xeBuild 1.04 ============ Introduction: ============= After a lot of work, xeBuild brings together ggbuild and fbbuild into a single application for building glitch, jtag and clean retail or devkit images. What's New: =========== - add in corona support files for 15575 and 14719, thanks again to Team Xecuter's RGH crew for for providing the exploitable BLs! - more info output at final info summary - various non critical bug fixes (there is no reason to rebuild existing images) Current Limitations: ==================== - STAY THE HELL OFF LIVE! Nuff said, we're not you're mum. How To Use: =========== - See individual folders for lists of files to provide - if desired provide replacement cpu and 1bl keys in text files - open a command window in the xeBuild directory - on the command line type, for example: example - if you provided keys in appropriate text files xeBuild.exe -t glitch -c falcon -d myfalcon myfalconout.bin -t glitch = build a glitch type image -c falcon = use falcon bl and patch set -d myfalcon = a folder is present called "myfalcon" with per machine files, this uses it myfalconout.bin = the file that will be produced - type xeBuild.exe -? for command line info Example: ======== -take original console dump, put it in mytrinity folder as nanddump.bin -set CPU key and 1BL key in ini file, verify LDV from nanddump.bin matches console fuses if not set cfldv in ini file -build (xeBuild.exe -t glitch -d mytrinity -f 13599), flash and hopefully life is good .ini files: =========== Just a word on the format... the ini parser is not very robust, the files need to be plain ASCII, everything after a ; on a line is ignored, and spaces are not acceptable (they get removed). Things like CPU key and 1BL key, if present in the per box ini file need not be placed anywhere else. Optional Patches: ================= Various optional patches are included for use with the -a option, they are: nofcrt - removes fcrt.bin requirement on some drives nohdd - disables detection of internal SATA HDD nohdmiwait - HDMI consoles will no longer wait or EXX screen when video is not ready nomu - disables detection of jasper big block NAND mu notrinmu - disables detection of trinity 4G internal USB module Note: ===== - DON'T USE THIS UNLESS YOU KNOW FOR SURE THAT YOU NEED IT! Using an incorrect controller config can result in problems remapping bad blocks (even manually.) If you have a 16M jasper, an additional build type has been added 'jaspersb', by default the image will be built for jasper with big block controller (config 00023010), use this alternate switch to build for small block controller (config 01198010.) Multi build/options example: ============================ when you specify -f 13599 on the command line: 13599\filelist.ini is parsed instead of data\filelist.ini Also the bin directory is used from 13599\bin\ instead of bin\ allowing anyone to create multiple builds without multiple instances or rebuilds/hex edits/hacks of the main app. The example provided is the last version of 13599 patch set from dash launch and other files to build freeboot 13599 example use: ------------ xeBuild -f 13599 -d myfalcon x13599out.bin -f 13599 : use .\13599\filelist.ini, and .\13599\ for firmware files, .\13599\bin\ for patches -d myfalcon : use .\myfalcon for per build files (cpu key, keyvault, security files, ini etc.) x13599out.bin: override auto generated name and produce .\x13599out.bin as the final NAND image note, if -d ***** is not specified it will still use the original /data and /bin dirs Devkit image building: ====================== This feature is currently considered Beta/Work In Progess. A new image target type was added, "-t devkit" which builds 64M flash images for devkits. Currently untested, building with a 00 filled CPU key will create a zeropaired devkit image that may allow one to boot a software bricked devkit that one does not know the CPU key for and recover it to an operational state. By powering on the console with such an image present, with a recovery DVD in the drive, the recovery software should be able to create a new keyvault, re-pair the DVD drive to the new keyvault, and allow normal operation once complete. Normal devkit image building when one does know their CPU key and thus has security files and keyvault should work as expected. Building devkit for glitch/jtag is also possible using the standard -t glitch/jtag methods. Sample ini have been provided with this release, but will not work unless patches and files are supplied. Note that devkit is not our focus, but was relatively easy and straight forward option to supply for those that wish to make use of it. jasperbigffs: ============= Those who use large block NAND are now able to nearly double the size of the system file area with this option with no apparent ill effects. Normally this option wouldn't be needed, but if one wanted to experiment with more files in flash, or one was