Wii-U NAND-AID - eMMC Recovery and Replacement Interposer Public Test

[V10lator]

Hello friend, i sold the gamepad but it was showing "Connect to right input", white screen black letters. If you need the photo I will search on my gallery.

Nah, it's fine. I know this error message by heart. After a failed firmware reset the gamepad will be disconnected and you would have to sync again with UDPIH. This is what the gamepad told you: It wasn't synced anymore.

Here is my log.

Is this the only log file you found? Cause this is from 2012 and a damn old firmware version...

 

[mitas]

Nah, it's fine. I know this error message by heart. After a failed firmware reset the gamepad will be disconnected and you would have to sync again with UDPIH. This is what the gamepad told you: It wasn't synced anymore.


Is this the only log file you found? Cause this is from 2012 and a damn old firmware version...

I had attached the file with the .txt extension, but there was other files. I attached all of the logs now. It is it? Thanks again ^^

 

[SDIO]

It's normal that the logs get wiped during factory reset. Maybe the RTC is just off, because the battery was removed or something.
Maybe cancel the factory reset, so logs won't get deleted

 

[V10lator]

It's normal that the logs get wiped during factory reset.

Oh right, my fault.

What I see in the log from a quick overview:
- There is a disc in the drive causing trouble. Try to eject that.
- It seems to have issues reading EDID ( https://en.wikipedia.org/wiki/Extended_Display_Identification_Data ) from your TV. Do you have another TV or monitor to test?
- There might be a USB device causing trouble. Try disconnecting all USB devices.

 

[Ysecond]

Does this mean we can reconstruct completely healthy MLC data? And break away from PiPico in future use?

@pyromixLua gerat news, we were able to format an MLC with a different key than the console was booted with.

Here is the short overview of the procedure:

What you need:

• working mlc image from another console
• scfm.img (extracted from the SLC) of the same backup as the mlc
• mlc key from the mlc you are using (you can get it from the otp.bin)
• de_fuse the console wich mlc you want to rebuild (you don't need to connect 3V3)
• another pico for udpih
• All 52 System titles for your consoles reagion in encrypted (app) format (JNUS Tool can download most of them, for the Rest use NUSPli on a different console)

First we need to get the console booting with the foreigen MLC:

1. Dump the SLC
2. Inject foreigen scfm.img into SLC.RAW (https://github.com/GaryOderNichts/wiiuqt/tree/master/fileInjector)
3. flash SLC back
4. flash foreigen MLC
5. replace the MLC Key with the foreigen one in the otp.bin

Now the console should be booting up, when using defuse.

The next step is preparing a custom recovery for udpih, which directly starts into the wupserver. You do this by editing the menu.c and adding calls to the approprate options (load network config and then start wupserver).
Then you launch the recovery using udpih and see if it work and that you can connect with the wupclient (you need a special wupclient, that works with defuse).
When you have sorted out the wupserver part, we need to improve on the udpih timing. You do this by first enabling autoboot in defuse (to get consisten timing there) and then make a timed udpih by inserting a sleep, you can use this as refeence https://github.com/GaryOderNichts/udpih/pull/12/commits/64dbe88dda401fb78fc4fa3a053ffee7b99a0e70 . With the sleep you should be able to plug in the pico for udpih before turning on the wii u. So you will get a very precise timing. You will need to experiment with the sleep time. You want to have te time a slow as possible, soudpih runs as early as possible. If the screen turns on, it's to late. You will see that UDPIH worked, whn the led turn purple and you can connect with wupserver.

When that works, we need to edit the recovery once again, so it will replace the MLC key, but this time the main.c of the kernel.
You want to add this code after the the restore_mmu(control_register); but before the enable_interrupts(level);

set_domain_register(domainAccessPermissions[0]);
uint64_t mlc_key[] = { MLC_KEY1, MLC_KEY2 };
uint64_t mlc_key_new[] = { MLC_KEY_NEW1, MLC_KEY_NEW2 };
for(uint32_t addr=0x402972c; addr<0x402bb2c; addr++){
  //lolprint("%08X", addr);
  if(!memcmp((void*)addr,mlc_key, 16)){
    lolprint("Key found at %08X\n", addr);
    memcpy((void*)addr,mlc_key_new, 16, 1);
  }
}

You replace MLC_KEY with the foreigen MLC key and MLC_KEY_NEW with the one from the console we want to restore. The key gets split up in two parts, 64bit each. If you want to enter it in hex, you need to prefix each part with 0x

Then you boot this recovery, you only have one try. When this recovery loads, it will corupt the currently running mlc.

