Hacking Dump Mii NAND - a BootMii format (nand.bin) NAND dumper for vWii/Wii

[Maxternal]

(The name might make more sense to those of us with a Spanish language background ... Mi=My)​

First off, a special thanks to DarkMatterCore (the guy behind Yet Another BlueDump MOD) for getting me started on this. When starting with the Trinux project and looking over MINI code it had occurred to me that making a NAND dumper from the ARM side could be possible but it wasn't until he started trying to do the same by porting some of MINI into PPC code and then ran into trouble that I decided to actually try it that way myself (I actually started by using his original code loop and, later, his original app name idea as well. )

The DOWNLOAD is on the same GoogleCode page as Trinux because that's where the code is, too. (I just started it as a branch of that.)
https://code.google.com/p/gbadev/
Go to the "DOWNLOADS" link and it's near the bottom under the "Miscellaneous Tools" section.


A VERY important note :
Do NOT install your vWii NAND dump on your Wii !!!
It WILL brick your wii
(and it doesn't matter what kind of encryption conversion you do on it either ... it just WON'T WORK.)


How you work it

• Basically, just run the DOL and wait.
• If it has AHB access (for example, using the included meta.xml from HBC) it will use it to load the dumper onto Starlet/Starbucks (the same way Nintendont does) and dump to the SD card ... but if it DOESN'T get AHB access (which shouldn't be too much of a problem) it'll try to use the BootMii IOS to get it running (like nSwitch does) and that you can install with the HackMii installer on a normal Wii or with the the WAD from the above download page on a Wii U (using a vWii compatible IOS236 or WAD manager)
• It will show you how many NAND blocks it's dumped. It might take a little bit longer (but still only a matter of seconds) to go from 0 to 1 but then it should speed up quite a bit. It takes roughly 50 minutes to get done and there's no way to cancel it without cutting the power so make sure you have time. (BootMii only takes about 15 minutes because their code has been far more optimized than mine. There were earlier versions of mine that actually took more than 4 hours so it HAS been cut down a lot.)
• It'll report some of the bad NAND pages but not all the blocks marked as bad like BootMii does. Don't worry, though, as the same amount of information is still stored in the nand.bin file.
• It will save the dump to sd:/nand.bin and the keys to sd:/keys.bin (like BootMii) unless you've specified another path in the meta.xml file. When providing a custom path make sure that no folder names in the path are longer than 8 characters (like old DOS stuff) since MINI apparently can't handle long filenames and will just exit with an error.
• I hopefully made it pretty error-proof (in anticipation of MAYBE making it able to write the NAND dump back in some future moment) and you should even be able to remove the SD card in mid-dump without corrupting the file (BUT, like it'll say on screen while dumping, I don't exactly recommend it either.)

 

[asper]

Great tool max ! I am testing it right now (I will make 2 dumps than comapres them to make sure it is correct); is it possible to have a small app (windows, linux or whatever) to convert an "old" fstoolbox or bluedump dump to a .bin file ?

After my testings I will update the full vWii softmod thread.

 

[Maxternal]

Great tool max ! I am testing it right now (I will make 2 dumps than comapres them to make sure it is correct); is it possible to have a small app (windows, linux or whatever) to convert an "old" fstoolbox or bluedump dump to a .bin file ?

After my testings I will update the full vWii softmod thread.

I think Giantpune made something like that for Wii (something on this page, I think http://wiisixtyfour.webs.com/apps/blog/show/6995299-giantpune-s-wii-nand-tools )
BUT
I'm not sure how well that translates over to vWii (nor am I brave enough to try TBH) but if someone had a Wii U they were willing/brave/stupid enough to sacrifice to science I suppose you could always find out.

 

[asper]

Here it is the 1st dump analyzed with nandExtract:

The dump made using a 2Gb sd card was long (more than 60 minutes); now I am doing a new one using a 1Gb SD card and the dump is really rapid, just like a BootMii one ! I will edit this post with comparison of the 2 dumps.

 

[asper]

Well, I got the second dump (really fast, 20 mins !) and this is the screenshot:

There are some differences and CRC and MD5 are different from the 1st one... what can that mean ? Maybe something different written on NAND after the WiiU reboot (when your tool ends the dump WiiU restarts) ? Maybe settings (anyway I did not change them) ?

Here is nandbincheck screenshot:

 

[Maxternal]

Well, I got the second dump (really fast, 20 mins !) and this is the screenshot:

But CRC and MD5 are different from the 1st one... what can that mean ? Maybe something different written on NAND after the WiiU reboot (when your tool ends the dump WiiU restarts) ? Maybe settings (anyway I did not change them) ?

