Normally this would be saved for a 360 releases post but due to all the notable games set to be released this year now being out they on hold for a while. Thanks to xbox-scene for the news today.
Naturally it requires a homebrew capable 360 (now any 360 not updated with an update from August the 11th 2009 or beyond although you should not this app does not yet work with "Opus and Jasper consoles with larger flashes") and you will need to sort a JTAG cable out and in the case of freeboot a second NAND arrangement.
For those that missed it the first time around this app will allow you to soft reboot into a later kernel which is nice for the later games but with the soft reboot also come kernel patches. These patches are set to include many nice things (looking at region free) and this version brings many nice things too as well as the ability for would be hackers to try their hand at creating patches (the following is a quote from the changelog with a few lines from me in italics)
- Harddisk authentication disabled so the Xbox 360 will now accept any SATA harddisk. <i>(no need to wait for larger hddss.bin files to appear and hope to find a compatible model, of considerable interest if the media players take off)</i>
- removed XEX signature checks-
Execution of unsigned devkit and retail XEXes is now possible. Encrypted
devkit XEXes must be decrypted with XexTool prior to use.
<i>xex= the 360's take on exe files. Unsigned: model hacks, other hacks, translations and cheats now possible. </i>
- removed LIVE/PIRS signature checks<i>: DLC modding and perhaps more nefarious things. A thread that might be of interest here: <a href="http://www.se7ensins.com/forums/halo-3-modding/86282-halo-3-modding-explained.html" target="_blank">http://www.se7ensins.com/forums/halo-3-mod...-explained.html</a></i>
The dashboard will now run applications from unsigned LIVE/PIRS
containers. <i>See above.</i>
One changelog
Now if you will excuse me I will have to go and punch a wall (again) for accidentally and needlessly updating my main 360 before finally fixing my RROD 360 so I can play with this stuff. Oh and before anyone asks; if your 360 has been banned in this most recent wave you are out of luck as you will have had to have updated to get on live to be banned. New consoles do come with the "bad" bootloader (the first report was from a console built in late June) but you can still pull an old one from the shelves on occasion (note that we have just seen black Friday in the US so I you may have to visit a few shops to pull it off and even if you do chances are it will be an elite that has it).
Possibilities for the future:
I already floated region free, cheats and conventional game hacks but also included is the option for a second live probably based on system link. Basically this is the start of it all.
Update: Originality sent word that XBReboot v0.05 has also appeared. It works in much the same way but does not need dual NAND, link:
<a href="http://www.xboxhacker.net/index.php?topic=12981.msg88316#msg88316" target="_blank">http://www.xboxhacker.net/index.php?topic=...g88316#msg88316</a>
Naturally it requires a homebrew capable 360 (now any 360 not updated with an update from August the 11th 2009 or beyond although you should not this app does not yet work with "Opus and Jasper consoles with larger flashes") and you will need to sort a JTAG cable out and in the case of freeboot a second NAND arrangement.
For those that missed it the first time around this app will allow you to soft reboot into a later kernel which is nice for the later games but with the soft reboot also come kernel patches. These patches are set to include many nice things (looking at region free) and this version brings many nice things too as well as the ability for would be hackers to try their hand at creating patches (the following is a quote from the changelog with a few lines from me in italics)
- Harddisk authentication disabled so the Xbox 360 will now accept any SATA harddisk. <i>(no need to wait for larger hddss.bin files to appear and hope to find a compatible model, of considerable interest if the media players take off)</i>
- removed XEX signature checks-
Execution of unsigned devkit and retail XEXes is now possible. Encrypted
devkit XEXes must be decrypted with XexTool prior to use.
<i>xex= the 360's take on exe files. Unsigned: model hacks, other hacks, translations and cheats now possible. </i>
- removed LIVE/PIRS signature checks<i>: DLC modding and perhaps more nefarious things. A thread that might be of interest here: <a href="http://www.se7ensins.com/forums/halo-3-modding/86282-halo-3-modding-explained.html" target="_blank">http://www.se7ensins.com/forums/halo-3-mod...-explained.html</a></i>
The dashboard will now run applications from unsigned LIVE/PIRS
containers. <i>See above.</i>
One changelog
<!--c1--><div class='codetop'>CODE</div><div class='codemain'><!--ec1-->ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ__ÂÂÂÂÂÂÂÂÂÂÂÂÂÂ ____ÂÂ ___ÂÂ ___ _____
ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ / _|_ __ ___ÂÂ___| __ ) / _ \ / _ \_ÂÂ _|
ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ| |_| '__/ _ \/ _ \ÂÂ_ \| | | | | | || |
ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ|ÂÂ_| | |ÂÂ__/ÂÂ__/ |_) | |_| | |_| || |
ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ|_| |_|ÂÂ\___|\___|____/ \___/ \___/ |_|
ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ[v0.02 - coded by ikari]
I.ÂÂIntroduction
================
ÂÂ freeBOOT is a rebooter for the Microsoft Xbox 360. This version of freeBOOT
ÂÂ allows you to reboot into kernel 2.0.8955 on all Xenon, Zephyr, Falcon, and
ÂÂ Jasper consoles with 16MB flashes, which are vulnerable to the JTAG hack.
