Jump to content
OGXbox.com

codeasm

Members
  • Posts

    24
  • Joined

  • Last visited

  • Days Won

    1

codeasm last won the day on December 27 2017

codeasm had the most liked content!

Recent Profile Visitors

1,741 profile views

codeasm's Achievements

Newbie

Newbie (1/14)

25

Reputation

  1. If you can do hotair, remove the CPU, cut the ground line, maybe add a wire somehow to get that reset line out there if required and somehow solder back the CPU, you might have enabled the JTAG interface. Please share the Jtag config files if your in luck.
  2. I love the entusiasm. Go check Bunnie Huangs old blogpost about Jtag: http://www.xenatera.com/bunnie/proj/anatak/xboxmod.html come back to us when you enabled the jtag machine. (dont think you will, N64freak might make a breakoutboard someday to do it, but only because we are curious) basicly you have to read: https://en.wikipedia.org/wiki/JTAG And thus, yeah sure, with it enabled you can start, stop, read all parts on the bus. IF you have the right bitstream to send (commands) on the jtag bus. for the CPU it might be posible to figure out how to do so, but the MCPX is Nvidia/AMD stuff and we dont know alott about it, im not even sure if its on the Jtag bus. you could theoreticly power the xbox, but keep everything in reset and then start the mcpx, poke it with some commands to expose the internal rom and download it that way. (both mcpx 1.0 and 1,1 are already dumped in diferent ways). You can debug on a lower hardware level your xbox (yay, so much fun to poke at CPU registers, undocumented Video encoder registers and reset the SMC and be sad.) Jtag is a awesome bus for hardware and maybe software debugging. for software it might be too slow tho. MS used it for their CPU I think, when done, they ofcourse added a serial port (check Devkit behind pictures) for Kernel debugging and they ofcourse have XBDM that will help with normal software debugging over the network. faster and less noisy for whoever got to debug something. Im not saying its imposible, but its harder, you need the right Jtag adapter (as in, interface for your PC to talk Jtag) the pinout is easy, most pins where ground, and 5 or 6 pins for the protocol. BUT You kinda need to know or learn wich IC is where on the bus, how to talk to them and make sense of the busses reply. without official configs, it will be hours, if not days of work. for what? There are plenty of ways to dump required files (kernel, mcpx rom, eeprom, harddisk stuff, secret keys in ram) and all are far easier, as you dont need to desolder the CPU to fix that Permanent reset line and solder the cpu back. Now if you where to redesign the motherboard, design your own and repurpose some components, then sure, go ahead. But even I, with 3 jtag programmers, jtag programmed and debuged a router and a RISCV board. (still a noob tho), I dont see why I need a working jtag on my xbox. Im sure I can get whatever I need in a way simpler way. Mcpx rom I would love to caputure myself, I rather look at one of those 2BL exploits and add a tsop mod or modchip than to fix jtag. Waay too much text for anyone to read, but I would like to inform you, I love jtag, I hate jtag. Its an awesome debugging bus. But if a company disabled it in someway. consider your plan of attack. Nothing is impossible, everything can break. for the curious, image is taken from bunnies blog.
  3. The 5th USB port from the MCPX, its no longer routed out from the mcpx on later revisions of the board. I cant find the pictures the new owner took for us to verify they truly go to (or the 2 datalines that is) to the mcpx. a leaked datasheet confirmed a 5th pair of datalines on the pinout. FOund 3 images fromthis thread from when the last 4 where lost. check em. first was the full shot, the behind (Jtag port in the red box) and 3th was the closeup of the battery. I dont seem to have the later 4 here. grabbed a backup disk for other backup purposes and went looking anyway. Jtag confirmed too btw, we traced the underside to the cpu, on retail the bga pin on the cpu is directly tied to ground, disableing jtag and only if you desolder the cpu, youd be able to "unground" the "disable" jtag pin. the other jtag pins are routed out to this connector. My personal believe is that each signal is paired with a ground pin. maybe some other debugging pins are there aswell, but could see that in those pictures. maybe they where shared on discord.
  4. I think this is the only picture I have currently. it might be from the new owner but I dont see a battery, so it might have been a diferent revision then the one in said topic.
  5. Yeah those Wii2hdmi adaptes are awesome, cheap too also: Hoi en welkom nederlands is overal wel een beetje vertegenwoordigd. (back to english)
  6. Is it ok to just point you here? https://en.wikipedia.org/wiki/Atmel_AVR Basicly Arduino like hardware. but a PC from 1995 wont play the newest game right? so specs of a IC matter @ripdajacker did you look at the xboxdevwiki ? http://xboxdevwiki.net/Xbox_Input_Devices#Protocol Im not sure if it is complete or enough to recreate the USB device but the Xqemu emulator uses it for emulating a controllers for the emulator. the Xqemu USB Hid emulated source is here: https://github.com/xqemu/xqemu/blob/xbox/hw/xbox/xid.c maybe this helps. Im watching this thread
