TSOP Flasher Project (Based on Chimp)

Discussion about Modding the XBOX, including hardware and software hacks.
Post Reply
User avatar
NeMesiS
Posts: 188
Joined: Sun May 10, 2015 3:56 am
Location: Melbourne
Has thanked: 1 time
Been thanked: 12 times

TSOP Flasher Project (Based on Chimp)

Post by NeMesiS » Wed Mar 29, 2017 1:22 pm

Yet again I'm making another attempt at improving my TSOP Flashkit basing it on Rocky5's Chimp Loader and Chimp261812
What inspired me the most was how Rocky was able to automate Gentoox Loader to boot Linux without any input...

CHIMP LOADER:

Firstly I would have to figure out how to get Chimp Loader to include the save game exploit directory of
E:/UDATA/21585554/000000000000/

I found this quiet easily by going into the directory of the Chimp Loader Source and ran the following command
grep -rnw './' -e "Chimp"

The result (below) gave me the location of the file that I would need to edit "LoadLinux.c"
./boot/LoadLinux.c:93: //Try in /Applications/Chimp on E
./boot/LoadLinux.c:100: //Try in /Apps/Chimp on E
./boot/LoadLinux.c:107: //Try in /Chimp on E
./boot/LoadLinux.c:114: //Try in /Applications/Chimp on E
./boot/LoadLinux.c:121: //Try in /Apps/Chimp on E
./boot/LoadLinux.c:128: //Try in /Chimp on E

Looking at the code on this file I can see where Rocky added the additional directory's from here I can add yet another.
Next I would have to compile the source and this is where I ran into a little trouble...
It has been a while since I've compiled anything but generally you go into the directory and use the "make" command
But this seemed to fail for me and I cant really gather where I'm going wrong at this point maybe I need an older version
of Linux for this to be compiled successfully but I'm not really sure,
Any assistance would be appreciated...

CHIMP261812 (Linux):

Automating as much as possible is my main objective and to achieve that I want to be able to run a script once Chimp Loader
has booted Linux. I was able to easily mount the image by using the following steps:
gzip -d initrd.gz (uncompress gzip)
mkdir /mnt/chimp (make mount directory)
mount initrd /mnt/chimp (mount to directory)

From here I could look into the contents of the image and the best way I could figure out how to run a script was to tap into the end
of the rcS. Here I just added a couple of simple commands to see if I was going in the right direction.
busybox
sleep 10
raincoat
sleep 10
find /ramdisk/mnt
sleep 10
reboot

Adding the reboot would end the script without it going into the Chimp user interface.
I then umounted and compressed the initrd and transferred to one of my consoles using FileZilla
umount /mnt/chimp (unmount image)
gzip initrd (compress gzip)

Now when I run Chimp I can see the results of my editing and confirms that busybox and raincoat binaries are responsive,
however I didnt get a result for "find" which told me that no partitions are being mounted to Linux. Re-mounting the image and
having another look I ran the "ls -l" command on the /etc/init.d directory which showed that the S20automount file was not executable.
"chmod 755 S20*" solved this. So I tested it once again...
DSC04674.JPG
Even though it seems to fail as shown above, it still managed to mount all partitions and got a positive result with "find"
Next I added a small text file to the initrd to see if I could copy it to one if not all of the mounted partitions.
cp /temp/test.txt /ramdisk/mnt/E/test.txt
DSC04677.JPG
This obviously failed giving me "Read-only File System"...
Going back to the initrd image I could see that the "mnt" and "var" sym-links where broken but am aware that the "S10ramdisk" file
populates the "ramdisk" directory but to be sure I created the directories and new sym-links:
rm mnt
rm var
mkdir /ramdisk/mnt
mkdir /ramdisk/var
chmod 755 /ramdisk/mnt
chmod 755 /ramdisk/var
ls -n /ramdisk/mnt mnt
ls -l /ramdisk/var var

But this had no effect, It would be a huge advantage if I could get the mounted partitions writable
Again, any assistance would be much appreciated...

User avatar
Rocky5
Posts: 961
Joined: Sat Feb 08, 2014 5:27 am
Has thanked: 92 times
Been thanked: 249 times

Re: TSOP Flasher Project (Based on Chimp)

Post by Rocky5 » Thu Mar 30, 2017 1:15 am

Code: Select all

mount -w -t fatx /dev/hda50 /tmp/E
The issue with the Xbox Linux 2.6 fatx driver is it's not very good :lol: it doesn't handle loads of folders and files on a fatx partition properly, so you won't see all folders files e.g....

So C and the cache partitions are preferred.

