› Foros › Xbox 360 › Exploits y homebrew
Alfalfa escribió:Falcon
Alfalfa escribió:Que diferencia hay al poner otro???.......sí.....tengo que aprender mucho jejejejej
Alfalfa escribió:He leido todo lo posible pero es muy lioso seguir tutos cuando hay obsoletos,nuevos y algunos que no abarcan todas las opciones presuponiendo cosas que no todo el mundo sabrá.....pero bueno....preguntando e investigando por google lo voy sacando.
lui567dexx escribió:Ya se puede actualizar a la ultima? recuerdo que se pudo pero habian modificado algo de autogg o parecido.
checho escribió:lui567dexx escribió:Ya se puede actualizar a la ultima? recuerdo que se pudo pero habian modificado algo de autogg o parecido.
AutoGG llega hasta el que necesita el último juego en el mercado(16747),no hace falta el 16767 para jugar a ningún juego hasta ahora.
osmodiar16 escribió:Y si una consola viene con 16767, ¿con cuál dash creo Xebuild?
Saludos
Alfalfa escribió:Bueno...voy a programar el Squirt v2 con un lpt casero....le doy a programar Glitch...Falcon...RGH2..en chip pongo Squirt y en la parte de programar Glicht LPT de jo exactamente lo que pone??? pone Port: 0x 378 y cable: Homebrew: EA253.....despues me sale seleccionar el archivo para programar...pero salen varios....cual selecciono exactamente para mi placa???
Alfalfa escribió:Bueno...voy a programar el Squirt v2 con un lpt casero....le doy a programar Glitch...Falcon...RGH2..en chip pongo Squirt y en la parte de programar Glicht LPT de jo exactamente lo que pone??? pone Port: 0x 378 y cable: Homebrew: EA253.....despues me sale seleccionar el archivo para programar...pero salen varios....cual selecciono exactamente para mi placa???
casca escribió:ps3maniaco25 escribió:Hola, tengo una xbox placa falcon con rgh2. El caso es que instalo el squirt y me arranca instantáneo el xell pero cuando flasheo el dash no me arranca el dash solo el xell. Nose si habrá algún problema con el autogg nuevo este beta que hay porque antes cuando lo llevaba black no me pasaba. Alguna ayuda o solución? GRACIAS.
Al tratarse de una Falcon no descartes usar una nand donada para intentar solucionar ese problema, por otro lado si crees que cuando AutoGG lo llevaba black te iva bien y ahora no, lo mejor seria que contactes con el y te haga uno especial para ti, ya que a todo el mundo le funciona menos a ti, saludos.
xeBuild 1.13
============
Introduction:
=============
xeBuild is a command line system image builder for JTAG, glitch, and clean images.
Run the xeBuild program with no (or incorrect) arguments to see it's usage info.
What's New:
===========
- add 16756, 16767
- minor bug fixes
- !experimental! g2 and g2m patches based on 13182 CBB for coronas using winbond memory
patch set for corona hardware issues that require 13182, use -r WB or -r WB4G on command line to select when building corona images
thanks to 15432 and DrSchottky for doing the heavy lifting for corona winbond patches
original release can be found http://www.hackfaq.net/main/xell_wb2k/
Mileage may vary, though it's possible these can also improve boot times of older corona models and possibly even some trinity machines (use trinity smc).
Also, it's unlikely vfuses will work fully on machines that have vfuse errors as mfg CBB patches never load them from NAND (CD onwards do still.)
Big thanks also to Team Xecuter for first bringing this problem to our attention, and working out and testing the solution that proved it by successfully booting xell
Current Limitations:
====================
- STAY THE HELL OFF LIVE! Nuff said, we're not you're mum.
How To Use:
===========
- See individual folders for lists of files to provide
- if desired provide replacement cpu and 1bl keys in text files
- open a command window in the xeBuild directory
- on the command line type, for example:
example - if you provided keys in appropriate text files
xeBuild.exe -t glitch -c falcon -d myfalcon myfalconout.bin
-t glitch = build a glitch type image
-c falcon = use falcon bl and patch set
-d myfalcon = a folder is present called "myfalcon" with per machine files, this uses it
myfalconout.bin = the file that will be produced
- type 'xeBuild.exe -?', 'xebuild client -?' or 'xebuild update -?' for command line info
Update and Client modes:
========================
Both modes require the supported updsvr running on the xbox, full functionality may require
updating console patches with the included hv patches. Both the PC and the xbox need to be on
the same subnet/LAN router.
Client mode is a simple way to read, write and patch flash as well as few other simple commands
such as the patch updater. The patch updater will look in the folders beside the exe for
{version#}\bin\patches_{type}.bin
which are full patches for whichever console and hack type, it will load and strip the patches
if needed and send them to the console. Note that only xebuild images are truly supported for this.
Most of the client mode commands should be available on any console, even unhacked devkits. See output
from 'xebuild client -?' for more information on the options available.
Update mode attempts to retain as much data about the console as possible, without having to
provide any info on the command line aside from optional/addon patches if required. After you
copy the $SystemUpdate folder into (in this example) the folder 16203 it is capable of taking
a simple command line like:
xebuild update -f 16203 -a nohdmiwait
It will fetch all the info from the console, and use the updater to update both the system flash
and avatar data on the console (provided you have an 360 formatted HDD internally in the console.)
It has some more advanced options to allow one to build the update image as well as dump the data
from the console as it's acquired, while even leaving the console data untouched. See output
from 'xebuild update -?' for more information on the options available.
Neither update or client image writes are able to affect bad blocks, but are able to write new ones.
If this happens mistakenly, an erase block command has been provided in client that will attempt to
clear the bad block - use with caution though, blocks get marked as bad for good reasons and is a normal
occurrence on NAND when a block becomes unreliable.
With big block machines, the server will attempt to retain any NAND mu data in the system area, provided
there is no system data to write in the image being sent. It's not foolproof, but update mode should not
corrupt NAND mu.
Example:
========
-take original console dump, put it in mytrinity folder as NANDdump.bin
-set CPU key and 1BL key in ini file, verify LDV from NANDdump.bin matches console fuses
if not set cfldv in ini file
-build (xeBuild.exe -t glitch -d mytrinity -f 13599), flash and hopefully life is good
.ini files:
===========
Just a word on the format... the ini parser is not very robust, the files need
to be plain ASCII, everything after a ; on a line is ignored, and spaces are
not acceptable (they get removed).
Things like CPU key and 1BL key, if present in the per box ini file need not be
placed anywhere else.
Optional Patches:
=================
Various optional patches are included for use with the -a option, they are:
nofcrt - removes fcrt.bin requirement on some drives
nohdd - disables detection of internal SATA HDD
noSShdd - disables internal SATA HDD with valid retail security sector
nohdmiwait - HDMI consoles will no longer wait or EXX screen when video is not ready
nolan - disables wired LAN to prevent E75/76/77 on machines with a damaged PHY
nointmu - disables jasper NANDmu, trinity 4G internal USB and corona 4G MMC memory units
blmod.bin:
==========
Changing the patches to the BL that follows the BL that is executing during glitch attempts
has a direct effect on whether a machine will glitch. The provided patches are generic
and work well on most machines, but this per machine build addon can now be supplied without
modifying the base patches to CBB or CD via a file in the perbuild folder, they will simply be
tacked onto the end of CBB or CD, and the BL size adjusted to include this new data in the hash.
Keep in mind, it can take multiple attempts and re-flashing with different binary data to find
something that will boot at all, let alone be more effective for your console.
blmod is currently not supported by update mode.
Note:
=====
- DON'T USE THIS UNLESS YOU KNOW FOR SURE THAT YOU NEED IT! Using an incorrect
controller config can result in problems remapping bad blocks (even manually.)
If you have a 16M jasper, an additional build type has been added
'jaspersb', by default the image will be built for jasper with big block
controller (config 00023010), use this alternate switch to build for small
block controller (config 01198010.)
Multi build/options example:
============================
when you specify -f 13599 on the command line:
13599\filelist.ini
is parsed instead of data\filelist.ini
Also the bin directory is used from
13599\bin\
instead of
bin\
allowing anyone to create multiple builds without multiple instances or
rebuilds/hex edits/hacks of the main app.
The example provided is the last version of 13599 patch set from dash launch and
other files to build freeboot 13599
example use:
------------
xeBuild -f 13599 -d myfalcon x13599out.bin
-f 13599 : use .\13599\filelist.ini, and .\13599\ for firmware files, .\13599\bin\ for patches
-d myfalcon : use .\myfalcon for per build files (cpu key, keyvault, security files, ini etc.)
x13599out.bin: override auto generated name and produce .\x13599out.bin as the final NAND image
note, if -d ***** is not specified it will still use the original /data and /bin dirs
Devkit image building:
======================
This feature is currently considered Beta/Work In Progress.
A new image target type was added, "-t devkit" which builds 64M flash images for devkits. Currently untested,
building with a 00 filled CPU key will create a zeropaired devkit image that may allow one to boot a software
bricked devkit that one does not know the CPU key for and recover it to an operational state. By powering on
the console with such an image present, with a recovery DVD in the drive, the recovery software should be able
to create a new keyvault, re-pair the DVD drive to the new keyvault, and allow normal operation once complete.
Normal devkit image building when one does know their CPU key and thus has security files and keyvault should
work as expected.
Building devkit for glitch/jtag is also possible using the standard -t glitch/jtag methods. Sample ini
have been provided with this release, but will not work unless patches and files are supplied. Note that devkit
is not our focus, but was relatively easy and straight forward option to supply for those that wish to make
use of it.
jasperbigffs:
=============
Those who use large block NAND are now able to nearly double the size of the system file area
with this option with no apparent ill effects. Normally this option wouldn't be needed, but if one
wanted to experiment with more files in flash, or one was building a devkit image for a devkit with
a big block flash, this option is required.
support:
========
If you've found a bug or have a suggestion, please comment at
http://www.realmodscene.com/index.php?/forum/15-xebuild/ (English)
http://homebrew-connection.org/forum/index.php?board=8.0 (English/French)
Credits:
========
Without ikari this would not have been possible, thanks!
__ ____ ___ ___ _____
/ _|_ __ ___ ___| __ ) / _ \ / _ \_ _|
| |_| '__/ _ \/ _ \ _ \| | | | | | || |
| _| | | __/ __/ |_) | |_| | |_| || |
|_| |_| \___|\___|____/ \___/ \___/ |_|
[v0.10 - inspired by ikari]
R.I.P.
No this isn't freeboot, it is a clone and has always been since the last
release of ibuild.
Thanks and greetz to everyone who has contributed to hacking this
wonderful machine. Thanks to the engineers and countless others who made
the machine what it is... we only wish they had listened and RROD was
not a problem. If we were to list everyone here, there would be no time
left to play on the machine!
Thanks Team Xecuter for the Corona 4G! Thanks to JuggaHax, dayton360mods,
glitch360team and all other contributors for helping find a way to make Corona 4G golden!
Thanks to Free60, LibXenon.org, Redline99 and Tuxuser for providing xell builds <3
Thanks to Swizzy for making the official GUI front end for xeBuild, for always
adding the new stuff we shovel at him and never once complaining.
Big thanks to the folks at #freeboot on efnet for the tireless
hours of help you all give freely. Thanks to the testers who tirelessly
made sure stuff worked. Thanks to rgloader for doing the work yourselves,
there *is* no spoon, just a glitch in the matrix.
Don't believe what random people *cough* write on forums ..
-----
//2014
-----
Changes:
========
1.13
- add 16756, 16767
- add 13182 based corona configuration to retail ini
- fix a bug that froze file times to a default value for flash files
- update kernel patch for XeKeysConsoleSignatureVerification, content signed with a different keyvault (remote signed) will now reply as locally signed (v16747+)
- added additional trinity/winchester targets in case they are needed
- added noSShdd addon patch for 16767+, with this patch enabled retail drives with a valid security sector will be rejected
- experimental patch set for corona hardware issues that require 13182 (16767+) (thanks 15432 and DrSchottky!)
- reworked how update mode works on glitch images, it now retains the bootloaders from the console instead of rebuilding from files (making it simpler to update the new corona patches in the future)
- added new addon patch 'noSShdd', disables hard drives with a valid security sector (thanks tuxuser!)
1.12
- check FCRT.bin signature with PIRS_pub.bin or MAST_pub.bin if available (selection based on content)
- check DAEP signed signatures in DAE.bin (usually 2) with PIRS_pub.bin if available
- check CRLP signed CRL.bin signatures with PIRS_pub.bin if available
- fix mobile extraction stalling process on corrupt NAND
- do not patch boot reasons into flash header for devkit and retail builds, only glitch and jtag
- added patch to kernel to attempt to block network until launch.xex has loaded (if available)
- add -o smcnocheck to image build options/ini; avoids fatal build error if smc is unknown
- add 16747
- fixed: was not automatically creating all the folders for 16747 avatar data to be valid
1.11
- fix a bug which caused an infinite loop when a mobile*.dat was smaller than 512 bytes - Foo you too mobileE.dat! (thanks blakcat!)
1.10
- add 16547
- fix a bug with build mode mobile*.dat extraction when multiples of the same settings are stored in the same block but version number does not increase
- minor fixes
1.09
- now checks devkit BL (SB/SC/SD/SE) signatures/built in hashes while building devkit images
- adds client -i <d> method (now with less bugs, thanks blaKCat!)
- client -i wasn't showing cpu/dvd key (thanks blaKCat!)
- fix bug in freeboot (JTAG) core that caused options and poweron reason to be ignored (thanks siz and swizzy!)
1.08
- align patch slots properly on glitch images
- add ability to make zero-paired dual cb images (retail/glitch)
- unknown devkit smcs were not being checked properly and always reported hacked
- added support for 'blmod.bin' per-build file, can assist fine tuning glitch machines that don't play well with standard patches
- added CPU key corruption checks
- added a secondary check on nanddump.bin size after determining big block/small block
- added new build target, glitch2m, which uses mfg cba to boot with virtual fuses (only trinity/corona, 16203+)
- added nolan addon patch for 16197+ for those with bad wired lan phy getting E75/76/77; should not affect wireless dongles
- consolidate internal memory unit disable patches into nointmu addon, Corona 4G internal memory can now be disabled (16197+)
- added integrity checks for: blocks that appear to be remapped but are outside the remap area; CF slot size
- updated all patch sets to use hv built in memcpy (better peek support for things that require 64bit reads like 1bl ROM)
- check for SU container in version\$SystemUpdate subfolder as well as version folder
- nonces will attempt to be kept when providing NANDdump.bin (some claim this affects glitch boot times, makes differential flashing more effective)
- Xstress.settings has been renamed to Manufacturing.data
- update jtag freeboot core to V0.9 to use options stored in flash header instead of patched directly into the binary
- added update and client mode
- -d options no longer need to be relative to the exe launch path
- checks keyvault signature (if present) when MAST_pub.bin is available from update server or file in .\ or .\common\
- checks CB/CBA signature when 1BL_pub.bin is available from update server or file in .\ or .\common\
- updated xell builds to XeLL_Reloaded-2stages-v0.993
- add 16537
1.07
- trinitybigffs added (big block devkit sized file system for trinity)
- -s option added to create a .sha1 file along with the final image
if no arg is provided, the final image name will be used with .sha1 appended as extension
- change behaviour of patchsmc
- add 16203
1.06
- fix an issue with identifying FCRT console from keyvault (thanks stefanou!)
- corrected some status message typos
- added sanity check to bl patcher
- added (starting with 16197) fcrt signature check patch (supports swapping drive + kv/dvdkey + fcrt on drives/consoles where nofcrt does not enable game disks)
- added 16202
- correct 16197/16202 nohdd patch to disable only the hdd, not every SATA device
1.05
- tidy ini_creator output a little
- colons were not being removed from macid string in ini file, fixed
- added corona4g build target and dump parsing, NANDdump.bin should be minimum 0x3000000 bytes from corona mmc machines (no spare data)
- Xstress.settings will now be kept along with other mobile data
- added flash header sanity checks
- adjust dump loader to allow for 64bit file sizes
- build process will no longer complete a retail image if smc is patched or a jtag image if smc is unpatched. Apparently a big fat error warning isn't enough.
- added some older retail.ini, added new switch to allow selecting specific bl configs (if making images with patches, the switch is appended to patch names as well)
- add 16197
1.04
- blacklist sysupdate.xex* as flashfs files, these are auto generated files representing data that overflows the patch slot
- add console ID, motherboard serial number, serial number and mfg date to final output (when available)
- add in corona support files for 15574 and 14719, thanks again to Team Xecutor's RGH crew for
providing the exploitable BLs!