ÂÂ Support for Opus and Jasper consoles with larger flashes will follow soon.
ÂÂ As freeBOOT needs a second flash memory to store kernel 2.0.8955 and
ÂÂ associated data, either a Cygnos360 or an xD card mod is required at the
ÂÂ moment.
II. Bug Fixes
=============
ÂÂ - Harddisk installation and save game/profile issues have been fixed
III. New Features
=================
ÂÂ - updated to kernel 8955
ÂÂ - additional support for Zephyr and Jasper consoles with 16MB flashes
ÂÂ - support for xD card mod and Cygnos360 V1 added
ÂÂ - Harddisk authentication disabled
ÂÂÂÂ The Xbox 360 will now accept any SATA harddisk.
ÂÂ - removed XEX signature checks
ÂÂÂÂ Execution of unsigned devkit and retail XEXes is now possible. Encrypted
ÂÂÂÂ devkit XEXes must be decrypted with XexTool prior to use.
ÂÂ - removed LIVE/PIRS signature checks
ÂÂÂÂ The dashboard will now run applications from unsigned LIVE/PIRS
ÂÂÂÂ containers.
ÂÂ - extendable patch system
ÂÂÂÂ Researchers/hackers can now try new patches easily. Please refer to
ÂÂÂÂ "src\patches_kernel_8955.S" for more information.
IV. Instructions
================
ÂÂ Read these instructions carefully and follow them exactly. Failing to do so
ÂÂ may render your Xbox 360 unusable!
ÂÂ
ÂÂ 1. Extract the contents of this archive to a directory of your choice. All
ÂÂÂÂÂÂfile and directory names in the proceeding steps will be given relative
ÂÂÂÂÂÂto that directory.
ÂÂ 2. Update your Xbox 360 to kernel 2.0.7371 (Fall 08 Update). If your Xbox 360
ÂÂÂÂÂÂhas already been updated to a newer kernel, you can proceed to the next
ÂÂÂÂÂÂstep. The update process will not succeed with resistor R6T3 desoldered.
ÂÂÂÂÂÂResolder resistor R6T3 in that case before starting the update process.
ÂÂÂÂÂÂ*************************************************************************
ÂÂÂÂÂÂ*** Make sure you do *NOT* update to kernel 2.0.8xxx, since this will ***
ÂÂÂÂÂÂ***ÂÂÂÂ fix the JTAG hack vulnerability. Check the update before!ÂÂÂÂ ***
ÂÂÂÂÂÂ*************************************************************************
ÂÂ 3. *************************************************************************
ÂÂÂÂÂÂ***ÂÂ If present, desolder resistor R6T3 to prevent any accidentallyÂÂ***
ÂÂÂÂÂÂ***ÂÂÂÂÂÂÂÂ applied update fixing the JTAG hack vulnerability.ÂÂÂÂÂÂÂÂ***
ÂÂÂÂÂÂ*************************************************************************
ÂÂ 4. Save an image of your flash memory to the file "bin\7371.bin".
ÂÂ 5. In case you don't already know your Xbox 360's CPU key, retrieve it now.
ÂÂÂÂÂÂThere are various ways to accomplish this, but they will not be covered
ÂÂÂÂÂÂhere.
ÂÂ 6. Extract the contents of your "bin\7371.bin" image with ibuild now. Launch
ÂÂÂÂÂÂibuild with the following parameters:
ÂÂÂÂÂÂ] ibuild x -d data\ -b [1BL key] -p [CPU key] bin\7371.bin
ÂÂÂÂÂÂReplace [1BL key] with the 1BL key and [CPU key] with the CPU key matching
ÂÂÂÂÂÂyour "bin/7371.bin" image. Enter both 16 byte keys as hexadecimal numbers
ÂÂÂÂÂÂwithout leading "0x". Data previously extracted with 360 Flash Tool can
ÂÂÂÂÂÂno longer be used.
