What you will need:
Microsofts Xbox 360 is one of the last great consoles of yesteryear, and many of its games still hold up graphically even today. Fourtunatly, there are a great deal of homebrew apps & mods available that can unlock its full potential. In order to access unlock the Xbox 360 several hardware mods are required. Modding this console is not for the faint of heart, however. The reset glitch/JTAG hack is among the most complicated & difficult of all console mods, so if you are new to modding you may want to practice on simpler stuff before tackling this one. The guide below is divdied into 2 steps: choosing your hack, and installing/programming your glitch chip.
RGH1, RGH 1.2, RGH2, RGH2+, JTAG, R-JTAG, R-JTAG+, R-JTOP?
There are many different version of the basic RGH hack, and most of them were created with specific glitch chips in mind. However, they all achieve the same end result. The only real difference is the wiring methods and boot times. At this point, most of the 360’s you will find in the wild have probably been updated, which means your only real option will be RGH 1.2 for phats and RGH2 for slims. As such this guide will focus mostly on these 2 methods as I have chosen to omit these older, outdated hacks.
If you can find an Xbox that is still compatible with the older JTAG hack in this day & age than it is a definite keeper as original JTAGs tend to be somewhat valuable to collectors.
In any case, the first step for any Xbox 360 mod is determining your motherboard version.
Xbox 360 Motherboard Revisions
The Xbox 360 went through a number of different revisions in its life time. The original white models (known colloquially as “Phats”) went through about 4 major internal revisions to fix the dreaded red ring of death issue.
In early 2010, Microsoft also released the Xbox 360 S series. These consoles are slightly smaller, feature an optical audio port, and have built in Wi-Fi. Lastly, Microsoft released the Slim E (Winchestor) series, which is more of a budget unit and has no analog AV out or S/PDIF.
Xenon, Opus, Zephyr
These motherboards are come from launch edition Xbox’s and are a pain to mod. They have a high failure rate and will give you a lot of trouble when you attempt to exploit them. Unless you are lucky enough to find one that is on a very old dashboard version (in which case you can attempt a JTAG mod) its best to avoid these consoles. If you insist on using one of these revisions they will require a specific exploit method that is beyond the scope of this guide.
Falcon, Jasper
These are newer revisions of the old phat units and are less prone to overheating. They also have HDMI outputs as a bonus. If you have an older Phat unit with a "blades" dashboard it may be possible to attempt and original JTAG hack, so it would be wise to refrain from updating it if possible.
Trinity, Corona, Winchestor
The best console to mod is probably the S series, as it does not suffer from the poor manufacturing process of its predecessors and has a few extra features, chief among them being the built in Wi-Fi. E series units are pretty hit or miss, as most of them cannot be modded.
There are a few different revisions of the 360 slim. Each revision will require a slightly different approach. You will want to look for a Trinity or Corona unit
The back of the 360 will have a manufacture date. If it is before august 17th 2011 you likely have a Trinity. If it is after, it will be a Corona. Anything manufactured after 8/14/2014 is a Winchester motherboard – which as of this date cannot be reset glitched.
Performing The RGH/JTAG Hack
Performing a RGH on a 360 consists of 3 steps: Dumping the NAND memory (which contains your CPU/DVD keys), creating the ECC, and flashing the glitch chip.
Trinity RGH Guide
These are the easiest and most common Slim series consoles to mod.
NAND Reading
To start with, you will have locate the LPT headers on your motherboard and solder the corresponding JR programmer wires to them. I recommend keeping the wire leads long since they will be easier to work with and wont be permanent anyway.
Solder the 9 wires to the J2C1/J2C3 area on the motherboard in order to read/write the NAND. Plug in the AC adapter but don’t power on the console. Make sure the USB cable is connected to the JR programmer and connect it to your PC. Open up the JRunner application and choose “Read NAND”. This may take some time and you should do it at least 2-3 times. After you done reading the NAND JRunner will compare all of the dumps to ensure that they match. If Jrunner confirms a match you can proceed to the next step. You can ignore any messages about bad blocks.