1.03
- updated patches to remove CON sig checks, still allowing the patched check to report if the CON was signed by this machine
- updated glitch patches to remove CF LDV check (keep in mind updating a fat to 14717+ requires rewiring CPLD for less stable glitching)
- modified [flashfs] category
- can now take longer paths as well as absolute drive paths, spaces not allowed (ie: ..\common\filename or H:\somepath\filename)
- items without a crc will not be sought outside the given path or filename (relative paths are based in the firmware folder, xexp filename mutations will NOT be applied)
- items with a crc will be sought in given path, system update, NANDump.bin then common folder
- fix 16M corona smc extraction from NANDdump.bin
- correct NANDmu option so it properly defaults to false
- add 'jasperbb' console target (same as jasper256 and jasper512)
- correct bug in hv patches in 14717/14719
- added smcnoeject and smcnoblink options (only patches jtag/glitch smcs)
- changed glitch image CD patches to not require dynamic patches (should be more stable)
- add 'demon' option, currently only sets the same speed as cygnos uart speed
- add 15574
1.02
- improved feedback when mangled or incorrect option values are found in options.ini or command line
- fix bad LBA due to using a small block controller flash image on a big block machine
- added patch to all versions to skip yet another minimum version check (mostly affected default.xex on root of USB)
- add optional nohdmiwait patch to 14717/14719 (console won't pause bootup waiting for HDCP handshake when TV doesn't respond)
known side effect: occasionally when the TV does finally sync dash will restart (forced to metro even if using dash launch)
- now retains Statistics.settings from a NANDdump.bin and can load the data from perbuild dir along with other mobile data
this data is found in the block preceding smc_config
- can now obtain CF/CG and flash files from su20076000_00000000 (system updater container) when placed in firmware folder
- bls besides CF/CG must still be provided externally
- .xex/.xtt files that only have update/.xexp in the container still need to be provided externally
- new option 'nosusecurity' added to command line and ini to skip using security files from system update container,
external files provided in perbuild directory take precedence over any other security files found (order: file, su, dump)
- now attempts to retrieve files not found in firmware folder or update container from NANDdump (if provided)
- common folder added to scan path for alternate bootloader location
- now respects setting bool options on command line to false instead of enable only, and overrides/ignores enable options set elsewhere
- fixed regression around remapping blocks when wear area has bad blocks
- jtag uses second CB to enumerate fuse values, displays virtual fuse set at end of bl encoding stage in verbose logs
- revoke NANDdump.bin that has had zeropair data overwritten and big block images that had bootloader data overwritten with incorrect NANDpro args
- fixes for big block retail images (patch slot offset and reserve blocks value)
- BIG thanks to Team Xecuter's RGH crew for snagging fat dual CBs
- add glitch2 build type, uses console type as base for patch file names (ie: patches_g2falcon.bin)
- add 'notrinmu' optional patch for 14717/14719 to disable trinity internal 4G memory unit access
- add 'nohdd' optional patch for 14717/14719 to disable internal hard drive access
- fixed a bug relating to relative paths
1.01 update pack 1
- fixes a bug with ini creator, wasn't outputting non CB/CD bl data
- add 14719
1.01
- minor bugs fixed (extended.bin, kiosk button not displaying)
- invalid secdata.bin and extended.bin will be cleanly recreated instead of failing build
- can now accept decrypted kv.bin without messing it up
- fixed a bug with long version strings in firmware .ini files
- fixed fatal exception when patch file is not found
- added -i flag to specify additional addon component for ini/patch file name
- corrected NANDmu warning to only say xebuild will attempt to keep this data when the option is set
- added additional jasper build mode jasperbigffs, results in a non-standard and much larger system file area (approx 32MiB larger)
- patch slot address for glitch/retail images is now dynamically assigned (first block after xell/first block after CE)
- devkit image building added
- if pairing value can't be found in dump CF/CG it will attempt to be extracted from CB
- smc size and address made dynamic (mainly for corona+)
- corrected typo/problem with FAT bitmap creation
- cache decrypted keyvault, refine messages regarding FCRT and output dvdkey at the end
- logs/outputs expected/possible fuse values for console sequence bytes in CB
- add dvdkey to ini and -o, to set dvd key in keyvault before writing it to the new image
- fixed a possibly critical bug when parsing NANDdump.bin FS entry
- correct EU/AUS smc game region output
- NANDdump flash controller detect recoded, now only requires block 0 be not remapped
- fixed unhandled exception when -o option that requires = did not have =
- updated bl patches for all jtag machines and trinity (rgh fat doesn't need) to remove smc size = 0x3000 limit
- fixed bug that was causing 2nd patch slot on retail builds to contain unneeded data
- added fuse mask output while processing CB
- added 14717
- added patch to trinity 9188 CB_B to bypass fuseline 2 revocation check
1.00hf
- hotfix - jtag images were being created with incorrect patch file number (xexp1 instead of xexp2)
1.00
- gets security files from NANDdump.bin and verifies them (odd.bin is currently not processed)
- option added to disable extracting security files from NANDdump.bin
- decrypts perbuild security files for verification (crl/dae only currently, updater files work too)
- zero nonce data in bls before checking crc (included file lists updated with new crc and explanation)
- fixed a bug with mobile extraction
- fixed a bug with fsroot processing
- (glitch) dynamic SMC patcher, no longer limited to hard coded hash/offsets
- added more SMC hashes to verify known clean SMCs
- will attempt to decrypt external encrypted smc.bin if needed
- whitelist more chars in the file list parser
- altered so that pairing value will be retrieved from NANDdump.bin even if ldv is set in ini
- dual CB is dictated by ini, "none" filename indicates single CB (jtag does not use dual CB)
- increased logged info when adding files to flashfs
- odd.bin in encrypted (only!) form is now handled (from file or NANDdump.bin)
- ini options are now available as -o options on command line
- added -t command line flag for glitch/retail/jtag selection
- JTAG image creation merged
- separate retail/glitch/jtag into individual per-firmware ini lists
- added -noenter command line option to suppress application asking to press enter on completion
- added proper errorlevel exiting, 1=usage/commandline error, 2=file write err, 3=image build error
- add 'cygnos' and 'xellbutton' options for glitch images with appropriate bl patches (either may affect fat glitch boot rate!)
- non-critical spare data fix to the way smc config is added to image
- update freeboot core and glitch base patches to accept a secondary xell poweron reason
- rewrote extended.bin handler, given an invalid/undecryptable file it will create a empty extended.bin
- rewrote keyvault handler, can decrypt and verify kv.bin when it's provided encrypted
- added patch append -a command, and converted nomu and nofcrt to optional patches
- added simple explanation of patch file formats in about_patches.S
- changed noNANDmu option to NANDmu so it can default to false
- added corona and winchester console types, currently not supported but there if needed
- add 14699
0.33
- corrected bug with ini parsing and dvd region (and others) left blank
- add 13604
0.32
- slim/fat glitch image building (based on fbbuild 0.32)
- builds retail images with -retail command line option
- added autopatch smc option in per box ini file
- extracts pairing value and highest LDV from NANDdump.bin
(ini cfldv setting overrides NANDdump ldv)
Dash Launch 3.13
----------------
Known Issues:
----------------
- *** WARNING ***
One of the testers observed a console reaching out to live despite liveblock only
when fakelive or autofake was enabled. If you intend a keyvault to not get banned,
do not use it on a glitch/jtag machine!
- Autologin pop-up blob does not display properly... live with it.
Currently the project is missing the following supported translations:
Japanese, Korean, Chinese Simplified, Chinese traditional
Currently supplied translations:
English, French, Portuguese, Russian, Spanish, German, Italian, Polish
The skin pack includes the sources used to skin dash launch as well as the
string files if anyone wishes to create a translation to one of the above
languages (including English, as I know my explanations are not always easy to
understand.) Also included is a c# based editor for the string files to assist
in translation.
External fonts, background image and skins may be used by this,
simply place skin.xzp and/or font.ttf and/or background.png (1020x720) beside
default.xex. If neither location has a font file supplied the system font
on flash will be used.
================================================================================
Overview - what it does
================================================================================
- It will launch a XeX or CON file from the path you specified in launch.ini
as long as it's valid
- Depending on the button you hold when the xbox is trying to load the NXE, it
will divert to the xex/con tied to that button or return to default as
defined in launch.ini
- At boot time it is possible to subvert default item and/or NXE loading, but
you must wait until the controller syncs to do so
- Depending which button is held when closing miniblade in NXE (use Y button to
close, release then hold a QL button) it will quick launch a CON or XEX
from your ini file
- allows one to patch kernel/xam at bootup with a freeBOOT patch style bin file
from usb or hdd (in that order) must be in root of the device and be named
"kxam.patch" and be no larger than 0x4000 bytes. Again, kxam.patch binary
format is the same as a compiled freeboot patch bin, but uses real virtual
addresses rather than offsets - as of 2.22 the first 32bit value must instead
be the version of the kernel the patches apply to
- with the included patch set, launch.xex acts as a helper to detect when
xbox1 emulator loads, allowing memory unlock patch and xbox1 emulator
to function together
================================================================================
Installation
================================================================================
- have the required hacked kernel version installed on the console
- get the installer to a place where you can run it, and do so. Follow onscreen
instructions if any. The installer will prompt you if it needs to update the
kernel/hv patches and will give you an opportunity to configure stuff.
- edit the options, and dont forget to save them somewhere if you want them to
be applied next boot. Don't forget to set configapp to the installer, so
you can go to it any time via miniblades' system settings (hold RB to go to
real system settings)
- the back button is your friend if you are wondering what button to push
================================================================================
Updaters and Avatars
================================================================================
- this version of dash launch contains an update blocker that is enabled by
default. There are two ways around this if you wish to install the bits and
pieces used by the dash for kinect and avatars
1 - place the updater that matches this version on removable media, and
rename the folder from $SystemUpdate to $$ystemUpdate
----OR----
2 - place an ini where dash launch can find it and set the noupdater option
to false - noupdater = false
Updates seem to work best if memory stick is inserted while in official dash
****
NOTE that some games WILL prompt you to update the console if avatars are
not installed, this doesn't mean they have an update to actually put in, it
just means it needs avatar/kinect bins/resources to run
****
================================================================================
LIVEblocker
================================================================================
- if you are like me, and keep your consoles off the net then this option is
for you. It's capable of blocking the resolution of the LIVE specific
servers and does so by default, with an additional option in the ini file
it will attempt to block access to all MS servers. The default option is
set up to block only LIVE servers, which still allows programs like FSD to
access covers and such. The blocks lists are:
weak:
^xemacs.xboxlive.com$
^xeas.xboxlive.com$
^xetgs.xboxlive.com$
^xexds.xboxlive.com$
^piflc.xboxlive.com$
^siflc.xboxlive.com$
^msac.xboxlive.com$
^xlink.xboxlive.com$
^xuacs.xboxlive.com$
^sts.xboxlive.com$
^xam.xboxlive.com$
^notice.xbox.com$
^macs.xbox.com$
^rad.msn.com$
passport.net$
strong:
xboxlive.com$
xbox.com$
nsatc.net$
microsoft.com$
passport.net$
bing.net$
msn.com$
where:
somedomain.com$ = ends with somedomain.com
^somesub.somedomain = starts with somesub.somedomain
^somesub.somedomain.com$ = is exactly somesub.somedomain.com
================================================================================
Important - going to NXE
================================================================================
- if you need to go back to NXE and have default item set in ini, HOLD RB while
exiting game via miniblade or exit using one of the miniblade options like
family settings
================================================================================
INI notes
================================================================================
-it's possible to have multiple ini files, priority is as they appear in the list
(** it is NOT recommended to launch USB con/xex from hdd ini **)
the first one found on the devices in that order will be the one used at boot.
-see http://code.jellycan.com/simpleini/ for more info on the ini parser
================================================================================
autoswap option functionality
================================================================================
GOD ie:
disk1 = Hdd:\Content\0000000000000000\01234567\00004000\01234567890123456789;
will have 01234567890123456789.data folder beside it
disk2 = Hdd:\Content\0000000000000000\01234567\00004000\98765432109876543210;
will have 98765432109876543210.data folder beside it
EXTRACTED ie:
disk1 = Hdd:\games\somegame\disk1\default.xex;
disk2 = Hdd:\games\somegame\disk2\default.xex;
- GOD/NXE disk rips on the same media in the same folder will automatically
be found with no special naming convention
- EXTRACTED games with the naming above for each disk with the disk# folders all in
the same folder on the same media will be found without an ini file
- swapping between disks contained on different media is not supported
================================================================================
Caveats
================================================================================
The work herein is presented as-is, any risk is solely the end users
responsibility. While all of us are sorry when unforseen things happen, not
every situation or mistake can be accounted for before they have been
spotted. Please use responsibly.
================================================================================
Support (report bugs/request features)
================================================================================
english: http://www.realmodscene.com/index.php?/forum/14-dashlaunch/
french/english: http://homebrew-connection.org/forum/index.php?board=7.0
================================================================================
Thanks
================================================================================
-Big thanks to those who opened the way and those who made it even more usable.
-Thanks to Tux, Arbiter, stk, the2000, Corrupted, tk_saturn and Toddler for all
the bugs you caught trying to sneak by
-Thanks AmyGrrl for passing along the glitch and new ideas
-Thanks to Tux, Ironman, JPizzle and Dionis Fernandez for helping procure a
Jasper big block console to extend testing and fix NAND MU corruption bug
Dionis - you went above and beyond
-Thanks to vgcrepairs for providing the cygnos, dash launch likely wouldn't
exist without one
-Thanks to the FSD team, without your cheering this rewrite would have never been completed
-Thanks to Nate and Anthony for constantly reminding me that no, I'm not alone
-Thanks to FBDev and mojobojo for the data used for the patch options
-Thanks to sm32
-Thanks to unknown, you know why
-Extra Special thanks to SpkLeader, Boflc, and LordXBig
-Big thanks to Swizzy, the least bit for debugging readmes
-Thanks to XeBuild, keeping us on our toes and up to date
-Greetz to XeDev and RgLoader
-Thanks to Team Xecuter for thinking towards the future
-Thanks to vladstudio.com for "night launch"
-Thanks to Razkar for always spotting the hard to spot bugs
-Thanks to Danny Lane for doing a bunch of testing on Corona 16m
-Thanks Juvenal for being the best sarcastic a**hole there ever was
-shouts out to E Nellie and D33per, thanks to you this is still a sourceless release
~brought to you by cOz~
//2014
================================================================================
To Do
================================================================================
- fix hud loading of nxe rips
- everything else
================================================================================
Known Bugs
================================================================================
- some well used NAND images with earlier versions of DL already installed seem
incapable of being updated with larger sized files, it is recommended for
the time being to make a clean NAND image with the most recent/up to date
image builder if you run into this issue
- nxe disk rips when launched from 16197+ metro still work, if you get an err
dismiss it and launch again (it's a resource busy issue in official dash)
- some situations are causing a black screen when starting installer, it somehow seems to
be related to USB devices and/or signed in profiles. If you run into this issue, try the debug
version of installer - it's slower because it's logging to disk but apparently works fine.
- I'm sure you'll find some bugs, please see the links earlier in this doc
for a place to post them where they will be seen
================================================================================
Supported Versions
================================================================================
at time of this writing, this is ONLY compatible with RETAIL kernel versions:
9199, 12611, 12625, 13146, 13599, 13604, 14699, 14717, 14719, 15574, 16197, 16202, 16203,
16537, 16547, 16747, 16756
13599 is the first glitch version supported (embedded patches)
14717 is the first glitch2 version supported (embedded patches)
================================================================================
ChangeLog
================================================================================
V3.13
- add 16756, 16767
- add UTF8 to the ftp FEAT list, improves non-ascii name support
- can now place up to 10 title IDs in ini for autofake to enable fakelive at title startup
- fix dvd game/video loading from official dash tile
- added autocont option (yeah it's not a network option really, but relies on autofake so its right near it)
- changed how contpatch works, added/separated into xblapatch and licpatch (the Lets Try Find The Problem Blindly edition)
- made number value entry in installer a little more consistent
- added a check to launch.xex for lhelper.xex in flash to prevent E71 error screen
- updated built in update server to V3
V3.12
- default behaviour of live block is now to use strong block rules (at least until ini is loaded)
- fix compatibility issues with dashes created before AP25 was deployed (spoof the AP functions on older versions)
- limit fakelive/autofake to 14717+ kernels
- add export so plugins can find out where they were loaded from during dllMain() (it's volatile, copy it in Main() if you need it!)
- update 16547 patches to delay network bringup in xam until launch.xex loads
- add trinity internal usb to hddkeepalive (for those that have a usb hdd hooked up there)
- add 16747
V3.11
- more thoroughly check display names in xcontent header if english name is not present (TODO: check if this applies on launch items too)
- yet another correction to the dev kernel checks (thanks tydye and XDK!)
- add 16547
- fix autoswap for going from disk 2 to 1 (DS3) (thanks c.... and Swizzy for the report!)
- made launcher mode useful if dl is not running
V3.10
- fix for 13599-14699, dash launch patch sets were missing trinity patches
- fix bug that was misidentifying trinity as a fat glitch1 when updating patches (sorry everyone!)
- prevent too frequent polling for network address (should fix black screen on some consoles when ethernet disconnect helped)
V3.09
- fix in update server for corona 16M consoles (thanks Danny Lane!)
- added exception logging to installer
- fix some minor bugs
- *known issue* some situations are causing a black screen when starting installer, it somehow seems to
be related to USB devices and/or signed in profiles. If you run into this issue, try the debug
version of installer - it's slower because it's logging to disk but apparently works fine. (thanks again Danny!)
V3.08
- tweak xelllaunch, see it's readme for how it's changed
- all patch sets updated to support xebuild update server full use
- added xebuild update server and related options
- fixed a bug with signnotice on 13604 (and probably older)
- changed farenheit to fahrenheit everywhere it wasn't before
- added 16537
V3.07
- added 16203
- hopefully all cpu/dvd keys will display fully in installer now
- fix description spelling error (F/C)
V3.06
- fix power/guide boot time paths when fakeanim is not used (thanks mass3n!)
- fix hddalive task being scheduled as a title task and not surviving title changes (thanks moulder!)
V3.05
- add 16202
- update spanish translation (thanks gromber!)
- fix remotenxe and windows button on remote not booting to dash (thanks spkleader!)
V3.04
- kinect health message block fixed for 16197
- updated polish translation (thanks Pelcu!)
- fix CIV hook issue, may break some titles that use CIV (a gamy Call of Decay: Body Odor 2 now works)
- lump updater version limit patch into noupdater option so it can be disabled
- improved installers ability to prevent install on unsupported kernels (including devkit and unsupported retail versions)
- installer will now only offer to update, if the embedded version is newer than currently running one
V3.03
- some commented code made contpatch non-functional on untouched demo containers
- added polish translation
- add nohealth option, disables kinect health pseudo video at game launch
- add autofake option, when enabled fakelive functionality is enabled during dash and indie games only (thanks BioHazard!)
- added some failsafe code to lhelper and launch to ensure auto profile signins occur
- moved boot time quick launch button check to lhelper, it now occurs at the point where bootanim freezes (approx)
- removed bootdelay option, it should no longer be required
- add corona 4G memory unit path
- add fakeanim path
- fix bugs related to Guide/Power paths
- add PIRS type content to installer launch item parsing
- add nooobe option, disables setup screens when settings already exist
- dash launch now patches xam to prevent flash updates from appearing when updaters newer than current are on devices
- wired controller poweron causes should now be recognized from all ports for Guide path
- added new option 'fahrenheit'
- add 16197
- removed button debouncing, A and Y are more useful exiting from miniblades but will be touchy on older dashes
- add corona bl detection to xelllaunch
- added a few more domains to liveblock
V3.02
- add italian translation - thanks Gnappo!
- correct mobo/edram order in shuttemps and installer
- update Spanish translation
- correct version number
- add RThumb and LThumb for paths (analog controller button when you press them down)
- add autoswap option for multidisk games (see notes above)
- remove beta tag
- add 15574
- correct bug in hv patches in 14717/14719
- add poweron reason to tembcast data, document struct sent in the supplied .py script
- fixed problem with loading on older (<13xxx) firmwares, thanks KneelB4ZD for the donor image!
V3.01
- add Russian translation
- add Spanish translation - thanks Gromber!
- add German translation - thanks Tuxuser!
- altered DNS blocker to fail dns requests on block instead of succeed to loopback address (speed improvement)
- fakelive now forces DNS blocker to be on (thanks uzi for the heads up! IG 4tw!)