ÂÂ 7. Delete all files from the "data" directory except:
ÂÂÂÂÂÂ- crl.bin
ÂÂÂÂÂÂ- crl.bin.meta
ÂÂÂÂÂÂ- extended.bin
ÂÂÂÂÂÂ- extended.bin.meta
ÂÂÂÂÂÂ- kv.bin
ÂÂÂÂÂÂ- odd.bin
ÂÂÂÂÂÂ- odd.bin.meta
ÂÂÂÂÂÂ- secdata.bin
ÂÂÂÂÂÂ- secdata.bin.meta
ÂÂÂÂÂÂ- smc.bin
ÂÂÂÂÂÂ- smc_config.bin
ÂÂ 8. The remaining files necessary to build an image with kernel 2.0.8955 must
ÂÂÂÂÂÂbe extracted from an image of an updated Xbox 360, further on referred to
ÂÂÂÂÂÂas "bin\other8955.bin". Please do *NOT* update your Xbox 360 to kernel
ÂÂÂÂÂÂ2.0.8955, otherwise you will loose the ability to run the JTAG hack and
ÂÂÂÂÂÂfreeBOOT.
ÂÂÂÂÂÂLaunch ibuild with the following parameters:
ÂÂÂÂÂÂ] ibuild x -d tmp\ -b [1BL key] -p [CPU key] bin\other8955.bin
ÂÂÂÂÂÂReplace [1BL key] with the 1BL key and [CPU key] with the CPU key matching
ÂÂÂÂÂÂthe "bin/other8955.bin" image.
ÂÂ 9. Copy the following files from the "tmp" to the "data" directory:
ÂÂÂÂÂÂ- aac.xexp[1,2]
ÂÂÂÂÂÂ- aac.xexp[1,2].meta
ÂÂÂÂÂÂ- bootanim.xex
ÂÂÂÂÂÂ- bootanim.xex.meta
ÂÂÂÂÂÂ- bootanim.xexp[1,2]
ÂÂÂÂÂÂ- bootanim.xexp[1,2].meta
ÂÂÂÂÂÂ- cb_[1940, 4579, 5771, 6750].bin
ÂÂÂÂÂÂ- cd_8453.bin
ÂÂÂÂÂÂ- ce_1888.bin
ÂÂÂÂÂÂ- cf_8498.bin
ÂÂÂÂÂÂ- cg_8498.bin
ÂÂÂÂÂÂ- createprofile.xex
ÂÂÂÂÂÂ- createprofile.xex.meta
ÂÂÂÂÂÂ- createprofile.xexp[1,2]
ÂÂÂÂÂÂ- createprofile.xexp[1,2].meta
ÂÂÂÂÂÂ- dash.xex
ÂÂÂÂÂÂ- dash.xex.meta
ÂÂÂÂÂÂ- deviceselector.xex
ÂÂÂÂÂÂ- deviceselector.xex.meta
ÂÂÂÂÂÂ- deviceselector.xexp[1,2]
ÂÂÂÂÂÂ- deviceselector.xexp[1,2].meta
ÂÂÂÂÂÂ- gamerprofile.xex
ÂÂÂÂÂÂ- gamerprofile.xex.meta
ÂÂÂÂÂÂ- gamerprofile.xexp[1,2]
ÂÂÂÂÂÂ- gamerprofile.xexp[1,2].meta
ÂÂÂÂÂÂ- hud.xex
ÂÂÂÂÂÂ- hud.xex.meta
ÂÂÂÂÂÂ- hud.xexp[1,2]
ÂÂÂÂÂÂ- hud.xexp[1,2].meta
ÂÂÂÂÂÂ- huduiskin.xex
ÂÂÂÂÂÂ- huduiskin.xex.meta
ÂÂÂÂÂÂ- mfgbootlauncher.xex
ÂÂÂÂÂÂ- mfgbootlauncher.xex.meta
ÂÂÂÂÂÂ- mfgbootlauncher.xexp[1,2]
ÂÂÂÂÂÂ- mfgbootlauncher.xexp[1,2].meta
ÂÂÂÂÂÂ- minimediaplayer.xex
ÂÂÂÂÂÂ- minimediaplayer.xex.meta
ÂÂÂÂÂÂ- minimediaplayer.xexp[1,2]
ÂÂÂÂÂÂ- minimediaplayer.xexp[1,2].meta
ÂÂÂÂÂÂ- nomni.xexp1
ÂÂÂÂÂÂ- nomni.xexp1.meta
ÂÂÂÂÂÂ- nomnifwm.xexp1
ÂÂÂÂÂÂ- nomnifwm.xexp1.meta
ÂÂÂÂÂÂ- signin.xex
ÂÂÂÂÂÂ- signin.xex.meta
ÂÂÂÂÂÂ- signin.xexp[1,2]
ÂÂÂÂÂÂ- signin.xexp[1,2].meta
ÂÂÂÂÂÂ- updater.xex
ÂÂÂÂÂÂ- updater.xex.meta
