As you may have noticed the PBL does not seem to work on the new kernel 5530 xboxes ... mostly october releases...

Has anyone got an idea what microsoft changed so that the pbl isn't working..
and will there ever be a fix ?? I think we need an answer to the above before we can get a new working version of pbl...

Is the bios memory adress locked?? maybe the adress is changed ??

I would love to hear from you guys.. because pbl was the best thing invented since the WHEEL !! ..

I've heard rumors about the new kernel actually blocking older versions of dashupdate.xbe, they may also be blocking PBL using any number of techniques.

I don't have a box with the new kernel, but this is what I'd try if I did:
1. All versions of PBL
2. PBL 1.3 from CD or DVD (1.3.5 doesn't work)
3. Try from a game-save exploit.
4. Load PBL from C:\, E:\ and F:\ as an app
5. Try all different exploits.
6. Boot M$ dash via exploit and run PBL by placing it in the xodash dir as xonlinedash.xbe.
7. Hex edit PBL's internal xbe name and resign with proper key.
8. Execute exploits with no devices attached.
9. Launch PBL using several different dashboards and menu systems.
10. Recompile PBl with the missing libraries stripped out. (see my thread about loading 1.3.5 from DVD)

Hi
I too have the same problem where the phoenix bios loader will sit at a black screen. I have kernel version 5530. any help would be appreciated...PLZ

Thanks

hmmm ... i've tested all things as described below ... and none of them seem to work ...

i can get pbl to load with several fonts .. but it crashes :( ..

i'd really like to know what microsoft changed .... then maybe a fix can be made .... ;( ...

Hoping that the new phoenix bios loader fixes the problem... any news from the phoenix team ??



Originally posted by catfish
I've heard rumors about the new kernel actually blocking older versions of dashupdate.xbe, they may also be blocking PBL using any number of techniques.

I don't have a box with the new kernel, but this is what I'd try if I did:
1. All versions of PBL
2. PBL 1.3 from CD or DVD (1.3.5 doesn't work)
3. Try from a game-save exploit.
4. Load PBL from C:\, E:\ and F:\ as an app
5. Try all different exploits.
6. Boot M$ dash via exploit and run PBL by placing it in the xodash dir as xonlinedash.xbe.
7. Hex edit PBL's internal xbe name and resign with proper key.
8. Execute exploits with no devices attached.
9. Launch PBL using several different dashboards and menu systems.
10. Recompile PBl with the missing libraries stripped out. (see my thread about loading 1.3.5 from DVD)

You can scrub numer 3 off too, this has been reported all over the place with people not being able to get gamesaves to work if they contain pbl.

PBL does actually run, but crashes when it launches the bfm bios.

i also tried everything on the list above, and nothing seemed to work...does anyone have any idea when the new pbl will be released or an estimate so i can stop sigining my game. And also when pbl does finally work(new version or patch), will my signed games still work, they should right? because pbl ignores the game signing?...Well we'll see.

pbl will run your games regardless of the signiture.

hehehe.. then first pbl should run.... does anyone know what microsoft has changed ??

p.s.. seen the updated xbox with 1400 mhz ?? ouch :) nice

Originally posted by aruu
i also tried everything on the list above, and nothing seemed to work...does anyone have any idea when the new pbl will be released or an estimate so i can stop sigining my game. And also when pbl does finally work(new version or patch), will my signed games still work, they should right? because pbl ignores the game signing?...Well we'll see.

no, the old pbl doesn't run...it freezes, all of the pbl's freeze(black screen) after the initial splash screen. I have no clue what they changed, but it's bugging me, it seems like the Kernel is blocking the reinitialization of a bios...probably requires a Microsoft password or something that their associates know to run the debug bios in memory. Who knows...we'll c....

OK guys,
I'll do my best to help, but u 2 will have to do all the labor as I still don't have a box with 5530.

1st. List your hardware and software versions including drive models and controllers. Check to see if u have the focus chip or something else.

