freeBOOT v0.02 and XBReboot v0.05 released

Discussion in 'Xbox 360 - Games & Content' started by FAST6191, Nov 30, 2009.

Nov 30, 2009
  1. FAST6191
    OP

    Reporter FAST6191 Techromancer

    pip
    Joined:
    Nov 21, 2005
    Messages:
    21,736
    Country:
    United Kingdom
    Normally this would be saved for a 360 releases post but due to all the notable games set to be released this year now being out they on hold for a while. Thanks to xbox-scene for the news today.

    Naturally it requires a homebrew capable 360 (now any 360 not updated with an update from August the 11th 2009 or beyond although you should not this app does not yet work with "Opus and Jasper consoles with larger flashes") and you will need to sort a JTAG cable out and in the case of freeboot a second NAND arrangement.

    For those that missed it the first time around this app will allow you to soft reboot into a later kernel which is nice for the later games but with the soft reboot also come kernel patches. These patches are set to include many nice things (looking at region free) and this version brings many nice things too as well as the ability for would be hackers to try their hand at creating patches (the following is a quote from the changelog with a few lines from me in italics)
    - Harddisk authentication disabled so the Xbox 360 will now accept any SATA harddisk. <i>(no need to wait for larger hddss.bin files to appear and hope to find a compatible model, of considerable interest if the media players take off)</i>

    - removed XEX signature checks-

    Execution of unsigned devkit and retail XEXes is now possible. Encrypted
    devkit XEXes must be decrypted with XexTool prior to use.

    <i>xex= the 360's take on exe files. Unsigned: model hacks, other hacks, translations and cheats now possible. </i>

    - removed LIVE/PIRS signature checks<i>: DLC modding and perhaps more nefarious things. A thread that might be of interest here: <a href="http://www.se7ensins.com/forums/halo-3-modding/86282-halo-3-modding-explained.html" target="_blank">http://www.se7ensins.com/forums/halo-3-mod...-explained.html</a></i>

    The dashboard will now run applications from unsigned LIVE/PIRS
    containers. <i>See above.</i>



    One changelog
    Warning: Spoilers inside!

    Now if you will excuse me I will have to go and punch a wall (again) for accidentally and needlessly updating my main 360 before finally fixing my RROD 360 so I can play with this stuff. Oh and before anyone asks; if your 360 has been banned in this most recent wave you are out of luck as you will have had to have updated to get on live to be banned. New consoles do come with the "bad" bootloader (the first report was from a console built in late June) but you can still pull an old one from the shelves on occasion (note that we have just seen black Friday in the US so I you may have to visit a few shops to pull it off and even if you do chances are it will be an elite that has it).

    Possibilities for the future:
    I already floated region free, cheats and conventional game hacks but also included is the option for a second live probably based on system link. Basically this is the start of it all.

    Update: Originality sent word that XBReboot v0.05 has also appeared. It works in much the same way but does not need dual NAND, link:
    <a href="http://www.xboxhacker.net/index.php?topic=12981.msg88316#msg88316" target="_blank">http://www.xboxhacker.net/index.php?topic=...g88316#msg88316</a>
     


  2. Originality

    Member Originality Chibi-neko

    Joined:
    Apr 21, 2008
    Messages:
    5,154
    Location:
    London, UK
    Country:
    United Kingdom
    Just to add, v0.05 is also now available. It doesn't need the '2nd NAND' to work, as it will flash directly onto the NAND. Still needs JTAG though to get into XeLL.

    I won't pretend to know anything about it - I just saw the update on Xboxscene.
     
  3. Sc4rFac3d

    Member Sc4rFac3d GBAtemp Advanced Maniac

    Joined:
    Jul 30, 2005
    Messages:
    1,629
    Country:
    Netherlands
    So, what can you do with this exactly? Just change firmware?
     
  4. FAST6191
    OP

    Reporter FAST6191 Techromancer

    pip
    Joined:
    Nov 21, 2005
    Messages:
    21,736
    Country:
    United Kingdom
    @Originality it is a different app (XBReboot rather than freeboot) with similar functionality, thanks for the heads up though as it is indeed an interesting update. Original post updated.