building a devkit image for a devkit with a big block flash, this option is required. Credits: ======== Without ikari this would not have been possible, thanks! __ ____ ___ ___ _____ / _|_ __ ___ ___| __ ) / _ \ / _ \_ _| | |_| '__/ _ \/ _ \ _ \| | | | | | || | | _| | | __/ __/ |_) | |_| | |_| || | |_| |_| \___|\___|____/ \___/ \___/ |_| [v0.08 - inspired by ikari] R.I.P. No this isn't freeboot, it is a clone and has always been since the last release of ibuild. Thanks and greetz to everyone who has contributed to hacking this wonderful machine. Thanks to the engineers and countless others who made the machine what it is... we only wish they had listened and RROD was not a problem. If we were to list everyone here, there would be no time left to play on the machine! Thanks to Free60, LibXenon.org, Redline99 and Tuxuser for providing xell builds <3 Thanks to Swizzy for making the official GUI front end for xeBuild, for always adding the new stuff we shovel at him and never once complaining. Big thanks to the folks at #freeboot on efnet for the tireless hours of help you all give freely. Thanks to the testers who tirelessly made sure stuff worked. Thanks to rgloader for doing the work yourselves, there *is* no spoon, just a glitch in the matrix. Don't believe what random people *cough* write on forums .. ----- //2012 ----- Changes: ======== 1.04 - blacklist sysupdate.xex* as flashfs files, these are autogenerated files representing data that overflows the patch slot - add console ID, motherboard serial number, serial number and mfg date to final output (when available) - add in corona support files for 15574 and 14719, thanks again to Team Xecuter's RGH crew for providing the exploitable BLs! 1.03 - updated patches to remove CON sig checks, still allowing the patched check to report if the CON was signed by this machine - updated glitch patches to remove CF LDV check (keep in mind updating a fat to 14717+ requires rewiring CPLD for less stable glitching) - modified [flashfs] category - can now take longer paths as well as absolute drive paths, spaces not allowed (ie: ..\common\filename or H:\somepath\filename) - items without a crc will not be sought outside the given path or filename (relative paths are based in the firmware folder, xexp filename mutations will NOT be applied) - items with a crc will be sought in given path, system update, nandump.bin then common folder - fix 16M corona smc extraction from nanddump.bin - correct nandmu option so it properly defaults to false - add 'jasperbb' console target (same as jasper256 and jasper512) - correct bug in hv patches in 14717/14719 - added smcnoeject and smcnoblink options (only patches jtag/glitch smcs) - changed glitch image CD patches to not require dynamic patches (should be more stable) - add 'demon' option, currently only sets the same speed as cygnos uart speed - add 15574 1.02 - improved feedback when mangled or incorrect option values are found in options.ini or command line - fix bad LBA due to using a small block controller flash image on a big block machine - added patch to all versions to skip yet another minimum version check (mostly affected default.xex on root of USB) - add optional nohdmiwait patch to 14717/14719 (console won't pause bootup waiting for HDCP handshake when TV doesn't respond) known side effect: occasionally when the TV does finally sync dash will restart (forced to metro even if using dash launch) - now retains Statistics.settings from a nanddump.bin and can load the data from perbuild dir along with other mobile data this data is found in the block preceding smc_config - can now obtain CF/CG and flash files from su20076000_00000000 (system updater container) when placed in firmware folder - bls besides CF/CG must still be provided externally - .xex/.xtt files that only have update/.xexp in the container still need to be provided externally - new option 'nosusecurity' added to command line and ini to skip using security files from system update container, external files provided in perbuild directory take precedence over any other security files found (order: file, su, dump) - now attempts to retreive files not found in firmware folder or update container from nanddump (if provided) - common folder added to scan path for alternate bootloader location - now respects setting bool options on command line to false instead of enable only, and overrides/ignores enable options set elsewhere - fixed regression around remapping blocks when wear area has bad blocks - jtag uses second CB to enumerate fuse values, displays virtual fuse set at end of bl encoding stage in verbose logs - revoke nanddump.bin that has had zeropair data overwritten and big block images that had bootloader data overwritten with incorrect nandpro args - fixes for big block retail images (patch slot offset and reserve blocks value) - BIG thanks to Team Xecuter's RGH crew for snagging fat dual CBs - add