2nd. Describe the exact symptoms. Does it show any text at all? Does it make the screen flicker or the sound pop? Does it attemt to parse the keys?


Just for completeness, I know on my box, the M7 bfm BIOS will refuse to load Evo-X if the TSR is active. It will just hang at a black screen.

Hi catfish.
Okay here is my information...

I have the bundle pack(star wars) Xmas bundle pack. I'm not sure of the dash version i have, but i am certain i have a 5530 kernel. I have a thompson dvd drive, and a samsung hard disk. i do have the focus chip, because the screen on pbl flickers, but when it tries to load the bios, it freezes.

The symptoms are that odviously pbl is loading, because i see it, although it's flickering and i can't read any of it. And then it freezes (goes to a black screen) where there's a clicking sou nd as it seems it's trying to refresh, red line is accross the screen. I dunno what u mean by attempting to parse the keys.

Can you tell me what TSR is, so i may try it?
Thanks again catfish...

I still need some more info about your system, but there's still hope.
Dash and kernel can be found in system info from the M$ dash.
How are u triggering PBL? Game-save, fonts or audio?
Is the clicking coming from your DVD drive? If so, then then it appears the Xbox is rebooting or attempting to load an xbe from the DVD.

For clarification, parsing the keys is in text-mode and will probrably be hard for u to read. U may be able to record the output to a VCR or something and then play it back frame-by-frame to see what it says.
The TSR is a utility from the Evo-X dashboard that can be disabled by editing the ini.

One other thing to add to my list above... There is a way to edit the BIOS and repack it so that is not encrypted and can be used with PBL without the need for keys. Do a search and u may find it in these forums.

Sorry for not giving enough information, i'm happy that you're online, if you have a screename this could be easier....PM me, and i'll PM it to you.

Looks like this is my info

K:1.00.5530.01
D 1.00.4920.01

+I'm launch pbl using the bert and ernie font exploit...
+The information on the screen is too hard to read all i see is something about drive p.
+The clicking noise is the screen clicking....it's comming from the t.v., i think it's because it's messed up.

Thanks again for all your help...

It's better if we post in the open, then at least, others can see what's been tried if nothing else.

My first suggestion is to test your copy of PBL on an older kernel. If u have a friend, ask if u can use his box for testing. Take the files directly from your Xbox and test them on another one.
Then try a few different BIOS'es. Even try the 5101 bfm.

I've tried that on my friends xbox...he has a 5101 kernel and it worked just fine, he has the same dash version, just different kernel...

Any more suggestions?

-aruu

try more BIOS'es and then try getting your Xbox's EEPROM key and using that in boot.cfg

Do you mind explaining to me how knowing the EEPROM key would have any effect?...It sounds like it might work, just don't know why...my friend borrowed my 007 CD so i an't do anything tonight, mayube tomorrow, if we post tomorrow morning?

let me know
-aruu

Originally posted by catfish
try more BIOS'es and then try getting your Xbox's EEPROM key and using that in boot.cfg

In addition to your posts...
I also had the clicking sound coming from the tv.... !

I guess that is because the xbox hangs...

The error is every time the same... i also noticed that i can't use the "xbox live exploit" ...

I will check this topic tonight and try to give more information as i am at work now...

Talk to you guys later...

P.S, Glad to see that finally we get the discussion going...

/me looks reaaaaaaaaaal friendly to the pheonix team....

Originally posted by catfish
OK guys,
I'll do my best to help, but u 2 will have to do all the labor as I still don't have a box with 5530.

1st. List your hardware and software versions including drive models and controllers. Check to see if u have the focus chip or something else.

2nd. Describe the exact symptoms. Does it show any text at all? Does it make the screen flicker or the sound pop? Does it attemt to parse the keys?


Just for completeness, I know on my box, the M7 bfm BIOS will refuse to load Evo-X if the TSR is active. It will just hang at a black screen.