    @Sc4rFac3d the 360 checks the kernel it loads to make sure it is legit every time you power off or on. This hack however uses a soft reboot to allow it to launch a later kernel but also to allow it to patch the kernel to bypass protection methods- eventually region free, hacked games, use of DLC like we do wiiware and VC stuff.
     
  5. cardyology

    Member cardyology GBAtemp Advanced Fan

    Joined:
    May 2, 2007
    Messages:
    566
    Location:
    Chorley Uk
    Country:
    United Kingdom
    Anybody got a good noob friendly guide to doing this/process/steps required from start to finish?

    I know im capable of it with a little help [​IMG]

    Edit: im looking to do the single NAND version of the hack, latest dash but without blowing the E fuses or whatveer.
     
  6. lenselijer

    Member lenselijer GBAtemp Maniac

    Joined:
    Mar 27, 2006
    Messages:
    1,497
    Country:
    Netherlands
    I would like to post a tutorial, but you need to have an exploitable xbox.

    I have a jasper with 512mb nand running linux, but freeboot dont support these large nand chips (yet).

    Today i will try to find a 16mb nand console which still support the jtag hack (mfr date 18 june 2009 or before)
     
  7. Burt0

    Member Burt0 GBAtemp Regular

    Joined:
    Jun 7, 2005
    Messages:
    129
    Country:
    Australia
    Hey FAST6191,

    You seem pretty knowledgeable so can you please clear this up for me?

    So to get this running you would;

    1. Bridge the three JTAG points like in this picture

    2. Dump your nand.

    3. (This I'm not sure of) Open your nand dump in nandpro and get the cpu key? Or does xell have to be flashed to the cygnos to get the key?

    4. Flash the nand on the Cygnos with freeboot (patched with your key) and enjoy the exploited dash.

    Am I on the right track?

    If anyone else can help, that would be appreciated too.

    Cheers for your help!

    Edit: Changed a few things
     
  8. FAST6191
    OP

    Reporter FAST6191 Techromancer

    pip
    Joined:
    Nov 21, 2005
    Messages:
    21,736
    Country:
    United Kingdom
    1) Those are not all bridges, the ones that do not explicitly say jumper wire are diodes. The negative "sides" of the diodes are pointing towards the connections in a single line (as opposed to the connections in two lines).
    That is not the whole of it though as there are more points you need to tap to grab a NAND image.
    http://www.free60.org/Reading_out_NAND

    2) Yeah

    3) No you can not pull your CPU key from the NAND dump (this is why unbanning or region changing is not possible unless you already have the keys), you need to be able to run homebrew and once you have homebrew up and running you can get your keys from the xell boot/error menu:
    http://www.xboxhacker.net/index.php?topic=12230.0
    Just be be clear though Xell just has to be somewhere, it need not be a cygnos at this stage.

    4) Freeboot presently requires some form of dual NAND arrangement, if you are not up for a chip then there is a workaround using an XD card: http://www.xboxhacker.net/index.php?topic=7683.0
    XBReboot does however work on the original NAND but it is limited to what versions of the 360 motherboard it can run on right now.
    I suspect we will see either a merging of projects or a level of sharing in the coming months.

    @cardyology between what Burt0, myself and the NFO for freeboot ( http://www.xbins.org/nfo.php?file=xboxnfo1753.nfo ) have said you should be able to sort it.
     
  9. cardyology

    Member cardyology GBAtemp Advanced Fan

    Joined:
    May 2, 2007
    Messages:
    566
    Location:
    Chorley Uk
    Country:
    United Kingdom
    [​IMG] Thanks dudes! I'll see what i can do

    Edit: saying that, i;ve been reding this http://www.free60.org/Reading_out_NAND#Ste...aring_the_cable & its well complicated.

    I;ve soldered modchips into wii's before, quite a few times & i know a tiny bit of electronics stuff, but this looks to be way over my head.

    Hmmm...
     