- installer: launch button now can launch indie games, they MUST be in their proper content path to detect/work
autosets fakelive (and dns blocker) on when launching indie games via installer
- going to system settings from installer now goes to official system settings (if nosysexit is not true)
- added new option "shuttemps" which displays temperature data on the shutdown scene (hold guide down)
thanks to Dwack for the idea, sorry it took so long
- added basic ftp (based on ftpdll)
- reduced default bootdelay to 0x1E
- new option 'devprof' allows devkit profiles to work on retail firmware
note any changes such as saving games or getting achievements will resign the profile with the current/retail keyvault
this seems not to affect glitch/jtag dev crossflash, but could affect true devkits
- new option 'devlink' to allow system link with devkits, ping limit is still separate (thanks Anthony for devlink!)
- updated patches to remove CON sig checks, remove restrictions on xekeys (thanks Redline!) and add hvpeek api to keyed syscall
- add glitch2 to xelllaunch, force file sizes to be 4 byte aligned (thanks Juvenal!)
- nxe disk installs can now be started like GOD containers
- blacklist devkit firmware during installation checks
- changed dlaunchGetOptInfo to give a more useful category instead of the internal bitmask
- changed filters to be inline and use the new categories
- add external options to the ini file (ftpserv, ftpport)
- can launch elf via embedded xell stage1 (thanks libxenon devs!)
- added info button in misc page
- show CPU key, DVD key, console ID, console serial number, MAC address and decrypted XVal (0 is no violations)
- allows adjusting fan settings and smc_config target temps and optionally saves them to flash
- added external option calaunch for config app, so it will start in the launch option instead of normal options
- load external skin/background/font to memory so the files are no longer held open
- prevent dash launch from taking over signin, create profile (was waiting infintely) and skip in metro startup/login screen
- change trap hook method so nate's awesome xbdm does not break across load/unload of dash launch
v3.00
- as with V1->V2 this is a nearly complete restructure and rewrite, expect bugs
- rewrote all hooks and tasks to be unhookable/stopable
- installer can now unload any existing v3 xex and/or start dash launch without rebooting console
- installing over v2 or installing patch updates still requires reboot
- setup exports for managing all options from external programs
- stop exception recovery from firing a new launch/bubble message more than once in a ~4s window
- add 'configapp' path, if it exists going to miniblades -> system settings will start this program
- rewrote installer a little to be marginally better
- ini category [quicklaunchbuttons] is now simply [paths]
- add 'nonetstore' option (hides network storage in disk dialogs)
- hook XexpVerifyXexHeaders and XexpLoadImage to detect retail encrypted xex with bad signature
and fix the image key (thanks Anthony!)
- safereboot is no longer tied to fatalfreeze, reboot requests when this is set to false will be
redirected to jtag friendly (but hard on hardware) methods
- added in glitch2 patches, restructured embedded patch sets to be a munged file instead of individual
- fixed fakelive to get past app gold check (still does not work, can't connect to server) and no longer
try to reply to profile info requests with a hardcoded online xuid
- added french translation - thanks to Razkar!
- added portugese translation - thanks to SpkLeader!
- added translation c# GUI - thanks to Swizzy!
v2.32
- fixed glitch jasper big block patch installer
- reworked contpatch yet again, should perform equal to xm360 now (thanks node21!)
- new patch only operates on containers of type 000D0000 (XBLA) and 00000002 (ADDONS) of LIVE or PIRS types
v2.31
- revert contpatch to older form
- signnotice now defaults to FALSE/disabled
- signnotice option should no longer wind up in network troubleshooter on 14717+
- add 14719
v2.30
- fixed uart debug output 0xD 0xA instead of 0xA 0xD
- STOP code 0x2B can now output stack info
- xex header revoke check (requires live to download revoke list) flag now ignored (hv and xam patch)
- add 14717
v2.29
- expanded temp broadcaster to include PE Name and path of current title
- added titleid and mediaid output to temp logger
- fixed a bug in unhandled-exception handler (could cause freeze/multiple consecutive exceptions)
- add title module PE name and path to exception log
- contpatch completely rewritten, now takes over checking license bits entirely for xam when enabled
(may break... things, or allow some to work that shouldn't/crash)
v2.28
- added rad.msn.com to weak blocklist
- added *bing.net, *msn.com to strong blocklist
- added glitch machine detection for xellLaunch to launch on flash xell-1f
- added xhttp auth patch for 14699 (thanks Anthony!)
- added signin notice dismiss (optionally disabled, only affects 'ok' type dialogs)
- added intMu: to installer ini updater
- added autoselect shutdown and auto off option for the "hold guide to shutdown"
NOTE: that both these options can affect other things that use this type of dialog!
- added optional temp broadcaster
- added quick python script to cap temp broadcasts to a .csv file
v2.27
- removed FCRT patch (was not compatible with 1175 drives)
- installer: revise patch checks to only check base patches
- installer: conform to xebuild's base+patch extension method, copies addon patches to
base as needed
- add 14699
v2.26
- correct jtag/glitch wording in installer patch updater
- fix compare with glitch machine, now accurate when it checks patches for update
- add fcrt removal patch (and correction)
- rebuild to hopefully improve stability (less optimization)
- changed contpatch to only patch ID bytes to 0xFF
- fix sonic, more thoroughly hooked disk verification (thanks again Nate!)
- add current launch.xex version display to installer, add versioning
- add note about encryption on modified retail xex
- added '$' to permitted chars in launch.xex ini parser
v2.25
- added Trinity arcade memory unit to dash launch as IntMu:
- can update ggBuild type patch sets
- add 13604
- patches updated to remove E66 (dvd code exec) errors in kernel
v2.24
- hddalive was defaulted to true instead of false, fixed
- xell launch now shuts off usb device (fixes issues with xell reloaded)
- xell launch simplified to allow for variable sized xell bins
- added jtag debug support to patches and export var (thanks Nate!)
- reworked devkit signed xex loading. Faster, dll dev xex working again (thanks Anthony!)
- fix forza 4 (and maybe others - thanks Nate!)
v2.23
- added hddalive (2.23b fixes this)
- added 13599
- relocate external files so old files will no longer be used accidentally
new path is \default.xex dir\VERSION\files
ie: GAME:\13599\patches_jasper.bin
v2.22
- resolving 'localhost' when the router forwards it to the internet or there is
no network at all... bad idea game devs... fixed (Yars', maybe others)
- button handler now more reliably removes Y and A mishandling when held on
miniblade exits
- added new note to readme regarding update prompts and avatar data missing
- hopefully extracted new games are now working fine, instead of GOD only
- potential bug corrected in 12611/12625 patch sets
- add 13146 compatibility
- all patch sets updated to fully remove xex bound checks (ie: default.xex
on root of USB causing E71)
- "remotenxe" option added to ini(thx adihash!)
- windows button on remote always boots to NXE/media center now(thx adihash!)
- added "guide" and "power" path options to set boot time default override
- changed kxam.patch, first .long must be the kernel version the patches match
- added a check to kxam.patch data to abort on invalid address
- added "nohud" option
- added installer check to verify at least the 1BL segment of patches before
installing, will re-ask and warn of possible corruption/brick
v2.21
- fixed noupdater option, readme is accurate with regards to updates now (sorry)
- fixed dvdexitdash option, no longer conflicts with using miniblade to exit NXE
should only affect DVD launched from NXE (note this affects DVD games too)
- fixed a glitch with unhandled exception logging when occurs in kernel
- revert to original fileExist() method
v2.20
- export option info along with the rest of dash launch info struct export
- add multi version compatibility to installer and plugin
- add 12625 patch set and offsets
- new LIVE content hook patching, does auto yaris swap as well as extracted XBLA
should work more consistently (hopefully)
- added unhandled exception handler, dumps except info to UART/file and exits
to dash/default item when apps don't have their own exception handler
(instead of crash), disable by setting 'exchandler = false' in ini file.
- added ini path setting (dumpfile) for capturing crash logs to a file,
capture device must be connected at console boot time
- added 'safereboot' option for those who have JTAG that have applied
blackaddr's smc reboot fix, instead of 'hard' reboot
- added option to enable debug strings to print to UART
- adjusted patches to remove default UART hooking (less chance of string
collision/overlap using DbgPrint via debug out option)
- corrected a bug in the flasher ini update settings in regard to noupdater,
it was setting nosysexit instead of noupdater value
- added live "blocker", reroutes requests to resolve DNS names to loopback
- added "livestrong" option to use an alternate list of DNS to block
- added ini option to set how long buttons are watched for at boot time
- embedding current versions external files into installer, no more messy
directory; original paths still work and take priority over embedded files
v2.11
- fixed xbox1 launches (thanks folks at x-s and fsd for reporting)
v2.10
- reworked hooking to be a bit more dynamic and simpler to update
- ini parser fixed, glitch when comment line last line with no blank line after
(thanks Toddler!)
- disables updaters (DA2 and other disks; safety)
- minor tweaks to boot time delays, further improves on previous autologin issue
v2.09 (beta)
- moved strictly to C, much smaller DLL
- correct bug with busy CON/sometimes ignoring ini for boot time default item
- made boot time quick launch buttons more reliable
- added 1s delay to resolve autologin at boot issue and slower USB hdd issues
- patches updated to remove min version check (DA2)
v2.08
- correcting for a glitch where launchdata should be cleared between titles but
isn't; fixes launching some games twice in a row (thanks stk and FSD!)
v2.07
- fixed media center extender (thanks jester and antman)
~hopefully this is the last whitelist option needed
- added option "nosysexit" (thanks rhai)
v2.06
- update to fbbuild 0.11 patches
- fixed bug with fatal freeze options
- changed installer to use zeropair CB version to determine patch set
- added new options dvdexitdash and xblaexitdash (thanks AmyGrrl)
- added regionspoof, dvdexitdash and xblaexitdash to ini updater
- added instructions to this readme regarding boot time buttons and diagnosing
non-ASCII ini files
v2.05
- added AP25 xex priveledge filter (fix AC:B GOD/xex, maybe others)
v2.04
- fixed a glitch with launching kinect games when a default item is set
v2.03
- updated for 12611
v2.02
- added version info to data struct exported at ordinal 1
- made number of times button holds are scanned variable, longer window
at boot time to sync controller and hold a button
- added region spoofing for XGetGameRegion
- DVD video play from NXE now plays DVD regardless of default setting
(thanks krizalid!)
v2.01
- corrected flash mu mount point (thanks Antho02 at l-s)
- added kernel version check to installer as some xbr using folks seem incapable
of reading the first line of this file
v2.0
- plugins now use logical paths just like quick launch buttons
- added common (9199) content and ping limit patches as options
- mostly runs in system threads, startup completes while bootanim runs
- completely subverted dash.xex, no more CD issues or NXE split seconds
- removed insistance on 0/1/2 paths and reliance on CaPs to detect
- return to NXE via miniblade for system settings and others works w/o using RB
- added big block NAND mu as possible device
- optionally subvert Y to exit miniblade while in NXE to load button/default
- added xell loader to patch set and included a xex to load xell
- removed reboot on fatal error from patches
- included reboot/shutdown on fatal error as settings
- installer onscreen output cleaned up, now shuts down console at end of install
- added ini file updater to installer
- added patch updater to installer
v1.0
- added other devices for launch targets
- added flash for location to load launch.ini
- added flash installer supports flashing launch.xex and launch.ini
- with help of freeboot patches, fixes issues with xbox1 emulator on memory
unlocked patchset
- overhaul ini parser with simpleIni, support for most buttons and a default
- added dll/plugin loading support
- added hooking/return to launch app instead of NXE (hold RB to bypass)
- added kernel/xam boot time/one time patch engine
- added export to allow the loading of other system modules
v0.02
- added a small delay to allow XBR users to launch CON
- implemented a simple ini file parser and fileExist
- auto detects LIVE and XEX2 to use the appropriate launch method
- fails to dash reliably now
v0.01
-initial release
Cerial_iQ escribió:Hola, se que algunas veces pasan cosas sin pena ni gloria, pero.....
xeBuild 1.13:xeBuild 1.13
============
Introduction:
=============
xeBuild is a command line system image builder for JTAG, glitch, and clean images.
Run the xeBuild program with no (or incorrect) arguments to see it's usage info.
What's New:
===========
- add 16756, 16767
- minor bug fixes
- !experimental! g2 and g2m patches based on 13182 CBB for coronas using winbond memory
patch set for corona hardware issues that require 13182, use -r WB or -r WB4G on command line to select when building corona images
thanks to 15432 and DrSchottky for doing the heavy lifting for corona winbond patches
original release can be found http://www.hackfaq.net/main/xell_wb2k/
Mileage may vary, though it's possible these can also improve boot times of older corona models and possibly even some trinity machines (use trinity smc).
Also, it's unlikely vfuses will work fully on machines that have vfuse errors as mfg CBB patches never load them from NAND (CD onwards do still.)
Big thanks also to Team Xecuter for first bringing this problem to our attention, and working out and testing the solution that proved it by successfully booting xell
Current Limitations:
====================
- STAY THE HELL OFF LIVE! Nuff said, we're not you're mum.
How To Use:
===========
- See individual folders for lists of files to provide
- if desired provide replacement cpu and 1bl keys in text files
- open a command window in the xeBuild directory
- on the command line type, for example:
example - if you provided keys in appropriate text files
xeBuild.exe -t glitch -c falcon -d myfalcon myfalconout.bin
-t glitch = build a glitch type image
-c falcon = use falcon bl and patch set
-d myfalcon = a folder is present called "myfalcon" with per machine files, this uses it
myfalconout.bin = the file that will be produced
- type 'xeBuild.exe -?', 'xebuild client -?' or 'xebuild update -?' for command line info
Update and Client modes:
========================
Both modes require the supported updsvr running on the xbox, full functionality may require
updating console patches with the included hv patches. Both the PC and the xbox need to be on
the same subnet/LAN router.
Client mode is a simple way to read, write and patch flash as well as few other simple commands
such as the patch updater. The patch updater will look in the folders beside the exe for
{version#}\bin\patches_{type}.bin
which are full patches for whichever console and hack type, it will load and strip the patches
if needed and send them to the console. Note that only xebuild images are truly supported for this.
Most of the client mode commands should be available on any console, even unhacked devkits. See output
from 'xebuild client -?' for more information on the options available.
Update mode attempts to retain as much data about the console as possible, without having to
provide any info on the command line aside from optional/addon patches if required. After you
copy the $SystemUpdate folder into (in this example) the folder 16203 it is capable of taking
a simple command line like:
xebuild update -f 16203 -a nohdmiwait
It will fetch all the info from the console, and use the updater to update both the system flash
and avatar data on the console (provided you have an 360 formatted HDD internally in the console.)
It has some more advanced options to allow one to build the update image as well as dump the data
from the console as it's acquired, while even leaving the console data untouched. See output
from 'xebuild update -?' for more information on the options available.
Neither update or client image writes are able to affect bad blocks, but are able to write new ones.
If this happens mistakenly, an erase block command has been provided in client that will attempt to
clear the bad block - use with caution though, blocks get marked as bad for good reasons and is a normal
occurrence on NAND when a block becomes unreliable.
With big block machines, the server will attempt to retain any NAND mu data in the system area, provided
there is no system data to write in the image being sent. It's not foolproof, but update mode should not
corrupt NAND mu.
Example:
========
-take original console dump, put it in mytrinity folder as NANDdump.bin
-set CPU key and 1BL key in ini file, verify LDV from NANDdump.bin matches console fuses
if not set cfldv in ini file
-build (xeBuild.exe -t glitch -d mytrinity -f 13599), flash and hopefully life is good
.ini files:
===========
Just a word on the format... the ini parser is not very robust, the files need
to be plain ASCII, everything after a ; on a line is ignored, and spaces are
not acceptable (they get removed).
Things like CPU key and 1BL key, if present in the per box ini file need not be
placed anywhere else.
Optional Patches:
=================
Various optional patches are included for use with the -a option, they are:
nofcrt - removes fcrt.bin requirement on some drives
nohdd - disables detection of internal SATA HDD
noSShdd - disables internal SATA HDD with valid retail security sector
nohdmiwait - HDMI consoles will no longer wait or EXX screen when video is not ready
nolan - disables wired LAN to prevent E75/76/77 on machines with a damaged PHY
nointmu - disables jasper NANDmu, trinity 4G internal USB and corona 4G MMC memory units
blmod.bin:
==========
Changing the patches to the BL that follows the BL that is executing during glitch attempts
has a direct effect on whether a machine will glitch. The provided patches are generic
and work well on most machines, but this per machine build addon can now be supplied without
modifying the base patches to CBB or CD via a file in the perbuild folder, they will simply be
tacked onto the end of CBB or CD, and the BL size adjusted to include this new data in the hash.
Keep in mind, it can take multiple attempts and re-flashing with different binary data to find
something that will boot at all, let alone be more effective for your console.
blmod is currently not supported by update mode.
Note:
=====
- DON'T USE THIS UNLESS YOU KNOW FOR SURE THAT YOU NEED IT! Using an incorrect
controller config can result in problems remapping bad blocks (even manually.)
If you have a 16M jasper, an additional build type has been added
'jaspersb', by default the image will be built for jasper with big block
controller (config 00023010), use this alternate switch to build for small
block controller (config 01198010.)
Multi build/options example:
============================
when you specify -f 13599 on the command line:
13599\filelist.ini
is parsed instead of data\filelist.ini
Also the bin directory is used from
13599\bin\
instead of
bin\
allowing anyone to create multiple builds without multiple instances or
rebuilds/hex edits/hacks of the main app.
The example provided is the last version of 13599 patch set from dash launch and
other files to build freeboot 13599
example use:
------------
xeBuild -f 13599 -d myfalcon x13599out.bin
-f 13599 : use .\13599\filelist.ini, and .\13599\ for firmware files, .\13599\bin\ for patches
-d myfalcon : use .\myfalcon for per build files (cpu key, keyvault, security files, ini etc.)
x13599out.bin: override auto generated name and produce .\x13599out.bin as the final NAND image
note, if -d ***** is not specified it will still use the original /data and /bin dirs
Devkit image building:
======================
This feature is currently considered Beta/Work In Progress.
A new image target type was added, "-t devkit" which builds 64M flash images for devkits. Currently untested,
building with a 00 filled CPU key will create a zeropaired devkit image that may allow one to boot a software
bricked devkit that one does not know the CPU key for and recover it to an operational state. By powering on
the console with such an image present, with a recovery DVD in the drive, the recovery software should be able
to create a new keyvault, re-pair the DVD drive to the new keyvault, and allow normal operation once complete.
Normal devkit image building when one does know their CPU key and thus has security files and keyvault should
work as expected.