Here is the script to mount all partitions on load.
https://github.com/Rocky5/Chimp261812/b ... rtitions_m
Download Xbox Softmodding Tool & Extras Disc
XBMC4Kids Mod


Xbox Gamertag = Connxtion
PSN ID = JCRocky5

User avatar
NeMesiS
Posts: 188
Joined: Sun May 10, 2015 3:56 am
Location: Melbourne
Has thanked: 1 time
Been thanked: 12 times

Re: TSOP Flasher Project (Based on Chimp)

Post by NeMesiS » Fri Mar 31, 2017 11:14 am

Rocky5 wrote: The issue with the Xbox Linux 2.6 fatx driver is it's not very good :lol:
it doesn't handle loads of folders and files on a fatx partition properly, so you won't see all folders files e.g....
So C and the cache partitions are preferred.
Thanks for your reply, Yea it's all slowly coming back to me...
Rocky5 wrote: mount -w -t fatx /dev/hda50 /tmp/E
That did the trick...
So now S20automount.sh only consists of
mount -w -t fatx /dev/hda50 /ramdisk/mnt/E
mount -w -t fatx /dev/hda51/ ramdisk/mnt/C

And added the following to S10ramdisk.sh
mkdir /ramdisk/mnt/E /ramdisk/mnt/C

I also removed all networking scrips and added
S30flashkit.sh
S99reboot.sh

Now all I really have to do is write my script, thanks again...

However I'm still having a little trouble compiling Chimp Loader, whats the trick?

User avatar
NeMesiS
Posts: 188
Joined: Sun May 10, 2015 3:56 am
Location: Melbourne
Has thanked: 1 time
Been thanked: 12 times

Re: TSOP Flasher Project (Based on Chimp)

Post by NeMesiS » Sun Apr 02, 2017 10:59 am

Well, I made some progress with my script over the weekend...
I wanted to try some things so I ended up breaking it down into individual parts

S10ramdisk - Populates Ramdisk
S20mount - Mounts C & E Partitions
S30syntax - Contains Filenames and Directory Locations
S40install - Installs Evoxdash and Checks Files
S50backup - Backup Xbox and Checks Files
S60version - Identifies Existing BIOS via md5, if stock BIOS will also identify XBversion.
S70validate - Identifies New BIOS via md5 and performs byte test
S80resize - Increases size of BIOS if required and performs integrity test
S90flash - Flashes the TSOP using Raincoat
S99reboot - Reboots console once process has completed.

All this is Logged and Displayed as cleanly as possible...
Once I've gone over it a couple more times, I will do some debugging and testing.

At the moment I'm only identifying the xbox version via md5 and this only works if the console hasn't previously been flashed... I'm sure there has to be a better way of detecting the xbox versions that I havn't discovered yet...

psyko_chewbacca
Posts: 213
Joined: Fri Oct 05, 2012 5:19 pm
Location: Québec, Canada
Has thanked: 21 times
Been thanked: 125 times

Re: TSOP Flasher Project (Based on Chimp)

Post by psyko_chewbacca » Mon Apr 03, 2017 7:11 pm

NeMesiS wrote:At the moment I'm only identifying the xbox version via md5 and this only works if the console hasn't previously been flashed... I'm sure there has to be a better way of detecting the xbox versions that I havn't discovered yet...
Yep there is. You can query the PIC on SMBus for a version string.

Here's the C code for it.

Code: Select all

//Return coded Xbox revision. Check enum in boot.h
//Thanks XBMC team for the code.
//TODO: switch case for cleaner look?
unsigned char I2CGetXboxMBRev(void){
    unsigned char result = XboxMotherboardRevision_UNKNOWN;
    unsigned int temp[3];
    char ver[4];
    ver[3] = 0;        //Terminator.
    I2CTransmitWord(0x10, 0x0100);                //Reset ID counter.
    ReadfromSMBus(0x10, 0x01, 1, &temp[0]);
    ReadfromSMBus(0x10, 0x01, 1, &temp[1]);
    ReadfromSMBus(0x10, 0x01, 1, &temp[2]);
    ver[0] = (char)temp[0];
    ver[1] = (char)temp[1];
    ver[2] = (char)temp[2];

    if ( !strcmp(ver,("01D")) || !strcmp(ver,("D01")) || !strcmp(ver,("1D0")) || !strcmp(ver,("0D1"))) {
        result = XboxMotherboardRevision_DEVKIT;
    }
    else if (!strcmp(ver,("DBG")) || !strcmp(ver,("B11"))){
        result = XboxMotherboardRevision_DEBUGKIT;
    }
    else if (!strcmp(ver,("P01"))){
        result = XboxMotherboardRevision_1_0;
    }
    else if (!strcmp(ver,("P05"))){
        result = XboxMotherboardRevision_1_1;
    }
    else if (!strcmp(ver,("P11")) || !strcmp(ver,("1P1")) || !strcmp(ver,("11P"))){
        if(ReadfromSMBus(0x6A, 0x00, 0, temp) == 0){
            result = XboxMotherboardRevision_1_4;
        }
        else {
            result = XboxMotherboardRevision_1_2;
        }
    }
    else if (!strcmp(ver,("P2L"))){
        result = XboxMotherboardRevision_1_6;
    }
    else {
        result = XboxMotherboardRevision_UNKNOWN;
    }
    return result;
}

User avatar
NeMesiS
Posts: 188
Joined: Sun May 10, 2015 3:56 am
Location: Melbourne
Has thanked: 1 time
Been thanked: 12 times

Re: TSOP Flasher Project (Based on Chimp)

Post by NeMesiS » Tue Apr 04, 2017 2:49 am

psyko_chewbacca wrote: Yep there is. You can query the PIC on SMBus for a version string.
Thanks for your reply...
At first glance I noticed straight away that there seems to be no RESULT for versions 1.3 & 1.5
Could I safely assume if a RESULT of 1.2 implies 1.2 & 1.3 and so forth for 1.4 = 1.4 & 1.5 ?

