The Reset Glitch Hack Using the Matrix Glitcher.

CREDITS: This tutorial is based on the excellent Reset Glitch Hack tutorial made by Razkar and Tuxuser that is available in hic original and complete for in the download section of our website.

Required Hardware: Matrix Glitcher Matrix NAND Programmer or any other USB SPI Programmer to dump/flash the Xbox360's NAND Xilinx Jtag Programmer Cable Soldering Material

Required Software: Impact (from Xilinx Lab Tools) Pyton and Pyton Crypto NandPro V 2.0e or greater

Identification of NAND Size: As a first step we should identify the NAND size that is installed into the XBOX360. The skilled ones can simply read the NAND size directly from the code written on the NAND. The second solution is to go to the memory tab under the settings menu. If there is no memory unit shown there then you have a 16MB NAND. If there is a Memory Unit showing 214MB then you have a 256MB NAND. If there is a Memory Unit showing 451MB, then you have 512MB NAND.

1.Dumping NAND
Use the following diagram to solder your NAND Programmer

Open windows' command prompt and Launch NandPro D ump your NAND twice by using the read command for 16MB NAND :

nandpro usb : -r16 nanddumpname.bin

 Compare the two dumps with the following command (you can use MD5 Checksums too) :

fc

/b

nanddumpname.bin nanddumpname2.bin

You should see something like FC: No difference found. If the two dumps don't match, do a new dump and check again.

If you have a 256 MB or 512 MB NAND you can run the following commands: nandpro usb: -r256 nanddumpname.bin nandpro usb: -r512 nanddumpname.bin

2 .Installation of Python and Python Crypto

Install Python 2.7 (32bit!) with the default settings:

 Install PyCrypto 2.3 with the default settings :

To enable python in windows' command prompt, we will have to modify the environment variables . Go in Control Panel > System > Advanced System Settings

 Click on Environment variable

 Click on New in system variables

Add this for the name and the value of the variable :

PYTHONPATH % PYTHONPATH%;C:\Python2.7 ;

3.Creating the Hackimage

D ownload the gggggg-hack (from our website or from Free60-Git Repository). Put your original NAND dump in the root of the gggggg-folder and create a folder named output (in the root as well).

Open windows' command prompt again and navigate to the gggggg-folder than type this Python command (dont forget to modify it with your NAND dump name) :

python common/imgbuild/build.py nanddumpname.bin common/cdxell/CD common/xell/xell-gggggg.bin

You should see the following

The file image_00000000.ecc is located in the output folder now.

 Copy this file into your Nandpro folder and navigate to the folder via command prompt again Use the following command to flash the image to your console's NAND.

nandpro usb : +w16 image_00000000.ecc

/!\ Pay attention that you have to use the +w16 switch and not the -w16 one /!\

The flashed file has a size of 50 blocks so you should see 004F when the flashing is done.

10

4.Programming the CPLD

Power the Glitcher with 3.3V on the 3.3V pad and GND on GND pad. There are many solution to do this ... here are some of them : Use an old DVD drive supply cable by cutting 5 and 6 cable (3.3V and GND) and connect it to the a CK or the motherboard drive socket OR Solder the 3,3V pad to the J2C1. 8 point of the motherboard and the GND to a point of the motherboard like the legs of the various connector-metal casing. OR Use an external 3,3V power supply

11

Grab your LPT/USB XilinX JTAG programmer cable. Connect the cable to the PC and the CPLD.(If you don't have one, you can use GliGli's schematic to build a LPT JTAG Programmer)

Set up the Matrix Glitcher to work with your Phat or Slim model XBOX360 with two solder points as indicated below:

SLIM

PHAT

12

 Launch "iMPACT" (from XilinX Lab Tools) and let's start the programming ... just follow the images.(You have to setup the compatibility mode only if your Programmer does not get detected right away)

13

14

15

16

17

5.Wiring
Once programming is complete you can proceed directly to solder the Matrix Glitcher directly to the XBOX360 motherboard. Use the diagrams that are supplied together with this tutorial. A copy is available on the website.

18

6.Enjoy

You can now start your console normally and see XeLL boot within 2 minutes. You can now enjoy unsigned code on your slim.

7.Credits / Thanks

Thanks to GliGli and everyone involved in this hack. Thanks to Razkar and Tuxuser for making the original tutorial from which this version is derived. (The original is available in its integral form on our website.) Thanks to everyone that still thinks that hacking a console can be fun :-)

19