  7. arent 2 CY7C68013A-56 EZ-USB FX2LP USB Develope Board Module or somiliar be easier? 1 acting as a host, translating the packets to buttons and variables the other will reply as client on the xbox? this board is used as a usb debug and USB devices aswell. Im thinking of the following application note: http://www.cypress.com/documentation/application-notes/an63787-ez-usb-fx2lp-gpif-and-slave-fifo-configuration-examples (I got 2 of these to sniff USB and debug my laptop, but havent used them yet... so no real world experiance with em yet) Or, get a OG xbox controller IC and reroute all buttons of the 360 to the very similiar classic one? looks easier. Else, yeah Linux/Rasp method migth be a trick: http://www.linux-usb.org/gadget/ the RaspberryPi zero has OTG apparently so maybe you could turn the Raspberry into a HID device: https://learn.adafruit.com/turning-your-raspberry-pi-zero-into-a-usb-gadget?view=all#other-modules For reverence: http://xboxdevwiki.net/Xbox_Input_Devices and Xqemu emulator source might help you first with making the Raps act as a controller But I personaly have enough ControllerS to just take the pcb, and put em in a 360 controller shell with cutting and such. Remmeber that a Rapsberry AND a 360 controller take alott more power from the USB port. and the XBox only has USB1.1. And no way of replacing "drivers" so it either act as a Xbox classic controller or use it with homrebrew software that supports whatever HID device your "emulating" My 10 cents
  8. I might have an idea what you wanna try, but I suggest you look at the chipset itself first Intel i820 Chipset Family Technical Documentation Some people had success with diferent motherboards but still the same chipset. basicly, if windows would see the same hardware (use the same drivers), it would work. CC820 I believe worked aswell. Based on these docs and maybe combining these with the schematics for other parts on the VC820, you might work out a schematic for a Xbox alpha motherboard. I leave any reasons for why you would wanna try this or why not to another forum thread. meanwhile ill be downloading these for my personal reference also, sometimes the servicemanuals are archived using other names, like the factory that maked them or nicknames (camino ?)
  9. Awesome LPC rebuild guide. might come in handy. I found this next picture using google and it might help someone who is good with soldering and destroyed some pins. I am not sure if this still works for the 1.6 or the accuracy, but sure looks helpfull to know someone did this digging/reverse engineering already. (its damm small, most ppl, dont bother) Whoever made this, Thank you and im more than happy to properly report your name (X-S source)
  10. Only recently ive been looking at this manufacturing proces part where they get the kernel on the motherboard. "our" Blake Clements @OGXbox Admin linked me at facebook to the following url: http://www.ogxbox.com/archive/xboxsecurity.html look at the Modchip part. It states that But I do not know if this is said based on the observation mentioned or based on internal Microsoft or flextronics manufacturing personal. Blake also said that: So, the LPC port was used for programming? A bed of nails (pogo pins) should and probably be used to connect the write enable pins on the motherboard to enable the flash writing of the then onboard tsop. I do not know for sure if this is posible but I rather for now asume it was. because we cant flash tsop today whne the xbox has been booted from LPC (modchip boots can only flash modchip, not the tsop, even of you remove the modchip prior to flashing) Connecting to lpc and connecting the write enable lines using pogopins could be done, altho I dont know how they would write to flash from LPC. the MCPX doesnt allow flash write in a LPC boot right? maybe a unkown mode? anyway, pure onboard tsop writing by connecting to the tsop directly would be a pain, but posible with fine pitched pins. not sure if the board would allow that with the mcpx on the same wires. All logic I can come up with is that MS would send their kernel to the tsop manufactorer and let them preprogram all tsops before soldering. then at the factory MS could use a bed of pogopins and a "recovery disk" to install a newer kernel if they wanted as long as the xbox booted from tsop. any other sources or interviews that claim or verify either side are welcome. movies and pictures of this proces too. most details I know came or will be added to: http://xboxdevwiki.net/Manufacturing_Process
  11. We all have those moments of realisation later on. some sad ones, and some are funny to think back of I got banned once from X-S for talking bout Piracy XD, I learned from that, and only asked technical questions from there on. Wish I got into programming back then.
  12. Now thats a Xbox with a internal PSU cool
  13. Lots of work indeed it looks like. Also, the green is cool sad the psu dint fit in the case. any other mods in that puppy ?
  14. here is a list of all (rare) MCPX ic I know off: MCP X-mode 2 MCP X2 (DVT3) MCPX X2 (found in DVT4 and Sega Chihiro) MCPX X3 MCPX X3P (not sure, but my latest notes state I found some info on this N64freak picture, repairing a Sega Chihiro (google this if you think "sega?") N64 Freak in this thread on Assemblergames has also did some amazing soldering things :https://assemblergames.com/threads/what-is-the-diference-between-the-mcpx-chips-big-images.41069/#post-952246 [EDIT} from N64freak I now understand the SMC might not need to be swapped, so you can ignore the rest of this post below. From various sources I know that if you would replace a X3 with a X2, you should swap the SMC ic to a matching set aswell (so just ordering X2 from china doesnt work?) I dont know if an MCP X2 is requireing its own SMC against X2. Those are even more rare, All retail have some kind of X3, but revisions where made. altho MS did a big fix and forced Nvidia to scap alott of mcpx, Nvidia disliked Microsoft verymuch after that. so MS couldnt that easely make newer Silicon designs after the 1.6 design.

Board Life Status


Board startup date: April 23, 2017 12:45:48
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.