When you are back in wupclient do the following:

1. unmount mlc
2. format mlc
3. mount mlc
4. create usr directory
5. create usr/boss directory
6. create usr/save directory
7. flush mlc

Then you reboot the console. This time without defuse. It wont boot completly, but UDPIH should now work (with adjusted timing). You can then use a recovery without the key replacment modification to reinstall the system titles.

After installing the titles, you

• change inital_launch in /vol/system/proc/prefs/cafe.xml to 255
• create usr/save/00050010
• create usr/packages
• create usr/tmp
• create usr/title
• flush_mlc
• reboot

The the console should go through a factory reset and boot up again.

Some of these folders should be quotas, but we are working on that and normal folder work just fine, if you do not fill up the internal storage 100%

Of course here are lots of details missing, this is just the outline. We wil do the details when we go through with it.
I hope @Lazr1026 will provide the modified versions of the wup client, with all the helper functions we need.

Many thanks to Gary, for UDPIH and guiding us through the key replacement and @Lazr1026 for testing everything out and shinyquagsire23 for de_fuse

 

[SDIO]

No, you even need to Picos, one for defuse and one for UDPIH. We still have some problems with injecting the scfm.img.

In theroy there is a easier and more straight forward method, but it requires a IOSU patch for defuse, that still needs to be written by someone

 

[pyromixLua]

@pyromixLua gerat news, we were able to format an MLC with a different key than the console was booted with.

Here is the short overview of the procedure:

What you need:

• working mlc image from another console
• scfm.img (extracted from the SLC) of the same backup as the mlc
• mlc key from the mlc you are using (you can get it from the otp.bin)
• de_fuse the console wich mlc you want to rebuild (you don't need to connect 3V3)
• another pico for udpih
• All 52 System titles for your consoles reagion in encrypted (app) format (JNUS Tool can download most of them, for the Rest use NUSPli on a different console)

First we need to get the console booting with the foreigen MLC:

1. Dump the SLC
2. Inject foreigen scfm.img into SLC.RAW (https://github.com/GaryOderNichts/wiiuqt/tree/master/fileInjector)
3. flash SLC back
4. flash foreigen MLC
5. replace the MLC Key with the foreigen one in the otp.bin

Now the console should be booting up, when using defuse.

The next step is preparing a custom recovery for udpih, which directly starts into the wupserver. You do this by editing the menu.c and adding calls to the approprate options (load network config and then start wupserver).
Then you launch the recovery using udpih and see if it work and that you can connect with the wupclient (you need a special wupclient, that works with defuse).
When you have sorted out the wupserver part, we need to improve on the udpih timing. You do this by first enabling autoboot in defuse (to get consisten timing there) and then make a timed udpih by inserting a sleep, you can use this as refeence https://github.com/GaryOderNichts/udpih/pull/12/commits/64dbe88dda401fb78fc4fa3a053ffee7b99a0e70 . With the sleep you should be able to plug in the pico for udpih before turning on the wii u. So you will get a very precise timing. You will need to experiment with the sleep time. You want to have te time a slow as possible, soudpih runs as early as possible. If the screen turns on, it's to late. You will see that UDPIH worked, whn the led turn purple and you can connect with wupserver.

When that works, we need to edit the recovery once again, so it will replace the MLC key, but this time the main.c of the kernel.
You want to add this code after the the restore_mmu(control_register); but before the enable_interrupts(level);

set_domain_register(domainAccessPermissions[0]);
uint64_t mlc_key[] = { MLC_KEY1, MLC_KEY2 };
uint64_t mlc_key_new[] = { MLC_KEY_NEW1, MLC_KEY_NEW2 };
for(uint32_t addr=0x402972c; addr<0x402bb2c; addr++){
  //lolprint("%08X", addr);
  if(!memcmp((void*)addr,mlc_key, 16)){
    lolprint("Key found at %08X\n", addr);
    memcpy((void*)addr,mlc_key_new, 16, 1);
  }
}

You replace MLC_KEY with the foreigen MLC key and MLC_KEY_NEW with the one from the console we want to restore. The key gets split up in two parts, 64bit each. If you want to enter it in hex, you need to prefix each part with 0x

Then you boot this recovery, you only have one try. When this recovery loads, it will corupt the currently running mlc.

