VIP Members Prehistoricman Posted May 5 VIP Members Posted May 5 (edited) This post was recognized by Dark Destiny! Prehistoricman was awarded the badge 'Superstar' and 42 points. It has long been thought that the Xyclops chip, which contains the BIOS on a v1.6 motherboard, is not flashable. However I recently discovered it has a serial port with a variety of interesting commands. It supports dumping the BIOS as well as the Intel 8051 code that runs the SMC functions of the chip. And just like the other Xbox versions that have the TSOP flash, we can reprogram the BIOS on the v1.6. In one way this mod is better than your typical TSOP flash because it's easy to recover from if you screw it up. The serial port will still be available. Tutorial Required items: 3.3V USB to UART adapter. You can find many of these available online at very low prices. See if you can get one that has a TX resistor value lower than 1k because the Xbox's RX has a 1k pulldown. v1.6 Xbox - this cannot work on any Xbox without a Xyclops chip Soldering iron Python installed on your PC The flashing script https://github.com/Prehistoricman/Xbox_SMC/blob/master/Xyclops/xyclops_flasher.py A 256KiB BIOS bin file Steps: Connect your USB to UART adapter to the Xbox. This can be done either by connecting to the AV port, or by opening the Xbox and using internal connections. Internal connections Xyclops pin 29 is DEBUG. Wire it to the 3.3V standby voltage. Xyclops pin 64 is TXD. Wire it to the adapter's RX pin. Either: Near Xyclops: OR under the AV port: Xyclops pin 63 is RXD. Wire it to the adapter's TX pin. Either: Top side, near AV port: OR under the AV port: Connect ground to the adapter's GND pin. You can use the xbox metal case, any screw holding the motherboard down, or pin 2 of the LPC header (see pin layout here). AV cable - not advisable! See AV plug diagram here https://xboxdevwiki.net/AV_Cables Pin 5 is DEBUG. Wire this to 3.3V. Pin 18 is TXD. Wire this to the adapter's RX pin. Pin 6 is RXD. Wire this to the adapter's TX pin. Remove resistors below the AV port: R5M3, R4M10. This will affect the video mode recognition and can prevent normal display, so they should be replaced after the mod is complete. Connect any ground pin (such as pin 6, 7, or to the adapter's GND pin. If you cut LFRAME to do a modchip install, you will have to reconnect it. Plug in the USB. It's better to do this before powering on the Xbox Plug in the Xbox. It can be left in standby. Identify what serial port your adapter has. On Windows you can expect it to something like COM5. Install Python 3 if you haven't got it already Open cmd, powershell, bash, or whatever the terminal is on your PC. Execute the script by writing python xyclops_flasher.py your_bios.bin COM5 to the terminal, replacing your_bios.bin with the path to your BIOS file, and COM5 with your serial port. Press enter Follow the on-screen text. It should say Xyclops communication established and ask if you want to erase the flash. Once the connection has been made, or even attempted, you may be unable to turn on or off the Xbox. That's normal. The SMC gets frozen while the serial is active. The Xyclops can get upset and stop responding sometimes. If you can't get communication, try unplugging the Xbox for 10 seconds. If you get erase timeout, make sure you made the GND connection. If you can't get communication, then your serial adapter might have too much internal resistance. Identify its TX resistor and reduce it to ~500 ohms. The flashing process takes about 2 minutes, and the verification (if you want to do it) takes another 2 minutes. If you want to verify again, use the -v option: python xyclops_flasher.py your_bios.bin COM5 -v The Xbox power button should work again, so try turning it on. If you get video issues (like greyscale video) and you removed two resistors in step 1.2.5, you will need to place the resistors back. Disconnect the DEBUG wire for enhanced stability. The Xyclops will freeze whenever it sees any activity on the RX pin. FAQ Can we use a BIOS bigger than 256KiB? Not on a retail xbox. Some rare devkits may be able to do 512KiB but I have not confirmed that. I ran the script and my Xbox won't turn on! Yes, the SMC will freeze when it receives serial communication. The script should resolve that if it exits successfully, so I must assume it failed. You can