Building devkit for glitch/jtag is also possible using the standard -t glitch/jtag methods. Sample ini
have been provided with this release, but will not work unless patches and files are supplied. Note that devkit
is not our focus, but was relatively easy and straight forward option to supply for those that wish to make
use of it.
jasperbigffs:
=============
Those who use large block NAND are now able to nearly double the size of the system file area
with this option with no apparent ill effects. Normally this option wouldn't be needed, but if one
wanted to experiment with more files in flash, or one was building a devkit image for a devkit with
a big block flash, this option is required.
support:
========
If you've found a bug or have a suggestion, please comment at
http://www.realmodscene.com/index.php?/forum/15-xebuild/ (English)
http://homebrew-connection.org/forum/index.php?board=8.0 (English/French)
Credits:
========
Without ikari this would not have been possible, thanks!
__ ____ ___ ___ _____
/ _|_ __ ___ ___| __ ) / _ \ / _ \_ _|
| |_| '__/ _ \/ _ \ _ \| | | | | | || |
| _| | | __/ __/ |_) | |_| | |_| || |
|_| |_| \___|\___|____/ \___/ \___/ |_|
[v0.10 - inspired by ikari]
R.I.P.
No this isn't freeboot, it is a clone and has always been since the last
release of ibuild.
Thanks and greetz to everyone who has contributed to hacking this
wonderful machine. Thanks to the engineers and countless others who made
the machine what it is... we only wish they had listened and RROD was
not a problem. If we were to list everyone here, there would be no time
left to play on the machine!
Thanks Team Xecuter for the Corona 4G! Thanks to JuggaHax, dayton360mods,
glitch360team and all other contributors for helping find a way to make Corona 4G golden!
Thanks to Free60, LibXenon.org, Redline99 and Tuxuser for providing xell builds <3
Thanks to Swizzy for making the official GUI front end for xeBuild, for always
adding the new stuff we shovel at him and never once complaining.
Big thanks to the folks at #freeboot on efnet for the tireless
hours of help you all give freely. Thanks to the testers who tirelessly
made sure stuff worked. Thanks to rgloader for doing the work yourselves,
there *is* no spoon, just a glitch in the matrix.
Don't believe what random people *cough* write on forums ..
-----
//2014
-----
Changes:
========
1.13
- add 16756, 16767
- add 13182 based corona configuration to retail ini
- fix a bug that froze file times to a default value for flash files
- update kernel patch for XeKeysConsoleSignatureVerification, content signed with a different keyvault (remote signed) will now reply as locally signed (v16747+)
- added additional trinity/winchester targets in case they are needed
- added noSShdd addon patch for 16767+, with this patch enabled retail drives with a valid security sector will be rejected
- experimental patch set for corona hardware issues that require 13182 (16767+) (thanks 15432 and DrSchottky!)
- reworked how update mode works on glitch images, it now retains the bootloaders from the console instead of rebuilding from files (making it simpler to update the new corona patches in the future)
- added new addon patch 'noSShdd', disables hard drives with a valid security sector (thanks tuxuser!)
1.12
- check FCRT.bin signature with PIRS_pub.bin or MAST_pub.bin if available (selection based on content)
- check DAEP signed signatures in DAE.bin (usually 2) with PIRS_pub.bin if available
- check CRLP signed CRL.bin signatures with PIRS_pub.bin if available
- fix mobile extraction stalling process on corrupt NAND
- do not patch boot reasons into flash header for devkit and retail builds, only glitch and jtag
- added patch to kernel to attempt to block network until launch.xex has loaded (if available)
- add -o smcnocheck to image build options/ini; avoids fatal build error if smc is unknown
- add 16747
- fixed: was not automatically creating all the folders for 16747 avatar data to be valid
1.11
- fix a bug which caused an infinite loop when a mobile*.dat was smaller than 512 bytes - Foo you too mobileE.dat! (thanks blakcat!)
1.10
- add 16547
- fix a bug with build mode mobile*.dat extraction when multiples of the same settings are stored in the same block but version number does not increase
- minor fixes
1.09
- now checks devkit BL (SB/SC/SD/SE) signatures/built in hashes while building devkit images
- adds client -i <d> method (now with less bugs, thanks blaKCat!)
- client -i wasn't showing cpu/dvd key (thanks blaKCat!)
- fix bug in freeboot (JTAG) core that caused options and poweron reason to be ignored (thanks siz and swizzy!)
1.08
- align patch slots properly on glitch images
- add ability to make zero-paired dual cb images (retail/glitch)
- unknown devkit smcs were not being checked properly and always reported hacked
- added support for 'blmod.bin' per-build file, can assist fine tuning glitch machines that don't play well with standard patches
- added CPU key corruption checks
- added a secondary check on nanddump.bin size after determining big block/small block
- added new build target, glitch2m, which uses mfg cba to boot with virtual fuses (only trinity/corona, 16203+)
- added nolan addon patch for 16197+ for those with bad wired lan phy getting E75/76/77; should not affect wireless dongles
- consolidate internal memory unit disable patches into nointmu addon, Corona 4G internal memory can now be disabled (16197+)
- added integrity checks for: blocks that appear to be remapped but are outside the remap area; CF slot size
- updated all patch sets to use hv built in memcpy (better peek support for things that require 64bit reads like 1bl ROM)
- check for SU container in version\$SystemUpdate subfolder as well as version folder
- nonces will attempt to be kept when providing NANDdump.bin (some claim this affects glitch boot times, makes differential flashing more effective)
- Xstress.settings has been renamed to Manufacturing.data
- update jtag freeboot core to V0.9 to use options stored in flash header instead of patched directly into the binary
- added update and client mode
- -d options no longer need to be relative to the exe launch path
- checks keyvault signature (if present) when MAST_pub.bin is available from update server or file in .\ or .\common\
- checks CB/CBA signature when 1BL_pub.bin is available from update server or file in .\ or .\common\
- updated xell builds to XeLL_Reloaded-2stages-v0.993
- add 16537
1.07
- trinitybigffs added (big block devkit sized file system for trinity)
- -s option added to create a .sha1 file along with the final image
if no arg is provided, the final image name will be used with .sha1 appended as extension
- change behaviour of patchsmc
- add 16203
1.06
- fix an issue with identifying FCRT console from keyvault (thanks stefanou!)
- corrected some status message typos
- added sanity check to bl patcher
- added (starting with 16197) fcrt signature check patch (supports swapping drive + kv/dvdkey + fcrt on drives/consoles where nofcrt does not enable game disks)
- added 16202
- correct 16197/16202 nohdd patch to disable only the hdd, not every SATA device
1.05
- tidy ini_creator output a little
- colons were not being removed from macid string in ini file, fixed
- added corona4g build target and dump parsing, NANDdump.bin should be minimum 0x3000000 bytes from corona mmc machines (no spare data)
- Xstress.settings will now be kept along with other mobile data
- added flash header sanity checks
- adjust dump loader to allow for 64bit file sizes
- build process will no longer complete a retail image if smc is patched or a jtag image if smc is unpatched. Apparently a big fat error warning isn't enough.
- added some older retail.ini, added new switch to allow selecting specific bl configs (if making images with patches, the switch is appended to patch names as well)
- add 16197
1.04
- blacklist sysupdate.xex* as flashfs files, these are auto generated files representing data that overflows the patch slot
- add console ID, motherboard serial number, serial number and mfg date to final output (when available)
- add in corona support files for 15574 and 14719, thanks again to Team Xecutor's RGH crew for
providing the exploitable BLs!
1.03
- updated patches to remove CON sig checks, still allowing the patched check to report if the CON was signed by this machine
- updated glitch patches to remove CF LDV check (keep in mind updating a fat to 14717+ requires rewiring CPLD for less stable glitching)
- modified [flashfs] category
- can now take longer paths as well as absolute drive paths, spaces not allowed (ie: ..\common\filename or H:\somepath\filename)
- items without a crc will not be sought outside the given path or filename (relative paths are based in the firmware folder, xexp filename mutations will NOT be applied)
- items with a crc will be sought in given path, system update, NANDump.bin then common folder
- fix 16M corona smc extraction from NANDdump.bin
- correct NANDmu option so it properly defaults to false
- add 'jasperbb' console target (same as jasper256 and jasper512)
- correct bug in hv patches in 14717/14719
- added smcnoeject and smcnoblink options (only patches jtag/glitch smcs)
- changed glitch image CD patches to not require dynamic patches (should be more stable)
- add 'demon' option, currently only sets the same speed as cygnos uart speed
- add 15574
1.02
- improved feedback when mangled or incorrect option values are found in options.ini or command line
- fix bad LBA due to using a small block controller flash image on a big block machine
- added patch to all versions to skip yet another minimum version check (mostly affected default.xex on root of USB)
- add optional nohdmiwait patch to 14717/14719 (console won't pause bootup waiting for HDCP handshake when TV doesn't respond)
known side effect: occasionally when the TV does finally sync dash will restart (forced to metro even if using dash launch)
- now retains Statistics.settings from a NANDdump.bin and can load the data from perbuild dir along with other mobile data
this data is found in the block preceding smc_config
- can now obtain CF/CG and flash files from su20076000_00000000 (system updater container) when placed in firmware folder
- bls besides CF/CG must still be provided externally
- .xex/.xtt files that only have update/.xexp in the container still need to be provided externally
- new option 'nosusecurity' added to command line and ini to skip using security files from system update container,
external files provided in perbuild directory take precedence over any other security files found (order: file, su, dump)
- now attempts to retrieve files not found in firmware folder or update container from NANDdump (if provided)
- common folder added to scan path for alternate bootloader location
- now respects setting bool options on command line to false instead of enable only, and overrides/ignores enable options set elsewhere
- fixed regression around remapping blocks when wear area has bad blocks
- jtag uses second CB to enumerate fuse values, displays virtual fuse set at end of bl encoding stage in verbose logs
- revoke NANDdump.bin that has had zeropair data overwritten and big block images that had bootloader data overwritten with incorrect NANDpro args
- fixes for big block retail images (patch slot offset and reserve blocks value)
- BIG thanks to Team Xecuter's RGH crew for snagging fat dual CBs
- add glitch2 build type, uses console type as base for patch file names (ie: patches_g2falcon.bin)
- add 'notrinmu' optional patch for 14717/14719 to disable trinity internal 4G memory unit access
- add 'nohdd' optional patch for 14717/14719 to disable internal hard drive access
- fixed a bug relating to relative paths
1.01 update pack 1
- fixes a bug with ini creator, wasn't outputting non CB/CD bl data
- add 14719
1.01
- minor bugs fixed (extended.bin, kiosk button not displaying)
- invalid secdata.bin and extended.bin will be cleanly recreated instead of failing build
- can now accept decrypted kv.bin without messing it up
- fixed a bug with long version strings in firmware .ini files
- fixed fatal exception when patch file is not found
- added -i flag to specify additional addon component for ini/patch file name
- corrected NANDmu warning to only say xebuild will attempt to keep this data when the option is set
- added additional jasper build mode jasperbigffs, results in a non-standard and much larger system file area (approx 32MiB larger)
- patch slot address for glitch/retail images is now dynamically assigned (first block after xell/first block after CE)
- devkit image building added
- if pairing value can't be found in dump CF/CG it will attempt to be extracted from CB
- smc size and address made dynamic (mainly for corona+)
- corrected typo/problem with FAT bitmap creation
- cache decrypted keyvault, refine messages regarding FCRT and output dvdkey at the end
- logs/outputs expected/possible fuse values for console sequence bytes in CB
- add dvdkey to ini and -o, to set dvd key in keyvault before writing it to the new image
- fixed a possibly critical bug when parsing NANDdump.bin FS entry
- correct EU/AUS smc game region output
- NANDdump flash controller detect recoded, now only requires block 0 be not remapped
- fixed unhandled exception when -o option that requires = did not have =
- updated bl patches for all jtag machines and trinity (rgh fat doesn't need) to remove smc size = 0x3000 limit
- fixed bug that was causing 2nd patch slot on retail builds to contain unneeded data
- added fuse mask output while processing CB
- added 14717
- added patch to trinity 9188 CB_B to bypass fuseline 2 revocation check
1.00hf
- hotfix - jtag images were being created with incorrect patch file number (xexp1 instead of xexp2)
1.00
- gets security files from NANDdump.bin and verifies them (odd.bin is currently not processed)
- option added to disable extracting security files from NANDdump.bin
- decrypts perbuild security files for verification (crl/dae only currently, updater files work too)
- zero nonce data in bls before checking crc (included file lists updated with new crc and explanation)
- fixed a bug with mobile extraction
- fixed a bug with fsroot processing
- (glitch) dynamic SMC patcher, no longer limited to hard coded hash/offsets
- added more SMC hashes to verify known clean SMCs
- will attempt to decrypt external encrypted smc.bin if needed
- whitelist more chars in the file list parser
- altered so that pairing value will be retrieved from NANDdump.bin even if ldv is set in ini
- dual CB is dictated by ini, "none" filename indicates single CB (jtag does not use dual CB)
- increased logged info when adding files to flashfs
- odd.bin in encrypted (only!) form is now handled (from file or NANDdump.bin)
- ini options are now available as -o options on command line
- added -t command line flag for glitch/retail/jtag selection
- JTAG image creation merged
- separate retail/glitch/jtag into individual per-firmware ini lists
- added -noenter command line option to suppress application asking to press enter on completion
- added proper errorlevel exiting, 1=usage/commandline error, 2=file write err, 3=image build error
- add 'cygnos' and 'xellbutton' options for glitch images with appropriate bl patches (either may affect fat glitch boot rate!)
- non-critical spare data fix to the way smc config is added to image
- update freeboot core and glitch base patches to accept a secondary xell poweron reason
- rewrote extended.bin handler, given an invalid/undecryptable file it will create a empty extended.bin
- rewrote keyvault handler, can decrypt and verify kv.bin when it's provided encrypted
- added patch append -a command, and converted nomu and nofcrt to optional patches
- added simple explanation of patch file formats in about_patches.S
- changed noNANDmu option to NANDmu so it can default to false
- added corona and winchester console types, currently not supported but there if needed
- add 14699
0.33
- corrected bug with ini parsing and dvd region (and others) left blank
- add 13604
0.32
- slim/fat glitch image building (based on fbbuild 0.32)
- builds retail images with -retail command line option
- added autopatch smc option in per box ini file
- extracts pairing value and highest LDV from NANDdump.bin
(ini cfldv setting overrides NANDdump ldv)
Dash Launch 3.13Dash Launch 3.13
----------------
Known Issues:
----------------
- *** WARNING ***
One of the testers observed a console reaching out to live despite liveblock only
when fakelive or autofake was enabled. If you intend a keyvault to not get banned,
do not use it on a glitch/jtag machine!
- Autologin pop-up blob does not display properly... live with it.
Currently the project is missing the following supported translations:
Japanese, Korean, Chinese Simplified, Chinese traditional
Currently supplied translations:
English, French, Portuguese, Russian, Spanish, German, Italian, Polish
The skin pack includes the sources used to skin dash launch as well as the
string files if anyone wishes to create a translation to one of the above
languages (including English, as I know my explanations are not always easy to
understand.) Also included is a c# based editor for the string files to assist
in translation.
External fonts, background image and skins may be used by this,
simply place skin.xzp and/or font.ttf and/or background.png (1020x720) beside
default.xex. If neither location has a font file supplied the system font
on flash will be used.
================================================================================
Overview - what it does
================================================================================
- It will launch a XeX or CON file from the path you specified in launch.ini
as long as it's valid
- Depending on the button you hold when the xbox is trying to load the NXE, it
will divert to the xex/con tied to that button or return to default as
defined in launch.ini
- At boot time it is possible to subvert default item and/or NXE loading, but
you must wait until the controller syncs to do so
- Depending which button is held when closing miniblade in NXE (use Y button to
close, release then hold a QL button) it will quick launch a CON or XEX
from your ini file
- allows one to patch kernel/xam at bootup with a freeBOOT patch style bin file
from usb or hdd (in that order) must be in root of the device and be named
"kxam.patch" and be no larger than 0x4000 bytes. Again, kxam.patch binary
format is the same as a compiled freeboot patch bin, but uses real virtual
addresses rather than offsets - as of 2.22 the first 32bit value must instead
be the version of the kernel the patches apply to
- with the included patch set, launch.xex acts as a helper to detect when
xbox1 emulator loads, allowing memory unlock patch and xbox1 emulator
to function together
================================================================================
Installation
================================================================================
- have the required hacked kernel version installed on the console
- get the installer to a place where you can run it, and do so. Follow onscreen
instructions if any. The installer will prompt you if it needs to update the
kernel/hv patches and will give you an opportunity to configure stuff.
- edit the options, and dont forget to save them somewhere if you want them to
be applied next boot. Don't forget to set configapp to the installer, so
you can go to it any time via miniblades' system settings (hold RB to go to
real system settings)
- the back button is your friend if you are wondering what button to push
================================================================================
Updaters and Avatars
================================================================================
- this version of dash launch contains an update blocker that is enabled by
default. There are two ways around this if you wish to install the bits and
pieces used by the dash for kinect and avatars
1 - place the updater that matches this version on removable media, and
rename the folder from $SystemUpdate to $$ystemUpdate
----OR----
2 - place an ini where dash launch can find it and set the noupdater option
to false - noupdater = false
Updates seem to work best if memory stick is inserted while in official dash
****
NOTE that some games WILL prompt you to update the console if avatars are
not installed, this doesn't mean they have an update to actually put in, it
just means it needs avatar/kinect bins/resources to run
****
================================================================================
LIVEblocker
================================================================================
- if you are like me, and keep your consoles off the net then this option is
for you. It's capable of blocking the resolution of the LIVE specific
servers and does so by default, with an additional option in the ini file
it will attempt to block access to all MS servers. The default option is
set up to block only LIVE servers, which still allows programs like FSD to
access covers and such. The blocks lists are:
weak:
^xemacs.xboxlive.com$
^xeas.xboxlive.com$
^xetgs.xboxlive.com$
^xexds.xboxlive.com$
^piflc.xboxlive.com$
^siflc.xboxlive.com$
^msac.xboxlive.com$
^xlink.xboxlive.com$
^xuacs.xboxlive.com$
^sts.xboxlive.com$
^xam.xboxlive.com$
^notice.xbox.com$
^macs.xbox.com$
^rad.msn.com$
passport.net$
strong:
xboxlive.com$
xbox.com$
nsatc.net$
microsoft.com$
passport.net$
bing.net$
msn.com$
where:
somedomain.com$ = ends with somedomain.com
^somesub.somedomain = starts with somesub.somedomain
^somesub.somedomain.com$ = is exactly somesub.somedomain.com
================================================================================
Important - going to NXE
================================================================================
- if you need to go back to NXE and have default item set in ini, HOLD RB while
exiting game via miniblade or exit using one of the miniblade options like
family settings
================================================================================
INI notes
================================================================================
-it's possible to have multiple ini files, priority is as they appear in the list
(** it is NOT recommended to launch USB con/xex from hdd ini **)
the first one found on the devices in that order will be the one used at boot.