When you are back in wupclient do the following:

1. unmount mlc
2. format mlc
3. mount mlc
4. create usr directory
5. create usr/boss directory
6. create usr/save directory
7. flush mlc

Then you reboot the console. This time without defuse. It wont boot completly, but UDPIH should now work (with adjusted timing). You can then use a recovery without the key replacment modification to reinstall the system titles.

After installing the titles, you

• change inital_launch in /vol/system/proc/prefs/cafe.xml to 255
• create usr/save/00050010
• create usr/packages
• create usr/tmp
• create usr/title
• flush_mlc
• reboot

The the console should go through a factory reset and boot up again.

Some of these folders should be quotas, but we are working on that and normal folder work just fine, if you do not fill up the internal storage 100%

Of course here are lots of details missing, this is just the outline. We wil do the details when we go through with it.
I hope @Lazr1026 will provide the modified versions of the wup client, with all the helper functions we need.

Many thanks to Gary, for UDPIH and guiding us through the key replacement and @Lazr1026 for testing everything out and shinyquagsire23 for de_fuse

@SDIO thanks a lot for you great and awsome works and also of course to @Lazr1026, @gary and @shinyquagsire23.
I feel very impatient to discover all in details.
I hope to hear some news soon.

Many thanks again.

 

[Nandster]

Before you start the dump, please dump the syslogs.

Here is the menu, which has the new option. You would use "Dump SLC clone MLC".

I thought you already have 32GB sd cards. You can probably also use one of them for the MLC replacement. (Or switch later to a Max Endurance).
Let's first figure out if the eMMC even needs replacement.

I still didn't have the chance to test it. If anyone else could test the new function I would appreciate it.

Only getting back to this now that Amazon delivered the cards I ordered. So first step is to boot to the recovery menu you provided, and dump the sys logs correct?

 

[SDIO]

dump otp and seeprom, if you haven't already done so, then dumps syslogs and then dump slc + mlc. After dumping the slc + mlc just remove the power.

 

[Nandster]

dump otp and seeprom, if you haven't already done so, then dumps syslogs and then dump slc + mlc. After dumping the slc + mlc just remove the power.

Will get to that in the morning and report back, thanks again

 

[Nandster]

dump otp and seeprom, if you haven't already done so, then dumps syslogs and then dump slc + mlc. After dumping the slc + mlc just remove the power.

OK, finally sitting down to do this now and failing at the very first step. I've the Pico flashed, the 64GB sd card in the wii with the recovery menu file on it, and inserting the pico usb cable the second I see the Wii U logo on screen. Once I do, the console just powers off after a few seconds. No error or nothing, just into a powered down state with the led changing from blue to red.

Sd card is legit SanDisk Ultra, format in FAT32 with guiformat.

Post automatically merged: Jun 23, 2023

OK, finally sitting down to do this now and failing at the very first step. I've the Pico flashed, the 64GB sd card in the wii with the recovery menu file on it, and inserting the pico usb cable the second I see the Wii U logo on screen. Once I do, the console just powers off after a few seconds. No error or nothing, just into a powered down state with the led changing from blue to red.

Sd card is legit SanDisk Ultra, format in FAT32 with guiformat.

Just to add, if I use the standard Wii U recovery menu, it boots into that fine via the pico method so perhaps there's something up with the custom version?

 

[SDIO]

Did you make sure to unzip the file and make sure it is called recovery_menu and in the root of the sdcard?

 

[Nandster]

Did you make sure to unzip the file and make sure it is called recovery_menu and in the root of the sdcard?

Hi, yep I downloaded the file from your post, it's unzipped, and renamed accordingly. Sitting in the root of the card also with nothing else on the card

Post automatically merged: Jun 23, 2023

Did you make sure to unzip the file and make sure it is called recovery_menu and in the root of the sdcard?

OK, redownloaded and tried again. It works! Gonna start dumping now, bear with me, and thank you again

Post automatically merged: Jun 23, 2023

OK, looks like it's dumping away...

Post automatically merged: Jun 23, 2023

OK,

Otp and Seeprom dumped
Syslogs dumped
Slc and Mlc dumped.

When the slc and mlc stage was complete, I hit eject when prompted (which brought me back out to the usb menu), and then I pulled the power.

The picture shows quite a few errors in the NAND by the looks of it.

What are the next steps to take?