ÂÂÂÂÂÂ- updater.xexp[1,2]
ÂÂÂÂÂÂ- updater.xexp[1,2].meta
ÂÂÂÂÂÂ- vk.xex
ÂÂÂÂÂÂ- vk.xex.meta
ÂÂÂÂÂÂ- vk.xexp[1,2]
ÂÂÂÂÂÂ- vk.xexp[1,2].meta
ÂÂÂÂÂÂ- xam.xex
ÂÂÂÂÂÂ- xam.xex.meta
ÂÂÂÂÂÂ- xam.xexp[1,2]
ÂÂÂÂÂÂ- xam.xexp[1,2].meta
ÂÂÂÂÂÂ- xenonclatin.xtt
ÂÂÂÂÂÂ- xenonclatin.xtt.meta
ÂÂÂÂÂÂ- xenonclatin.xttp[1,2]
ÂÂÂÂÂÂ- xenonclatin.xttp[1,2].meta
ÂÂÂÂÂÂ- xenonjklatin.xtt
ÂÂÂÂÂÂ- xenonjklatin.xtt.meta
ÂÂÂÂÂÂ- xenonjklatin.xttp[1,2]
ÂÂÂÂÂÂ- xenonjklatin.xttp[1,2].meta
ÂÂÂÂÂÂ- ximecore.xex
ÂÂÂÂÂÂ- ximecore.xex.meta
ÂÂÂÂÂÂ- ximedic.xex
ÂÂÂÂÂÂ- ximedic.xex.meta
ÂÂÂÂÂÂ- ximedic.xexp[1,2]
ÂÂÂÂÂÂ- ximedic.xexp[1,2].meta
ÂÂÂÂÂÂ"[A, B]" means the file name contains either "A" or "B" at that position.
ÂÂ 10. Now you can build your kernel 2.0.8955 image with ibuild. To do so,
ÂÂÂÂÂÂ launch ibuild with the following parameters:
ÂÂÂÂÂÂ ] ibuild c -c [console] -d data/ -b [1BL key] -p [CPU key]
ÂÂÂÂÂÂÂÂÂÂ ./bin/my8955.bin ./bin/fuses.bin
ÂÂÂÂÂÂ Replace [1BL key] with the 1BL key and [CPU key] with the CPU key
ÂÂÂÂÂÂ matching your "bin/7371.bin" image. Since ibuild currently does neither
ÂÂÂÂÂÂ support Opus consoles nor Jasper consoles with large flashes, valid
ÂÂÂÂÂÂ parameters for [console] at the moment are "xenon", "zephyr", "falcon",
ÂÂÂÂÂÂ and "jasper". When ibuild completes successfully, you will find two new
ÂÂÂÂÂÂ files in the "bin" directory. The file "bin\my8955.bin" contains your
ÂÂÂÂÂÂ newly built kernel 2.0.8955 image, that will be booted by freeBOOT. The
ÂÂÂÂÂÂ file "bin\fuses.bin" contains the virtual fuse settings used by freeBOOT.
ÂÂ 11. In order to build the freeBOOT image, Python is needed. If you already
ÂÂÂÂÂÂ have Python installed, you can proceed to step 12.
ÂÂÂÂÂÂ The easiest way to run Python scripts under Windows is to install Cygwin.
ÂÂÂÂÂÂ You can download the Cygwin setup from here:
ÂÂÂÂÂÂ http://www.cygwin.org/cygwin/
ÂÂÂÂÂÂ Install Cygwin to any directory of your choice along with the these
ÂÂÂÂÂÂ packages:
ÂÂÂÂÂÂ - python
ÂÂÂÂÂÂ - python-crypto
ÂÂ 12. Open "build.py" with a text editor and look for these two lines:
ÂÂÂÂÂÂ # you need to fill in this
ÂÂÂÂÂÂ secret_1BL = None
ÂÂÂÂÂÂ Replace "None" with the 1BL key. This example shows you the format
ÂÂÂÂÂÂ in which the key has to be entered. The key itself is wrong.