After you get 2 matching dumps you can proceed to selecting your glitch method. If you have a Slim it will be Glitch2. Select “Create ECC”, and then “Write ECC”. After its done you can unplug the cable from the JR programmer.
Writing To The Chip
Now that we have our ECC written, its time to program the glitch chip. Plug the cable into the JTAG-XSVF port on the JR. You can use the pin headers or cut the connector off and solder the other end to the program points on the X360 ACE chip. I recommend using the pin header as you can leave it on and it lets you keep the JR connector intact. Also ensure that the JP-3 switch on the JR is all the way to the right.
Next its time to flash the timing file. Go to the advanced menu in JRunner and select XSVF. Choose the open icon and locate your RGH timing files. Make sure you choose the correct folder that corresponds to your motherboard revision. You should see a list of speeds and inside each are the timing files. Choose one and hit the “Run” button in Jrunner.
There are many different timing files and it’s a bit of a crap shoot to find out which one works best with a particular console. You may have to try a few before you nail down a timing that works best.
Connect the Chip
The 5V, E, D, & F should be fairly straightforward. However, the C/A points are under the X clamp. The clamp will have to be removed in order to gain access to this point. You can use a removal tool or a flat head screwdriver to carefully lift the clamp legs. Its best to lift them on opposite ends first to avoid putting too much pressure on the motherboard.
Also, make sure you bridge the P1 pad on the X360 Ace trip.
Obtain CPU Key
Once your done soldering in the Glitch chip you can remove the JR tool and plug in video to your Xbox. Power on the Xbox and test out your glitch chip. If you console does not boot or takes a long time to do so, you may want to try a different timing file. I always aim for at least a 10-15 second boot time, but longer is ok if you are patient. Its not as if you will be powering the Xbox on/off constantly anyway.
Upon successful boot you should see the Xell screen, and then a blue screen that shows your CPU/DVD key. Make sure you save this information in a safe place as it will be needed later.
Updating JRUNNER
Jrunner has not been updated in a long time, so if you want to use a dash that is higher than 17511 you will have to update the files manually. I recommend you perform this update now, so you will be on dashboard 17526 and you wont have to update later on. It is likely that this will be the last update for the 360 anyway, as Microsoft has discontinued support of the console.
Building your new XEbuild image
Now that we have the updated JRunner files, it is possible to use the latest dash for your image. Go to the Xebuild tab in JRunner, and select the 17526 in the dash version drop down. Go to the “source” field and load your NAND dump. You should also enter your CPU key as well.
Don’t worry about what dash your currently using – the rebuilt dash can be installed over anything, even if it’s a few updates past what your currently using.
The glitch method will vary depending on your console. If you have a slim it will always be Glitch2. Some older Phats can be Glitch1 or even the original JTAG (also used for R-JTAG on consoles that support it). Retail is useful if you need to restore an Xbox back to stock. Glitch2m is a special hack that is for consoles with blown efuses, which is a process that is beyond the scope of this guide. Checking the CR4 box is optional, but it can help to increase boot times.
When you have chosen the glitch method of your choice select “Create Xebuild Image”. Plug in the JR programmer back into your NAND and insert the power cable but do not power the console on. Select “Write NAND”. After JRunner is finished you can boot the console like normal. If there are no issues, disconnect/desolder your JR programmer and find a place to seat the chip permanently. I recommend you use the area underneath & slightly to the right of the DVD drive.
Corona RGH Guide
The steps to successfully RGHing a Corona are identical to the above with a few caveats. There were 4 revisions of the Corona board, so you will have to determine which type of Corona you have by looking at the NAND memory of the console. To simplifiy things, just look at the NAND to see if the chip touches both sides of the pins. If it does, you can proceed as you would with the Trinity, by using the J-R Programmer and connecting it to the respective points.
If you have a NAND chip that does not touch both sides of the pins, you will have to use the Maximus SD reader method to read/dump the NAND from the U1D1 point. The steps in JRunner are identical – except that when you attach the SD reader to your PC you will get a prompt asking you to format the drive. Make sure you DO NOT do this, otherwise you could damage the console.
