Friday, January 1, 2010

XBReboot 8955_3

* Who wrote this?
Talented members of XBH contributed in many ways. You know who they are. TeamXBR assembled the parts, coded the utilities, and glued it all together to make it work.

* How does it work?
Both XBR and Freeboot use a "patch engine" to apply patches to the bootloaders as the console reboots. For Freeboot, this is "freeboot.bin" or "freeboot-manual.bin"; For XBR, its "xbrfw.bin" Both of these binaries are based on xell type start up code, and are launched by the exploit. The code then applies patches contained at block 0x65+, and restarts the system.

* What went wrong?
Earlier versions of XBR used the same CB/CD pair to start the 8955 kernel as the exploit. Freeboot, using a dual nand setup, used the older bootloaders to start the exploit, than used the newer bootloaders on the alternate flash to start the kernel.

The problems were not related to the patches used by XBR, but rather the use of the older bootloaders. Please try to control yourselves if problems arise, they can always be fixed. Dont do anything crazy like start conspiracy theories, buy a cygnos, wire up a dual nand or xd card, rip out a big nand to swap in a smaller one etc, etc. Have a little patience, have a little faith Zunge raus

* So whats the fix?
1) Add a copy of the new bootloaders to flash.
2) Create patches to use the newer relocated bootloaders on reboot.

It was easier to re-use the freeboot.bin patch engine to accomplish this task.
The freeboot patches themselves are not used. XBR continues to use its own patches, however, the freeboot.bin patch engine will be used to apply them.
This also allows custom patches to be applied, in the format used by freeboot.

XENON_8955_3:
- Uses 6750 as the alternate CB to allow easy support for all hardware versions.
- No changes made to patches, exact same functionality as 8955_2.

XENON_8955_2:
- Add a copy of the new bootloaders to flash.
- Create patches to use the new relocated bootloaders on reboot.
- Translated existing XBR patches to use the freeboot.bin patch engine.
- Fixed build file to use CB/CD 1921 for all xenon.
- Eliminate media binding path checks, run xex from all media without patching.

* XBReboot Block Layout:
Ox00 - 0x2F Xell Boot firmware
0x30 - 0x3F Backup Xell
0x40 - 0x4F freeboot.bin or freeboot-manual.bin (patch engine core)
0x50 - 0x61 Alternate CG
0x62 - 0x64 Spare blocks
0x65 - 0x65 Patch.bin, patches for bootloaders and kernel
0x66 - 0x8F Alternate CB/CD/CE
0x90 - 0x?? Flash file system


* HowTo:
1) Extract KV and Config blocks from orig.bin
nandpro orig.bin: -r16 rawkv.bin 1 1
nandpro orig.bin: -r16 rawconfig.bin 3de 2
2) Inject those blocks into XBR.bin
nandpro XBR.bin: -w16 rawkv.bin 1 1
nandpro XBR.bin: -w16 rawconfig.bin 3de 2
3) Flash result
nandpro lpt: -w16 XBR.bin

* Notes:
There is no need to unpack and repack pirs files!
This is a limitation of freeboot. Not XBR.
Aside from that major difference, all functionality is the same.
Individual sections can be updated or extracted seperately using nandpro.

links are being added.

Xenon Download
Falcon _3a Fixed Image Download
Jasper16 Download

For those who used the previous releases for falcon/zephyr. BAD FLASH FIX
Posted by at 6 comments:

Sunday, July 6, 2008

Guide to hardmodding a slim battery w/pics

First of all you have to find a way to open the battery ,its actually lightly glued together ,you just have to insert some sort of sharp object into it and prying it apart at several places until the cover is loose then ,the hardest part is solved by prying it near the PINS where it connects to the PSP .
Once you're done you should have something like this:














By placing your finger on the part of the pcb with the pins lift it up to be perpendicular to the rest of the battery ,then you should find a way to solder the two points marked in red on the next two pics AND PLZ don't be retard and use a shorter wire than i did , IT DOES matter :
Do a good soldering job as i bricked my psp because i dropped the battery during the installation of cfw then the psp wouldn't boot as it didn't complete its firmware installation or boot service mode due to the bad connection ,eventually after losing hope and a scare i figured that maybe its a bad connection then it worked


You now have a pandora's battery , you can half put it back together and install custom firmware using the magic memory stick you created then desolder the points and put it back together ,however i had a solution for the ppl that couldn't find any switches so that they don't have to go through all this everytime the want to use a pandora so here it is:

Cut a hole into the cover with the soldering iron as shown in the pic
then solder two different long wires to the points that were shorted :
push down the pcb without breaking the wires off the points ,you end up with something looking like this :
pass the wires through the hole in the cover and hold it together with scotch tape and try it out as a normal battery and a pandora :

then i decided to fix that ugliness and use some hot glue at the opening of the wires to prevent them from being pulled out and around the battery to glue it back ,which also took me some time to grind all the extra glue for it to fit back nicely

Posted by at No comments:
Subscribe to: Posts (Atom)