ÂÂÂÂÂÂ secret_1BL = "\x01\x0F\x0E\x0C\x0E\xD6\x69\xE7\xB5\x67\x94\xFB\x68\x56\x3E\xFA"
ÂÂ 13. The freeBOOT image can now be built. Open a Cygwin shell and change to the
ÂÂÂÂÂÂ directory where you extracted the contents of this archive into. Launch
ÂÂÂÂÂÂ the Python build script with the following parameters:
ÂÂÂÂÂÂ ] python build.py bin/[console]_hack.bin smc.bin
ÂÂÂÂÂÂ The "bin\[console]_hack.bin" image is a standard JTAG hack image and can
ÂÂÂÂÂÂ be found at the usual places. The "smc.bin" is a patched SMC generated
ÂÂÂÂÂÂ by the Cygnos toolbox. When the build process finishes successfully, a new
ÂÂÂÂÂÂ image "bin\hack.bin" can be found.
ÂÂ 14. Program "bin\my8955.bin" to the Cygnos360 flash memory and "bin\hack.bin"
ÂÂÂÂÂÂ to the Xbox 360 flash memory.
ÂÂ 15. Power on your Xbox 360. If everything went correctly, you should see the
ÂÂÂÂÂÂ blue LED light up a few seconds later, followed by the usual boot
ÂÂÂÂÂÂ animation. If you power on your Xbox 360 with the DVD tray eject button,
ÂÂÂÂÂÂ XeLL will be loaded instead.
VI. What's Next
===============
ÂÂ - support for Opus consoles and Jasper consoles with large flashes
ÂÂ - further removal of security system restrictions
ÂÂ - easier build process
VII. Credits
============
ÂÂ My gratitude goes to all those who helped me get this new release done.
-----
ikari, 2009/11/21<!--c2--></div><!--ec2-->
ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ / _|_ __ ___ÂÂ___| __ ) / _ \ / _ \_ÂÂ _|
ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ| |_| '__/ _ \/ _ \ÂÂ_ \| | | | | | || |
ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ|ÂÂ_| | |ÂÂ__/ÂÂ__/ |_) | |_| | |_| || |
ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ|_| |_|ÂÂ\___|\___|____/ \___/ \___/ |_|
ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ[v0.02 - coded by ikari]
I.ÂÂIntroduction
================
ÂÂ freeBOOT is a rebooter for the Microsoft Xbox 360. This version of freeBOOT
ÂÂ allows you to reboot into kernel 2.0.8955 on all Xenon, Zephyr, Falcon, and
ÂÂ Jasper consoles with 16MB flashes, which are vulnerable to the JTAG hack.
ÂÂ Support for Opus and Jasper consoles with larger flashes will follow soon.
ÂÂ As freeBOOT needs a second flash memory to store kernel 2.0.8955 and
ÂÂ associated data, either a Cygnos360 or an xD card mod is required at the
ÂÂ moment.
II. Bug Fixes
=============
ÂÂ - Harddisk installation and save game/profile issues have been fixed
III. New Features
=================
ÂÂ - updated to kernel 8955
ÂÂ - additional support for Zephyr and Jasper consoles with 16MB flashes
ÂÂ - support for xD card mod and Cygnos360 V1 added
ÂÂ - Harddisk authentication disabled
ÂÂÂÂ The Xbox 360 will now accept any SATA harddisk.
ÂÂ - removed XEX signature checks
ÂÂÂÂ Execution of unsigned devkit and retail XEXes is now possible. Encrypted
ÂÂÂÂ devkit XEXes must be decrypted with XexTool prior to use.
ÂÂ - removed LIVE/PIRS signature checks
ÂÂÂÂ The dashboard will now run applications from unsigned LIVE/PIRS
ÂÂÂÂ containers.
ÂÂ - extendable patch system
ÂÂÂÂ Researchers/hackers can now try new patches easily. Please refer to
ÂÂÂÂ "src\patches_kernel_8955.S" for more information.
IV. Instructions
================
ÂÂ Read these instructions carefully and follow them exactly. Failing to do so
ÂÂ may render your Xbox 360 unusable!
ÂÂ
ÂÂ 1. Extract the contents of this archive to a directory of your choice. All
ÂÂÂÂÂÂfile and directory names in the proceeding steps will be given relative
ÂÂÂÂÂÂto that directory.
ÂÂ 2. Update your Xbox 360 to kernel 2.0.7371 (Fall 08 Update). If your Xbox 360
ÂÂÂÂÂÂhas already been updated to a newer kernel, you can proceed to the next
ÂÂÂÂÂÂstep. The update process will not succeed with resistor R6T3 desoldered.
