RGH 3.0 (Xbox 360)

in order to install rgh 3 0 on your xbox 360 there are several steps this guide will go in order of what you need to do flasher the first thing you need is a flasher to flash the nand chip on the xbox 360 for this i recommend simply getting a raspberry pi pico it couldn't be any simpler than plugging in the raspberry pi pico to your pc while holding the boot button, then copy/pasting the picoflasher uf2 file onto the raspberry pi folder that opens up when you connect it to the pc download the picoflasher from here disassemble console fully disassemble the console following the disassembly guide you will need to get it right down to the bare motherboard at this stage i would recommend cleaning off the old thermal paste and applying new to the cpu identify console read the identify model article to know which model you have so long as it is not a winchester you are good to go wire programmer for all phat models the wiring is the same, connect up the wires from the picoflasher to the following pins for trinity use the following pins for corona, use the following wiring here is an example of the picoflasher wired up to a corona v3 if your nand is an emmc (the tiny one) it must be wired completely different this typically needs the resistor bridging on the nand header rebuild so check that section below too nand header rebuild (corona v3+) for any corona consoles v3 or higher, you will need to rebuild the header pins that we soldered the raspberry pi pico to as they are missing to check if you have a v3 or higher, check the area under the x clamp by the cpu the v3 onwards have no space between the stp501 and stp502 silkscreen, whereas the older versions not requiring the fix have a gap for v3+ look under the debug header where we soldered the prorgamming wires you need to bridge r2c10 (remove the resistor and bridge it or add a wire over the resistor) on top of that, if the resistors r2c7 and/or r2c6 are no present, bridge the pads here is an unmodified header that you can see is not missing r2c6 or 7, so nothing needs to be done there but we do need to bridge r2c10 still and here it is shorted if you lose the resistor or ever want to undo the work, it is originally a 100 ohm resistor of size 0402 rgh glitch wires in order to glitch the console you will need to short a pair of pads, and add a resistor between another set of pads the first one you will need is a short between post1 and smc post1 this point varies depending on console the other point you will need to join is smc pll to pll bypass you will join these together with a resistor not directly so place a resistor inline with the wire you are using to short them together depending on version the resistor value differs phat for the phat as well as the resistor, it is also advised (but not needed) to add a diode inline with the post wire this means you would have a resistor inline on the pll wire and a diode inline on the post wire the diode enables faster boot place a 1n4148 or similar general fast rectifying diode with the cathode end (black banded end) on post1 and the anode (positive) side to the smc post pad use a 22k resistor in line with the pll wire here is the top pll point trinity use between a 3k and 10k resistor in line with the pll wire corona use a 1k resistor in line with the pll wire here is an example on a corona v3 where i used an 0603 resistor inline with the pll wire also power console connect the power supply to the console but do not press any power button we will be using only the 5v standby voltage if you do not have a power supply, you can power it from bench on the 5v rail shown here is also a power on sense resistor pulling it to the 5v rail which is optional and only needed if you are fully powering the console from bench (with the power button when fully booting) simply connect 5v and ground read nand connect the raspberry pi to the pc download, extract and run jrunner exe from here click the ? button and confirm the j runner software can read the console type next is to back up the nand click read nand this will read the nand twice to confirm its correct make sure the end text says nands are the same once done the backups are placed inside the output folder of the j runner software if you forget to add the diode/resistors or they are installed wrong, you will get a bad compare and an error message saying header is wrong ecc / xell glitch now select glitch2 and rgh3 then click create ecc or create xell if it says xell image created click write ecc or write xell next to write the glitched file to the xbox 360 once done make sure it says write successful cpu key writing the custom ecc / xell file basically makes the xbox 360 boot up until xell reloaded when you power it on do not unplug the console while it is in the xell reloaded glitch turn it off at the power button i have personally seen and had the console completely brick by disconnecting power not powering off the symptom is then when applying power to the system the fan spins instantly without powering on and the 5v rail pulls 400ma you cannot connect to it via j runner and ultimately its completely bricked connect the heat sink back onto the cpu ( remembering to connect up the heat sink fan! ), and the front power board connect up the console via hdmi to a tv you can power the console from a dual bench power supply if you like, with 5v and 12v during this boot the 12v rail will pull 3 2a with peaks possibly of 4a if your bench can't provide the 4a it won't fully turn on the 5v rail should pull 80ma until you power on then around 0 25a once running remember all versions have different pinouts so check you have the correct ground, 5v and 12v pins this example is a corona console connect the front small pcb and then the power button ribbon and press the power on button to boot, and you should be presented with the xell reloaded screen alternatively, connect the front button ribbon and short these two pins to turn on let it run, and as it does it should show you the cpu key write this down and type it into the cpu key box of the j runner once you do, you should see all the key information showing on the right in keyvault as it can now successfully decrypt the nand we dumped earlier if you close the program or it crashes at any point, to get back to this stage simply select load source and select the nanddump1 bin and load extra selecting nanddump2 bin created xebuild make sure to power off the console first (remove the power then connect it back up, without pressing power button) otherwise the next step will say successful but it won't work now you have the nand decrypted it is a simple case of clicking create xebuild and wait until you see nand initialization finished then click write nand to write the hacked image back to the console confirming successful boot keep the fan in place and test booting with the power button to get to the stock dashboard or eject to get to xell reloaded remove the programming wires to the raspberry pi pico but leave the pll and post wiring/resistors in place build your console back up fully we are done with the hardware modding now you are free to install aurora or anything else you like backup keys an important step is to back up your original dumps in case your system ever needs them copy the folder inside the j runner software that was created the folder will be the consoles serial number inside the folder are the backup files the nanddump1 bin and nanddump2 bin are your stock retail nand dumps the updflash bin is the hacked nand you are now running on the console the key files contain all the important keys if you want to flash stock retail back on you have to write the nanddump files back to the nand then remove the rgh wires/resistors/diodes (otherwise you will get red ring of death)