The software version doesnot really matter... i can downgrade the software.. that is no problem...

The kernel 5530 or higher (in xbox-scene i've seen someone reporting kernel 5531) seems to be the problem..

Everything works fine untill pbl tries to load in the bios... the boot.cfg remains unchanged to versions before kernel 5530 .. this always worked ...
The xbox hangs at a black screen. And yes it's the focus chip since the screen is garmbled ...
I hear a small repeating click coming from the television.. i guess this indicates a crash of the box ...

I don't get any text messages because i haven't flagged debug mode ...

I am using M7 by the way... but i guess TSR is disabled because all other xboxes i've modded work with the M7 bios without any problems...

Would it help if i make a backup of the 5530 kernel eeprom and post it somewhere ? I don't know if this is allowed... but i won't post anything until i have an answer if it's allowed or not ...

With kind regards,
Marco ...

Originally posted by catfish
One other thing to add to my list above... There is a way to edit the BIOS and repack it so that is not encrypted and can be used with PBL without the need for keys. Do a search and u may find it in these forums.

that might be an idea ....
i wrote a message on another forum .. someone had put in the wrong eeprom keys in his config file..

trying to figure out his error .... asking if he also hears a ticking sound from the tv ...

i had this sound before btw ... some guy edited his .raw file from the 1.3 loader ... it crashed.. and there is that sound again...

just lightly ... so i guess the sound is from a crashing box...

Originally posted by scienide
that might be an idea ....
i wrote a message on another forum .. someone had put in the wrong eeprom keys in his config file..

trying to figure out his error .... asking if he also hears a ticking sound from the tv ...


Maybe the EEPROM key suplied in the boot.config file is incorrect to the new kernel 5530. However i still don't see how the EEPROM will affect anything?...I need to know what it does if someone can tell me :). I;m going to my friends house now to get my 007 DVD and then i'll try that, i can get EvoX to load w/o the bios, but i'm tired of having to sign all my games.

I'll be back soon..

-aruu

I'm sorry i couldn't try it because i realized, i dunno how to get the EEPROM key to put in the file. Can you help me. I did the backup thing in EvoX, but i don't know how to extract the key from there.

thanks

-aruu

Find a package named "Complete_Signed_Phoenix_Bios_Loader". I know that BIOS doesn't need EEPROM keys. If it does work, your video will be scrambled. This should be your first test.

Also, don't post your EEPROM or any keys here.
I would however, be interested in the 2 bytes starting at offset 60.

And yes, software versions do matter.
Neither of u have really posted anything about your hardware yet. U need to open the Xbox and see the encoder chip to be sure. Controllers are a known bug, don't dismiss them. I don't think the drives would be the cause, but I've seen Maxtors do some funky **** on normal PC's, so please tell me what u have anyway.

I opened my XOBOX last night, because i was going to attempt the cheap mod where u link two to make the bios writtable....but i didn't have any solder.

I have a Pillips DVD drive
I have a 4920 Dashboard
My Kernel Verision is 5530
I have a regular S Type controller i don't know if it's different from any other controller.
I have a Western Digital drive
So if y ou need anything else, please let me know...

Thanks

-aruu

Now we need other ppl with the same problem to speak up. Hopefully a pattern wil emerge that may shed some light.

Meanwhile, locate that package I mentioned and give it a shot.

If you're brave enough, flash the TSOP with 5101 before flashing your normal choice. I would be interested if it's a hardware or a BIOS problem.

Hey

I tried flashing my XBOX, and i couldn't flash the TSOP. It turns out that there's a new winbond chip in the 1.4 and beyond boxes. I checked the points, so i know they're correct. I have a Winbond W49F020T and in the raincoat package, the raincoat.cfg contains support for W49F020 and W49F002U. If you can help with new offsets or whatever the program needs, because it says unkown device, so i know it can't find the correct device.

