Tortuga Cove

[condorstrike]

basic info about JTAG:

• Your kernel must be kernel 2.0.7371.0 or lower for this to work. You can do this by opening up the system info tab. After there is one more step to check if it still is exploitable, but you have to build your cable to dump your nand first.

• [PARTS LIST]
  2x 10K ohm ¼ watt resistors
  2x 2N3904 Transistors
  30AWG kynar wire
  3/64’ Heat Shrink Tubing

• Step 1)
  Remove the solder from J2D2 points 1, 2, 4 and 7 using a “solder sucker”
  You could also get them cleaned out using de-soldering braid.

• Step 2)
  Install the 2 resistors as shown.
  Allow the excess legs to stick through the board. We will use them in the next step.

• Step 3)
  Flip the motherboard over. Fold the resistor legs over so they pass by each other.
  Add a quick dab of solder to join them and then trim off any extra.

• Step 4)
  Fold the other resistor legs over as shown and trim them to the length shown.

• Step 5)
  Add your first Transistor at point J2D2-1.
  Take note: The flat side of the transistor faces away from the GPU heat sink.
  During this step the center pin on the transistor gets soldered to the resistor in J2D2-7

• Step 6)
  Install the second transistor.
  It goes in just like the other one and its center pin connects to the other resistor.

• Step 7)
  Solder a piece of kynar wire to each of the remaining legs on the transistor.
  You can precut and pre strip each wire.
  The wire that goes to the DB1F1 alt point should be 1 ¼ inches in length and the AUD_CLAMP wire should be 3 ¼ inches long.
  Slide some shrink tube over each wire to protect against shorts and to make a very professional looking appearance.
  Feed the wires through the holes near the southbridge as shown.

• Step 8)
  Connect wire to AUD_CLAMP

• Step 9)
  Connect wire to DB1F1 alternate point.
  On Zephyr version boards this point may be covered in laminate.
  On Falcon versions it is already tinned with solder. If you don’t like this point you can always use the real DB1F1(top) or FT1U2 (bottom)

All pictures taken by BoXXDr
Instructions written by BoXXDr.
Thanks to Blackaddr for his research.
Please contact support@boxxdr.com if you need someone to install this.

[DeathLok]

Upgrading your currently jtagged box is easy, but you will need a few things to start:
Your CPU Key - can be obtained from Xellous (Ill explain when we get there)
1bl key - this is the same for all jtags - DD88AD0C9ED669E7B56794FB68563EFA
cmdhere - this will give us easy access to open a command line in any directory - http://www.multiupload.com/YMUGZGD5LC
A nand image from your jtag - also available from Xellous
fbBuild .31 - this is the program that will make all of the magic happen - http://www.multiupload.com/1KMH4OIGHY
13146 extracted - This contains the new files that we need for our upgraded jtag .bin file - http://www.multiupload.com/8YP2NDKAAB


In order to get the show on the road, make sure your JTag is hooked up to your router.

Step 1: Boot up your JTag using the eject button. This will start Xellous. Leave the DVD drive open until Xellous is finished booting.

Step 2: Once Xellous is finished booting you will see the following screen:



Step 3: Go to the computer you are working with. At the bottom of the Xellous boot screen, you will see an IP address. Using Firefox, type in http://192.168.*.* (use your ip address that is listed in Xellous. Replace the asterisks with the remaining numbers of your IP)

Step 4: Once the Xellous site opens for you, you will see a few options. First, copy your CPU key into a text editor because we will need it in a few steps. Next, click on the Download link in the Raw Flash area. Save the file to an easy to access location (Desktop will work the best for now).

Step 5: Now we must extract the files we downloaded earlier. I would suggest extracting fbBuild to the root on your C: drive for easy access. Then extract the 13146 files into the 13146 directory under the fbBuild directory. Now, copy your nand image that we downloaded from Xellous into the fbBuild/mydata directory. Rename your dump file nanddump.bin.

Step 6: Next we edit the key files for all of this work we just did to work. In the root fbBuild directory, you will see a file called 1blkey.txt. Open it using any text editor and replace the key that is in there with the one listed at the top. Finally, navigate to the mydata directory and edit the cpukey.txt file replacing it with the one we got from Xellous (every console has a different cpu key so you will need the one you copied from the Xellous screen. The one in the image will not work for you).

Step 7: Double-click the cmdhere.reg file. It will ask you if you would like to insert the registry values. Click yes or okay.

Step 8: Navigate to the fbBuild directory. Right-click on the fbfuild.exe file and click on cmdhere. This will open the command line in the fbBuild directory. Now, while in the command line, type fbbuild.exe -c <console type> -d mydata -f 13146 (For example for my console I use fbbuild.exe -c jasper512 -d mydata -f 13146).

Step 9: You will now have a file names updnand.bin. Place this file onto the root directory of a thumb drive. Unhook power from your JTag, insert the thumbdrive, hook up power, then press the eject button to boot it up. The flashing process can take up to 20 minutes so let the console alone while it is working. The console will tell you to power down when it is complete. Now turn it on and bask in the glory of your newly updated, ready for anything JTag.

Enjoy!

[tg3x]

If your eject button is somewhat messed up, you can use Flash360 to flash your nand. Works great google it.

[P3T3]

If your eject button is somewhat messed up, you can use Flash360 to flash your nand. Works great google it.

You will also need a nandx, lpt cable as you will need direct access to the nand if it dos mes up!

[zhaoyuyan68]

thanks!!