ggBuild: Create freeBOOT images for Reset Glitch (RGH Booter/reBooter)

Written by William on October 21, 2011 and posted in Uncategorized.
The integrated circuit from an Intel 8742, a 8...

Today, thanks to an annonymous coder we have a booter for the Reset Glitch Hack. The annonymous hacker has publically released his NAND image builder that creates the correct file structure and adds/removes the appropriate code to/from the correct places in your console’s NAND. ggBuild 0.33 works in a similar way to fbBuild as it creates a freeBOOT syle NAND image, including all of the freeBOOT patches and goodies (removes xex signature checks, unlimited HDD size, etc) that JTAG owners have had the only difference between ggBuild and fbBuild is that ggBuild works for those of you that have Reset Glitch Hacked consoles.

ggBuild 0.33

It’s a new hack, congrats to gligli and co.

What’s New:
– slim/fat glitch hack support for 13599/13604
– ability to build clean/retail images (v7371+) with -retail flag on command line
– ability to patch clean smc if required for glitch reset (limited to those in imgbuild python script)
– power boots patched dash, eject boots xell-gggggg.bin
– todo: remove fcrt.bin requirements from glitched kernel
– todo: virtual fuses for glitched kernel
– todo: verify glitched kernel is working on zephyr

Current Limitations:
– STAY THE HELL OFF LIVE! Nuff said, we’re not you’re mum.

How To Use:
– See individual folders for lists of files to provide
– if desired provide replacement cpu and 1bl keys in text files
– open a command window in the ggBuild directory
– on the command line type, for example:

example – if you provided keys in appropriate text files

ggBuild.exe -c falcon -d myfalcon myfalconout.bin

-c falcon = use falcon bl and patch set
-d myfalcon = a folder is present called “myfalcon” with per machine files
myfalconout.bin = the file that will be produced

– type ggBuild.exe -? for command line info

-take original console dump, put it in mytrinity folder as nanddump.bin
-set CPU key and 1BL key in ini file, and set CF LDV to whatever highest number CF LDV shows in flash tool on nanddump.bin
-use flash tool to extract fcrt.bin and fcrt.bin.meta via security files (set ibuild compat files option), and put those in mytrinity folder
-build (ggbuild.exe -d mytrinity -f 13599), flash and hopefully life is good

.ini files:
Just a word on the format… the ini parser is not very robust, the files need
to be plain ACII, everything after a ; on a line is ignored, and spaces are
not acceptable (they get removed).

Things like CPU key and 1BL key, if present in the per box ini file need not be
placed anywhere else.

controller config can result in problems remapping bad blocks (even manually.)
If you have a 16M jasper, an additional build type has been added
‘jaspersb’, by default the image will be built for jasper with big block
controller (config 00023010), use this alternate switch to build for small
block controller (config 01198010.)

Multi build/options example:
when you specify -f 13599 on the command line:
is parsed instead of datafilelist.ini

Also the bin directory is used from
instead of
allowing anyone to create multiple builds without multiple instances or
rebuilds/hex edits/hacks of the main app.

The example provided is the last version of 13599 patch set from dash launch and
other files to build freeboot 13599

example use:
ggBuild -f 13599 -d myfalcon x13599out.bin

-f 13599 : use .13599filelist.ini, and .13599 for firmware files, .13599bin for patches
-d myfalcon : use .myfalcon for per build files (cpu key, keyvault, security files, ini etc.)
x13599out.bin: override auto generated name and produce .x13599out.bin as the final NAND image

note, if -d ***** is not specified it will still use the original /data and /bin dirs


Thanks and greetz to everyone who has contributed to hacking this
wonderful machine. Thanks to the engineers and countless others who made
the machine what it is… we only wish they had listened and RROD was
not a problem. If we were to list everyone here, there would be no time
left to play on the machine!

Big thanks to the folks at #freeboot on efnet for the tireless
hours of help you all give freely. Thanks to the testers who tirelessly
made sure stuff worked.

Don’t believe what random people *cough* write on forums ..


– corrected bug with ini parsing and dvd region (and others) left blank
– add 13604

– slim/fat glitch image building (based on fbbuild 0.32)
– builds retail images with -retail command line option
– added autopatch smc option in per box ini file
– extracts pairing value and highest LDV from nanddump.bin
(ini cfldv setting overrides nanddump ldv)