Thanks...and ppl if you have same problem or any insight, post post post!!! haha...it would be appreciated


-aruu

Originally posted by catfish
Now we need other ppl with the same problem to speak up. Hopefully a pattern wil emerge that may shed some light.

Meanwhile, locate that package I mentioned and give it a shot.

If you're brave enough, flash the TSOP with 5101 before flashing your normal choice. I would be interested if it's a hardware or a BIOS problem.

I have a Pillips DVD drive
I have a 4920 Dashboard
My Kernel Verision is 5530
I have a regular S Type controller i don't know if it's different from any other controller.
I have a Western Digital drive

Same hardware here.... !! ...

It's a BIOS problem. 5530 seems to screw up PBL, I wonder if it screwes up XBEBoot as well.... hmmmmm


Morden.

Here is my config,
K:1.00.5530.01
D:1.00.5659.03
Mfg: 2003-11-21
Std package Xbox, Phillips DVD, Western D hdd, Controller-S, Focus chip.

I have tried with PBL1.3 and 1.35i both with default bios and other BFM.

BTW, looking at biosloader.c source, I am quite sure mine does run the 'call 2bl' code 'call eax' and returns from that call. Question is should it return? I thought that was the jump into the loaded hacked bios.

hi sorry i havent' posted in a while.

i ended up returning the box and getting a new 1, but get this...

K:1.00.5501.01
D:1.00.4920.01

but no FOCUS CHIP!!!? i was confused too, because when i first started the phoenix exploit, it like froze there then did this weird flickering thing and i heard clicking from the inside of the box (sounded like switching over), then phoenix showed up..clear as can be?!...i'm wondering what happened...

Did they distribute the new kernel b4 the focus chip was released?

Let me know

-aruu

oh and another thing also when i tried loading the m7 bios, it would just freeze, i think it's because pbl doesn't support m7, but who knows...also after phoenix loads the bios...it seems to sit and then i see lines at the top of the screen then evox (new release w/ support for focus) what a mystery haha...i know i'm prolly jus' going crazy....too much solder ;)

-aruu

I think your new kernel is 5101, like mine it also seems to have the conexant encoder.

As for M7, make sure u try editing evox.ini to disable the TSR. I encountered the same problem...

aruu, did u try the TSOP flash with 5101? I'm really curious to see if it's hardware or BIOS related. And what were the results with the decrypted BIOS in the package I mentioned?

Hey i tried flashign it and it couldnt detect the device i guess...the new winbonds series "T". So i dunno about that...anyways when i was trying to fix solder i ended up shorting the entire board...so i returned it and bought the 5101 w/ the old chip.

I'm sure it's bios related...only logical explination.

Keep me updated...
-aruu

catfish, i tried this package and had pbl debug on, all I see is the scrambled texts with pbl status.

I am not sure which 2 bytes you are looking for but I was able to open my backup bios.bin with xbtool using the 1.1 config.ini containing "RC4_key=0xB4 0x71 ... ... ... 0x67 0xAF"

Looking at the unpacked 5530's 2bl.img, i see these 16 bytes sequence at offsets:

004c: 57 42 ....... e1 ce
005c: 1d f3 ....... 33 e4
006c: 5c 07 ....... 1f e0
007c: e5 cd ....... 89 f8


Originally posted by catfish
Find a package named "Complete_Signed_Phoenix_Bios_Loader". I know that BIOS doesn't need EEPROM keys. If it does work, your video will be scrambled. This should be your first test.

Also, don't post your EEPROM or any keys here.
I would however, be interested in the 2 bytes starting at offset 60.