ÂÂÂÂÂÂResolder resistor R6T3 in that case before starting the update process.
ÂÂÂÂÂÂ*************************************************************************
ÂÂÂÂÂÂ*** Make sure you do *NOT* update to kernel 2.0.8xxx, since this will ***
ÂÂÂÂÂÂ***ÂÂÂÂ fix the JTAG hack vulnerability. Check the update before!ÂÂÂÂ ***
ÂÂÂÂÂÂ*************************************************************************
ÂÂ 3. *************************************************************************
ÂÂÂÂÂÂ***ÂÂ If present, desolder resistor R6T3 to prevent any accidentallyÂÂ***
ÂÂÂÂÂÂ***ÂÂÂÂÂÂÂÂ applied update fixing the JTAG hack vulnerability.ÂÂÂÂÂÂÂÂ***
ÂÂÂÂÂÂ*************************************************************************
ÂÂ 4. Save an image of your flash memory to the file "bin\7371.bin".
ÂÂ 5. In case you don't already know your Xbox 360's CPU key, retrieve it now.
ÂÂÂÂÂÂThere are various ways to accomplish this, but they will not be covered
ÂÂÂÂÂÂhere.
ÂÂ 6. Extract the contents of your "bin\7371.bin" image with ibuild now. Launch
ÂÂÂÂÂÂibuild with the following parameters:
ÂÂÂÂÂÂ] ibuild x -d data\ -b [1BL key] -p [CPU key] bin\7371.bin
ÂÂÂÂÂÂReplace [1BL key] with the 1BL key and [CPU key] with the CPU key matching
ÂÂÂÂÂÂyour "bin/7371.bin" image. Enter both 16 byte keys as hexadecimal numbers
ÂÂÂÂÂÂwithout leading "0x". Data previously extracted with 360 Flash Tool can
ÂÂÂÂÂÂno longer be used.
ÂÂ 7. Delete all files from the "data" directory except:
ÂÂÂÂÂÂ- crl.bin
ÂÂÂÂÂÂ- crl.bin.meta
ÂÂÂÂÂÂ- extended.bin
ÂÂÂÂÂÂ- extended.bin.meta
ÂÂÂÂÂÂ- kv.bin
ÂÂÂÂÂÂ- odd.bin
ÂÂÂÂÂÂ- odd.bin.meta
ÂÂÂÂÂÂ- secdata.bin
ÂÂÂÂÂÂ- secdata.bin.meta
ÂÂÂÂÂÂ- smc.bin
ÂÂÂÂÂÂ- smc_config.bin
ÂÂ 8. The remaining files necessary to build an image with kernel 2.0.8955 must
ÂÂÂÂÂÂbe extracted from an image of an updated Xbox 360, further on referred to
ÂÂÂÂÂÂas "bin\other8955.bin". Please do *NOT* update your Xbox 360 to kernel
ÂÂÂÂÂÂ2.0.8955, otherwise you will loose the ability to run the JTAG hack and
ÂÂÂÂÂÂfreeBOOT.
ÂÂÂÂÂÂLaunch ibuild with the following parameters:
ÂÂÂÂÂÂ] ibuild x -d tmp\ -b [1BL key] -p [CPU key] bin\other8955.bin
ÂÂÂÂÂÂReplace [1BL key] with the 1BL key and [CPU key] with the CPU key matching
ÂÂÂÂÂÂthe "bin/other8955.bin" image.
