RGH 'roadmap' for n00bies

View previous topic View next topic Go down

RGH 'roadmap' for n00bies

Post by Corp Dwayne Hicks on Fri Apr 01, 2016 2:46 pm

This guide now contains R-JTAG information with a basic QA. It is designed for users who are new to RGH/JTAG/R-JTAG and want to carry out their mod in the least destructive way.


1. BEFORE you solder ANYTHING to the console:


Identify your console:

Slims

'Trinity' and 'Corona' Slim consoles can be RGH'd regardless of dashboard version.

Compatible chips:
Trinity - CR Rev A/B/C, CR3-Lite, CR3-Pro Full POST, DGX (written with RGX xsvf timings)
Corona v1/v2 - CR Rev A/B/C (with Corona upgrade QSB), CR3-Lite, CR3-Pro, DGX (written with RGX xsvf timings)
Corona v3/v4/v5/v6 - CR Rev A/B/C (with Corona upgrade QSB), CR3-Lite, CR3-Pro FakePOST, DGX (written with RGX xsvf timings).
Check your Corona version here - note that you will need a POSTFIX ADAPTER if POST_OUT1 trace is missing (Corona v3+)
All slims can use the Slim Proto & Proto v2 chip!

Phats

ii. Phat consoles with a HANA chip will be one of the following:

Zephyr - (16.5A ~12V)
Falcon or Opus - (14.2A ~12v)
(Falcon has HDMI, Opus doesn't).
Jasper - (12.1A ~ 12V)

iii. The only phat console to NOT have a HANA is:
Xenon - (16.5A ~12v) *No HDMI.

*Xenon consoles CAN be now RGH'd but due to instability we recommend this is used ONLY for DVD key recovery process: http://team-xecuter.com/team-xecuter...t-glitch-hack/

(Ratings can be seen from the rear of the console on the label itself)

Compatible chips:

For RGH 1/2, all Phat RGH consoles can use a CR Rev A/B/C or CR3-Lite. However features on certain revisions (i.e Rev B/C having a 100nF cap for PLL_BYPASS on RGH1 and CR3-Lite having many configurations for RGH1 and RGH2), performance of the glitch can be improved depending on the options selected.

Software / Dashboard versions:


Whilst hardware identification is crucial for compatibility, the Kernel version is even more so.

The restrictions on any exploit are down to the CB bootloader version. The dashboard version of your console is an indicator of whether the CB is exploitable, but it's not a hard n fast rule. Consoles which have been returned to MS for repair can come back with a changed bootloader but on a normally exploitable dashboard.

I've designed a quick reference table for type of exploit needed:



Dumping the NAND

J-Runner is the ideal tool for determining what phat console you have as it will tell you during the dump!

So run J-Runner and get 2 matching dumps of your console before you do anything else. Keep them safe (zipped up if needed) - they'll be in the 'output' folder of J-Runner named nanddump1.bin and nanddump2.bin.

Read this for help on dumping your NAND. Note, this is different to Corona v2/v4/v6 which needs a memory card reader and R/W NAND kit.

Next, fit the Coolrunner / CR3-Pro / R-JTAG based on what console and dashboard you have.

Flash the Coolrunner in J-Runner.

NOTE: CR3-PRO and R-JTAG ship with PRE-FLASHED code. Do NOT try to Write ANYTHING to them.

Try to boot the console with the stock NAND and the Coolrunner set to PRG (for CR3-Pro and R-JTAG, either desolder 5vSB or remove POST_OUT ribbon cable). IT SHOULD BOOT! If not, stop and look over everything you've done.

If it boots, carry on with the process (ensuring you took a backup of your NAND dumps from previously). At the very least you know the console was working before reading/writing to it and you have backups of your GOOD NAND dump!.


Q&A

R-JTAG

Q: I'm currently using a JTAG/RGH1/RGH2 phat console and I want to change to R-JTAG. What do I need to do?
A: Please follow the instructions below:

1. Return the console to stock by writing back the retail NAND. If you don't have this, you can build one which is suitable for JTAG (7371), RGH1(14699) or RGH2 (either 14719 or 15572 depending on fuseset 02 - see here for more details) using a clean SMC for your console type.
2. Remove the Coolrunner from your console as well as wiring. If it's a JTAG console you may be able to leave the JTAG wiring in place.
3. Remove any e-fuse protection you have in place. This may involve replacing R6T3 with a 10k resistor or unbridging U6T1 / U6T2.
4. Update the console to a *minimum* of 2.0.15572. If your console was already on 15572 or higher before it was RGH'd you do not need to carry out this step.
5. Provided your console is working ok at this point, you need to re-dump your console's NAND for the new dashboard file. You are safe to delete older NAND dumps at this point. Again, if you are already on 15572 or higher you don't need to carry out this step.
6. You can now carry on with the R-JTAG process.


General
Q: Where can I find wiring diagrams for JTAG/RGH?
A: Images can be located in J-Runner.

Q: Do I need to leave JTAG/Coolrunner/RGX in place once I have my CPU key?
A: Yes - this is essential for the exploit to be carried out. If you're returning the console to stock (aka the exploit was just used for CPU/DVD recovery), you can safely remove what you've added.

Q: Can I go online with a JTAG/RGH console?
A: It's possible to connect to Xbox Live, however due to the nature of what the exploit does, don't be surprised if you're banned within a 12 hour period. TX do NOT recommend or support going on Xbox Live with a JTAG/RGH Console. In the case of RGH2 consoles (and R-JTAG), if you fit a dual-NAND device to your console (eg DemoN), you effectively have two consoles which you can use the retail NAND for Xbox Live and the RGH NAND for running unsigned code (offline).

Q: My JTAG is on 7371 / My RGH1 is on 13604 / My RGH2 is on 14719 - does this mean I can't play the newest games without losing my exploit?
A: Not at all. Your starting dash version has no bearing on what dashboard you can build for your console.

For example, a JTAG Falcon has a CB of 5770. When you build a JTAG image for 16537, J-Runner/xebuild etc will use the exploitable bootloader of 5770 in your image (instead of 5774) and your JTAG will work just the same as before, with the added benefit of the latest kernel release.
avatar
Corp Dwayne Hicks
Admin

Posts : 73
Reputation : 0
Join date : 2016-03-12
Location : London

View user profile http://vintagetechrepairs.forumotion.co.uk

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum