-
[RELEASE] DrSchottky's R-JTOP (CB fusecheck glitching method)
Hi guys,
these days i did some tests with PLL_BYPASS downclock to see what happens if i glitch SECOTP(fusecheck) function.
Results were impressive(always instaboot), so i proudly present...
It works like TX's R-JTAG+, so the wiring is the same:
-VCC\GND
-POSTBIT_0
-CPU_RST
-STBY_CLK
-PLL_BYPASS
and obviously JTAG wiring.
Maybe the start value requires a little tuning (i used the ones that work well for me), in an interval of ± 150ns.
These timings are made for consoles updated to 15572 (or further) dash. Feel free to adjust them for lower fusesets.
Here you can find the source.
F.A.Q:
A: There aren't JED/XSVF files! Can you build them?
R: No, do it yourself.
A: But...
R: Nope!
A: And Xenons? And Zephyrs?
R: ¯\_(ツ)_/¯
'njoy
UPD1:
Zephyr start should be between 1112450 and 1112456. Tested but not very fast. Boot rate was inconsistent even with CR4, so...
Xenon start should be around 1195600. Hypothesized, not tested. Don't remember if it's for the latest fuseset, sorry.
UPD2:
For each blown fuse SECOTP length decreases by 1160.6 ticks (@300MHz) =3.8686ms
Xenon SECOTP length (with PLL_BYPASS asserted): 3610752 ticks (@300MHz)
Postbit lengths were measuerd with TicksPicker
Ultima modifica di DrSchottky; 26-04-2015 alle 20:58
-
Post Thanks / Like - 6 Likes, 8 Thanks, 0 Dislikes
Rispondi Citando
Segnalibri