unplug your Xbox for 10 seconds and plug it back in to reset and try again. Can this be done via a software method? Not to my knowledge, but it is rumoured to have been discovered. Technically the answer is yes, but it involves using the serial first and then reprogramming the SMC (advanced). What else can it do? The Xyclops serial port is able to do a lot of low-level actions on the SMC. For example, it can 'press' the front panel buttons, change fan speed, change LED colours. It can also potentially do some hacky things such as spoofing the video cable mode, or bypassing the boot challenge (FRAG). We are also able to re-program the SMC which could lead to some more advanced mods for specific and niche purposes. Through the AV port??? Yeah I know right? We can't be sure why Microsoft made it this way. It's too slow for factory programming AND there's those resistors preventing it. It could definitely have expedited the development process of Xyclops, but that doesn't explain why it was left present in the retail motherboard. Edited Sunday at 02:13 AM by Prehistoricman 11 4 Quote
VIP Members Prehistoricman Posted May 5 Author VIP Members Posted May 5 Correction: you can't do this without opening the Xbox. The mobo has a 0-ohm resistor tying those AV pins to ground Sorry for the false claim. 3 Quote
botsauna Posted May 5 Posted May 5 (edited) What resistor is it? Can we just remove it and then use the AV port? Answered my own question. Just needed to RTFM! Edited May 5 by botsauna 1 Quote
Matty Suds Posted May 5 Posted May 5 (edited) Crazy... This is top shelf modding. Thank you for all your work man. This is really going to help the community in a big way. All those people out there that don't have access to mod chips... Seriously huge moves. Edited May 5 by Matty Suds 1 Quote
ManCloud Posted May 5 Posted May 5 Can we still use the YPbPr mode after we removed the resistors? If I see it right we remove the GND Potential for Pin 5 and 6 which would prevent Pin 17 and 18 to be tied to ground by a YPbPr cable (as long as it's wired 5+17, 6+18) Additionally wiring pin5 to 3.3V and then having a YPbPr cable which simply shorts pins 5+6+17+18 to gnd could be a risk of a short, so the modification at least of pin5 needs to be reverted, right? 1 Quote
HarryButt Posted May 5 Posted May 5 I am starting to think an internal port is a better idea. then you can use a switch or even a little rewiring Quote
Prabhu Posted May 5 Posted May 5 https://www.amazon.in/Techtonics-FT232RL-Download-Serial-Adapter/dp/B08GG847WP will this work ? Quote
Xbox-Scene Posted May 5 Posted May 5 Hi Everyone While reviewing the schematics, we did notice something interesting , the resistors R4M10 and R5M3 are not populated on debug Xbox units, but they are present on retail boards. You can tell by the asterisk next to each resistor value, which typically indicates a “Do Not Populate” (DNP) part in production for certain versions (in this case, debug / test units). From what we can tell, these resistors are used to disable the debug UART pins on retail units. They don’t appear to be related to AV pack detection or AV mode selection but some people have reported fragging using composite cable after removing the resistors. Just to be safe, I chose to hardwire the UART connections directly to the motherboard. I then routed those wires out through the front of the case. On the external end, I terminated the wires with a male pin header, and my programmer connects using a female header plug. This discovery is still new, and we’re learning a lot as we go. With ongoing feedback and testing from the community, I’m sure we’ll uncover alternative methods and figure out what works best and what doesn’t. Quote
VIP Members Prehistoricman Posted May 5 Author VIP Members Posted May 5 5 hours ago, Prabhu said: https://www.amazon.in/Techtonics-FT232RL-Download-Serial-Adapter/dp/B08GG847WP will this work ? yes Quote
HoRnEyDvL Posted May 5 Posted May 5 We have confirmation from members in our community that this is working with Xyclops revision A-A02 We are looking to see if there is a method for those who have A-B01 Quote
