Hacking Xbox 360 loading homebrew without wires

lisreal2401 · Aug 30, 2020

But instead, desoldering the CPU!

If you can find a CPU literally never used on any 360 before... well, it's a thing

brickmii82 · Aug 30, 2020

Theoretically this chip swap makes Winchester’s hackable

lisreal2401 · Aug 30, 2020

brickmii82 said:
Theoretically this chip swap makes Winchester’s hackable

You could find a unused xcgpu - though, have fun with that

The Real Jdbye · Aug 30, 2020

This doesn't seem very practical. I can't imagine swapping the chip is an easy job, if you can even find a 0 fuse CPU. Not that the RGH install is easy either, but at least it's only like 10 wires, and only a few of the points look difficult. But cool nonetheless.

Deleted member 668561 · Aug 30, 2020

yes this is entirely possible, on original phats, you can still find nos cpus for the 360 which have all fuses intact (hint: china), you still need rgh so you can boot a (really old) xdk recovery so you can flash a valid (earliest jasper recovery = 7776.1) fuseset, then update to 4532 then jtag, or set the fuseset as a devkit, remember once you set the fuse to retail or dev thats it no going back (note: don't flash a fuseset for a dash earlier than what the mobo was released with)

there used to be services back in the day that did this for a little while but they're gone now, plus https://ps3specialist.com/ is a scam they just steal your console unfortunately

thats where this thread came from...
https://gbatemp.net/threads/downgrade-slim-by-cpu-swap.537899/

--------------------- MERGED ---------------------------

https://www.alibaba.com/product-det...l?spm=a2700.7724838.2017115.14.32c7b167x4E0jK

jasper cpu:
https://www.alibaba.com/product-det...spm=a2700.galleryofferlist.0.0.6c4c54c8NeuP4o

it'd be worth swapping a jasper to have a big block jtag

this is what a cpu swap looks like, via xell (rgh)

also you can swap cpu from a known jtaggable or jtagged unit if you already have its cpu key, or a copy of its stock nand

Deleted member 668561 · Aug 31, 2020

so i did a bit more research, to set the fuses, you have to rgh2 and boot into a dev kernel, from there you can load a recovery to set up the cpu as a devkit or retail, it will then generate keys accordingly, ive also read that you have to use the old bootloaders also since it get cb ldv from whatever version fusion is running... if you want a retail jtaggable state

since i have a big block jasper, i can turn it into a devkit by swapping the cpu (you need 64mb of nand for this), but i have to jump through hoops to run retail dash and connect online (plus stealth tends to cost more on devkits)

--------------------- MERGED ---------------------------

brickmii82 said:
Theoretically this chip swap makes Winchester’s hackable

its the only way to hack a Winchester

Deleted User · Aug 31, 2020

So..... can this ONLY be done by getting a CPU from some chinese vendor and getting someone to install it for all the awkward stuff above, or should it be possibly to force CPU's to 0x0?

Deleted member 668561 · Sep 1, 2020

StarGazerTom said:
So..... can this ONLY be done by getting a CPU from some chinese vendor and getting someone to install it for all the awkward stuff above, or should it be possibly to force CPU's to 0x0?

doing this will allow you to have a cpu with no efuses set (they come from the factory with only 1bl installed, efuses would be burnt before packing a completed unit for sale), using rgh this allows you to boot a devkernel, which then you can run a recovery, which then you can flash a devkit fuseset or a retail one, ldv is set based on what version recovery is used, so you would use the oldest recovery made for the specific mobo, burn the fuses, and have a jtaggable dash, devkit, and is the only way to exploit a winchester, this is a oneshot thing so have to get it right the first time

ive seen some people who tried to do a retail flash, it worked, but as a devkit with "retail" keys, remember you only get one try to burn efuses

brickmii82 · Sep 1, 2020

It’s not the fuses, it’s the lack of post out that stops the Winchester RGH. No ones said it, but the Winchester CPUs have post fuses they burned after debugging so all post out is disabled. No post=no timing.

This is an educated theory. I also believe there may be a possibility of a kamikaze style attack on the chip to re-enable post 4 where the attack is timed off of. Probably near impossible, but let’s be honest. Some of the stuff these devs come up with borders on impossible.

I’m not trying it tho lol.

Deleted member 668561 · Sep 1, 2020

You have to CPU swap a Winchester to rgh, that's what 15432 did, because post out is disabled

Hacking Xbox 360 loading homebrew without wires

Well-Known Member

Well-Known Member

Well-Known Member

*is birb*

GBAtemp Official Psychonaut

GBAtemp Official Psychonaut

Deleted User

Guest

GBAtemp Official Psychonaut

Well-Known Member

GBAtemp Official Psychonaut

Similar threads

Popular threads in this forum

is birb