-see http://code.jellycan.com/simpleini/ for more info on the ini parser
================================================================================
autoswap option functionality
================================================================================
GOD ie:
disk1 = Hdd:\Content\0000000000000000\01234567\00004000\01234567890123456789;
will have 01234567890123456789.data folder beside it
disk2 = Hdd:\Content\0000000000000000\01234567\00004000\98765432109876543210;
will have 98765432109876543210.data folder beside it
EXTRACTED ie:
disk1 = Hdd:\games\somegame\disk1\default.xex;
disk2 = Hdd:\games\somegame\disk2\default.xex;
- GOD/NXE disk rips on the same media in the same folder will automatically
be found with no special naming convention
- EXTRACTED games with the naming above for each disk with the disk# folders all in
the same folder on the same media will be found without an ini file
- swapping between disks contained on different media is not supported
================================================================================
Caveats
================================================================================
The work herein is presented as-is, any risk is solely the end users
responsibility. While all of us are sorry when unforseen things happen, not
every situation or mistake can be accounted for before they have been
spotted. Please use responsibly.
================================================================================
Support (report bugs/request features)
================================================================================
english: http://www.realmodscene.com/index.php?/forum/14-dashlaunch/
french/english: http://homebrew-connection.org/forum/index.php?board=7.0
================================================================================
Thanks
================================================================================
-Big thanks to those who opened the way and those who made it even more usable.
-Thanks to Tux, Arbiter, stk, the2000, Corrupted, tk_saturn and Toddler for all
the bugs you caught trying to sneak by
-Thanks AmyGrrl for passing along the glitch and new ideas
-Thanks to Tux, Ironman, JPizzle and Dionis Fernandez for helping procure a
Jasper big block console to extend testing and fix NAND MU corruption bug
Dionis - you went above and beyond
-Thanks to vgcrepairs for providing the cygnos, dash launch likely wouldn't
exist without one
-Thanks to the FSD team, without your cheering this rewrite would have never been completed
-Thanks to Nate and Anthony for constantly reminding me that no, I'm not alone
-Thanks to FBDev and mojobojo for the data used for the patch options
-Thanks to sm32
-Thanks to unknown, you know why
-Extra Special thanks to SpkLeader, Boflc, and LordXBig
-Big thanks to Swizzy, the least bit for debugging readmes
-Thanks to XeBuild, keeping us on our toes and up to date
-Greetz to XeDev and RgLoader
-Thanks to Team Xecuter for thinking towards the future
-Thanks to vladstudio.com for "night launch"
-Thanks to Razkar for always spotting the hard to spot bugs
-Thanks to Danny Lane for doing a bunch of testing on Corona 16m
-Thanks Juvenal for being the best sarcastic a**hole there ever was
-shouts out to E Nellie and D33per, thanks to you this is still a sourceless release
~brought to you by cOz~
//2014
================================================================================
To Do
================================================================================
- fix hud loading of nxe rips
- everything else
================================================================================
Known Bugs
================================================================================
- some well used NAND images with earlier versions of DL already installed seem
incapable of being updated with larger sized files, it is recommended for
the time being to make a clean NAND image with the most recent/up to date
image builder if you run into this issue
- nxe disk rips when launched from 16197+ metro still work, if you get an err
dismiss it and launch again (it's a resource busy issue in official dash)
- some situations are causing a black screen when starting installer, it somehow seems to
be related to USB devices and/or signed in profiles. If you run into this issue, try the debug
version of installer - it's slower because it's logging to disk but apparently works fine.
- I'm sure you'll find some bugs, please see the links earlier in this doc
for a place to post them where they will be seen
================================================================================
Supported Versions
================================================================================
at time of this writing, this is ONLY compatible with RETAIL kernel versions:
9199, 12611, 12625, 13146, 13599, 13604, 14699, 14717, 14719, 15574, 16197, 16202, 16203,
16537, 16547, 16747, 16756
13599 is the first glitch version supported (embedded patches)
14717 is the first glitch2 version supported (embedded patches)
================================================================================
ChangeLog
================================================================================
V3.13
- add 16756, 16767
- add UTF8 to the ftp FEAT list, improves non-ascii name support
- can now place up to 10 title IDs in ini for autofake to enable fakelive at title startup
- fix dvd game/video loading from official dash tile
- added autocont option (yeah it's not a network option really, but relies on autofake so its right near it)
- changed how contpatch works, added/separated into xblapatch and licpatch (the Lets Try Find The Problem Blindly edition)
- made number value entry in installer a little more consistent
- added a check to launch.xex for lhelper.xex in flash to prevent E71 error screen
- updated built in update server to V3
V3.12
- default behaviour of live block is now to use strong block rules (at least until ini is loaded)
- fix compatibility issues with dashes created before AP25 was deployed (spoof the AP functions on older versions)
- limit fakelive/autofake to 14717+ kernels
- add export so plugins can find out where they were loaded from during dllMain() (it's volatile, copy it in Main() if you need it!)
- update 16547 patches to delay network bringup in xam until launch.xex loads
- add trinity internal usb to hddkeepalive (for those that have a usb hdd hooked up there)
- add 16747
V3.11
- more thoroughly check display names in xcontent header if english name is not present (TODO: check if this applies on launch items too)
- yet another correction to the dev kernel checks (thanks tydye and XDK!)
- add 16547
- fix autoswap for going from disk 2 to 1 (DS3) (thanks c.... and Swizzy for the report!)
- made launcher mode useful if dl is not running
V3.10
- fix for 13599-14699, dash launch patch sets were missing trinity patches
- fix bug that was misidentifying trinity as a fat glitch1 when updating patches (sorry everyone!)
- prevent too frequent polling for network address (should fix black screen on some consoles when ethernet disconnect helped)
V3.09
- fix in update server for corona 16M consoles (thanks Danny Lane!)
- added exception logging to installer
- fix some minor bugs
- *known issue* some situations are causing a black screen when starting installer, it somehow seems to
be related to USB devices and/or signed in profiles. If you run into this issue, try the debug
version of installer - it's slower because it's logging to disk but apparently works fine. (thanks again Danny!)
V3.08
- tweak xelllaunch, see it's readme for how it's changed
- all patch sets updated to support xebuild update server full use
- added xebuild update server and related options
- fixed a bug with signnotice on 13604 (and probably older)
- changed farenheit to fahrenheit everywhere it wasn't before
- added 16537
V3.07
- added 16203
- hopefully all cpu/dvd keys will display fully in installer now
- fix description spelling error (F/C)
V3.06
- fix power/guide boot time paths when fakeanim is not used (thanks mass3n!)
- fix hddalive task being scheduled as a title task and not surviving title changes (thanks moulder!)
V3.05
- add 16202
- update spanish translation (thanks gromber!)
- fix remotenxe and windows button on remote not booting to dash (thanks spkleader!)
V3.04
- kinect health message block fixed for 16197
- updated polish translation (thanks Pelcu!)
- fix CIV hook issue, may break some titles that use CIV (a gamy Call of Decay: Body Odor 2 now works)
- lump updater version limit patch into noupdater option so it can be disabled
- improved installers ability to prevent install on unsupported kernels (including devkit and unsupported retail versions)
- installer will now only offer to update, if the embedded version is newer than currently running one
V3.03
- some commented code made contpatch non-functional on untouched demo containers
- added polish translation
- add nohealth option, disables kinect health pseudo video at game launch
- add autofake option, when enabled fakelive functionality is enabled during dash and indie games only (thanks BioHazard!)
- added some failsafe code to lhelper and launch to ensure auto profile signins occur
- moved boot time quick launch button check to lhelper, it now occurs at the point where bootanim freezes (approx)
- removed bootdelay option, it should no longer be required
- add corona 4G memory unit path
- add fakeanim path
- fix bugs related to Guide/Power paths
- add PIRS type content to installer launch item parsing
- add nooobe option, disables setup screens when settings already exist
- dash launch now patches xam to prevent flash updates from appearing when updaters newer than current are on devices
- wired controller poweron causes should now be recognized from all ports for Guide path
- added new option 'fahrenheit'
- add 16197
- removed button debouncing, A and Y are more useful exiting from miniblades but will be touchy on older dashes
- add corona bl detection to xelllaunch
- added a few more domains to liveblock
V3.02
- add italian translation - thanks Gnappo!
- correct mobo/edram order in shuttemps and installer
- update Spanish translation
- correct version number
- add RThumb and LThumb for paths (analog controller button when you press them down)
- add autoswap option for multidisk games (see notes above)
- remove beta tag
- add 15574
- correct bug in hv patches in 14717/14719
- add poweron reason to tembcast data, document struct sent in the supplied .py script
- fixed problem with loading on older (<13xxx) firmwares, thanks KneelB4ZD for the donor image!
V3.01
- add Russian translation
- add Spanish translation - thanks Gromber!
- add German translation - thanks Tuxuser!
- altered DNS blocker to fail dns requests on block instead of succeed to loopback address (speed improvement)
- fakelive now forces DNS blocker to be on (thanks uzi for the heads up! IG 4tw!)
- installer: launch button now can launch indie games, they MUST be in their proper content path to detect/work
autosets fakelive (and dns blocker) on when launching indie games via installer
- going to system settings from installer now goes to official system settings (if nosysexit is not true)
- added new option "shuttemps" which displays temperature data on the shutdown scene (hold guide down)
thanks to Dwack for the idea, sorry it took so long
- added basic ftp (based on ftpdll)
- reduced default bootdelay to 0x1E
- new option 'devprof' allows devkit profiles to work on retail firmware
note any changes such as saving games or getting achievements will resign the profile with the current/retail keyvault
this seems not to affect glitch/jtag dev crossflash, but could affect true devkits
- new option 'devlink' to allow system link with devkits, ping limit is still separate (thanks Anthony for devlink!)
- updated patches to remove CON sig checks, remove restrictions on xekeys (thanks Redline!) and add hvpeek api to keyed syscall
- add glitch2 to xelllaunch, force file sizes to be 4 byte aligned (thanks Juvenal!)
- nxe disk installs can now be started like GOD containers
- blacklist devkit firmware during installation checks
- changed dlaunchGetOptInfo to give a more useful category instead of the internal bitmask
- changed filters to be inline and use the new categories
- add external options to the ini file (ftpserv, ftpport)
- can launch elf via embedded xell stage1 (thanks libxenon devs!)
- added info button in misc page
- show CPU key, DVD key, console ID, console serial number, MAC address and decrypted XVal (0 is no violations)
- allows adjusting fan settings and smc_config target temps and optionally saves them to flash
- added external option calaunch for config app, so it will start in the launch option instead of normal options
- load external skin/background/font to memory so the files are no longer held open
- prevent dash launch from taking over signin, create profile (was waiting infintely) and skip in metro startup/login screen
- change trap hook method so nate's awesome xbdm does not break across load/unload of dash launch
v3.00
- as with V1->V2 this is a nearly complete restructure and rewrite, expect bugs
- rewrote all hooks and tasks to be unhookable/stopable
- installer can now unload any existing v3 xex and/or start dash launch without rebooting console
- installing over v2 or installing patch updates still requires reboot
- setup exports for managing all options from external programs
- stop exception recovery from firing a new launch/bubble message more than once in a ~4s window
- add 'configapp' path, if it exists going to miniblades -> system settings will start this program
- rewrote installer a little to be marginally better
- ini category [quicklaunchbuttons] is now simply [paths]
- add 'nonetstore' option (hides network storage in disk dialogs)
- hook XexpVerifyXexHeaders and XexpLoadImage to detect retail encrypted xex with bad signature
and fix the image key (thanks Anthony!)
- safereboot is no longer tied to fatalfreeze, reboot requests when this is set to false will be
redirected to jtag friendly (but hard on hardware) methods
- added in glitch2 patches, restructured embedded patch sets to be a munged file instead of individual
- fixed fakelive to get past app gold check (still does not work, can't connect to server) and no longer
try to reply to profile info requests with a hardcoded online xuid
- added french translation - thanks to Razkar!
- added portugese translation - thanks to SpkLeader!
- added translation c# GUI - thanks to Swizzy!
v2.32
- fixed glitch jasper big block patch installer
- reworked contpatch yet again, should perform equal to xm360 now (thanks node21!)
- new patch only operates on containers of type 000D0000 (XBLA) and 00000002 (ADDONS) of LIVE or PIRS types
v2.31
- revert contpatch to older form
- signnotice now defaults to FALSE/disabled
- signnotice option should no longer wind up in network troubleshooter on 14717+
- add 14719
v2.30
- fixed uart debug output 0xD 0xA instead of 0xA 0xD
- STOP code 0x2B can now output stack info
- xex header revoke check (requires live to download revoke list) flag now ignored (hv and xam patch)
- add 14717
v2.29
- expanded temp broadcaster to include PE Name and path of current title
- added titleid and mediaid output to temp logger
- fixed a bug in unhandled-exception handler (could cause freeze/multiple consecutive exceptions)
- add title module PE name and path to exception log
- contpatch completely rewritten, now takes over checking license bits entirely for xam when enabled
(may break... things, or allow some to work that shouldn't/crash)
v2.28
- added rad.msn.com to weak blocklist
- added *bing.net, *msn.com to strong blocklist
- added glitch machine detection for xellLaunch to launch on flash xell-1f
- added xhttp auth patch for 14699 (thanks Anthony!)
- added signin notice dismiss (optionally disabled, only affects 'ok' type dialogs)
- added intMu: to installer ini updater
- added autoselect shutdown and auto off option for the "hold guide to shutdown"
NOTE: that both these options can affect other things that use this type of dialog!
- added optional temp broadcaster
- added quick python script to cap temp broadcasts to a .csv file
v2.27
- removed FCRT patch (was not compatible with 1175 drives)
- installer: revise patch checks to only check base patches
- installer: conform to xebuild's base+patch extension method, copies addon patches to
base as needed
- add 14699
v2.26
- correct jtag/glitch wording in installer patch updater
- fix compare with glitch machine, now accurate when it checks patches for update
- add fcrt removal patch (and correction)
- rebuild to hopefully improve stability (less optimization)
- changed contpatch to only patch ID bytes to 0xFF
- fix sonic, more thoroughly hooked disk verification (thanks again Nate!)
- add current launch.xex version display to installer, add versioning
- add note about encryption on modified retail xex
- added '$' to permitted chars in launch.xex ini parser
v2.25
- added Trinity arcade memory unit to dash launch as IntMu:
- can update ggBuild type patch sets
- add 13604
- patches updated to remove E66 (dvd code exec) errors in kernel
v2.24
- hddalive was defaulted to true instead of false, fixed
- xell launch now shuts off usb device (fixes issues with xell reloaded)
- xell launch simplified to allow for variable sized xell bins
- added jtag debug support to patches and export var (thanks Nate!)
- reworked devkit signed xex loading. Faster, dll dev xex working again (thanks Anthony!)
- fix forza 4 (and maybe others - thanks Nate!)
v2.23
- added hddalive (2.23b fixes this)
- added 13599
- relocate external files so old files will no longer be used accidentally
new path is \default.xex dir\VERSION\files
ie: GAME:\13599\patches_jasper.bin
v2.22
- resolving 'localhost' when the router forwards it to the internet or there is
no network at all... bad idea game devs... fixed (Yars', maybe others)
- button handler now more reliably removes Y and A mishandling when held on
miniblade exits
- added new note to readme regarding update prompts and avatar data missing
- hopefully extracted new games are now working fine, instead of GOD only
- potential bug corrected in 12611/12625 patch sets
- add 13146 compatibility
- all patch sets updated to fully remove xex bound checks (ie: default.xex
on root of USB causing E71)
- "remotenxe" option added to ini(thx adihash!)
- windows button on remote always boots to NXE/media center now(thx adihash!)
- added "guide" and "power" path options to set boot time default override
- changed kxam.patch, first .long must be the kernel version the patches match
- added a check to kxam.patch data to abort on invalid address
- added "nohud" option
- added installer check to verify at least the 1BL segment of patches before
installing, will re-ask and warn of possible corruption/brick
v2.21
- fixed noupdater option, readme is accurate with regards to updates now (sorry)
- fixed dvdexitdash option, no longer conflicts with using miniblade to exit NXE
should only affect DVD launched from NXE (note this affects DVD games too)
- fixed a glitch with unhandled exception logging when occurs in kernel
- revert to original fileExist() method
v2.20
- export option info along with the rest of dash launch info struct export
- add multi version compatibility to installer and plugin
- add 12625 patch set and offsets
- new LIVE content hook patching, does auto yaris swap as well as extracted XBLA
should work more consistently (hopefully)
- added unhandled exception handler, dumps except info to UART/file and exits
to dash/default item when apps don't have their own exception handler
(instead of crash), disable by setting 'exchandler = false' in ini file.
- added ini path setting (dumpfile) for capturing crash logs to a file,
capture device must be connected at console boot time
- added 'safereboot' option for those who have JTAG that have applied
blackaddr's smc reboot fix, instead of 'hard' reboot
- added option to enable debug strings to print to UART
- adjusted patches to remove default UART hooking (less chance of string
collision/overlap using DbgPrint via debug out option)
- corrected a bug in the flasher ini update settings in regard to noupdater,
it was setting nosysexit instead of noupdater value
- added live "blocker", reroutes requests to resolve DNS names to loopback
- added "livestrong" option to use an alternate list of DNS to block
- added ini option to set how long buttons are watched for at boot time
- embedding current versions external files into installer, no more messy
directory; original paths still work and take priority over embedded files
v2.11
- fixed xbox1 launches (thanks folks at x-s and fsd for reporting)
v2.10
- reworked hooking to be a bit more dynamic and simpler to update
- ini parser fixed, glitch when comment line last line with no blank line after
(thanks Toddler!)