VIP Members Prehistoricman Posted May 5 Author VIP Members Posted May 5 7 hours ago, ManCloud said: Can we still use the YPbPr mode after we removed the resistors? If I see it right we remove the GND Potential for Pin 5 and 6 which would prevent Pin 17 and 18 to be tied to ground by a YPbPr cable (as long as it's wired 5+17, 6+18) Additionally wiring pin5 to 3.3V and then having a YPbPr cable which simply shorts pins 5+6+17+18 to gnd could be a risk of a short, so the modification at least of pin5 needs to be reverted, right? I'm not sure. Do cables actually short all those pins together? I see your point about pin5. I wrote the instructions from the point of view of modifying the AV cable rather than internal installation. So you just remove the short to ground on pin 5 from the cable. 1 Quote
b3ncs1 Posted May 5 Posted May 5 for those want to use a pico, i wrote down the whole process that worked for me - i used this exact fw: https://github.com/JoeSc/pico-sexa-uart-bridge - i soldered in the connections on the picture with 40awg wire - the pico emulates 6 com ports, and i used the 4. one, you have to test it which works for you - verified with a stock bios dump from an 1.6 to ensure the communication between the pc and the console is flawless. (note: i couldn't dump the bios succesfully with the dumper script.) - when the stock bios verification ended succesfully i flashed the cerbios.bin note 2: you can make soldering the txd via easier if you scratch it a little with an exacto knife note 3: i used the lpc port ground point 1 Quote
VIP Members Prehistoricman Posted May 6 Author VIP Members Posted May 6 2 hours ago, rdwoodw said: Dumb question. This will work on v1.6b as well? v1.6b is fine (we don't care about RAM) but check the writing on the Xyclops chip. A-A02 is good, A-B01 is not. Quote
Prabhu Posted May 6 Posted May 6 I tried with my 1.6 which has A-B01 and i got this error. C:\Users\Prabhu>python C:\Users\Prabhu\Desktop\xyclops_flasher.py C:\Users\Prabhu\Desktop\bios.bin COM4 Sync failed... trying 38400 baud Error: No communication from Xyclops. Check connections or try unplugging your Xbox for 10 seconds. So, curious for the update. Quote
HoRnEyDvL Posted May 6 Posted May 6 20 minutes ago, Prabhu said: I tried with my 1.6 which has A-B01 and i got this error. C:\Users\Prabhu>python C:\Users\Prabhu\Desktop\xyclops_flasher.py C:\Users\Prabhu\Desktop\bios.bin COM4 Sync failed... trying 38400 baud Error: No communication from Xyclops. Check connections or try unplugging your Xbox for 10 seconds. So, curious for the update. Currently looks like this method works with A-A02 They are checking to see if there is a method to get A-B01 working Quote
VIP Members Prehistoricman Posted May 6 Author VIP Members Posted May 6 (edited) 2 hours ago, Prabhu said: I tried with my 1.6 which has A-B01 and i got this error. C:\Users\Prabhu>python C:\Users\Prabhu\Desktop\xyclops_flasher.py C:\Users\Prabhu\Desktop\bios.bin COM4 Sync failed... trying 38400 baud Error: No communication from Xyclops. Check connections or try unplugging your Xbox for 10 seconds. So, curious for the update. B01 still has communication OK so you have a problem with your setup. I expect B01 to produce an erase check fail message like ModderFokker's above. Edited May 6 by Prehistoricman 1 Quote
HarryButt Posted May 6 Posted May 6 I have two A-B01's manufacture dates 2004-05-21 and 2004-07-23 1 Quote
b3ncs1 Posted May 6 Posted May 6 7 hours ago, Prabhu said: I used pi pco by following "b3ncs1" post. Try another COM ports, if you wired everything right one of them has to work. Quote
HoRnEyDvL Posted May 7 Posted May 7 We were fortunate enough to have 1 of our good friend sacrifice 2 Xyclops chips, A-A02 & A-B01. From a Die / Bond wire perspective they look identical however would need X-ray / De-cap to look deeper. What would also be good to document is the values / readings of each pin and compare the to revisions. If anyone wants to do that & share information would be great. 1 Quote
VIP Members Prehistoricman Posted May 7 Author VIP Members Posted May 7 Can our friend do a precise size measurement? I expected the B01 die to be smaller. Quote
vhs Posted May 7 Posted May 7 Got it done on my console, amazing work! I'm having video issues after having removed those resistors, my component cables I made from a set of 360 cables now do not work and I'm having trouble figuring out just what i need to do to restore that functionality. Quote
.thumb.jpg.247db3183f65cfb31cf42a0183b74b46.jpg)
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.