I understand the bottom half of the code but the top not so much,
I see that this is for the Loader but can this be used within my scripts?

User avatar
NeMesiS
Posts: 188
Joined: Sun May 10, 2015 3:56 am
Location: Melbourne
Has thanked: 1 time
Been thanked: 12 times

Re: TSOP Flasher Project (Based on Chimp)

Post by NeMesiS » Mon Apr 24, 2017 6:33 am

Rocky5 wrote:
Thu Mar 30, 2017 1:15 am
The issue with the Xbox Linux 2.6 fatx driver is it's not very good :lol: it doesn't handle loads of folders and files on a fatx partition properly, so you won't see all folders files e.g.... So C and the cache partitions are preferred.
I've meaning to get back into this but I have few projects on the go at the moment.
I managed to do some fatx testing a little while ago, trying to copy files from one location to another.
I found that it can't really handle folders at all, copying from a folder to c:/ would give a file at 0 bytes.
So I will have to rely on a dash to make the initial copy from exploit directory to a cache partition.

User avatar
Rocky5
Posts: 961
Joined: Sat Feb 08, 2014 5:27 am
Has thanked: 92 times
Been thanked: 249 times

Re: TSOP Flasher Project (Based on Chimp)

Post by Rocky5 » Mon Apr 24, 2017 11:11 am

NeMesiS wrote:
Mon Apr 24, 2017 6:33 am
Rocky5 wrote:
Thu Mar 30, 2017 1:15 am
The issue with the Xbox Linux 2.6 fatx driver is it's not very good :lol: it doesn't handle loads of folders and files on a fatx partition properly, so you won't see all folders files e.g.... So C and the cache partitions are preferred.
I've meaning to get back into this but I have few projects on the go at the moment.
I managed to do some fatx testing a little while ago, trying to copy files from one location to another.
I found that it can't really handle folders at all, copying from a folder to c:/ would give a file at 0 bytes.
So I will have to rely on a dash to make the initial copy from exploit directory to a cache partition.
You could see if raincoat can read from the ramdisc instead of mounting partition 51. Then all you would do is have a simple menu to pick a bios.

I'm mean there is like only 4 bios you need to choose from.
( not much need for earlier x2 bios, so I would use M8+ in its place )
Download Xbox Softmodding Tool & Extras Disc
XBMC4Kids Mod


Xbox Gamertag = Connxtion
PSN ID = JCRocky5

psyko_chewbacca
Posts: 213
Joined: Fri Oct 05, 2012 5:19 pm
Location: Québec, Canada
Has thanked: 21 times
Been thanked: 125 times

Re: TSOP Flasher Project (Based on Chimp)

Post by psyko_chewbacca » Tue May 02, 2017 8:03 pm

NeMesiS wrote:
Tue Apr 04, 2017 2:49 am
Could I safely assume if a RESULT of 1.2 implies 1.2 & 1.3 and so forth for 1.4 = 1.4 & 1.5 ?
Yes
I understand the bottom half of the code but the top not so much,
I see that this is for the Loader but can this be used within my scripts?
The top half of the code goes as follow: You need to query the PIC (SMC controller) 3 times in a row for a single byte at register 0x01 (so the 3 * "ReadfromSMBus(0x10, 0x01, 1, &temp[*]");. Before that, just to be sure, we reset the ID counter of the PIC's register in question (with instruction "I2CTransmitWord(0x10, 0x0100);") or else we might get all 3 ID codes out of order. Once we have all 3 bytes from PIC, we compare to known values to determine SMC version and therefor Xbox motherboard revision.

Find a way to interface the SMBus from within your script and you can use this method to identify motherboard's revision. Maybe write a small program that do just that if necessary but I bet you can talk to the SMBus in a bash script as long as you have the right permission. It's probably listed in "/dev/" as a i2c device.

User avatar
professor_jonny
Posts: 1247
Joined: Thu Jul 05, 2012 5:41 am
Location: New Zealand
Has thanked: 56 times
Been thanked: 183 times

Re: TSOP Flasher Project (Based on Chimp)

Post by professor_jonny » Wed May 03, 2017 12:47 pm

Rocky5 wrote:
Mon Apr 24, 2017 11:11 am
You could see if raincoat can read from the ramdisc instead of mounting partition 51. Then all you would do is have a simple menu to pick a bios.

I'm mean there is like only 4 bios you need to choose from.
( not much need for earlier x2 bios, so I would use M8+ in its place )
I did this some time ago I made it sort of have a 2nd stage script where the initial script inside the initrd set up everything and it then loaded a script off the xbox partition so you could freely edit the script with out messing in the initrd to make changes
I even put in the latest xpad driver and made a menu in script with file size checking etc....
only problem I had I could not figure out how to build a more feature laden version of busybox to get all I wanted to do in my script,but it worked for me at the time to flash a whole lot of windbond chips

Post Reply