- disables updaters (DA2 and other disks; safety)
- minor tweaks to boot time delays, further improves on previous autologin issue
v2.09 (beta)
- moved strictly to C, much smaller DLL
- correct bug with busy CON/sometimes ignoring ini for boot time default item
- made boot time quick launch buttons more reliable
- added 1s delay to resolve autologin at boot issue and slower USB hdd issues
- patches updated to remove min version check (DA2)
v2.08
- correcting for a glitch where launchdata should be cleared between titles but
isn't; fixes launching some games twice in a row (thanks stk and FSD!)
v2.07
- fixed media center extender (thanks jester and antman)
~hopefully this is the last whitelist option needed
- added option "nosysexit" (thanks rhai)
v2.06
- update to fbbuild 0.11 patches
- fixed bug with fatal freeze options
- changed installer to use zeropair CB version to determine patch set
- added new options dvdexitdash and xblaexitdash (thanks AmyGrrl)
- added regionspoof, dvdexitdash and xblaexitdash to ini updater
- added instructions to this readme regarding boot time buttons and diagnosing
non-ASCII ini files
v2.05
- added AP25 xex priveledge filter (fix AC:B GOD/xex, maybe others)
v2.04
- fixed a glitch with launching kinect games when a default item is set
v2.03
- updated for 12611
v2.02
- added version info to data struct exported at ordinal 1
- made number of times button holds are scanned variable, longer window
at boot time to sync controller and hold a button
- added region spoofing for XGetGameRegion
- DVD video play from NXE now plays DVD regardless of default setting
(thanks krizalid!)
v2.01
- corrected flash mu mount point (thanks Antho02 at l-s)
- added kernel version check to installer as some xbr using folks seem incapable
of reading the first line of this file
v2.0
- plugins now use logical paths just like quick launch buttons
- added common (9199) content and ping limit patches as options
- mostly runs in system threads, startup completes while bootanim runs
- completely subverted dash.xex, no more CD issues or NXE split seconds
- removed insistance on 0/1/2 paths and reliance on CaPs to detect
- return to NXE via miniblade for system settings and others works w/o using RB
- added big block NAND mu as possible device
- optionally subvert Y to exit miniblade while in NXE to load button/default
- added xell loader to patch set and included a xex to load xell
- removed reboot on fatal error from patches
- included reboot/shutdown on fatal error as settings
- installer onscreen output cleaned up, now shuts down console at end of install
- added ini file updater to installer
- added patch updater to installer
v1.0
- added other devices for launch targets
- added flash for location to load launch.ini
- added flash installer supports flashing launch.xex and launch.ini
- with help of freeboot patches, fixes issues with xbox1 emulator on memory
unlocked patchset
- overhaul ini parser with simpleIni, support for most buttons and a default
- added dll/plugin loading support
- added hooking/return to launch app instead of NXE (hold RB to bypass)
- added kernel/xam boot time/one time patch engine
- added export to allow the loading of other system modules
v0.02
- added a small delay to allow XBR users to launch CON
- implemented a simple ini file parser and fileExist
- auto detects LIVE and XEX2 to use the appropriate launch method
- fails to dash reliably now
v0.01
-initial release
Fuente: Xbins
EDITADO:
Probados en una xbox Jasper 512MB R-JTAG nand creada usando xebuild GUI, desconosco aun el funcionamiento en otras versiones (corona, trinity, falcon, etc...) asi que toca probar. Aclaro esto por que anteriormente me gane un jalon de orejas por parte de otro usuario.
Salu2
Red_Night escribió:Estoy un poco perdido con estos temas. Hace cosa de un año compre una 360 con rgh hecho y cargaba mis backup desde hdd. La lleve a actualizar a una tienda y me la flashearon por el lector. Cargandose los juegos solo así. Casi mato al de la tienda por joderme la consola. El caso es,¿ es recuperable el rgh para poder cargar desde hdd? Tengo la cpukey la nand y todo lo que hacia falta en su momento. Pero no se si al actualizar la consola sigue siendo vulnerable al xploit. A ver si me podéis dar una alegría y ver como se mira eso y si podre recuperar la carga por hdd
neojared escribió:Red_Night escribió:Estoy un poco perdido con estos temas. Hace cosa de un año compre una 360 con rgh hecho y cargaba mis backup desde hdd. La lleve a actualizar a una tienda y me la flashearon por el lector. Cargandose los juegos solo así. Casi mato al de la tienda por joderme la consola. El caso es,¿ es recuperable el rgh para poder cargar desde hdd? Tengo la cpukey la nand y todo lo que hacia falta en su momento. Pero no se si al actualizar la consola sigue siendo vulnerable al xploit. A ver si me podéis dar una alegría y ver como se mira eso y si podre recuperar la carga por hdd
el reset glitch no se quita al actualizar el lector o flashearlo
necesitas mirar dentro de tu consola para saber si tienes aun tu glitchip instalado ,si no significa que te han cambiado la consola y deberás de ir a reclamar inmediatamente a esa tienda , ha que tipos tan
recuerda que una consola con RGH tarda en encender
y una consola sin rgh su encendido siempre sera de aprox 3 seg
asi tambien puedes saber si tienes rgh ,o prueba encender la consola con un usb conectado y dentro un freestyle con su respectivo launch.ini
toma te hice este
http://www.4shared.com/rar/8oQtQf7mba/rev_735.html
Cerial_iQ escribió:Hola, se que algunas veces pasan cosas sin pena ni gloria, pero.....
xeBuild 1.13:xeBuild 1.13
============
Introduction:
=============
xeBuild is a command line system image builder for JTAG, glitch, and clean images.
Run the xeBuild program with no (or incorrect) arguments to see it's usage info.
What's New:
===========
- add 16756, 16767
- minor bug fixes
- !experimental! g2 and g2m patches based on 13182 CBB for coronas using winbond memory
patch set for corona hardware issues that require 13182, use -r WB or -r WB4G on command line to select when building corona images
thanks to 15432 and DrSchottky for doing the heavy lifting for corona winbond patches
original release can be found http://www.hackfaq.net/main/xell_wb2k/
Mileage may vary, though it's possible these can also improve boot times of older corona models and possibly even some trinity machines (use trinity smc).
Also, it's unlikely vfuses will work fully on machines that have vfuse errors as mfg CBB patches never load them from NAND (CD onwards do still.)
Big thanks also to Team Xecuter for first bringing this problem to our attention, and working out and testing the solution that proved it by successfully booting xell
Current Limitations:
====================
- STAY THE HELL OFF LIVE! Nuff said, we're not you're mum.
How To Use:
===========
- See individual folders for lists of files to provide
- if desired provide replacement cpu and 1bl keys in text files
- open a command window in the xeBuild directory
- on the command line type, for example:
example - if you provided keys in appropriate text files
xeBuild.exe -t glitch -c falcon -d myfalcon myfalconout.bin
-t glitch = build a glitch type image
-c falcon = use falcon bl and patch set
-d myfalcon = a folder is present called "myfalcon" with per machine files, this uses it
myfalconout.bin = the file that will be produced
- type 'xeBuild.exe -?', 'xebuild client -?' or 'xebuild update -?' for command line info
Update and Client modes:
========================
Both modes require the supported updsvr running on the xbox, full functionality may require
updating console patches with the included hv patches. Both the PC and the xbox need to be on
the same subnet/LAN router.
Client mode is a simple way to read, write and patch flash as well as few other simple commands
such as the patch updater. The patch updater will look in the folders beside the exe for
{version#}\bin\patches_{type}.bin
which are full patches for whichever console and hack type, it will load and strip the patches
if needed and send them to the console. Note that only xebuild images are truly supported for this.
Most of the client mode commands should be available on any console, even unhacked devkits. See output
from 'xebuild client -?' for more information on the options available.
Update mode attempts to retain as much data about the console as possible, without having to
provide any info on the command line aside from optional/addon patches if required. After you
copy the $SystemUpdate folder into (in this example) the folder 16203 it is capable of taking
a simple command line like:
xebuild update -f 16203 -a nohdmiwait
It will fetch all the info from the console, and use the updater to update both the system flash
and avatar data on the console (provided you have an 360 formatted HDD internally in the console.)
It has some more advanced options to allow one to build the update image as well as dump the data
from the console as it's acquired, while even leaving the console data untouched. See output
from 'xebuild update -?' for more information on the options available.
Neither update or client image writes are able to affect bad blocks, but are able to write new ones.
If this happens mistakenly, an erase block command has been provided in client that will attempt to
clear the bad block - use with caution though, blocks get marked as bad for good reasons and is a normal
occurrence on NAND when a block becomes unreliable.
With big block machines, the server will attempt to retain any NAND mu data in the system area, provided
there is no system data to write in the image being sent. It's not foolproof, but update mode should not
corrupt NAND mu.
Example:
========
-take original console dump, put it in mytrinity folder as NANDdump.bin
-set CPU key and 1BL key in ini file, verify LDV from NANDdump.bin matches console fuses
if not set cfldv in ini file
-build (xeBuild.exe -t glitch -d mytrinity -f 13599), flash and hopefully life is good
.ini files:
===========
Just a word on the format... the ini parser is not very robust, the files need
to be plain ASCII, everything after a ; on a line is ignored, and spaces are
not acceptable (they get removed).
Things like CPU key and 1BL key, if present in the per box ini file need not be
placed anywhere else.
Optional Patches:
=================
Various optional patches are included for use with the -a option, they are:
nofcrt - removes fcrt.bin requirement on some drives
nohdd - disables detection of internal SATA HDD
noSShdd - disables internal SATA HDD with valid retail security sector
nohdmiwait - HDMI consoles will no longer wait or EXX screen when video is not ready
nolan - disables wired LAN to prevent E75/76/77 on machines with a damaged PHY
nointmu - disables jasper NANDmu, trinity 4G internal USB and corona 4G MMC memory units
blmod.bin:
==========
Changing the patches to the BL that follows the BL that is executing during glitch attempts
has a direct effect on whether a machine will glitch. The provided patches are generic
and work well on most machines, but this per machine build addon can now be supplied without
modifying the base patches to CBB or CD via a file in the perbuild folder, they will simply be
tacked onto the end of CBB or CD, and the BL size adjusted to include this new data in the hash.
Keep in mind, it can take multiple attempts and re-flashing with different binary data to find
something that will boot at all, let alone be more effective for your console.
blmod is currently not supported by update mode.
Note:
=====
- DON'T USE THIS UNLESS YOU KNOW FOR SURE THAT YOU NEED IT! Using an incorrect
controller config can result in problems remapping bad blocks (even manually.)
If you have a 16M jasper, an additional build type has been added
'jaspersb', by default the image will be built for jasper with big block
controller (config 00023010), use this alternate switch to build for small
block controller (config 01198010.)
Multi build/options example:
============================
when you specify -f 13599 on the command line:
13599\filelist.ini
is parsed instead of data\filelist.ini
Also the bin directory is used from
13599\bin\
instead of
bin\
allowing anyone to create multiple builds without multiple instances or
rebuilds/hex edits/hacks of the main app.
The example provided is the last version of 13599 patch set from dash launch and
other files to build freeboot 13599
example use:
------------
xeBuild -f 13599 -d myfalcon x13599out.bin
-f 13599 : use .\13599\filelist.ini, and .\13599\ for firmware files, .\13599\bin\ for patches
-d myfalcon : use .\myfalcon for per build files (cpu key, keyvault, security files, ini etc.)
x13599out.bin: override auto generated name and produce .\x13599out.bin as the final NAND image
note, if -d ***** is not specified it will still use the original /data and /bin dirs
Devkit image building:
======================
This feature is currently considered Beta/Work In Progress.
A new image target type was added, "-t devkit" which builds 64M flash images for devkits. Currently untested,
building with a 00 filled CPU key will create a zeropaired devkit image that may allow one to boot a software
bricked devkit that one does not know the CPU key for and recover it to an operational state. By powering on
the console with such an image present, with a recovery DVD in the drive, the recovery software should be able
to create a new keyvault, re-pair the DVD drive to the new keyvault, and allow normal operation once complete.
Normal devkit image building when one does know their CPU key and thus has security files and keyvault should
work as expected.
Building devkit for glitch/jtag is also possible using the standard -t glitch/jtag methods. Sample ini
have been provided with this release, but will not work unless patches and files are supplied. Note that devkit
is not our focus, but was relatively easy and straight forward option to supply for those that wish to make
use of it.
jasperbigffs:
=============
Those who use large block NAND are now able to nearly double the size of the system file area
with this option with no apparent ill effects. Normally this option wouldn't be needed, but if one
wanted to experiment with more files in flash, or one was building a devkit image for a devkit with
a big block flash, this option is required.
support:
========
If you've found a bug or have a suggestion, please comment at
http://www.realmodscene.com/index.php?/forum/15-xebuild/ (English)
http://homebrew-connection.org/forum/index.php?board=8.0 (English/French)
Credits:
========
Without ikari this would not have been possible, thanks!
__ ____ ___ ___ _____
/ _|_ __ ___ ___| __ ) / _ \ / _ \_ _|
| |_| '__/ _ \/ _ \ _ \| | | | | | || |
| _| | | __/ __/ |_) | |_| | |_| || |
|_| |_| \___|\___|____/ \___/ \___/ |_|
[v0.10 - inspired by ikari]
R.I.P.
No this isn't freeboot, it is a clone and has always been since the last
release of ibuild.
Thanks and greetz to everyone who has contributed to hacking this
wonderful machine. Thanks to the engineers and countless others who made
the machine what it is... we only wish they had listened and RROD was
not a problem. If we were to list everyone here, there would be no time
left to play on the machine!
Thanks Team Xecuter for the Corona 4G! Thanks to JuggaHax, dayton360mods,
glitch360team and all other contributors for helping find a way to make Corona 4G golden!
Thanks to Free60, LibXenon.org, Redline99 and Tuxuser for providing xell builds <3
Thanks to Swizzy for making the official GUI front end for xeBuild, for always
adding the new stuff we shovel at him and never once complaining.
Big thanks to the folks at #freeboot on efnet for the tireless
hours of help you all give freely. Thanks to the testers who tirelessly
made sure stuff worked. Thanks to rgloader for doing the work yourselves,
there *is* no spoon, just a glitch in the matrix.
Don't believe what random people *cough* write on forums ..
-----
//2014
-----
Changes:
========
1.13
- add 16756, 16767
- add 13182 based corona configuration to retail ini
- fix a bug that froze file times to a default value for flash files
- update kernel patch for XeKeysConsoleSignatureVerification, content signed with a different keyvault (remote signed) will now reply as locally signed (v16747+)
- added additional trinity/winchester targets in case they are needed
- added noSShdd addon patch for 16767+, with this patch enabled retail drives with a valid security sector will be rejected
- experimental patch set for corona hardware issues that require 13182 (16767+) (thanks 15432 and DrSchottky!)
- reworked how update mode works on glitch images, it now retains the bootloaders from the console instead of rebuilding from files (making it simpler to update the new corona patches in the future)
- added new addon patch 'noSShdd', disables hard drives with a valid security sector (thanks tuxuser!)
1.12
- check FCRT.bin signature with PIRS_pub.bin or MAST_pub.bin if available (selection based on content)
- check DAEP signed signatures in DAE.bin (usually 2) with PIRS_pub.bin if available
- check CRLP signed CRL.bin signatures with PIRS_pub.bin if available
- fix mobile extraction stalling process on corrupt NAND
- do not patch boot reasons into flash header for devkit and retail builds, only glitch and jtag
- added patch to kernel to attempt to block network until launch.xex has loaded (if available)
- add -o smcnocheck to image build options/ini; avoids fatal build error if smc is unknown
- add 16747
- fixed: was not automatically creating all the folders for 16747 avatar data to be valid
1.11
- fix a bug which caused an infinite loop when a mobile*.dat was smaller than 512 bytes - Foo you too mobileE.dat! (thanks blakcat!)
1.10
- add 16547
- fix a bug with build mode mobile*.dat extraction when multiples of the same settings are stored in the same block but version number does not increase
- minor fixes
1.09
- now checks devkit BL (SB/SC/SD/SE) signatures/built in hashes while building devkit images
- adds client -i <d> method (now with less bugs, thanks blaKCat!)
- client -i wasn't showing cpu/dvd key (thanks blaKCat!)
- fix bug in freeboot (JTAG) core that caused options and poweron reason to be ignored (thanks siz and swizzy!)
1.08
- align patch slots properly on glitch images
- add ability to make zero-paired dual cb images (retail/glitch)
- unknown devkit smcs were not being checked properly and always reported hacked
- added support for 'blmod.bin' per-build file, can assist fine tuning glitch machines that don't play well with standard patches
- added CPU key corruption checks
- added a secondary check on nanddump.bin size after determining big block/small block
- added new build target, glitch2m, which uses mfg cba to boot with virtual fuses (only trinity/corona, 16203+)
- added nolan addon patch for 16197+ for those with bad wired lan phy getting E75/76/77; should not affect wireless dongles
- consolidate internal memory unit disable patches into nointmu addon, Corona 4G internal memory can now be disabled (16197+)
- added integrity checks for: blocks that appear to be remapped but are outside the remap area; CF slot size
- updated all patch sets to use hv built in memcpy (better peek support for things that require 64bit reads like 1bl ROM)
- check for SU container in version\$SystemUpdate subfolder as well as version folder
- nonces will attempt to be kept when providing NANDdump.bin (some claim this affects glitch boot times, makes differential flashing more effective)
- Xstress.settings has been renamed to Manufacturing.data
- update jtag freeboot core to V0.9 to use options stored in flash header instead of patched directly into the binary
- added update and client mode
- -d options no longer need to be relative to the exe launch path
- checks keyvault signature (if present) when MAST_pub.bin is available from update server or file in .\ or .\common\
- checks CB/CBA signature when 1BL_pub.bin is available from update server or file in .\ or .\common\
- updated xell builds to XeLL_Reloaded-2stages-v0.993
- add 16537
1.07
- trinitybigffs added (big block devkit sized file system for trinity)
- -s option added to create a .sha1 file along with the final image
if no arg is provided, the final image name will be used with .sha1 appended as extension
- change behaviour of patchsmc
- add 16203
1.06
- fix an issue with identifying FCRT console from keyvault (thanks stefanou!)
- corrected some status message typos
- added sanity check to bl patcher
- added (starting with 16197) fcrt signature check patch (supports swapping drive + kv/dvdkey + fcrt on drives/consoles where nofcrt does not enable game disks)
- added 16202
- correct 16197/16202 nohdd patch to disable only the hdd, not every SATA device
1.05
- tidy ini_creator output a little
- colons were not being removed from macid string in ini file, fixed
- added corona4g build target and dump parsing, NANDdump.bin should be minimum 0x3000000 bytes from corona mmc machines (no spare data)
- Xstress.settings will now be kept along with other mobile data
- added flash header sanity checks
- adjust dump loader to allow for 64bit file sizes
- build process will no longer complete a retail image if smc is patched or a jtag image if smc is unpatched. Apparently a big fat error warning isn't enough.
- added some older retail.ini, added new switch to allow selecting specific bl configs (if making images with patches, the switch is appended to patch names as well)
- add 16197
1.04
- blacklist sysupdate.xex* as flashfs files, these are auto generated files representing data that overflows the patch slot
- add console ID, motherboard serial number, serial number and mfg date to final output (when available)
- add in corona support files for 15574 and 14719, thanks again to Team Xecutor's RGH crew for
providing the exploitable BLs!