 

[SDIO]

Could be worse.
Now merge the mlc parts and try to extract it with wfs-extract and post the errors that come up during extraction

 

[Nandster]

Ok, done. Results are as follows:

Dumping...
Error: Failed to read /"sys\\title\\00050010\\1004a200\\content\\arclayout\\layout.sgarc.cmp"
Error: Failed to read /"sys\\title\\00050010\\1004a200\\content\\sound\\stream\\BGM_STR_BARISTA_ACS_SUGAR_DRC.dspadpcm.bfstm"
Error: Failed to read /"usr\\packages\\title\\0000000000000016\\0005000e10144e00\\00000004.app"
Error: Failed to read /"usr\\packages\\title\\0000000000000016\\0005000e10144e00\\00000007.app"
Error: Failed to read /"usr\\packages\\title\\0000000000000016\\0005000e10144e00\\00000011.app"
Error: Failed to read /"usr\\packages\\title\\0000000000000016\\0005000e10144e00\\00000013.app"
Error: Failed to read /"usr\\packages\\title\\0000000000000016\\0005000e10144e00\\00000014.app"
Error: Failed to read /"usr\\packages\\title\\0000000000000016\\0005000e10144e00\\00000015.app"
Error: Failed to read /"usr\\packages\\title\\0000000000000016\\0005000e10144e00\\00000016.app"
Error: Failed to read /"usr\\packages\\title\\0000000000000016\\0005000e10144e00\\00000017.app"
Error: Failed to read /"usr\\packages\\title\\0000000000000016\\0005000e10144e00\\00000018.app"
Error: Failed to read /"usr\\packages\\title\\0000000000000016\\0005000e10144e00\\00000019.app"
Error: Failed to read /"usr\\packages\\title\\0000000000000016\\0005000e10144e00\\0000001a.app"
Error: Failed to read /"usr\\packages\\title\\0000000000000016\\0005000e10144e00\\0000001b.app"
Error: Failed to read /"usr\\packages\\title\\0000000000000016\\0005000e10144e00\\0000001c.app"
Error: Failed to read /"usr\\packages\\title\\0000000000000016\\0005000e10144e00\\0000001d.app"
Error: Failed to read /"usr\\packages\\title\\0000000000000016\\0005000e10144e00\\0000001e.app"
Error: Failed to read /"usr\\packages\\title\\0000000000000016\\0005000e10144e00\\0000001f.app"
Error: Failed to read /"usr\\packages\\title\\0000000000000016\\0005000e10144e00\\00000020.app"
Error: Failed to read /"usr\\packages\\title\\0000000000000016\\0005000e10144e00\\00000021.app"
Error: Failed to read /"usr\\packages\\title\\0000000000000016\\0005000e10144e00\\00000022.app"
Error: Failed to read /"usr\\packages\\title\\0000000000000016\\0005000e10144e00\\00000023.app"
Error: Failed to read /"usr\\packages\\title\\0000000000000016\\0005000e10144e00\\00000024.app"
Error: Failed to read /"usr\\packages\\title\\0000000000000016\\0005000e10144e00\\00000025.app"
Error: Failed to read /"usr\\packages\\title\\0000000000000016\\0005000e10144e00\\00000026.app"
Error: Failed to read /"usr\\packages\\title\\0000000000000016\\0005000e10144e00\\00000027.app"
Error: Failed to read /"usr\\packages\\title\\0000000000000016\\0005000e10144e00\\00000028.app"
Error: Failed to read /"usr\\packages\\title\\0000000000000016\\0005000e10144e00\\00000029.app"
Error: Failed to read /"usr\\packages\\title\\0000000000000016\\0005000e10144e00\\0000002a.app"
Error: Failed to read /"usr\\packages\\title\\0000000000000016\\0005000e10144e00\\0000002b.app"
Error: Failed to read /"usr\\packages\\title\\0000000000000016\\0005000e10144e00\\0000002e.app"
Error: Failed to read /"usr\\packages\\title\\0000000000000016\\0005000e10144e00\\00000030.app"
Error: Failed to read /"usr\\packages\\title\\0000000000000016\\0005000e10144e00\\00000031.app"
Error: Failed to read /"usr\\packages\\title\\0000000000000016\\0005000e10144e00\\00000032.app"