If you don’t see this promt you did not do the soldering correctly, the SD reader is faulty or you have a bad Maximus SD Tool. Coronas can be very stubborn when it comes to NAND reading/writing and this will be a major stumbling block in the process. If possible, its best to stick with Trinity or older Corona motherboards since you will have far less headaches.
The points you have to use to solder in the chip are a bit different for Coronas.
Lastly, certain Corona revisions do not have a POST_OUT point. This means that you will have to install a postfix adapter. The best way to find out if you need one is to check the traces above the CPU. If they are missing you will have to install the adapter.
The installation is pretty straight forward but these things are pretty cheaply manufactured and are quite brittle. They often arrived deformed or even broken. Don’t be afraid to use a little hot glue in order to keep repair it and keep it in place.
The postfix adapter consists of a pin on the top piece that should slide under the CPU, and the bottom piece latches onto it in order to hold it into place. You will also need to solder the adapter to both sides of the C5D13 capacitor that sits slightly above the CPU.
Note: If you have a postfix Corona the C point for the ACE chip is located on the postfix adapter.
Corona capacitors
For whatever reason, V3, V4, V5, & V6 Coronas can sometimes have a few missing capacitors on the RC2C6 – R2C9 points. Be sure to check for these if you have a Corona, and replace or bridge the points of whichever ones are missing.
RGH 1.2 For Jasper / Falcon
The points for the NAND are identical on both motherboard revisions. You want to attach your JR Programmer leads to the J1D2 and J2B1 areas.
Once you have 2 matching NAND dumps, create/write the ECC as normal. JR to the glitch chip headers, set the switch on the JR to the right, and select your timing file. Make sure you are using the 15432 timing files as these give the best results.
Using an Ace chip on a Jasper requires some creative wiring. You will have to remove a diode & solder the 1.8V lead to a small point next to it.
Once your done routing your wires, disconnect the JR from the ACE and power own to test the glitch speed. If it takes a long time, or doesn’t boot, you will have to try a different timing file. If you find that you are having poor boot times than you can try the timings from the aptly named If you_mad folder. If you are still having trouble you can try the dynamic/auto-tuning files. Make sure you check the CR4 box in JRunner if you use these.
Upon successful boot you should see the Xell reloaded screen with your CPU & DVD key. Save them, turn off the console, and enter the corresponding values into JRunner with a good dump of your NAND loaded. You can use Glitch2 just like on the slims.
Installing Xexmenu, Aurora, & Dash Launch
Now that you have a working RGH, there are a number of useful utilizes you can install to get yourself up and running.
Xenmenu
To get started, you should grab Xexmenu & Dashlauch as well as a USB flash drive. Format the drive to FAT32 and add all of the files to the root of the drive. I have found that sometimes it can be difficult to get the 360 to read a FAT32 formatted drive, so a better option may be to format it via the Xbox. Since a standard PC cant read Xbox formatted drive, you will have to use Usbxtaf to inject the files manually.
Copy over the 2 files to a location you can remember on your main hard drive or memory unit, if you have one. You can use Xexmenu from the USB drive in order lauch dash launch for the first time.
Dashlaunch
This is a useful utility that can be used to tweak how your 360 behaves. The first thing you should do is set which dashboard you wish to launch. You will want to tell Dashlaunch the location of which ever dash you have installed and put it into the default row, otherwise it will just boot to the default Xbox dash. I also recommend you set one of the hot keys, which will allow you to hold a button during boot to choose another dashboard.
Aurora
Now that your Xbox is unlocked for homebrew i recommend you use a more feature rich dashboard. In the past, Freestyle Dash was a popular choice but it is no longer being updated. As it stands now the Aurora dash is a much better choice and still has a somewhat active scene.
Dual NAND?
It is possible to have both a retail & a RGH NAND installed with certain chips. However this requires additional steps that are beyond the scope of this guide. The benefit to having a dual NAND setup is that you can take your 360 online.