Hey there.

So... you use an ad blocker. That's cool. Sometimes we do too.

But without ad revenue, we wouldn't even be here. And we might not be here much longer.

Please disable your ad blocker and click to continue.

  1. #1
    Join Date
    Apr 2005

    Tmbinc Releases Imgbuild for Homebrew JTAG XBox 360 Hack

    Today Tmbinc has released Imgbuild along with some documentation for use with the upcoming Homebrew JTAG XBox 360 Hack.

    To quote: As a first step toward a "release", I've committed the tool to build an image suitable for the hack, as well as some additional information and a description of "how it works".

    I understand that not all of the required binaries are available right now, but we'll work on provider ways to derive them from nand dumps. But those of you who are able to recover the required binaries should be able to build an image which boots right into xell.

    There are 3 things that we have to take care about:

    - The 1920+ CB/CD. If somebody has a 1920 box, just do the timing attack, extract your cpu key, add that cpukey into "decrypt_CD", and use that image. You'll get the decrypted CB/CD in your "output"-directory. I'll then describe how to build the 1921 and the other CDs from that.

    - the hacked SMC for kicking off the read. You basically need to add writing to the nand command register in command 04. The command you need to write is 07. I can explain this more, but there are people who understand the SMC code much better than I do, so maybe they can drop in here.

    - the SMC JTAG stuff, which Tiros wrote, so you only need to add resistors instead of a uC.

    The generated image will run on all boxes of that type [Xenon (no HDMI), Zephyr (HDMI, but 90nmCPU/80nm GPU), Falcon/Opus (60nm CPU) or Jasper (new Southbridge, 60nm GPU, 60nm CPU)]. So we need 4 images in total, nothing more.

    But for each box type, we need to extract a decrypted CD *once*. Due to copyright reasons I cannot just put them up here, so I will give an explanation of *how you can extract those* instead.

    The CD.1920 is the simplest, so let's start with that one: Just TA, and use that to decrypt.

    1921 is more complicated, since we cannot TA those boxes, but you can patch CD.1920 until it matches the hash of CD.1921 (i.e. until you have the CD.1921 binary - this is not a hash collision, it's a "plaintext recovery"). If you have 1921, the other ones will be easy again. I can help here, but first step is 1920.

    More PlayStation 3 News...

  2. #2
    Join Date
    Mar 2008
    Very nice to finally be able to run homebrew on the later 360 models. Hopefully this will make it more interesting to brew stuff for the 360 altogether.

  3. #3
    Join Date
    Jun 2008
    Someone compile it, i'm too lazy..

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

Log in