Error: Failed to read /"usr\\packages\\title\\0000000000000016\\0005000e10144e00\\00000033.app"
Error: Failed to read /"usr\\packages\\title\\0000000000000016\\0005000e10144e00\\00000034.app"
Error: Failed to read /"usr\\packages\\title\\0000000000000016\\0005000e10144e00\\00000035.app"
Error: Failed to read /"usr\\title\\00050000\\10105700\\code\\libicu_rpl.rpl"
Error: Failed to read /"usr\\title\\00050000\\10105700\\code\\libwebkitcafe_rpl.rpl"
Error: Failed to read /"usr\\title\\00050000\\10109900\\meta\\bootSound.btsnd"
Error: Failed to read /"usr\\title\\00050000\\1010a700\\code\\WUP-JAJP.rpx"
Error: Failed to read /"usr\\title\\00050000\\10113800\\code\\t.rpx"
Error: Failed to read /"usr\\title\\00050000\\10113800\\content\\gui_sfx.pxp"
Error: Failed to read /"usr\\title\\00050000\\10113800\\content\\MARVEL_Avengers.pxp"
Error: Failed to read /"usr\\title\\00050000\\10113800\\content\\MARVEL_FearItSelf.pxp"
Error: Failed to read /"usr\\title\\00050000\\10113800\\content\\MARVEL_InfinityGauntlet.pxp"
Error: Failed to read /"usr\\title\\00050000\\10113800\\content\\MARVEL_WWH.pxp"
Error: Failed to read /"usr\\title\\00050000\\1011b700\\content\\Main.dat"
Error: Failed to read /"usr\\title\\00050000\\1011b700\\content\\UplayMedia.dat"
Error: Failed to read /"usr\\title\\00050000\\10128600\\content\\resource.pak"
Error: Failed to read /"usr\\title\\00050000\\10128c00\\content\\boss\\buil\\boss_buil.lzss"
Error: Failed to read /"usr\\title\\00050000\\10128c00\\content\\boss\\cent\\boss_cent.lzss"
Error: Failed to read /"usr\\title\\00050000\\10128c00\\content\\boss\\empe\\boss_empe.lzss"
Error: Failed to read /"usr\\title\\00050000\\10128c00\\content\\boss\\giga\\boss_giga.lzss"
Error: Failed to read /"usr\\title\\00050000\\10128c00\\content\\boss\\grif\\boss_grif.lzss"
Error: Failed to read /"usr\\title\\00050000\\10128c00\\content\\boss\\kong\\boss_kong.lzss"
Error: Failed to read /"usr\\title\\00050000\\10128c00\\content\\boss\\mamm\\boss_mamm.lzss"
Error: Failed to read /"usr\\title\\00050000\\10128c00\\content\\boss\\mons\\boss_mons.lzss"
Error: Failed to read /"usr\\title\\00050000\\10128c00\\content\\boss\\octp\\boss_octp.lzss"
Error: Failed to read /"usr\\title\\00050000\\10128c00\\content\\boss\\spdr\\boss_spdr.lzss"
Error: Failed to read /"usr\\title\\00050000\\10128c00\\content\\boss\\trex\\boss_trex.lzss"
Error: Failed to read /"usr\\title\\00050000\\10128c00\\content\\boss\\yama\\boss_yama.lzss"
Error: Failed to read /"usr\\title\\00050000\\10128c00\\content\\common\\common.lzss"
Error: Failed to read /"usr\\title\\00050000\\10128c00\\content\\eft\\stage1\\arc.lzss"
Error: Failed to read /"usr\\title\\00050000\\10128c00\\content\\lyt\\always\\lyt_always_eu_es.lzss"
Error: Failed to read /"usr\\title\\00050000\\10128c00\\content\\lyt\\bigteki\\lyt_bigteki_eu_es.lzss"
Error: Failed to read /"usr\\title\\00050000\\10128c00\\content\\lyt\\bigteki\\lyt_bigteki_eu_it.lzss"
Error: Failed to read /"usr\\title\\00050000\\10128c00\\content\\lyt\\bigteki02\\lyt_bigteki02_eu_de.lzss"
Error: Failed to read /"usr\\title\\00050000\\10128c00\\content\\lyt\\bigteki02\\lyt_bigteki02_eu_fr.lzss"
Error: Failed to read /"usr\\title\\00050000\\10128c00\\content\\lyt\\bigteki02\\lyt_bigteki02_jp_ja.lzss"
Error: Failed to read /"usr\\title\\00050000\\10128c00\\content\\lyt\\common02\\lyt_common02_eu_es.lzss"
Error: Failed to read /"usr\\title\\00050000\\10128c00\\content\\lyt\\credit\\lyt_credit_eu_de.lzss"