1.03
- updated patches to remove CON sig checks, still allowing the patched check to report if the CON was signed by this machine
- updated glitch patches to remove CF LDV check (keep in mind updating a fat to 14717+ requires rewiring CPLD for less stable glitching)
- modified [flashfs] category
- can now take longer paths as well as absolute drive paths, spaces not allowed (ie: ..\common\filename or H:\somepath\filename)
- items without a crc will not be sought outside the given path or filename (relative paths are based in the firmware folder, xexp filename mutations will NOT be applied)
- items with a crc will be sought in given path, system update, NANDump.bin then common folder
- fix 16M corona smc extraction from NANDdump.bin
- correct NANDmu option so it properly defaults to false
- add 'jasperbb' console target (same as jasper256 and jasper512)
- correct bug in hv patches in 14717/14719
- added smcnoeject and smcnoblink options (only patches jtag/glitch smcs)
- changed glitch image CD patches to not require dynamic patches (should be more stable)
- add 'demon' option, currently only sets the same speed as cygnos uart speed
- add 15574
1.02
- improved feedback when mangled or incorrect option values are found in options.ini or command line
- fix bad LBA due to using a small block controller flash image on a big block machine
- added patch to all versions to skip yet another minimum version check (mostly affected default.xex on root of USB)
- add optional nohdmiwait patch to 14717/14719 (console won't pause bootup waiting for HDCP handshake when TV doesn't respond)
known side effect: occasionally when the TV does finally sync dash will restart (forced to metro even if using dash launch)
- now retains Statistics.settings from a NANDdump.bin and can load the data from perbuild dir along with other mobile data
this data is found in the block preceding smc_config
- can now obtain CF/CG and flash files from su20076000_00000000 (system updater container) when placed in firmware folder
- bls besides CF/CG must still be provided externally
- .xex/.xtt files that only have update/.xexp in the container still need to be provided externally
- new option 'nosusecurity' added to command line and ini to skip using security files from system update container,
external files provided in perbuild directory take precedence over any other security files found (order: file, su, dump)
- now attempts to retrieve files not found in firmware folder or update container from NANDdump (if provided)
- common folder added to scan path for alternate bootloader location
- now respects setting bool options on command line to false instead of enable only, and overrides/ignores enable options set elsewhere
- fixed regression around remapping blocks when wear area has bad blocks
- jtag uses second CB to enumerate fuse values, displays virtual fuse set at end of bl encoding stage in verbose logs
- revoke NANDdump.bin that has had zeropair data overwritten and big block images that had bootloader data overwritten with incorrect NANDpro args
- fixes for big block retail images (patch slot offset and reserve blocks value)
- BIG thanks to Team Xecuter's RGH crew for snagging fat dual CBs
- add glitch2 build type, uses console type as base for patch file names (ie: patches_g2falcon.bin)
- add 'notrinmu' optional patch for 14717/14719 to disable trinity internal 4G memory unit access
- add 'nohdd' optional patch for 14717/14719 to disable internal hard drive access
- fixed a bug relating to relative paths
1.01 update pack 1
- fixes a bug with ini creator, wasn't outputting non CB/CD bl data
- add 14719
1.01
- minor bugs fixed (extended.bin, kiosk button not displaying)
- invalid secdata.bin and extended.bin will be cleanly recreated instead of failing build
- can now accept decrypted kv.bin without messing it up
- fixed a bug with long version strings in firmware .ini files
- fixed fatal exception when patch file is not found
- added -i flag to specify additional addon component for ini/patch file name
- corrected NANDmu warning to only say xebuild will attempt to keep this data when the option is set
- added additional jasper build mode jasperbigffs, results in a non-standard and much larger system file area (approx 32MiB larger)
- patch slot address for glitch/retail images is now dynamically assigned (first block after xell/first block after CE)
- devkit image building added
- if pairing value can't be found in dump CF/CG it will attempt to be extracted from CB
- smc size and address made dynamic (mainly for corona+)
- corrected typo/problem with FAT bitmap creation
- cache decrypted keyvault, refine messages regarding FCRT and output dvdkey at the end
- logs/outputs expected/possible fuse values for console sequence bytes in CB
- add dvdkey to ini and -o, to set dvd key in keyvault before writing it to the new image
- fixed a possibly critical bug when parsing NANDdump.bin FS entry
- correct EU/AUS smc game region output
- NANDdump flash controller detect recoded, now only requires block 0 be not remapped
- fixed unhandled exception when -o option that requires = did not have =
- updated bl patches for all jtag machines and trinity (rgh fat doesn't need) to remove smc size = 0x3000 limit
- fixed bug that was causing 2nd patch slot on retail builds to contain unneeded data
- added fuse mask output while processing CB
- added 14717
- added patch to trinity 9188 CB_B to bypass fuseline 2 revocation check
1.00hf
- hotfix - jtag images were being created with incorrect patch file number (xexp1 instead of xexp2)
1.00
- gets security files from NANDdump.bin and verifies them (odd.bin is currently not processed)
- option added to disable extracting security files from NANDdump.bin
- decrypts perbuild security files for verification (crl/dae only currently, updater files work too)
- zero nonce data in bls before checking crc (included file lists updated with new crc and explanation)
- fixed a bug with mobile extraction
- fixed a bug with fsroot processing
- (glitch) dynamic SMC patcher, no longer limited to hard coded hash/offsets
- added more SMC hashes to verify known clean SMCs
- will attempt to decrypt external encrypted smc.bin if needed
- whitelist more chars in the file list parser
- altered so that pairing value will be retrieved from NANDdump.bin even if ldv is set in ini
- dual CB is dictated by ini, "none" filename indicates single CB (jtag does not use dual CB)
- increased logged info when adding files to flashfs
- odd.bin in encrypted (only!) form is now handled (from file or NANDdump.bin)
- ini options are now available as -o options on command line
- added -t command line flag for glitch/retail/jtag selection
- JTAG image creation merged
- separate retail/glitch/jtag into individual per-firmware ini lists
- added -noenter command line option to suppress application asking to press enter on completion
- added proper errorlevel exiting, 1=usage/commandline error, 2=file write err, 3=image build error
- add 'cygnos' and 'xellbutton' options for glitch images with appropriate bl patches (either may affect fat glitch boot rate!)
- non-critical spare data fix to the way smc config is added to image
- update freeboot core and glitch base patches to accept a secondary xell poweron reason
- rewrote extended.bin handler, given an invalid/undecryptable file it will create a empty extended.bin
- rewrote keyvault handler, can decrypt and verify kv.bin when it's provided encrypted
- added patch append -a command, and converted nomu and nofcrt to optional patches
- added simple explanation of patch file formats in about_patches.S
- changed noNANDmu option to NANDmu so it can default to false
- added corona and winchester console types, currently not supported but there if needed
- add 14699
0.33
- corrected bug with ini parsing and dvd region (and others) left blank
- add 13604
0.32
- slim/fat glitch image building (based on fbbuild 0.32)
- builds retail images with -retail command line option
- added autopatch smc option in per box ini file
- extracts pairing value and highest LDV from NANDdump.bin
(ini cfldv setting overrides NANDdump ldv)
Dash Launch 3.13Dash Launch 3.13
----------------
Known Issues:
----------------
- *** WARNING ***
One of the testers observed a console reaching out to live despite liveblock only
when fakelive or autofake was enabled. If you intend a keyvault to not get banned,
do not use it on a glitch/jtag machine!
- Autologin pop-up blob does not display properly... live with it.
Currently the project is missing the following supported translations:
Japanese, Korean, Chinese Simplified, Chinese traditional
Currently supplied translations:
English, French, Portuguese, Russian, Spanish, German, Italian, Polish
The skin pack includes the sources used to skin dash launch as well as the
string files if anyone wishes to create a translation to one of the above
languages (including English, as I know my explanations are not always easy to
understand.) Also included is a c# based editor for the string files to assist
in translation.
External fonts, background image and skins may be used by this,
simply place skin.xzp and/or font.ttf and/or background.png (1020x720) beside
default.xex. If neither location has a font file supplied the system font
on flash will be used.
================================================================================
Overview - what it does
================================================================================
- It will launch a XeX or CON file from the path you specified in launch.ini
as long as it's valid
- Depending on the button you hold when the xbox is trying to load the NXE, it
will divert to the xex/con tied to that button or return to default as
defined in launch.ini
- At boot time it is possible to subvert default item and/or NXE loading, but
you must wait until the controller syncs to do so
- Depending which button is held when closing miniblade in NXE (use Y button to
close, release then hold a QL button) it will quick launch a CON or XEX
from your ini file
- allows one to patch kernel/xam at bootup with a freeBOOT patch style bin file
from usb or hdd (in that order) must be in root of the device and be named
"kxam.patch" and be no larger than 0x4000 bytes. Again, kxam.patch binary
format is the same as a compiled freeboot patch bin, but uses real virtual
addresses rather than offsets - as of 2.22 the first 32bit value must instead
be the version of the kernel the patches apply to
- with the included patch set, launch.xex acts as a helper to detect when
xbox1 emulator loads, allowing memory unlock patch and xbox1 emulator
to function together
================================================================================
Installation
================================================================================
- have the required hacked kernel version installed on the console
- get the installer to a place where you can run it, and do so. Follow onscreen
instructions if any. The installer will prompt you if it needs to update the
kernel/hv patches and will give you an opportunity to configure stuff.
- edit the options, and dont forget to save them somewhere if you want them to
be applied next boot. Don't forget to set configapp to the installer, so
you can go to it any time via miniblades' system settings (hold RB to go to
real system settings)
- the back button is your friend if you are wondering what button to push
================================================================================
Updaters and Avatars
================================================================================
- this version of dash launch contains an update blocker that is enabled by
default. There are two ways around this if you wish to install the bits and
pieces used by the dash for kinect and avatars
1 - place the updater that matches this version on removable media, and
rename the folder from $SystemUpdate to $$ystemUpdate
----OR----
2 - place an ini where dash launch can find it and set the noupdater option
to false - noupdater = false
Updates seem to work best if memory stick is inserted while in official dash
****
NOTE that some games WILL prompt you to update the console if avatars are
not installed, this doesn't mean they have an update to actually put in, it
just means it needs avatar/kinect bins/resources to run
****
================================================================================
LIVEblocker
================================================================================
- if you are like me, and keep your consoles off the net then this option is
for you. It's capable of blocking the resolution of the LIVE specific
servers and does so by default, with an additional option in the ini file
it will attempt to block access to all MS servers. The default option is
set up to block only LIVE servers, which still allows programs like FSD to
access covers and such. The blocks lists are:
weak:
^xemacs.xboxlive.com$
^xeas.xboxlive.com$
^xetgs.xboxlive.com$
^xexds.xboxlive.com$
^piflc.xboxlive.com$
^siflc.xboxlive.com$
^msac.xboxlive.com$
^xlink.xboxlive.com$
^xuacs.xboxlive.com$
^sts.xboxlive.com$
^xam.xboxlive.com$
^notice.xbox.com$
^macs.xbox.com$
^rad.msn.com$
passport.net$
strong:
xboxlive.com$
xbox.com$
nsatc.net$
microsoft.com$
passport.net$
bing.net$
msn.com$
where:
somedomain.com$ = ends with somedomain.com
^somesub.somedomain = starts with somesub.somedomain
^somesub.somedomain.com$ = is exactly somesub.somedomain.com
================================================================================
Important - going to NXE
================================================================================
- if you need to go back to NXE and have default item set in ini, HOLD RB while
exiting game via miniblade or exit using one of the miniblade options like
family settings
================================================================================
INI notes
================================================================================
-it's possible to have multiple ini files, priority is as they appear in the list
(** it is NOT recommended to launch USB con/xex from hdd ini **)
the first one found on the devices in that order will be the one used at boot.
-see http://code.jellycan.com/simpleini/ for more info on the ini parser
================================================================================
autoswap option functionality
================================================================================
GOD ie:
disk1 = Hdd:\Content\0000000000000000\01234567\00004000\01234567890123456789;
will have 01234567890123456789.data folder beside it
disk2 = Hdd:\Content\0000000000000000\01234567\00004000\98765432109876543210;
will have 98765432109876543210.data folder beside it
EXTRACTED ie:
disk1 = Hdd:\games\somegame\disk1\default.xex;
disk2 = Hdd:\games\somegame\disk2\default.xex;
- GOD/NXE disk rips on the same media in the same folder will automatically
be found with no special naming convention
- EXTRACTED games with the naming above for each disk with the disk# folders all in
the same folder on the same media will be found without an ini file
- swapping between disks contained on different media is not supported
================================================================================
Caveats
================================================================================
The work herein is presented as-is, any risk is solely the end users
responsibility. While all of us are sorry when unforseen things happen, not
every situation or mistake can be accounted for before they have been
spotted. Please use responsibly.
================================================================================
Support (report bugs/request features)
================================================================================
english: http://www.realmodscene.com/index.php?/forum/14-dashlaunch/
french/english: http://homebrew-connection.org/forum/index.php?board=7.0
================================================================================
Thanks
================================================================================
-Big thanks to those who opened the way and those who made it even more usable.
-Thanks to Tux, Arbiter, stk, the2000, Corrupted, tk_saturn and Toddler for all
the bugs you caught trying to sneak by
-Thanks AmyGrrl for passing along the glitch and new ideas
-Thanks to Tux, Ironman, JPizzle and Dionis Fernandez for helping procure a
Jasper big block console to extend testing and fix NAND MU corruption bug
Dionis - you went above and beyond
-Thanks to vgcrepairs for providing the cygnos, dash launch likely wouldn't
exist without one
-Thanks to the FSD team, without your cheering this rewrite would have never been completed
-Thanks to Nate and Anthony for constantly reminding me that no, I'm not alone
-Thanks to FBDev and mojobojo for the data used for the patch options
-Thanks to sm32
-Thanks to unknown, you know why
-Extra Special thanks to SpkLeader, Boflc, and LordXBig
-Big thanks to Swizzy, the least bit for debugging readmes
-Thanks to XeBuild, keeping us on our toes and up to date
-Greetz to XeDev and RgLoader
-Thanks to Team Xecuter for thinking towards the future
-Thanks to vladstudio.com for "night launch"
-Thanks to Razkar for always spotting the hard to spot bugs
-Thanks to Danny Lane for doing a bunch of testing on Corona 16m
-Thanks Juvenal for being the best sarcastic a**hole there ever was
-shouts out to E Nellie and D33per, thanks to you this is still a sourceless release
~brought to you by cOz~
//2014
================================================================================
To Do
================================================================================
- fix hud loading of nxe rips
- everything else
================================================================================
Known Bugs
================================================================================
- some well used NAND images with earlier versions of DL already installed seem
incapable of being updated with larger sized files, it is recommended for
the time being to make a clean NAND image with the most recent/up to date
image builder if you run into this issue
- nxe disk rips when launched from 16197+ metro still work, if you get an err
dismiss it and launch again (it's a resource busy issue in official dash)
- some situations are causing a black screen when starting installer, it somehow seems to
be related to USB devices and/or signed in profiles. If you run into this issue, try the debug
version of installer - it's slower because it's logging to disk but apparently works fine.
- I'm sure you'll find some bugs, please see the links earlier in this doc
for a place to post them where they will be seen
================================================================================
Supported Versions
================================================================================
at time of this writing, this is ONLY compatible with RETAIL kernel versions:
9199, 12611, 12625, 13146, 13599, 13604, 14699, 14717, 14719, 15574, 16197, 16202, 16203,
16537, 16547, 16747, 16756
13599 is the first glitch version supported (embedded patches)
14717 is the first glitch2 version supported (embedded patches)
================================================================================
ChangeLog
================================================================================
V3.13
- add 16756, 16767
- add UTF8 to the ftp FEAT list, improves non-ascii name support
- can now place up to 10 title IDs in ini for autofake to enable fakelive at title startup
- fix dvd game/video loading from official dash tile
- added autocont option (yeah it's not a network option really, but relies on autofake so its right near it)
- changed how contpatch works, added/separated into xblapatch and licpatch (the Lets Try Find The Problem Blindly edition)
- made number value entry in installer a little more consistent
- added a check to launch.xex for lhelper.xex in flash to prevent E71 error screen
- updated built in update server to V3
V3.12
- default behaviour of live block is now to use strong block rules (at least until ini is loaded)
- fix compatibility issues with dashes created before AP25 was deployed (spoof the AP functions on older versions)
- limit fakelive/autofake to 14717+ kernels
- add export so plugins can find out where they were loaded from during dllMain() (it's volatile, copy it in Main() if you need it!)
- update 16547 patches to delay network bringup in xam until launch.xex loads
- add trinity internal usb to hddkeepalive (for those that have a usb hdd hooked up there)
- add 16747
V3.11
- more thoroughly check display names in xcontent header if english name is not present (TODO: check if this applies on launch items too)
- yet another correction to the dev kernel checks (thanks tydye and XDK!)
- add 16547
- fix autoswap for going from disk 2 to 1 (DS3) (thanks c.... and Swizzy for the report!)
- made launcher mode useful if dl is not running
V3.10
- fix for 13599-14699, dash launch patch sets were missing trinity patches
- fix bug that was misidentifying trinity as a fat glitch1 when updating patches (sorry everyone!)
- prevent too frequent polling for network address (should fix black screen on some consoles when ethernet disconnect helped)
V3.09
- fix in update server for corona 16M consoles (thanks Danny Lane!)
- added exception logging to installer
- fix some minor bugs
- *known issue* some situations are causing a black screen when starting installer, it somehow seems to
be related to USB devices and/or signed in profiles. If you run into this issue, try the debug
version of installer - it's slower because it's logging to disk but apparently works fine. (thanks again Danny!)
V3.08
- tweak xelllaunch, see it's readme for how it's changed
- all patch sets updated to support xebuild update server full use
- added xebuild update server and related options
- fixed a bug with signnotice on 13604 (and probably older)
- changed farenheit to fahrenheit everywhere it wasn't before
- added 16537
V3.07
- added 16203
- hopefully all cpu/dvd keys will display fully in installer now
- fix description spelling error (F/C)
V3.06
- fix power/guide boot time paths when fakeanim is not used (thanks mass3n!)
- fix hddalive task being scheduled as a title task and not surviving title changes (thanks moulder!)
V3.05
- add 16202
- update spanish translation (thanks gromber!)
- fix remotenxe and windows button on remote not booting to dash (thanks spkleader!)
V3.04
- kinect health message block fixed for 16197
- updated polish translation (thanks Pelcu!)
- fix CIV hook issue, may break some titles that use CIV (a gamy Call of Decay: Body Odor 2 now works)
- lump updater version limit patch into noupdater option so it can be disabled
- improved installers ability to prevent install on unsupported kernels (including devkit and unsupported retail versions)
- installer will now only offer to update, if the embedded version is newer than currently running one
V3.03
- some commented code made contpatch non-functional on untouched demo containers
- added polish translation
- add nohealth option, disables kinect health pseudo video at game launch
- add autofake option, when enabled fakelive functionality is enabled during dash and indie games only (thanks BioHazard!)