*Bump*

I'm actually interested in the EEPROM.bin.
Offset 60 should be 68, 70, 72, 74 etc.
I believe this offset contains info the dash looks at to determine version info for dashboards and various start-up messages.

my eeprom offset 0x60 is 0x37, 0x61

but according to xboxlinux doc, 60-63 is a checksum for following bytes at 64-ff. but again i tried various checksum and crc32 on this block and could not match the value at 60.

anything else I can help provide to crack this nut?

here's what I know by looking at my own EEPROM...

offset 60 from my original EEPROM had:
75 ...fb = orig
74 ...fb = changed I dunno when
70 ... fb = changed when I first upgraded to 5659
68 ...fb = changed after I clicked OK on the dash message

Also, someone I know had his EEPROM with 72 at offset 60 and he has NEVER upgraded past 4920.

I suspect that the EEPROM may be the key to future exploits.
(http://xbox-linux.sourceforge.net/docs/manufacturing.html)
I believe it may go deeper than a simple checksum. I wouldn't be surprised if the kernel (or dash) checks various bits to determine the proper course of action for any given circumstance.
Imagine a font exploit that simply turns the clock loop off.
I wonder if the kernel can be reset into debug mode from RAM only?

*interested, but lost* jus' posting so maxconsole e-mail's me when something happens.

Sorry for being lazy as i don't want to look at the numbers to compare them... you are looking for eeprom keys?

Can be the solution..

Was it an intended pbl protection? Or maybe accidental protection.... like a different eeprom key ?

Originally posted by catfish
here's what I know by looking at my own EEPROM...

offset 60 from my original EEPROM had:
75 ...fb = orig
74 ...fb = changed I dunno when
70 ... fb = changed when I first upgraded to 5659
68 ...fb = changed after I clicked OK on the dash message

Also, someone I know had his EEPROM with 72 at offset 60 and he has NEVER upgraded past 4920.

I suspect that the EEPROM may be the key to future exploits.
(http://xbox-linux.sourceforge.net/docs/manufacturing.html)
I believe it may go deeper than a simple checksum. I wouldn't be surprised if the kernel (or dash) checks various bits to determine the proper course of action for any given circumstance.
Imagine a font exploit that simply turns the clock loop off.
I wonder if the kernel can be reset into debug mode from RAM only?

Originally posted by catfish
Now we need other ppl with the same problem to speak up. Hopefully a pattern wil emerge that may shed some light.

Meanwhile, locate that package I mentioned and give it a shot.

If you're brave enough, flash the TSOP with 5101 before flashing your normal choice. I would be interested if it's a hardware or a BIOS problem.

I have two boxes with the same hardware.
Philips DVD
WD HD
K: 5530
Dash downgraded to 4920.

It's clearly the kernel version that's causes us the trouble.
Mfg date 03-11-07 on both boxes by the way

Hey i tried flashign it and it couldnt detect the device i guess...the new winbonds series "T". So i dunno about that...anyways when i was trying to fix solder i ended up shorting the entire board...so i returned it and bought the 5101 w/ the old chip.

Flash = 0x04BA,"ALX2+ R3 FLASH",0x40000
Flash = 0x01a4,"AMD - Am29F040B",0x80000
Flash = 0x01d5,"AMD - Am29F080B",0x100000
Flash = 0x01da,"AMD - Am29LV800B",0x100000
Flash = 0x015b,"AMD - Am29LV800B",0x100000
Flash = 0x378c,"AMIC - A29002",0x40000
Flash = 0x04d5,"FUJITSU - MBM29F080A",0x100000
Flash = 0x04a4,"FUJITSU - MBM29F040C",0x80000
Flash = 0xadb0,"Hynix - HY29F002",0x40000
Flash = 0xadd5,"Hynix - HY29F080",0x100000
Flash = 0x20f1,"ST - M29F080A",0x100000
Flash = 0xc236,"MACRONIX - MX29F022NTPC",0x40000
Flash = 0xbf61,"SST - SST49LF020",0x40000
Flash = 0x20b0,"ST - 29F002",0x40000
Flash = 0x20f1,"ST - M29F080A",0x100000
Flash = 0x89a6,"Sharp - LHF08CH1",0x100000
Flash = 0xda0b,"Winbond - W49F002U",0x40000
Flash = 0xda8c,"Winbond - W49F020",0x40000
Flash = 0x0900,"Winbond - W49F020T",0x40000
use these in evox then it should flash any tsops