Error: Failed to read /"usr\\title\\00050000\\10128c00\\content\\lyt\\credit\\lyt_credit_eu_fr.lzss"
Error: Failed to read /"usr\\title\\00050000\\10128c00\\content\\lyt\\dlc\\lyt_dlc_eu_fr.lzss"
Error: Failed to read /"usr\\title\\00050000\\10128c00\\content\\lyt\\logo\\lyt_logo_eu_it.lzss"
Error: Failed to read /"usr\\title\\00050000\\10128c00\\content\\lyt\\menu\\lyt_menu_eu_en.lzss"
Error: Failed to read /"usr\\title\\00050000\\10128c00\\content\\lyt\\menu02\\lyt_menu02_eu_fr.lzss"
Error: Failed to read /"usr\\title\\00050000\\10128c00\\content\\lyt\\menu03\\lyt_menu03_eu_de.lzss"
Error: Failed to read /"usr\\title\\00050000\\10128c00\\content\\lyt\\menu03\\lyt_menu03_eu_en.lzss"
Error: Failed to read /"usr\\title\\00050000\\10128c00\\content\\lyt\\menu03\\lyt_menu03_eu_it.lzss"
Error: Failed to read /"usr\\title\\00050000\\10128c00\\content\\lyt\\minateki\\lyt_minateki_eu_en.lzss"
Error: Failed to read /"usr\\title\\00050000\\10128c00\\content\\lyt\\minateki\\lyt_minateki_eu_fr.lzss"
Error: Failed to read /"usr\\title\\00050000\\10128c00\\content\\lyt\\minateki\\lyt_minateki_eu_it.lzss"
Error: Failed to read /"usr\\title\\00050000\\10128c00\\content\\lyt\\minateki\\lyt_minateki_jp_ja.lzss"
Error: Failed to read /"usr\\title\\00050000\\10128c00\\content\\lyt\\mission\\lyt_mission_eu_en.lzss"
Error: Failed to read /"usr\\title\\00050000\\10128c00\\content\\lyt\\mission\\lyt_mission_eu_es.lzss"
Error: Failed to read /"usr\\title\\00050000\\10128c00\\content\\lyt\\mission02\\lyt_mission02_eu_en.lzss"
Error: Failed to read /"usr\\title\\00050000\\10128c00\\content\\lyt\\mission02\\lyt_mission02_eu_es.lzss"
Error: Failed to read /"usr\\title\\00050000\\10128c00\\content\\lyt\\mission02\\lyt_mission02_jp_ja.lzss"
Error: Failed to read /"usr\\title\\00050000\\10128c00\\content\\lyt\\mission03\\lyt_mission03_eu_de.lzss"
Error: Failed to read /"usr\\title\\00050000\\10128c00\\content\\lyt\\mission_c\\lyt_mission_c_eu_de.lzss"
Error: Failed to read /"usr\\title\\00050000\\10128c00\\content\\lyt\\mission_c\\lyt_mission_c_eu_en.lzss"
Error: Failed to read /"usr\\title\\00050000\\10128c00\\content\\lyt\\mission_c\\lyt_mission_c_eu_es.lzss"
Error: Failed to read /"usr\\title\\00050000\\10128c00\\content\\lyt\\mission_c\\lyt_mission_c_eu_fr.lzss"
Error: Failed to read /"usr\\title\\00050000\\10128c00\\content\\lyt\\mission_c\\lyt_mission_c_eu_it.lzss"
Error: Failed to read /"usr\\title\\00050000\\10128c00\\content\\lyt\\mission_m\\lyt_mission_m_eu_es.lzss"
Error: Failed to read /"usr\\title\\00050000\\10128c00\\content\\lyt\\mission_m2\\lyt_mission_m2_eu_en.lzss"
Error: Failed to read /"usr\\title\\00050000\\10128c00\\content\\lyt\\mission_m2\\lyt_mission_m2_eu_es.lzss"
Error: Failed to read /"usr\\title\\00050000\\10128c00\\content\\lyt\\mission_m2\\lyt_mission_m2_eu_fr.lzss"
Error: Failed to read /"usr\\title\\00050000\\10128c00\\content\\lyt\\orekong\\lyt_kong_eu_de.lzss"
Error: Failed to read /"usr\\title\\00050000\\10128c00\\content\\lyt\\orekong\\lyt_kong_eu_es.lzss"
Error: Failed to read /"usr\\title\\00050000\\10128c00\\content\\lyt\\orekong\\lyt_kong_jp_ja.lzss"
Error: Failed to read /"usr\\title\\00050000\\10128c00\\content\\lyt\\story\\lyt_story_eu_it.lzss"
Error: Failed to read /"usr\\title\\00050000\\10128c00\\content\\lyt\\team\\lyt_team_eu_en.lzss"
Error: Failed to read /"usr\\title\\00050000\\10128c00\\content\\lyt\\team\\lyt_team_eu_it.lzss"
Error: Failed to read /"usr\\title\\00050000\\10128c00\\content\\movie\\mission_movie\\mission_movie.lzss"
