Lamprey board

Discussion in 'Xbox 360 Development' started by LEo, Jan 5, 2012.

  1. LEo

    LEo Fiery Member

    Joined:
    Jan 20, 2008
    Messages:
    845
    Likes Received:
    17
    [​IMG]

    Well we know this board can read write nand using a serial connection, and apparently can tinker with fuses on the cpu, It works on final hardware.

    So any more info on this, that one sentence is pretty much all I know of it.
     
    Last edited: Jan 5, 2012
  2. hacker360

    hacker360 Spirited Member

    Joined:
    Jul 29, 2010
    Messages:
    174
    Likes Received:
    13
    ..........
     
    Last edited: Nov 6, 2015
  3. LEo

    LEo Fiery Member

    Joined:
    Jan 20, 2008
    Messages:
    845
    Likes Received:
    17
    Not mine^ I have high res pictures of it given by a friend that owns one. The point of this thread is inorder to know what else this does with an xbox.

    Also the titan board is that thing beta 1 kits had. I know alot of rumors about these boards, Im going to ask some friends to give me permission to show some high res pictures of the lamprey along with some info of what was done with them behind the scenes.
     
    Last edited: Jan 7, 2012
  4. hacker360

    hacker360 Spirited Member

    Joined:
    Jul 29, 2010
    Messages:
    174
    Likes Received:
    13
    ..........
     
    Last edited: Nov 6, 2015
  5. LEo

    LEo Fiery Member

    Joined:
    Jan 20, 2008
    Messages:
    845
    Likes Received:
    17
    Stop spamming the thread.

    Argon is the daughter board that Xedks had, check speedy22 early documents about the 360 hardware

    edit shit, it was titan board.
     
    Last edited: Jan 5, 2012
  6. hacker360

    hacker360 Spirited Member

    Joined:
    Jul 29, 2010
    Messages:
    174
    Likes Received:
    13
    ..........
     
    Last edited: Nov 6, 2015
  7. TheFallen93

    TheFallen93 Spirited Member

    Joined:
    Apr 22, 2009
    Messages:
    167
    Likes Received:
    68
    1BL is ROM (READY ONLY MEMORY)...
     
  8. KIWIDOGGIE

    KIWIDOGGIE Peppy Member

    Joined:
    Jul 9, 2008
    Messages:
    357
    Likes Received:
    15
    1BL is RWOM
     
  9. hacker360

    hacker360 Spirited Member

    Joined:
    Jul 29, 2010
    Messages:
    174
    Likes Received:
    13
    ..........
     
    Last edited: Nov 6, 2015
  10. CodeAsm

    CodeAsm ohci_write: Bad offset 30

    Joined:
    Dec 22, 2010
    Messages:
    1,500
    Likes Received:
    176
    highres front and back are intresting, also what U1 IC is that soic? 16

    I asume the programs that they used are a bit more interesting, we already know alott about the internal headers. These boards are "just" the connections to "normal" connectors to mass programm Xboxes ? Maybe that IC containts fuses, or emulates some, or it just converts some protocol like i2c or SPI to serial.
    My thoughts, donno if its of any value.
     
  11. kholdfuzion

    kholdfuzion I kill consoles

    Joined:
    Jan 26, 2005
    Messages:
    194
    Likes Received:
    3
    the ic is a max3232
     
  12. LEo

    LEo Fiery Member

    Joined:
    Jan 20, 2008
    Messages:
    845
    Likes Received:
    17
    Its a serial converter. We actually attempted to make schematics for it a long time back, by looking at some pictures ;)

    Well I have determined another use for this board was indeed to program early ROL boards with different firmware. Which would explain the argon pin header.

    The function of the other serial conector is still on the air. I know people know what it does but simply dont care too much to share the information.

    There was one document that was leaked where it talked about the lamprey and how you could use it to turn a retail board into a development board. Problem was that it probably documented the procedure used inorder to change a board that was still in MFC boot mode. Fact is, it defineatly involved using this hardware to do so.

