Matrix Glitcher PHAT Tutorial

7/28/2019 Matrix Glitcher PHAT Tutorial

1/20

The Reset Glitch Hack Using the Matrix Glitcher.

PHAT XBOX360 TUTORIAL

CREDITS:This tutorial is based on the excellent Reset Glitch Hack tutorial made by Razkar and Tuxuser that is

available in hic original and complete for in the download section of our website.

Required Hardware:

Matrix Glitcher Matrix NAND Programmer or any other USB SPI Programmer to dump/flash the

Xbox360's NAND

Xilinx Jtag Programmer Cable

Soldering Material

Required Software:

Impact (from Xilinx Lab Tools) Python and Python Crypto

NandPro V 2.0e or greater

Identification of NAND Size:

As a first step we should identify the NAND size that is installed into the XBOX360.

The skilled ones can simply read the NAND size directly from the code written on the NAND.

The second solution is to go to the memory tab under the settings menu.

If there is no memory unit shown there then you have a 16MB NAND.

If there is a Memory Unit showing 214MB then you have a 256MB NAND.

If there is a Memory Unit showing 451MB, then you have 512MB NAND.

1


2/20

1.Dumping NAND

Use the following diagram to solder your NAND Programmer

O pen windows' command prompt and Launch NandPro

D ump your NAND twice by using the read command for 16MBNAND :

nandprousb: -r16 nanddumpname.bin

2


3/20

Compare the two dumps with the following command (you canuse MD5 Checksums too) :

fc /b nanddumpname.bin nanddumpname2.bin

You should see something like FC: No difference found. If thetwo dumps don't match, do a new dump and check again.

3

If you have a 256 MB or 512 MB NAND you can run the followingcommands:

nandpro usb: -r64 nanddumpname.bin


4/20

2 .Installation of Python and Python Crypto

Install Python 2.7 (32bit!) with the default settings:

4


5/20

Install PyCrypto 2.3 with the default settings :

To enable python in windows' command prompt, we will have to modifythe environment variables .

Go in Control Panel > System > Advanced System Settings

5


6/20

Click on Environment variable

6


7/20

Click on New in system variables

Add this for the name and the value of the variable :

PYTHONPATH%PYTHONPATH%;C:\Python27;

7


8/20

3.Creating the Hack image

D ownload the gggggg-hack (from our website or from Free60-Git Repository).

Put your original NAND dump in the root of the gggggg-folder

and create a folder named output (in the root as well).

8


9/20


10/20

You should see the following

The file image_00000000.ecc is located in the output folder now.

9


11/20

Copy this file into your Nandpro folder and navigate to thefolder via command prompt again

Use the following command to flash the image to your console's

NAND.nandpro usb: +w16 image_00000000.eccnandpro usb: +w64 image_00000000.ecc ( 256 and 512 mb ONLY)

/!\ Pay attention that you have to use the +w16 or +w64 switch and notthe -w16 or w64 one /!\

The flashed file has a size of 50 blocks so you should see 004F whenthe flashing is done.

10


12/20


13/20

Set up the Matrix Glitcher to work with your Phat or Slim model XBOX360with two solder points as indicated below:

SLIM PHAT

Grab your LPT/USB XilinX JTAG programmer cable. Connect the

cable to the PC and the CPLD.(If you don't have one, you can use

GliGli's schematic to build a LPT JTAG Programmer)

12

This the the 3.3v and GND for programmingUsing DVD Drive cable or other source


14/20

Launch "iMPACT" (from XilinX Lab Tools) and let's start theprogramming ... just follow the images.(You have to setup thecompatibility mode only if your Programmer does not getdetected right away)

13


15/20

14


16/20

15


17/20

16


18/20

17


19/20

Once programming is complete you can proceed directly to solder the MatrixGlitcher directly to the XBOX360 motherboard.

Use the diagrams that are supplied together with this tutorial. A copy isavailable on the website.

5.Wiring

18


20/20

Thanks to GliGli and everyone involved in this hack.

Thanks to Razkar and Tuxuser for making the original tutorial from which thisversion is derived. (The original is available in its integral form on our website.)

Thanks to everyone that still thinks that hacking a console can be fun :-)

6.Enjoy

You can now start your console normally and see XeLL bootwithin 2 minutes. You can now enjoy unsigned code on your slim.

19

7.Credits / Thanks

Documents

Matrix Glitcher PHAT Tutorial