.bin 3de 2
For 256/512MB nand:
nandpro nand1.bin: -r64 rawcf.bin EF7 2
T o write it to the XBReboot image use:
nandpro xbr.bin: -w16 rawkv.bin 1 1
(where xbr.bin is your XBRebooter image file)
nandpro xbr.bin: -w16 rawcf.bin 3de 2
For 256/512MB nand:
nandpro xbr.bin: -w64 rawcf.bin EF7 2
This is all you do to prepare your XBReboot image. If you’re done, hook up the Xbox 360 again, and start flashing with
Nandpro with the following command:
NandPro lpt: -w16 xbr.bin
For 256/512MB nand:
nandpro lpt: -w64 xbr.bin
If all goes well, you should have an XBReboot 360 =) This is all that it takes. Really not that hard and fun to do. Watch
out with putting data on the internal memory unit of 256/512mb nands, it can possibly brick your 360.
Now you can get started with emulators such as MAME360, Genesis360, SMS360, SNES360, CPX3, XEXLoaders, playing
games from USB Hard drives and the rest that is to come =) Or you could make your own software now. Somewhere in
time to come Xbox Media Centre =) and Xlink Kai system link mb? Or you could start modding games, which is a lot of
fun.
Some examples of homebrew:
Using Xell to get your CPU key
Once you have successfully booted into the 8955 dashboard, it is optional but recommended to dual boot your
XBRebooter 360 into Xell to get your CPU key. On the latest XBReboot 8955_3 you can use the eject-button.
Picture of Xell booting:
Xell will display the fusesets. Either put Fuse set 3 and 5 together or put fuse set 4 and 6 together. This would be your
CPU key, you can use this key to decrypt the keyvault using Flash Tool 0.91 and figure out the DVDKey and the OSIG
string (in case the dvdkey is tragically lost due to unforesoon noob failure =P)
Also I’d suggest to flash the latest XeLLous by Redline. It has a lot of nifty features. It’s very easy to update if you can
already launch Xell, just rename the correct XeLLous payload to updxell.bin and put it on a USB-stick, and boot into Xell.
It will update automatically. If you can run XBReboot just get Flash360 by Redline, rename XeLLous to updslot0.bin put it
inside the Flash360 folder on a usb drive, run XexMenu, boot Flash360, select B , select A and be done =)
Now what are you waiting for. Get going on getting an exploitable Xbox 360 to do all these crazy homebrews with.
There’s way more to come, so I’m holding my pants tight.. I just can’t wait to see what all these talented people will
come up with! Homebrew on Xbox 360 has been a wet dream for me the last 3 years!
Thanks to all the crazy hackers out there who have presented the general public with the ability to do homebrew Xbox
360. I’m very grateful! Also thanks for the pics everyone 
If there’s any questions remaining please go to Xbox-scene, xboxhacker.net of free60.org for more information about
this subject (HINT : Use the search function it’s all there)