i had a v1.4 until i blanked out the eeprom with a xdk restore disk so bad that the only bios my xbox would take was the comwell flash bios but it turned out for the best because i sold the sumsung drive on ebay for £70 then was able to buy a v1.2 with a sumsung drive from a mate

my tip is if your going to hack your xbox and put a bigger hdd in you might aswell buy a 2nd hand xbox it costs less and you dont need to worry about pbl working

looking on xbins the only bios's that work with v1.4/1.5 are 4979,4980,m7and the cromwell flashbios some of these sweet debug bios like TATX_Debug which would have fixed my v1.4 have not been updated but i'm sure the phoenix team will fix the the video and bugs for these new xboxs its just a pain waiting when you have a hacked xbox but no updated software to run on it.

i might try that, just not daring enough right now. Works great, just having trouble running madden...so we'll c

when i first got my v1.4 i told myself i would never open it but soon after trying to play a few games like crimson skies and finding out the only way was to sign the game and load it before pbl i flashed the tsops and then about a week after that i got a new modchip so i could still play live


if you have probs with crimson skies or any other game use the exploit to boot a signed copy of evox NOT pbl then put pbl into your apps folder this will let you boot evox before pbl and play any signed dvdr from evox then if you need to use pbl to play a game from the f drive you can boot pbl from the apps folder in evox.

this takes more time but it will fix some games that pbl does not like

Finally managed to afford an XBox console!!
Also managed to ftp into a friends machine and copy the font exploit onto my machine using the 007 hack but it failed to work. I've definitely done this correctly because I also did it on a different friends machine and it worked like a dream! When my machine attempts to load the evox dashboard, the screen flickers and becomes unreadable. I'm stuck - have no idea haw to solve this - can anyone help me??

you have a v1.4/1.5 if your lucky it will be a 5101 and not 5330
you need pbl1.3.5i which is only on xbins under
/XBOX/bios/bios tools/Phoenix Bios Loader/_signed_packages/

then your need a 4979 or 4980 or m7 boot from media bios

the pbl screen will still flicker but as soon as it loads one of them 3 bios's it will fix it

ok on this thread Thread Link (http://forums.maxconsole.com/showthread.php?s=&threadid=571&perpage=15&pagenumber=1) Catfish has posted some fonts that may patch the 5530 Kernel Dashboard.

Hear are my results, hope this helps

testfonts.zip
-------------
1_modifiedfonts: Hangs before patching Dashboard

2_newlinuxfonts: SUCCESS Patches Dashboard to LINUX tab

3_modifiedfonts: Hangs before patching Dashboard
4_modifiedfonts: Hangs before patching Dashboard


habibifonts.zip
---------------
1: Hangs before patching Dashboard
2: Hangs before patching Dashboard
3: Hangs before patching Dashboard
4: Resets Xbox
5: Hangs before patching Dashboard
6: Hangs before patching Dashboard
Bloated: Resets Xbox



Yolio

There is a new discovery, posted at x-s, that may be good news for kernel 5530 owners.
http://forums.xbox-scene.com/index.php?showtopic=188009&st=0

Originaly posted by Yoshihiro at http://www.gueux.net/

Hold the phone people
Yoshihiro is working on a new installer
First will be french of course <since he is>
The rar package he posted as far as I know is cromwell you bind a new eeprom to your cromwell bios boot your cromwell bios and then rewrite your eeprom on your xbox... this eeprom is blank so no live will not work... it's also not fully tested on all xboxes yet... who knows might only work for the french (that would be a kick in the teeth)

As far as i know Yoshihiro is the only one working with PBL I think you'll find the old crew now work on ozxodus and smartxx

I hope ozxodus fix their xenium av/S-vid focus problems
Nice that they give their code under the GPL isn't it :)