DIYgaming: JTAG an Xbox 360: Dumping the NAND [Part 3]

Thursday, July 28, 2011

JTAG an Xbox 360: Dumping the NAND [Part 3]

Last time we wired up our NAND cable, today we're going to use the cable to dump the NAND image from our Xbox 360! The file we're going to get out of this is the software the Xbox 360 runs on. Think of it as the operating system + bios combined. The purpose of retrieving this data is so that we can modify it and write it back - with less restrictions!

Make sure you have your Xbox 360 plugged into an outlet, but NOT powered on. The RF board (with the power button) should be attached. Also, you should attach a video cable to the console - it doesn't have to be connected to a TV. Finally, check to make sure your solder joints are not touching eachother.

The utility that we will use to read and write the NAND image to and from our Xbox and PC is called Nandpro20e. Nandpro20d works good too. Below is a link to the program.

Download Nanpro20e

Make sure to install port95nt.exe from the NANDPRO folder & restart your PC. Run Command Prompt and route to the NANDPRO folder. Alternatively, you can shift+right-click on the nandpro20e folder and select "Open command window here". A dos window will show up and be ready for your commands.

Run the following command:

nandpro lpt: -r16 orig.bin

Wait Patiently, depending on your console revision, this could take a long time, most older Xenons are ~45Mins per nand dump, new jaspers with 256mb/512mb take much longer. A few errors are okay, but if you get a huge amount of errors, close the window, disconnect your Xbox 360, and check your solder connections. If the problem persists, remove and resolder all connections to the board.

If there are no errors (or only a few) read the dump again with the following command:

nandpro lpt: -r16 orig2.bin

It will run the exact same process, except this time it's saving it to a different file. I suggest doing this about 4 times total to get 2 perfect reads. Once you have read the NAND at least 4 times, download and install the program, Total Commander. We will use this to compare the files to make sure they are completely identical.

Download Total Commander

Run the program and select the option to compare 2 files. Open and compare your NAND dumps until you find 2 that are identical. Close total commander and make a copy of one of the 2 identical files. Name this file "original.bin".

Next up, we need to check once and for all that your motherboard is Jtaggable. Download the following program called Degraded to check this.

Download Degraded

Open Degraded and click on settings. Enter the key DD88AD0C9ED669E7B56794FB68563EFA into the settings. Click "valid" and set file system start to 39. Go back and open your original.bin.

You should now see your CB version, along with other various information.

Exploitable Xbox 360 CB's which you can JTAG
1888, 1902, 1903, 1920,1921: exploitable xenon
4558: exploitable Zephyr
5761, 5766, 5770: exploitable falcon
6712, 6723: exploitable jasper

Non Exploitable Xbox 360 CB's which cannot be JTAG

Xenon: 1922, 1923, 1940
Zephyr: 4571, 4572, 4578, 4579
Falcon/Opus: 5771
Jasper: 6750

NOTE: The image above is non-exploitable so cannot run the Xbox 360 JTAG Hack - thankfully this isn't from my original.bin!

Have an exploitable CB? Great! If you don't, there is nothing you can do, you'll just have to find another Xbox =(

This is by far the most time consuming part of Jtagging an Xbox 360, if you've come this far, you're almost done!! In the next tutorial, we will be soldering a few more connections to the jtaggable board and prepare for the NAND write process!

Until next time...