Error: Failed to read /"usr\\title\\00050000\\10128c00\\content\\movie\\title_movie\\title_movie.lzss"
Error: Failed to read /"usr\\title\\00050000\\10128c00\\content\\personal\\d_morii\\common.bfsar"
Error: Failed to read /"usr\\title\\00050000\\10128c00\\content\\personal\\d_morii\\stream\\STRM_MARIOKART_PCM16.bfstm"
Error: Failed to read /"usr\\title\\00050000\\10128c00\\content\\personal\\d_okada\\d_okada_0000.lzss"
Error: Failed to read /"usr\\title\\00050000\\10128c00\\content\\resident\\main.lzss"
Error: Failed to read /"usr\\title\\00050000\\10128c00\\content\\satellite\\arc.lzss"
Error: Failed to dump folder /"usr\\title\\00050000\\10128c00\\content"
Error: Failed to read /"usr\\title\\00050000\\10128c00\\meta\\Manual.bfma"
Error: Failed to read /"usr\\title\\00050000\\10132100\\code\\libcrypto_rpl.rpl"
Error: Failed to read /"usr\\title\\00050000\\10132100\\code\\libicu_rpl.rpl"
Error: Failed to read /"usr\\title\\00050000\\10132100\\code\\libwebkitwiiu_rpl.rpl"
Error: Failed to read /"usr\\title\\00050000\\10132100\\content\\assets\\sound\\stream\\BGM_HEX_01.dspadpcm.bfstm"
Error: Failed to read /"usr\\title\\00050000\\10132100\\content\\assets\\sound\\stream\\STRM_BGM_MAIN.bfstm"
Error: Failed to read /"usr\\title\\00050000\\10132100\\meta\\bootTvTex.tga"
Error: Failed to read /"usr\\title\\00050000\\10149600\\content\\boot\\2d\\it\\skin_01\\arc_0000.lzss"
Error: Failed to read /"usr\\title\\00050000\\10149600\\content\\common\\not_localize\\arc_0000.lzss"
Error: Failed to read /"usr\\title\\00050000\\10149600\\content\\common\\not_localize\\arc_0001.lzss"
Error: Failed to read /"usr\\title\\00050000\\10149600\\content\\common\\not_localize\\arc_0002.lzss"
Error: Failed to read /"usr\\title\\00050000\\10149600\\content\\Drc\\2d\\en\\skin_01\\arc_0002.lzss"
Error: Failed to read /"usr\\title\\00050000\\10149600\\content\\Drc\\2d\\it\\skin_01\\arc_0000.lzss"
Error: Failed to read /"usr\\title\\00050000\\10149600\\content\\eft\\visualizer\\arc_0001.lzss"
Error: Failed to read /"usr\\title\\00050000\\10149600\\content\\global\\feature\\en\\2013061200_00_en.magazine"
Error: Failed to read /"usr\\title\\00050000\\10149600\\content\\global\\miiphoto\\mii_photo_bg_034.jpg"
Error: Failed to read /"usr\\title\\00050000\\10149600\\content\\global\\miiverse\\miiverse_memo01_fr.tga"
Error: Failed to read /"usr\\title\\00050000\\10149600\\content\\global\\movie\\00000001.dat"
Error: Failed to read /"usr\\title\\00050000\\10149600\\content\\global\\movie\\00000004.dat"
Error: Failed to read /"usr\\title\\00050000\\10149600\\content\\global\\tsv\\ja\\wiiudb.dat"
Error: Failed to read /"usr\\title\\00050000\\10149600\\content\\info\\2d\\de\\skin_01\\arc_0001.lzss"
Error: Failed to read /"usr\\title\\00050000\\10149600\\content\\info\\2d\\en\\skin_01\\arc_0001.lzss"
Error: Failed to read /"usr\\title\\00050000\\10149600\\content\\info\\2d\\fr\\skin_01\\arc_0001.lzss"
Error: Failed to read /"usr\\title\\00050000\\10149600\\content\\karaoke\\localize\\fr\\arc_0000.lzss"
Error: Failed to read /"usr\\title\\00050000\\10149600\\content\\stage\\stage03\\arc_0000.lzss"
Error: Failed to read /"usr\\title\\0005000e\\10101e00\\code\\red-pro2.rpx"
Error: Failed to read /"usr\\title\\0005000e\\10101e00\\content\\Common\\actor\\cobPack.szs"
Error: Failed to read /"usr\\title\\0005000e\\10101e00\\content\\Common\\actor\\jyotyuActorPack.szs"
Error: Failed to read /"usr\\title\\0005000e\\10101e00\\meta\\bootTvTex.tga"
Done!