It's kinda hard to get exactly the same dump twice since the system menu will write to your playlog when you run a channel and HBC also has some channel save information that I think it writes to, to remember the last app you ran, what device (usb/sd) you're using, etc.
[edit]also, the tmp folder is automatically emptied out every time the system menu starts so that anything in there would be redone between one test and the other[/edit]

If it's any comfort, in my tests, what I did was I had a special version that would dump the NAND and then, instead of rebooting the console it would load the /bootmii/ppcboot.elf file immediately (without giving the system menu a chance to screw anything up) and have IT dump the NAND. In my tests on 3 different SD cards (even pulling the card out in the middle of the process) as well as another tester both my app and BootMii gave the same dump as eachother.

 

[asper]

Well so it is a good and tested tool, thank you man

vWii softmod procedure updated !

 

[bravest]

I would certainly advise against enabling the nand write feature. Quite honestly there is no reason to enable a feature that exists only to brick the system.

-bravest

 

[Maxternal]

Yeah, the voting requesting that feature would have to be winning by a LOT for me to make the writing feature available. Eventually I might find time to make it an option that will only appear if someone changes a #define and recompiles ... but I'm in no hurry to do so.

 

[DarkMatterCore]

Excellent work, Maxternal! I'd have helped a lot more on this one, but the university exams were going to drive me crazy. Now that I'm free, I hope to be around #vWii in the next few days - I'm really curious about how did you make this thing amazingly fast! Don't even think I forgot 'bout you, guys.

 

[JoostinOnline]

To your poll, absolutely not. There isn't any benefit since you can fix the problem through other methods if you are able to launch homebrew. It's too dangerous and if it goes wrong, you've got a fully bricked vWii NAND with no way to recover, with the possible exception of a Wii U update.

 

[jammybudga777]

but i thought writing to the nand was the way too recover?? why would you want to be able to back something up but then if it messes up you cant write back to it??

 

[JoostinOnline]

That's why there is no bootmii for the vWii.

 

[Maxternal]

but i thought writing to the nand was the way too recover?? why would you want to be able to back something up but then if it messes up you cant write back to it??

The main reason to have a backup would be so just in case you screwed something up and bricked your Wii/vWii you could find someone that had the equipment needed to write that NAND dump back. If you didn't have the NAND dump or at least the keys to be able to reconstruct a new NAND dump there would be NO way for you to recover from such a situation.

 

[driverdis]

but i thought writing to the nand was the way too recover?? why would you want to be able to back something up but then if it messes up you cant write back to it??

actually, that is how the Xbox360 has been for years. people like me who run their console without any hardware to flash the NAND do that every time Freeboot is updated for a new dash revision. if it fails, you SOL unless you buy/build a NAND flasher and write a backup NAND image to it.

the same would need to be done to the Wii U if the flash fails.

 

[g4jek8j54]

Thanks for this tool. I have been waiting for a tool like this. As to the poll, while originally thinking "Yes," I eventually thought "No," since as has been pointed out earlier, if you can make it the entire way to the Homebrew Channel to run the program again, then it is very likely that you can fix your problem with other homebrew tools. Unless something comes up where you can, say, boot directly into the Homebrew Channel from Wii U mode, it seems like that option may only be asking for trouble right now.

Does this tool dump the vWii keys as well? Just curious.

Also, probably a stupid question, but I'm assuming that it wouldn't be safe to flash a vWii NAND onto a Wii console, correct (not that I would personally do this anyway)? I know that they are usually "signed with different keys" (perhaps the wrong wording there), but if I remember correctly, aren't there other tools that allow you to flash a NAND onto a different Wii console? If so, you may want to consider adding some kind of "disclaimer" to the original post.

Anyway, again, thanks for this program!

 

[JoostinOnline]

Almost all the drivers would be wrong, so you'd just brick your Wii.

 

[obcd]

Some of the Wiiu vwii hardware is different from wii hardware (like the wifi chipset) Due to that, vwii ios are incompatible with wii and wii ios are incompatible with vwii.

Don't install a vwii nand backup on your wii!!!!

We can only hope that some day a wiiu exploit sees the light and hopefully that exploit will allow us to restore the vwii nand from within wiiu mode.
There still is the wiiu site of the nand, which only can be restored the hardware way. If that get's messed up, it likely will totally brick your wiiu.
Wiiu site might only contain some boot code for the arm site of Wiiu. It might also contain the ppc boot code used to decrypt the 1-512 channel.
Last line are speculations. Only Team f0f and Team Ninty know the internal details of that.

 

[Deletedmember331810]

Maximus, you should just take that poll down, buddy, LOL.

This will only be the cause of a lot of headaches for a lot of irresponsible people.

 

[Maxternal]

For the record, as the first to vote I had voted no so it would take a WHOLE lot of people requesting something that risky for me to want to consider giving it to them.

Does this tool dump the vWii keys as well? Just curious.

The Wii/vWii keys are part of this format of NAND dump. The last part of the nand.bin file is exactly the same as the keys.bin that BootMii also makes.

You may want to consider adding some kind of "disclaimer" to the original post.

Looks like this is a really good idea.
I updated the first post with just such a warning.