ÂÂ 9. Copy the following files from the "tmp" to the "data" directory:
ÂÂÂÂÂÂ- aac.xexp[1,2]
ÂÂÂÂÂÂ- aac.xexp[1,2].meta
ÂÂÂÂÂÂ- bootanim.xex
ÂÂÂÂÂÂ- bootanim.xex.meta
ÂÂÂÂÂÂ- bootanim.xexp[1,2]
ÂÂÂÂÂÂ- bootanim.xexp[1,2].meta
ÂÂÂÂÂÂ- cb_[1940, 4579, 5771, 6750].bin
ÂÂÂÂÂÂ- cd_8453.bin
ÂÂÂÂÂÂ- ce_1888.bin
ÂÂÂÂÂÂ- cf_8498.bin
ÂÂÂÂÂÂ- cg_8498.bin
ÂÂÂÂÂÂ- createprofile.xex
ÂÂÂÂÂÂ- createprofile.xex.meta
ÂÂÂÂÂÂ- createprofile.xexp[1,2]
ÂÂÂÂÂÂ- createprofile.xexp[1,2].meta
ÂÂÂÂÂÂ- dash.xex
ÂÂÂÂÂÂ- dash.xex.meta
ÂÂÂÂÂÂ- deviceselector.xex
ÂÂÂÂÂÂ- deviceselector.xex.meta
ÂÂÂÂÂÂ- deviceselector.xexp[1,2]
ÂÂÂÂÂÂ- deviceselector.xexp[1,2].meta
ÂÂÂÂÂÂ- gamerprofile.xex
ÂÂÂÂÂÂ- gamerprofile.xex.meta
ÂÂÂÂÂÂ- gamerprofile.xexp[1,2]
ÂÂÂÂÂÂ- gamerprofile.xexp[1,2].meta
ÂÂÂÂÂÂ- hud.xex
ÂÂÂÂÂÂ- hud.xex.meta
ÂÂÂÂÂÂ- hud.xexp[1,2]
ÂÂÂÂÂÂ- hud.xexp[1,2].meta
ÂÂÂÂÂÂ- huduiskin.xex
ÂÂÂÂÂÂ- huduiskin.xex.meta
ÂÂÂÂÂÂ- mfgbootlauncher.xex
ÂÂÂÂÂÂ- mfgbootlauncher.xex.meta
ÂÂÂÂÂÂ- mfgbootlauncher.xexp[1,2]
ÂÂÂÂÂÂ- mfgbootlauncher.xexp[1,2].meta
ÂÂÂÂÂÂ- minimediaplayer.xex
ÂÂÂÂÂÂ- minimediaplayer.xex.meta
ÂÂÂÂÂÂ- minimediaplayer.xexp[1,2]
ÂÂÂÂÂÂ- minimediaplayer.xexp[1,2].meta
ÂÂÂÂÂÂ- nomni.xexp1
ÂÂÂÂÂÂ- nomni.xexp1.meta
ÂÂÂÂÂÂ- nomnifwm.xexp1
ÂÂÂÂÂÂ- nomnifwm.xexp1.meta
ÂÂÂÂÂÂ- signin.xex
ÂÂÂÂÂÂ- signin.xex.meta
ÂÂÂÂÂÂ- signin.xexp[1,2]
ÂÂÂÂÂÂ- signin.xexp[1,2].meta
ÂÂÂÂÂÂ- updater.xex
ÂÂÂÂÂÂ- updater.xex.meta
ÂÂÂÂÂÂ- updater.xexp[1,2]
ÂÂÂÂÂÂ- updater.xexp[1,2].meta
ÂÂÂÂÂÂ- vk.xex
ÂÂÂÂÂÂ- vk.xex.meta
ÂÂÂÂÂÂ- vk.xexp[1,2]
ÂÂÂÂÂÂ- vk.xexp[1,2].meta
ÂÂÂÂÂÂ- xam.xex
ÂÂÂÂÂÂ- xam.xex.meta
ÂÂÂÂÂÂ- xam.xexp[1,2]
ÂÂÂÂÂÂ- xam.xexp[1,2].meta
ÂÂÂÂÂÂ- xenonclatin.xtt
ÂÂÂÂÂÂ- xenonclatin.xtt.meta
ÂÂÂÂÂÂ- xenonclatin.xttp[1,2]
ÂÂÂÂÂÂ- xenonclatin.xttp[1,2].meta
ÂÂÂÂÂÂ- xenonjklatin.xtt
ÂÂÂÂÂÂ- xenonjklatin.xtt.meta
ÂÂÂÂÂÂ- xenonjklatin.xttp[1,2]
ÂÂÂÂÂÂ- xenonjklatin.xttp[1,2].meta
ÂÂÂÂÂÂ- ximecore.xex
ÂÂÂÂÂÂ- ximecore.xex.meta
ÂÂÂÂÂÂ- ximedic.xex
ÂÂÂÂÂÂ- ximedic.xex.meta
ÂÂÂÂÂÂ- ximedic.xexp[1,2]
ÂÂÂÂÂÂ- ximedic.xexp[1,2].meta
ÂÂÂÂÂÂ"[A, B]" means the file name contains either "A" or "B" at that position.