- added some failsafe code to lhelper and launch to ensure auto profile signins occur
- moved boot time quick launch button check to lhelper, it now occurs at the point where bootanim freezes (approx)
- removed bootdelay option, it should no longer be required
- add corona 4G memory unit path
- add fakeanim path
- fix bugs related to Guide/Power paths
- add PIRS type content to installer launch item parsing
- add nooobe option, disables setup screens when settings already exist
- dash launch now patches xam to prevent flash updates from appearing when updaters newer than current are on devices
- wired controller poweron causes should now be recognized from all ports for Guide path
- added new option 'fahrenheit'
- add 16197
- removed button debouncing, A and Y are more useful exiting from miniblades but will be touchy on older dashes
- add corona bl detection to xelllaunch
- added a few more domains to liveblock
V3.02
- add italian translation - thanks Gnappo!
- correct mobo/edram order in shuttemps and installer
- update Spanish translation
- correct version number
- add RThumb and LThumb for paths (analog controller button when you press them down)
- add autoswap option for multidisk games (see notes above)
- remove beta tag
- add 15574
- correct bug in hv patches in 14717/14719
- add poweron reason to tembcast data, document struct sent in the supplied .py script
- fixed problem with loading on older (<13xxx) firmwares, thanks KneelB4ZD for the donor image!
V3.01
- add Russian translation
- add Spanish translation - thanks Gromber!
- add German translation - thanks Tuxuser!
- altered DNS blocker to fail dns requests on block instead of succeed to loopback address (speed improvement)
- fakelive now forces DNS blocker to be on (thanks uzi for the heads up! IG 4tw!)
- installer: launch button now can launch indie games, they MUST be in their proper content path to detect/work
autosets fakelive (and dns blocker) on when launching indie games via installer
- going to system settings from installer now goes to official system settings (if nosysexit is not true)
- added new option "shuttemps" which displays temperature data on the shutdown scene (hold guide down)
thanks to Dwack for the idea, sorry it took so long
- added basic ftp (based on ftpdll)
- reduced default bootdelay to 0x1E
- new option 'devprof' allows devkit profiles to work on retail firmware
note any changes such as saving games or getting achievements will resign the profile with the current/retail keyvault
this seems not to affect glitch/jtag dev crossflash, but could affect true devkits
- new option 'devlink' to allow system link with devkits, ping limit is still separate (thanks Anthony for devlink!)
- updated patches to remove CON sig checks, remove restrictions on xekeys (thanks Redline!) and add hvpeek api to keyed syscall
- add glitch2 to xelllaunch, force file sizes to be 4 byte aligned (thanks Juvenal!)
- nxe disk installs can now be started like GOD containers
- blacklist devkit firmware during installation checks
- changed dlaunchGetOptInfo to give a more useful category instead of the internal bitmask
- changed filters to be inline and use the new categories
- add external options to the ini file (ftpserv, ftpport)
- can launch elf via embedded xell stage1 (thanks libxenon devs!)
- added info button in misc page
- show CPU key, DVD key, console ID, console serial number, MAC address and decrypted XVal (0 is no violations)
- allows adjusting fan settings and smc_config target temps and optionally saves them to flash
- added external option calaunch for config app, so it will start in the launch option instead of normal options
- load external skin/background/font to memory so the files are no longer held open
- prevent dash launch from taking over signin, create profile (was waiting infintely) and skip in metro startup/login screen
- change trap hook method so nate's awesome xbdm does not break across load/unload of dash launch
v3.00
- as with V1->V2 this is a nearly complete restructure and rewrite, expect bugs
- rewrote all hooks and tasks to be unhookable/stopable
- installer can now unload any existing v3 xex and/or start dash launch without rebooting console
- installing over v2 or installing patch updates still requires reboot
- setup exports for managing all options from external programs
- stop exception recovery from firing a new launch/bubble message more than once in a ~4s window
- add 'configapp' path, if it exists going to miniblades -> system settings will start this program
- rewrote installer a little to be marginally better
- ini category [quicklaunchbuttons] is now simply [paths]
- add 'nonetstore' option (hides network storage in disk dialogs)
- hook XexpVerifyXexHeaders and XexpLoadImage to detect retail encrypted xex with bad signature
and fix the image key (thanks Anthony!)
- safereboot is no longer tied to fatalfreeze, reboot requests when this is set to false will be
redirected to jtag friendly (but hard on hardware) methods
- added in glitch2 patches, restructured embedded patch sets to be a munged file instead of individual
- fixed fakelive to get past app gold check (still does not work, can't connect to server) and no longer
try to reply to profile info requests with a hardcoded online xuid
- added french translation - thanks to Razkar!
- added portugese translation - thanks to SpkLeader!
- added translation c# GUI - thanks to Swizzy!
v2.32
- fixed glitch jasper big block patch installer
- reworked contpatch yet again, should perform equal to xm360 now (thanks node21!)
- new patch only operates on containers of type 000D0000 (XBLA) and 00000002 (ADDONS) of LIVE or PIRS types
v2.31
- revert contpatch to older form
- signnotice now defaults to FALSE/disabled
- signnotice option should no longer wind up in network troubleshooter on 14717+
- add 14719
v2.30
- fixed uart debug output 0xD 0xA instead of 0xA 0xD
- STOP code 0x2B can now output stack info
- xex header revoke check (requires live to download revoke list) flag now ignored (hv and xam patch)
- add 14717
v2.29
- expanded temp broadcaster to include PE Name and path of current title
- added titleid and mediaid output to temp logger
- fixed a bug in unhandled-exception handler (could cause freeze/multiple consecutive exceptions)
- add title module PE name and path to exception log
- contpatch completely rewritten, now takes over checking license bits entirely for xam when enabled
(may break... things, or allow some to work that shouldn't/crash)
v2.28
- added rad.msn.com to weak blocklist
- added *bing.net, *msn.com to strong blocklist
- added glitch machine detection for xellLaunch to launch on flash xell-1f
- added xhttp auth patch for 14699 (thanks Anthony!)
- added signin notice dismiss (optionally disabled, only affects 'ok' type dialogs)
- added intMu: to installer ini updater
- added autoselect shutdown and auto off option for the "hold guide to shutdown"
NOTE: that both these options can affect other things that use this type of dialog!
- added optional temp broadcaster
- added quick python script to cap temp broadcasts to a .csv file
v2.27
- removed FCRT patch (was not compatible with 1175 drives)
- installer: revise patch checks to only check base patches
- installer: conform to xebuild's base+patch extension method, copies addon patches to
base as needed
- add 14699
v2.26
- correct jtag/glitch wording in installer patch updater
- fix compare with glitch machine, now accurate when it checks patches for update
- add fcrt removal patch (and correction)
- rebuild to hopefully improve stability (less optimization)
- changed contpatch to only patch ID bytes to 0xFF
- fix sonic, more thoroughly hooked disk verification (thanks again Nate!)
- add current launch.xex version display to installer, add versioning
- add note about encryption on modified retail xex
- added '$' to permitted chars in launch.xex ini parser
v2.25
- added Trinity arcade memory unit to dash launch as IntMu:
- can update ggBuild type patch sets
- add 13604
- patches updated to remove E66 (dvd code exec) errors in kernel
v2.24
- hddalive was defaulted to true instead of false, fixed
- xell launch now shuts off usb device (fixes issues with xell reloaded)
- xell launch simplified to allow for variable sized xell bins
- added jtag debug support to patches and export var (thanks Nate!)
- reworked devkit signed xex loading. Faster, dll dev xex working again (thanks Anthony!)
- fix forza 4 (and maybe others - thanks Nate!)
v2.23
- added hddalive (2.23b fixes this)
- added 13599
- relocate external files so old files will no longer be used accidentally
new path is \default.xex dir\VERSION\files
ie: GAME:\13599\patches_jasper.bin
v2.22
- resolving 'localhost' when the router forwards it to the internet or there is
no network at all... bad idea game devs... fixed (Yars', maybe others)
- button handler now more reliably removes Y and A mishandling when held on
miniblade exits
- added new note to readme regarding update prompts and avatar data missing
- hopefully extracted new games are now working fine, instead of GOD only
- potential bug corrected in 12611/12625 patch sets
- add 13146 compatibility
- all patch sets updated to fully remove xex bound checks (ie: default.xex
on root of USB causing E71)
- "remotenxe" option added to ini(thx adihash!)
- windows button on remote always boots to NXE/media center now(thx adihash!)
- added "guide" and "power" path options to set boot time default override
- changed kxam.patch, first .long must be the kernel version the patches match
- added a check to kxam.patch data to abort on invalid address
- added "nohud" option
- added installer check to verify at least the 1BL segment of patches before
installing, will re-ask and warn of possible corruption/brick
v2.21
- fixed noupdater option, readme is accurate with regards to updates now (sorry)
- fixed dvdexitdash option, no longer conflicts with using miniblade to exit NXE
should only affect DVD launched from NXE (note this affects DVD games too)
- fixed a glitch with unhandled exception logging when occurs in kernel
- revert to original fileExist() method
v2.20
- export option info along with the rest of dash launch info struct export
- add multi version compatibility to installer and plugin
- add 12625 patch set and offsets
- new LIVE content hook patching, does auto yaris swap as well as extracted XBLA
should work more consistently (hopefully)
- added unhandled exception handler, dumps except info to UART/file and exits
to dash/default item when apps don't have their own exception handler
(instead of crash), disable by setting 'exchandler = false' in ini file.
- added ini path setting (dumpfile) for capturing crash logs to a file,
capture device must be connected at console boot time
- added 'safereboot' option for those who have JTAG that have applied
blackaddr's smc reboot fix, instead of 'hard' reboot
- added option to enable debug strings to print to UART
- adjusted patches to remove default UART hooking (less chance of string
collision/overlap using DbgPrint via debug out option)
- corrected a bug in the flasher ini update settings in regard to noupdater,
it was setting nosysexit instead of noupdater value
- added live "blocker", reroutes requests to resolve DNS names to loopback
- added "livestrong" option to use an alternate list of DNS to block
- added ini option to set how long buttons are watched for at boot time
- embedding current versions external files into installer, no more messy
directory; original paths still work and take priority over embedded files
v2.11
- fixed xbox1 launches (thanks folks at x-s and fsd for reporting)
v2.10
- reworked hooking to be a bit more dynamic and simpler to update
- ini parser fixed, glitch when comment line last line with no blank line after
(thanks Toddler!)
- disables updaters (DA2 and other disks; safety)
- minor tweaks to boot time delays, further improves on previous autologin issue
v2.09 (beta)
- moved strictly to C, much smaller DLL
- correct bug with busy CON/sometimes ignoring ini for boot time default item
- made boot time quick launch buttons more reliable
- added 1s delay to resolve autologin at boot issue and slower USB hdd issues
- patches updated to remove min version check (DA2)
v2.08
- correcting for a glitch where launchdata should be cleared between titles but
isn't; fixes launching some games twice in a row (thanks stk and FSD!)
v2.07
- fixed media center extender (thanks jester and antman)
~hopefully this is the last whitelist option needed
- added option "nosysexit" (thanks rhai)
v2.06
- update to fbbuild 0.11 patches
- fixed bug with fatal freeze options
- changed installer to use zeropair CB version to determine patch set
- added new options dvdexitdash and xblaexitdash (thanks AmyGrrl)
- added regionspoof, dvdexitdash and xblaexitdash to ini updater
- added instructions to this readme regarding boot time buttons and diagnosing
non-ASCII ini files
v2.05
- added AP25 xex priveledge filter (fix AC:B GOD/xex, maybe others)
v2.04
- fixed a glitch with launching kinect games when a default item is set
v2.03
- updated for 12611
v2.02
- added version info to data struct exported at ordinal 1
- made number of times button holds are scanned variable, longer window
at boot time to sync controller and hold a button
- added region spoofing for XGetGameRegion
- DVD video play from NXE now plays DVD regardless of default setting
(thanks krizalid!)
v2.01
- corrected flash mu mount point (thanks Antho02 at l-s)
- added kernel version check to installer as some xbr using folks seem incapable
of reading the first line of this file
v2.0
- plugins now use logical paths just like quick launch buttons
- added common (9199) content and ping limit patches as options
- mostly runs in system threads, startup completes while bootanim runs
- completely subverted dash.xex, no more CD issues or NXE split seconds
- removed insistance on 0/1/2 paths and reliance on CaPs to detect
- return to NXE via miniblade for system settings and others works w/o using RB
- added big block NAND mu as possible device
- optionally subvert Y to exit miniblade while in NXE to load button/default
- added xell loader to patch set and included a xex to load xell
- removed reboot on fatal error from patches
- included reboot/shutdown on fatal error as settings
- installer onscreen output cleaned up, now shuts down console at end of install
- added ini file updater to installer
- added patch updater to installer
v1.0
- added other devices for launch targets
- added flash for location to load launch.ini
- added flash installer supports flashing launch.xex and launch.ini
- with help of freeboot patches, fixes issues with xbox1 emulator on memory
unlocked patchset
- overhaul ini parser with simpleIni, support for most buttons and a default
- added dll/plugin loading support
- added hooking/return to launch app instead of NXE (hold RB to bypass)
- added kernel/xam boot time/one time patch engine
- added export to allow the loading of other system modules
v0.02
- added a small delay to allow XBR users to launch CON
- implemented a simple ini file parser and fileExist
- auto detects LIVE and XEX2 to use the appropriate launch method
- fails to dash reliably now
v0.01
-initial release
Fuente: Xbins
EDITADO:
Probados en una xbox Jasper 512MB R-JTAG nand creada usando xebuild GUI, desconosco aun el funcionamiento en otras versiones (corona, trinity, falcon, etc...) asi que toca probar. Aclaro esto por que anteriormente me gane un jalon de orejas por parte de otro usuario.
Salu2
-Seguimos teniendo todas las funciones de wb2k.
-Soporte XB y DL para dash 16767.
-Mejoras de código.
Link autogg 0.9.4 v20 https://www.dropbox.com/sh/bs9lzrxb41vjhvt/AACUsHfzfhyKV1Xfa4XfjkUMa?dl=0
Red_Night escribió:Estoy un poco perdido con estos temas. Hace cosa de un año compre una 360 con rgh hecho y cargaba mis backup desde hdd. La lleve a actualizar a una tienda y me la flashearon por el lector. Cargandose los juegos solo así. Casi mato al de la tienda por joderme la consola. El caso es,¿ es recuperable el rgh para poder cargar desde hdd? Tengo la cpukey la nand y todo lo que hacia falta en su momento. Pero no se si al actualizar la consola sigue siendo vulnerable al xploit. A ver si me podéis dar una alegría y ver como se mira eso y si podre recuperar la carga por hdd
breily escribió:Buenas a todos.
Hemos actualizado la version de autogg 0.9.4 con el nuevo xeBuild y Dash Launch 3.13 para poder actualizar nuestras x360.
Así que os dejo el link más abajo para que podais probarla y comentar que tal va.-Seguimos teniendo todas las funciones de wb2k.
-Soporte XB y DL para dash 16767.
-Mejoras de código.
Link autogg 0.9.4 v20 https://www.dropbox.com/sh/bs9lzrxb41vjhvt/AACUsHfzfhyKV1Xfa4XfjkUMa?dl=0
Pronto en autoupdate.
Saludos .
checho escribió:Red_Night escribió:Estoy un poco perdido con estos temas. Hace cosa de un año compre una 360 con rgh hecho y cargaba mis backup desde hdd. La lleve a actualizar a una tienda y me la flashearon por el lector. Cargandose los juegos solo así. Casi mato al de la tienda por joderme la consola. El caso es,¿ es recuperable el rgh para poder cargar desde hdd? Tengo la cpukey la nand y todo lo que hacia falta en su momento. Pero no se si al actualizar la consola sigue siendo vulnerable al xploit. A ver si me podéis dar una alegría y ver como se mira eso y si podre recuperar la carga por hdd
,compañero eso es mentira y te han engañado como a un chino...y no paran de decir por aquí que te busques una tienda para hacer RGH,mira con las tiendas la manera de engañar que tienen a la gente...mare mia que palo...breily escribió:Buenas a todos.
Hemos actualizado la version de autogg 0.9.4 con el nuevo xeBuild y Dash Launch 3.13 para poder actualizar nuestras x360.
Así que os dejo el link más abajo para que podais probarla y comentar que tal va.-Seguimos teniendo todas las funciones de wb2k.
-Soporte XB y DL para dash 16767.
-Mejoras de código.
Link autogg 0.9.4 v20 https://www.dropbox.com/sh/bs9lzrxb41vjhvt/AACUsHfzfhyKV1Xfa4XfjkUMa?dl=0
Pronto en autoupdate.
Saludos .
Gracias por la info: esperando ese AutoUpdate...
salu2
breily escribió:Buenas a todos.
Hemos actualizado la version de autogg 0.9.4 con el nuevo xeBuild y Dash Launch 3.13 para poder actualizar nuestras x360.
Así que os dejo el link más abajo para que podais probarla y comentar que tal va.-Seguimos teniendo todas las funciones de wb2k.
-Soporte XB y DL para dash 16767.
-Mejoras de código.
Link autogg 0.9.4 v20 https://www.dropbox.com/sh/bs9lzrxb41vjhvt/AACUsHfzfhyKV1Xfa4XfjkUMa?dl=0
Pronto en autoupdate.
Saludos .
buho67 escribió:@breily. He actualizado manualmente, cargando la nand y creando xebuild, aún estando marcado el dashlaunch no se actualiza.
Gracias por mantener esta gran aplicación.
breily escribió:Update:
-Dl en app-xbox añadido
-Avatares añadidos
En breve subire una nueva revision.
Se revisará haber si hay algun problema con lo que comentais.
Saludos.
Red_Night escribió:Gracias por las aclaraciones. Fijaos si estoy empanado que en realidad lo que tenía era JTAG en lugar de RGH. El JTAG no es recuperable ¿no?
buho67 escribió:Red_Night escribió:Gracias por las aclaraciones. Fijaos si estoy empanado que en realidad lo que tenía era JTAG en lugar de RGH. El JTAG no es recuperable ¿no?
Si tienes un dash superior al 7371 no, RGH hasta el 14699, de ahí en adelante RGH 2.
breily escribió:Update de autogg a la version 0,9.4 v21
-Creacion del parche wb2k desde el xeBuild.
- Dl y avatares nuevos añadidos.
Link: https://www.dropbox.com/sh/93lwppcdrdw7 ... pbDMa?dl=0