Followers

Thursday, July 28, 2011

JTAG an Xbox 360: Dumping the NAND [Part 3]

Last time we wired up our NAND cable, today we're going to use the cable to dump the NAND image from our Xbox 360! The file we're going to get out of this is the software the Xbox 360 runs on. Think of it as the operating system + bios combined. The purpose of retrieving this data is so that we can modify it and write it back - with less restrictions!

Make sure you have your Xbox 360 plugged into an outlet, but NOT powered on. The RF board (with the power button) should be attached. Also, you should attach a video cable to the console - it doesn't have to be connected to a TV. Finally, check to make sure your solder joints are not touching eachother.

The utility that we will use to read and write the NAND image to and from our Xbox and PC is called Nandpro20e. Nandpro20d works good too. Below is a link to the program.

Download Nanpro20e

Make sure to install port95nt.exe from the NANDPRO folder & restart your PC. Run Command Prompt and route to the NANDPRO folder. Alternatively, you can shift+right-click on the nandpro20e folder and select "Open command window here". A dos window will show up and be ready for your commands.

Run the following command:  
nandpro lpt: -r16 orig.bin
Wait Patiently, depending on your console revision, this could take a long time, most older Xenons are ~45Mins per nand dump, new jaspers with 256mb/512mb take much longer. A few errors are okay, but if you get a huge amount of errors, close the window, disconnect your Xbox 360, and check your solder connections. If the problem persists, remove and resolder all connections to the board.



If there are no errors (or only a few) read the dump again with the following command:  
nandpro lpt: -r16 orig2.bin
 It will run the exact same process, except this time it's saving it to a different file. I suggest doing this about 4 times total to get 2 perfect reads. Once you have read the NAND at least 4 times, download and install the program, Total Commander. We will use this to compare the files to make sure they are completely identical.

Download Total Commander

Run the program and select the option to compare 2 files. Open and compare your NAND dumps until you find 2 that are identical. Close total commander and make a copy of one of the 2 identical files. Name this file "original.bin".

Next up, we need to check once and for all that your motherboard is Jtaggable. Download the following program called Degraded to check this.

Download Degraded

Open Degraded and click on settings. Enter the key DD88AD0C9ED669E7B56794FB68563EFA into the settings. Click "valid" and set file system start to 39. Go back and open your original.bin.


You should now see your CB version, along with other various information.




Exploitable Xbox 360 CB's which you can JTAG
1888, 1902, 1903, 1920,1921: exploitable xenon
4558: exploitable Zephyr
5761, 5766, 5770: exploitable falcon
6712, 6723: exploitable jasper

Non Exploitable Xbox 360 CB's which cannot be JTAG
Xenon: 1922, 1923, 1940
Zephyr: 4571, 4572, 4578, 4579
Falcon/Opus: 5771
Jasper: 6750

NOTE: The image above is non-exploitable so cannot run the Xbox 360 JTAG Hack - thankfully this isn't from my original.bin!

Have an exploitable CB? Great! If you don't, there is nothing you can do, you'll just have to find another Xbox =( 

This is by far the most time consuming part of Jtagging an Xbox 360, if you've come this far, you're almost done!! In the next tutorial, we will be soldering a few more connections to the jtaggable board and prepare for the NAND write process!
Until next time...

31 comments:

  1. Thanks for the info. But idk if I would trust myself enough to do this.

    ReplyDelete
  2. thanks for the info, though i would never do this :)

    ReplyDelete
  3. At least now I know who I'll call when I need this.

    ReplyDelete
  4. This doesn't look so hard but I doubt I would want to actually try it and maybe ruin it

    ReplyDelete
  5. Pretty cool.. don't even have an Xbox, but I doubt I would try this anyway. Interesting stuff though.

    ReplyDelete
  6. This is pretty hardcore modification, though.

    ReplyDelete
  7. It makes me wonder if they'll make all future xbox consoles un-jtaggable. It'd be a shame.

    ReplyDelete
  8. Thanks, this reminds me the time when I wanted to make a J-tag but I never did =(

    ReplyDelete
  9. That's some really cool stuff you're doing with a simple Xbox :D.

    ReplyDelete
  10. I love doing stuff like this, I don't have an xbox though.

    ReplyDelete
  11. Whoa, this is awesome! I had been wondering about a process like this for some time, but wasn't sure that it was currently possible. I'm the resident soft-modder of my town for the original Xbox, so it's nice to see some greater functionality and precision, especially on the newer generation model.

    /Following

    ReplyDelete
  12. The internet need more good tutorials like these. Keep it up good sir.

    ReplyDelete
  13. ... And a thousand carpets across the world caught fire at once.

    ReplyDelete
  14. Man I don't know if I can do this after all....

    ReplyDelete
  15. Yep, I'll be sticking with my firmware flash.

    ReplyDelete
  16. So, I'm at the part with the errors, and I'm getting like thousands. What did I do? o:

    ReplyDelete
  17. @PoliticallyInsane -

    Is it "error 0"? If it's one after another it's most likely a short somewhere in your soldering. I've had this happen quite a few times. Just unsolder and resolder the points is all you can really do =/

    ReplyDelete
  18. great stuff! it was informative to the maximum

    ReplyDelete
  19. In reverend Cerimon there well appears Following!

    ReplyDelete
  20. nice blog man. i'll search for ps3 posts. ;]

    ReplyDelete
  21. this is freaking awesome! now i just need to get an xbox

    ReplyDelete
  22. Jeez.. I opened up a few 360's myself and caught some BIOS in the original Xbox. That is some powerful information you have there for sure!

    ReplyDelete
  23. props to you for writing a blog post that would otherwise be confusing into something very readable!

    ReplyDelete
  24. thanks, man. I had no problems with the last part. I hope this one will go well too. let's get it on!

    ReplyDelete
  25. There's a lot of work goin into these sort of things
    Not sure If I'd trust myself to do something like this xD

    ReplyDelete
  26. good explanation but i think i wont try it

    ReplyDelete
  27. @Mekkor: Yeah me too, i'm, afraid i will destroy something;]

    ReplyDelete
  28. Same as previous 2, im tempted but ill pass. I dont want to break it.

    ReplyDelete