    This is a tibit from the document.
    I should also add, the fact it says AGILE docs is because agile was a contract mfc for microsoft, they went under in 2007.
     
    Last edited: Jan 7, 2012
  13. deep3r

    deep3r Fiery Member

    Joined:
    Feb 6, 2011
    Messages:
    855
    Likes Received:
    301
    Wasnt there something released not long ago to put any kit into boot mode?

    This

    http://www.youtube.com/watch?v=kbQBJKgmta0
     
  14. TheFallen93

    TheFallen93 Spirited Member

    Joined:
    Apr 22, 2009
    Messages:
    167
    Likes Received:
    68
    Those are just console certificate flags.

    #define XE_CONSOLE_TYPE_DEVKIT 0x00000001
    #define XE_CONSOLE_TYPE_RETAIL 0x00000002
     
  15. LEo

    LEo Fiery Member

    Joined:
    Jan 20, 2008
    Messages:
    845
    Likes Received:
    17
    Edit provided by aim

    little more detail on them?
    Well ill stand by the theory that basically this document was an internal document used by AGILE co. contracted by MS to make devkits for them out of retail boards that still had not been exactly programmed or had any fuses burnt on them. It would make sense if it was this way, using this along with software for the lamprey probably burned the fuses needed to make a dev. This will not work on retails, ever. Even then, we won't ever get software for it.

    So ill finish by saying, Lampreys can be used on retails/devs to read write the nand. It can be used to program proto Aragon (RoL) boards. Finally they could have been used at one point to use the cpu jtag to program fuses, and once that was done the cpu jtag was probably disabled. There is one more little tibit that these boards *might* have been able to read the 1bl off early Xedk proto kits.
     
    Last edited: Jan 7, 2012
  16. l_oliveira

    l_oliveira Officer at Arms

    Joined:
    Nov 24, 2007
    Messages:
    3,882
    Likes Received:
    246
    One thing I don't get is:

    If it's THAT secure (since once programmed as retail an console cannot be changed) why so much secrecy about this stuff ? It's not some alien technology one could use to take on the world or similar stuff ... :p
     
  17. halo3

    halo3 Robust Member

    Joined:
    Jul 20, 2010
    Messages:
    251
    Likes Received:
    2
    Because xbox 360 is the world's largest gaming console right now with millions of customers and massive amounts of revenue. If a bunch of private stuff on how to completely hack a retail 360 got out that would be bad since hackers always want to read backup games, and run unsigned code. This is bad for Microsoft and gaming companies since if a console can read copied games they make no money off a game; and reading unsigned code is bad since if it is online it ruins the online gaming experience costing Microsoft all their xbox live income...
     
  18. l_oliveira

    l_oliveira Officer at Arms

    Joined:
    Nov 24, 2007
    Messages:
    3,882
    Likes Received:
    246
    Eh ... Actually the Reset Glitch Hack and the JTAG Hack do achieve to "hurt" all what you mentioned. I don't think anyone with a Lamprey board will do anything interesting besides making the RoL blink. That's my point.
     
    Last edited: Jan 11, 2012
  19. LEo

    LEo Fiery Member

    Joined:
    Jan 20, 2008
    Messages:
    845
    Likes Received:
    17
    Yeah this isn't the type of hardware a gaming company would want in the wild, considering it most likely is what they use to fix or debug Xbox in repair centers. So naturally yeah people would want to hide it. These have been around since the 360 came out in private hands.
     
  20. CodeAsm

    CodeAsm ohci_write: Bad offset 30

    Joined:
    Dec 22, 2010
    Messages:
    1,500
    Likes Received:
    176
    Its just a rs232 board is it? maybe a "programming" board. but very "dumb". I'm more interested into those Doc's ;-) and can we make a retail almost "clean" again and make a dev? for jtag? (maybe i just have to glitch my Jasper)
     

Share This Page