  10. Burt0

    Member Burt0 GBAtemp Regular

    Joined:
    Jun 7, 2005
    Messages:
    129
    Country:
    Australia
    Thanks for explaining that FAST6191

    I appreciate your time.
     
  11. FAST6191
    OP

    Reporter FAST6191 Techromancer

    pip
    Joined:
    Nov 21, 2005
    Messages:
    21,736
    Country:
    United Kingdom
  12. Sc4rFac3d

    Member Sc4rFac3d GBAtemp Advanced Maniac

    Joined:
    Jul 30, 2005
    Messages:
    1,629
    Country:
    Netherlands
    Oh shit, so this actually opens the door for homebrew!

    So, any chance we can load isos of odd HDDs in the future?
     
  13. quepaso

    Member quepaso GBAtemp Fan

    Joined:
    May 4, 2008
    Messages:
    438
    Country:
    United States
    Guaranteed that will happen. Just give it time. Hopefully they find a way to run it on all the banned 360s. XBMC HD here we come!
     
  14. Originality

    Member Originality Chibi-neko

    Joined:
    Apr 21, 2008
    Messages:
    5,154
    Location:
    London, UK
    Country:
    United Kingdom
    First step to getting it to run on all the banned 360s, is to find a way to hack the later dashboards (since if you're banned, you're likely already on the later dashboards thus current homebrew methods are inapplicable). Presently, this seems impossible since all the current exploits got patched, and downgrading won't work due to blown logic fuses.

    The person who finds an exploit in current dashboard versions will likely be turned into a kind of god of 360... until M$ patch it up again at least...
     
  15. FAST6191
    OP

    Reporter FAST6191 Techromancer

    pip
    Joined:
    Nov 21, 2005
    Messages:
    21,736
    Country:
    United Kingdom
  16. Sc4rFac3d

    Member Sc4rFac3d GBAtemp Advanced Maniac

    Joined:
    Jul 30, 2005
    Messages:
    1,629
    Country:
    Netherlands
    Aww shit, this is way too awesome. When it develops we don't need to do all the stuff like the jtag hack right?

    Also, will it be possible to use a drive with any key you want? I have one of those sitting around here too.
     
  17. FAST6191
    OP

    Reporter FAST6191 Techromancer

    pip
    Joined:
    Nov 21, 2005
    Messages:
    21,736
    Country:
    United Kingdom
  18. Sc4rFac3d

    Member Sc4rFac3d GBAtemp Advanced Maniac

    Joined:
    Jul 30, 2005
    Messages:
    1,629
    Country:
    Netherlands
    OH SHI-

    Wait, in case you lost the key and you read the CPU info won't the key just be in there anyway? Thus I can flash my drive again by inputting the original key manually. What do you need to extract the key? Soldering/JTAG programmer? I might be able to get that done but will this be the only way or is it possible an end user friendly way will pop up soon
     
  19. FAST6191
    OP

    Reporter FAST6191 Techromancer

    pip
    Joined:
    Nov 21, 2005
    Messages:
    21,736
    Country:
    United Kingdom
    Yeah the key will be there if you run xell- I too wondered why people would want this and figured it was either to make it easier to remember (think back to the original xbox and locking the drive with a simple/known key) or so as to be able to swap flashed drives without the aggro of flashing firmware every time (although the only people I can foresee with such a skillset/requirements list can already flash a drive with minimal hassle and spoof another if necessary).

    Yes the JTAG and NAND stuff is necessary. No there will not be a simple way any time soon.
     
  20. Dermy

    Member Dermy GBAtemp Fan

    Joined:
    Jul 1, 2007
    Messages:
    314
    Country:
    United States
    I know what things like FreeBOOT and XBReboot allow you to do: Run converted arcade games from trial to full with the Yaris patcher because FreeBOOT and XBReboot allow you to run the converted games. Use any size sata hd and even external ones. Boot full games that would be on a disc usually off of a hard drive with XeXLoader.

    What I don't get is how you get from point A: Having the exploitable 360 to point B: Running FreeBOOT or XBReboot. Is there an overview of which steps you need to take to get from point a to point b?
     

Share This Page