I have an old Xbox 360 Pro which was banned from Xbox Live in Fall '09. Being banned means i can't get any Download Content (DLC) for my games anymore, let alone Title Updates for fixing bugs which make certain games unplayable. The only way to be able to play those games and get DLC again is to hack it, and manually put the Title Updates and DLC onto the harddrive. The upside is of course i can play my games again, and get new DLC, even without being able to access Xbox Live, while the downside is that the developers don't see any money from me anymore - and i used to buy a lot of DLC.
Now because of the recent Dashboard update that was installed on this Xbox 360, and the recent kernel version that came with the update, it was impossible (at least from the current point of view) to execute the JTAG hack because of the blown eFuse which prevents downgrading to an older, vulnerable kernel version.
So the only solution was to go out and try to get a Xbox 360, preferably the cheap Arcade model without an HDD, which was manufactured before 2009-06-16. That date is important, because the console manufactured after this date include a fixed version of the bootloader, even if they still have the (supposedly) right dashboard version. The dashboard version really doesn't mean that much, it's all about the bootloader (CB). You could safely assume that having the "safe" dashboard means that you also have the vulnerable bootloader, but that's only the case if it was updated to the dashboard version outside of the factory, because the fix for the bootloader came with a later dashboard update - except for those manufacture in few weeks after 2009-06-16. Alright, the dashboard version is somewhat important, too, because of the eFuse that get's blown which prevents older dashboards from starting, but that's only secondary.
So to be on the safe side: get a virgin, shrink-wrapped console manufactured before 2009-06-19. The close to that date, the better, because of the updated hardware you'll have!
My Xbox 360 Arcade is a Jasper board with 512MB internal NAND memory, manufactured on 2009-05-30 - which also happens to be my birthday. How could i go wrong?
The advantage of getting the Arcade model is having the internal memory, which is used as the storage for the kernel and also to provide a Memory Unit (MU) for the user. Having a model with only 256MB NAND is fine, too, as long as it's not only the 16MB like in the Pro/Elite models. They included that bigger NAND memory in the Arcade version because the NXE dashboard, the current one, needs quite some space, and you wouldn't be able to install it on an (old) Arcade model without having either a HDD or an external MU. So the decision for an Arcade model is clear: cheaper, bigger on-board memory, no HDD (we'll add our own, bigger one anyways, right?)
Getting an Arcade model that old wasn't quite easy, especially if you live in a big city like me, as there's a very high sales volume, which means the retailers have to restock more often, and that means they probably only have the new, non-exploitable models. It's doesn't hurt to go to all local retailers and have a look at their stacks of packages, you can find the Manufacturing Date by looking through the small hole in the top of the package, but don't have any high expectations of actually finding an old one these days. Trust me, if spent a couple of hours rearranging their stacks to get to the ones on the bottom, but still couldn't find any old enough ones.
I tried to find one online, but they're mostly pre-JTAGed and also very expensive, none of which i was looking for. But i was lucky to discover someone who was selling untouched ones and pre-JTAGed boxes - that's a good indicator that the untouched ones are vulnerable.
After shelling out way too much money compared to what a new Arcade costs (call it the DIY tax), it was time to get busy...
Opening the Xbox 360
Opening it up was easy, i've done it a couple of times in the last few years, but for someone doing it the first time it can be quite difficult. Most guides tell you that you need special tool for it, but you can do it just fine with just a small flat-head and couple of Torx screwdrivers. If i had to start all over again, i'd probably use this guide for the general pictures, and this video to see how it's done. Once you get the case off with just the small flat-head screwdriver, it's all Torx-only inside. Do yourself a favor, get a set of decent screwdrivers, you don't want to ruin your case by poking around with one that's too big.
Once you cracked it open, it's time for the fun stuff.
Soldering the connections
The first step of hacking the Xbox 360 is getting a dump of the NAND memory, which means soldering a couple of cables directly onto your Xbox's motherboard and connecting them to your LPT (printer) port - assuming you have a LPT port. If not, there's also a way to to it via a special USB device, but altough that's much faster (6x) than LPT, it's also more complex to build (or expensive if you buy it). But i used the LPT method because it's slow, ugly and cheap. Having to solder all those cables only to remove them again when you're (supposedly) finished didn't sound that great to me, so after a bit of looking around i found a forum thread where somebody had the idea of using a RJ45 jack as a connector you can put inside your Xbox, and ethernet cable with a LPT connector you connect to your computer. That sounded way nicer, and also gave me the possibility of accessing the NAND without having to solder/unsolder all the cables. I used this diagram as a guide for the soldering, and while i was at it i also soldered the JTAG points.
When soldering the JTAG points, there's one point which seems to cause problems for just about anyone: DB1F1. It's not a solder pad like most of the other connections you're soldering, but rather a small hole with a bit of solder inside, but only a tiny amount. There's an alternative to that point, called FT1U2, on the backside of the motherboard, and i preferred to use that one - succesfully, i might add.
With all soldering on the motherboard done, i soldered the RJ45-LPT cable and finished the motherboard connections by adding the RJ45 jack:
Hardware: done! ... or are we?
Protecting the eFuses
There's one tiny little thing i decided to do, just because i'm paranoid: bridging two solderpoints to physically protect my eFuses from being blown by anything out there, Microsoft or not. There is one very small resistor on the motherboard which is responsible for blowing eFuses when Microsoft tells it to do so. Now the obvious solution would be to get rid of it by desoldering it or any other means, but there's a safer way! Highly recommended, you never know...
Hardware: done! For good.
The best guide i found is this one. You can basically follow it by the word.