 

[V10lator]

@Nandster Allright, that looks way better than expected. I wonder what that thing in usr/packages/title is but guess it's just some (unfinished) eShop download (Wii Sports Club game update). Then the YouTube app, The Legend of Zelda: A Link to the Past, Super Metroid, Zen Pinball 2, UPLAY, TANK! TANK! TANK!, Wii Street U powered by Google, Wii KARAOKE U by JOYSOUND and the update of New SUPER MARIO BROS. U are broken but all of this is minor. The only important thing broken is Mii Maker.

So the next step would be to write your NAND backup to a matching SD card, then boot from there and only from there (booting from the original eMMC after taking the dump will cause issues!).
When that's done you use the recovery menu / wupserver to remove the broken games and the one game update. Then you completely remove the folder usr/packages/title/0000000000000016 (also with wupserver). Lastly you reinstall Mii Maker (recovery menus install WUP option).

After that the console should boot normally again. Now you can reinstall the games from the eShop.

//EDIT: In case reinstalling Mii Maker won't work try removing it before.

//EDIT²: What might also work (and be more simple) is to just reinstall Mii Maker and remove that one folder through the recovery menu, then use the Wii Us data management to remove the broken titles. No guarantees on this through (data mamagement might crash while trying to load metadata of these titles, for example) but worth a try.

 

[Nandster]

@Nandster Allright, that looks way better than expected. I wonder what that thing in usr/packages/title is but guess it's just some (unfinished) eShop download (Wii Sports Club game update). Then the YouTube app, The Legend of Zelda: A Link to the Past, Super Metroid, Zen Pinball 2, UPLAY, TANK! TANK! TANK!, Wii Street U powered by Google, Wii KARAOKE U by JOYSOUND and the update of New SUPER MARIO BROS. U are broken but all of this is minor. The only important thing broken is Mii Maker.

So the next step would be to write your NAND backup to a matching SD card, then boot from there and only from there (booting from the original eMMC after taking the dump will cause issues!).
When that's done you use the recovery menu / wupserver to remove the broken games and the one game update. Then you completely remove the folder usr/packages/title/0000000000000016 (also with wupserver). Lastly you reinstall Mii Maker (recovery menus install WUP option).

After that the console should boot normally again. Now you can reinstall the games from the eShop.

//EDIT: In case reinstalling Mii Maker won't work try removing it before.

Cheers for that info. Just to clarify, this console does actually boot normally. It's been in storage for years, so I took it out recently to take a nand dump when all this news about Wii U flash going bad became widespread. It was only there, that I ran into trouble. When attempting to dump the nand via the web exploit, the console will just throw up a 160-0103 error, so I assume the flash is maybe only starting to go bad here?

Secondly, when you say write this nand image to an sd card and boot from there, I assume that's where I'll need the nand-aid (in order to by pass the nand and boot from sd)?

 

[V10lator]

so I assume the flash is maybe only starting to go bad here?

There are definitely errors and I wouldn't trust that eMMC anymore. Replacing it early is a good thing as data might corrupt more, making recovery more complicated in the future.

160-0103 error

This is like a big, red flag showing the eMMC has issues.

when you say write this nand image to an sd card and boot from there, I assume that's where I'll need the nand-aid

Correct. I didn't really read your previous posts, just saw you ordered an SD already, so didn't go into more detail. In case you need more details just ask through.

 

[SDIO]

That dump doens't look to bad. annoying thing is that one corrupted folder

Error: Failed to dump folder /"usr\\title\\00050000\\10128c00\\content"

I think you can go ahead and write the Image to a 32GB SD and replace the eMMC with it.
The NAND AID is a convenient and clean solution for that, but you could also do it without it, by wiring up a micro SD to SD adapter.

 

[V10lator]

annoying thing is that one corrupted folder

Oh damn, that one I overlooked... With some luck it's just the SLC cache through.