Tutorial written by : theLameOne (theLameOne03 @ iinet.net.au)

This example will edit a xbox v1.0 BIOS so it doesn't automatically boot from cdrom/default.xbe, so you don't have to take out the DVD's when you finished.

Assumes: A basic knowledge of computers
Legal: None of this software is illegal. What you do with it is your responsibility.

Heres what you'll need:
1) XBFlash (for unpacking/packing)
2) cabsdk.exe (download from our friends at M$)
3) RC4 key (you wont find it anywhere reputable)
LOOKS like: 0x12 0x13 0x14 0x15 0x16 0x17 0x18 0x19 0x1A 0x1B 0x1C 0x1E 0x1F 0x20 0x21 0x22
the real RC4 adds to (in hex): 0x6A7
4) Visual C++ 6.0 for extracting cabsdk to and compiling XBFlash.
OR fanCbox by superfro which is based on XBFlash (haven't tested this)
NOT Xbtool by NghtShd - though useful, its not good for this tutorial.
5) A V1.0 BIOS and a V1.0 Xbox

This tutorial assumes you are using XBflash.
This is a wonderfully reliable release from the xbox-linux team (Paul Bartholomew)

Step 1:
Open up the file readme.txt that comes with XBFlash. Read it and learn.(!)

Step 2:
You should now be ready to hack your first BIOS. However, before we do that we've got to set up a testing environment. A modchip that you can flash from your computer is sufficient to recover, and a modchip that can handle multiple BIOS's is also sufficient. If you don't have one of these modchip's, see my "Safe TSOP flashing for any modchip" tutorial.

Fill in XBFlash.ini with the RC4 key.

Step 3:
Using the syntax found in readme.txt, extract your chosen V1.0 BIOS.
Usage:
xbflash -unpack xbflash.ini infile.rom outdirname
xbflash -pack xbflash.ini indirname outfile.rom

Step 4:
Backup the files you extracted to another directory.

Step 5:
Disassemble it using a dissembler, or use a hex editor to "look" at it. The file we are interested in is xboxkrnl.img

Optional: Convert it to exe by renaming it, convert it to xbe using cxbx.

Step 6:
What shall we do? I've always wanted a hack that stops the Xbox automatically booting from DVD-ROM... how about we do that?

Step 7:
OK. If we did this, we'd need another way for retards who deleted their dashboard to recover. Solution: Get it to boot from a file other than default.xbe. Lets first test that it doesn't freeze when trying to boot from an Xbox CD-RW that doesn't have default.xbe.
It doesn't.
The other way would have been to replace opcodes (eg ...with NOP), to stop it looking on the DVD-ROM altogether. This isn't as easy as it sounds.. you will most likely need to use commands like MOV as well so the machine language still make's sense.

Step 8:
Use a hex editor to search for "default.xbe"
Replace it with the filename you want it to boot from. Lets keep the .xbe and 7 characters for now.

Step 9:
Repack

Step 10:
Unpack to a new dir, and use a hex editor to compare files. They should be identical except for the end of
2bl.img

This is to check that it was packed correctly

Step 11:
Mix it with a 2x256k BIOS, so that the file structure is like this
test BIOS | test BIOS | X2 4973 BIOS | X2 4973 BIOS

I don't recommend using anything other than X2 4973, since rumor is that some BIOS's screw up when in multiBIOS. It isn't an issue for the test BIOS, since the second half is invisible to it.

Step 12:
Ground point A19 (via a switch), to boot from test BIOS. By default it will boot from the X2 BIOS.

Step 13:
Now the Xbox won't automatically boot whatever is in there when you turn it on! IGR will also work better - it'll return you to the dash - not simply reboot the DVD.

Future Reference:
The other big thing here is opcodes, operands and stuff (those hex numbers you see in the hex editor). Understanding this and you can do just about any hack.
link: http://courses.ece.uiuc.edu/ece291/archive/fall2001/books/labmanual/inst-ref.html

There is plenty of stuff already written about this. Just remember the Xbox is a X86 architecture.

Credits go to the xbox-linux team - the most advanced rogue dev team
The people on www.xboxhacker.net forums