glitch2 build type, uses console type as base for patch file names (ie: patches_g2falcon.bin) - add 'notrinmu' optional patch for 14717/14719 to disable trinity internal 4G memory unit access - add 'nohdd' optional patch for 14717/14719 to disable internal hard drive access - fixed a bug relating to relative paths 1.01 update pack 1 - fixes a bug with ini creator, wasn't outputting non CB/CD bl data - add 14719 1.01 - minor bugs fixed (extended.bin, kiosk button not displaying) - invalid secdata.bin and extended.bin will be cleanly recreated instead of failing build - can now accept decrypted kv.bin without messing it up - fixed a bug with long version strings in firmware .ini files - fixed fatal exception when patch file is not found - added -i flag to specify additional addon component for ini/patch file name - corrected nandmu warning to only say xebuild will attempt to keep this data when the option is set - added additional jasper build mode jasperbigffs, results in a non-standard and much larger system file area (approx 32MiB larger) - patch slot address for glitch/retail images is now dynamically assigned (first block after xell/first block after CE) - devkit image building added - if pairing value can't be found in dump CF/CG it will attempt to be extracted from CB - smc size and address made dynamic (mainly for corona+) - corrected typo/problem with FAT bitmap creation - cache decrypted keyvault, refine messages regarding FCRT and output dvdkey at the end - logs/outputs expected/possible fuse values for console sequence bytes in CB - add dvdkey to ini and -o, to set dvd key in keyvault before writing it to the new image - fixed a possibly critical bug when parsing nanddump.bin FS entry - correct EU/AUS smc game region output - nanddump flash controller detect recoded, now only requires block 0 be not remapped - fixed unhandled exception when -o option that requires = did not have = - updated bl patches for all jtag machines and trinity (rgh fat doesn't need) to remove smc size = 0x3000 limit - fixed bug that was causing 2nd patch slot on retail builds to contain unneeded data - added fuse mask output while processing CB - added 14717 - added patch to trinity 9188 CB_B to bypass fuseline 2 revocation check 1.00hf - hotfix - jtag images were being created with incorrect patch file number (xexp1 instead of xexp2) 1.00 - gets security files from nanddump.bin and verifies them (odd.bin is currently not processed) - option added to disable extracting security files from nanddump.bin - decrypts perbuild security files for verification (crl/dae only currently, updater files work too) - zero nonce data in bls before checking crc (inlcuded file lists updated with new crc and explanation) - fixed a bug with mobile extraction - fixed a bug with fsroot processing - (glitch) dynamic SMC patcher, no longer limited to hard coded hash/offsets - added more SMC hashes to verify known clean SMCs - will attempt to decrypt external encrypted smc.bin if needed - whitelist more chars in the file list parser - altered so that pairing value will be retreived from nanddump.bin even if ldv is set in ini - dual CB is dictated by ini, "none" filename indicates single CB (jtag does not use dual CB) - increased logged info when adding files to flashfs - odd.bin in encrypted (only!) form is now handled (from file or nanddump.bin) - ini options are now available as -o options on command line - added -t command line flag for glitch/retail/jtag selection - JTAG image creation merged - separate retail/glitch/jtag into individual per-firmware ini lists - added -noenter command line option to suppres application asking to press enter on completion - added proper errorlevel exiting, 1=usage/commandline error, 2=file write err, 3=image build error - add 'cygnos' and 'xellbutton' options for glitch images with appropriate bl patches (either may affect fat glitch boot rate!) - non-critical spare data fix to the way smc config is added to image - update freeboot core and glitch base patches to accept a secondary xell poweron reason - rewrote extended.bin handler, given an invalid/undecryptable file it will create a empty extended.bin - rewrote keyvault handler, can decrypt and verify kv.bin when it's provided encrypted - added patch append -a command, and converted nomu and nofcrt to optional patches - added simple explanation of patch file formats in about_patches.S - changed nonandmu option to nandmu so it can default to false - added corona and winchester console types, currently not supported but there if needed - add 14699 0.33 - corrected bug with ini parsing and dvd region (and others) left blank - add 13604 0.32 - slim/fat glitch image building (based on fbbuild 0.32) - builds retail images with -retail command line option - added autopatch smc option in per box ini file - extracts pairing value and highest LDV from nanddump.bin (ini cfldv setting overrides nanddump ldv) |