ÂÂ 10. Now you can build your kernel 2.0.8955 image with ibuild. To do so,
ÂÂÂÂÂÂ launch ibuild with the following parameters:
ÂÂÂÂÂÂ ] ibuild c -c [console] -d data/ -b [1BL key] -p [CPU key]
ÂÂÂÂÂÂÂÂÂÂ ./bin/my8955.bin ./bin/fuses.bin
ÂÂÂÂÂÂ Replace [1BL key] with the 1BL key and [CPU key] with the CPU key
ÂÂÂÂÂÂ matching your "bin/7371.bin" image. Since ibuild currently does neither
ÂÂÂÂÂÂ support Opus consoles nor Jasper consoles with large flashes, valid
ÂÂÂÂÂÂ parameters for [console] at the moment are "xenon", "zephyr", "falcon",
ÂÂÂÂÂÂ and "jasper". When ibuild completes successfully, you will find two new
ÂÂÂÂÂÂ files in the "bin" directory. The file "bin\my8955.bin" contains your
ÂÂÂÂÂÂ newly built kernel 2.0.8955 image, that will be booted by freeBOOT. The
ÂÂÂÂÂÂ file "bin\fuses.bin" contains the virtual fuse settings used by freeBOOT.
ÂÂ 11. In order to build the freeBOOT image, Python is needed. If you already
ÂÂÂÂÂÂ have Python installed, you can proceed to step 12.
ÂÂÂÂÂÂ The easiest way to run Python scripts under Windows is to install Cygwin.
ÂÂÂÂÂÂ You can download the Cygwin setup from here:
ÂÂÂÂÂÂ http://www.cygwin.org/cygwin/
ÂÂÂÂÂÂ Install Cygwin to any directory of your choice along with the these
ÂÂÂÂÂÂ packages:
ÂÂÂÂÂÂ - python
ÂÂÂÂÂÂ - python-crypto
ÂÂ 12. Open "build.py" with a text editor and look for these two lines:
ÂÂÂÂÂÂ # you need to fill in this
ÂÂÂÂÂÂ secret_1BL = None
ÂÂÂÂÂÂ Replace "None" with the 1BL key. This example shows you the format
ÂÂÂÂÂÂ in which the key has to be entered. The key itself is wrong.
ÂÂÂÂÂÂ secret_1BL = "\x01\x0F\x0E\x0C\x0E\xD6\x69\xE7\xB5\x67\x94\xFB\x68\x56\x3E\xFA"
ÂÂ 13. The freeBOOT image can now be built. Open a Cygwin shell and change to the
ÂÂÂÂÂÂ directory where you extracted the contents of this archive into. Launch
ÂÂÂÂÂÂ the Python build script with the following parameters:
ÂÂÂÂÂÂ ] python build.py bin/[console]_hack.bin smc.bin
ÂÂÂÂÂÂ The "bin\[console]_hack.bin" image is a standard JTAG hack image and can
ÂÂÂÂÂÂ be found at the usual places. The "smc.bin" is a patched SMC generated
ÂÂÂÂÂÂ by the Cygnos toolbox. When the build process finishes successfully, a new
ÂÂÂÂÂÂ image "bin\hack.bin" can be found.
ÂÂ 14. Program "bin\my8955.bin" to the Cygnos360 flash memory and "bin\hack.bin"
ÂÂÂÂÂÂ to the Xbox 360 flash memory.
ÂÂ 15. Power on your Xbox 360. If everything went correctly, you should see the
ÂÂÂÂÂÂ blue LED light up a few seconds later, followed by the usual boot
ÂÂÂÂÂÂ animation. If you power on your Xbox 360 with the DVD tray eject button,
ÂÂÂÂÂÂ XeLL will be loaded instead.
VI. What's Next
===============
ÂÂ - support for Opus consoles and Jasper consoles with large flashes
ÂÂ - further removal of security system restrictions
ÂÂ - easier build process
VII. Credits
============
ÂÂ My gratitude goes to all those who helped me get this new release done.
-----
ikari, 2009/11/21<!--c2--></div><!--ec2-->
Now if you will excuse me I will have to go and punch a wall (again) for accidentally and needlessly updating my main 360 before finally fixing my RROD 360 so I can play with this stuff. Oh and before anyone asks; if your 360 has been banned in this most recent wave you are out of luck as you will have had to have updated to get on live to be banned. New consoles do come with the "bad" bootloader (the first report was from a console built in late June) but you can still pull an old one from the shelves on occasion (note that we have just seen black Friday in the US so I you may have to visit a few shops to pull it off and even if you do chances are it will be an elite that has it).
Possibilities for the future:
I already floated region free, cheats and conventional game hacks but also included is the option for a second live probably based on system link. Basically this is the start of it all.
Update: Originality sent word that XBReboot v0.05 has also appeared. It works in much the same way but does not need dual NAND, link:
<a href="http://www.xboxhacker.net/index.php?topic=12981.msg88316#msg88316" target="_blank">http://www.xboxhacker.net/index.php?topic=...g88316#msg88316</a>