Hacking Boot to homebrew channel without boot mii in boot 2?

[Luigimitsu]

Title explains my issue, I am assuming there is no other way and that any Wii that can't install boot mii into boot 2 will need a Wii remote/sensor bar, but I just want to post here to check that there is no other way because I would really prefer to not use the Wii remote. Please answer this for me, thanks!

I am hacking 14 Wii's for Smash Bros. tournament players.

 

[Foxi4]

You can install PriiLoader and use that to enter the Homebrew Channel - to my knowledge it does not require a WiiMote.

 

[Luigimitsu]

Really? That would be perfect, I thought Priiloader just makes a timer so it skips BootMii for you, but do I install BootMii first? I've never actually installed Priiloader, only Bootmii.

I hope this works, thanks .

 

[RHOPKINS13]

You can install PriiLoader without BootMii. It will let you launch something other than the system menu when you turn on your Wii. It's pretty cool, if you want you could probably set it up to boot directly into Smash Bros.

 

[Luigimitsu]

Wow that's cool, well what I would do is make it boot directly into usb loader, because I run other games from it, but thanks for the advice I'm going to try this today. Does it work the same if bootmii is already installed? Are there any good guides to help me learn how it works? I only know to run the app and get it installed.

 

[obcd]

Yes, it doesn't interfer with bootmii. It runs instead of the menu and can be set to run the menu or something else like a channel.

I still would install bootmii first. If it can be installed as boot2, it's a great brick protection.
If it can only be installed as ios, you should still use it to backup your nand before you start messing with it.

 

[Luigimitsu]

Ok, I've done a nand backup before but I usually don't bother just because I know the process for getting cfg loader to work pretty well and never had a brick, but I guess I should do it, I didn't think it was that easy to brick a Wii. Thanks for the help guys, I'm going to see if I can get these -no boot2 install- Wii's to go into usb loader with Priiloader now.

Edit - I just read that System Menus 4.1 & 4.2 are requirements for Priiloader. So if I updated my Wii to 4.3 since letterbomb requires that it doesn't work? I should have Brawl and Lego Batman but I need to find them, will I need to use one of those to install the homebrew channel to get Priiloader to work?

 

[eN-t]

There are many ways and afaik, PriiLoader works just fine with 4.3. However, 4.1 is recommended especially for Wiis without the ability to install bootmii into the boot2 simply because you could much more easily repair some kinds of bricks then. Some game discs include Wii Firmwares up to 4.3 so if you brick your Wii and it's on a lower Firmware than one of those on a game disc you own, you can update and thus unbrick your Wii with your game. If your Wii is on 4.3, this method can't work because there are no games (and basically no Firmware at all) higher than 4.3.

And for the exploit itself, Letterbomb only supports 4.3 but there is also the Wilbrand exploit. It's newer and supports basically all Firmwares iirc. so you should be good to go if you're on 4.1.

----

Just to add that: the auto-boot function of BootMii @ boot2 is incredibly fast, my USB Loader GX is completely ready to use in only 7 seconds after powering my Wii on. PriiLoader auto-boot takes around 15 seconds and has one huge disadvantage: if you remove your SD card with the USB Loader GX on it, PriiLoader will still try to auto-boot into it whereas a BootMii @ boot2 auto-boot would not even occur when there is no SD card inserted

 

[Luigimitsu]

Thanks, I'll look into Wiibrand since updating to 4.3 every time to use letterbomb is a hassle. I don't actually care if I brick 1 Wii because I got 10 "faulty" Wii's for £30, aka no working disc reader. I guess as long as I do the same hacking process that I've been doing every time with success it shouldn't brick right? So far I've learnt what I need to do what I wanted which is great I got Priiloader to boot into cfg loader.

 

[Luigimitsu]

Quick question, can you run Wii/GC games from a 32bit micro sd card? I'd like to know since it's cheaper than buying a 16GB USB and 2GB SD card.

 

[Cyan]

The difference with bootmii and priiloader is that priiloader replaces the system menu, while bootmii is part of the console's boot sequence.

Normal Wii: switch ON -> Boot0 -> Boot1 -> Boot2 -> System menu
bootmii wii: switch ON -> Boot0 -> Boot1 -> Bootmii loaded from SD, or Boot2 > System menu
priiloader Wii: switch ON -> boot0-> Boot1-> Boot2 -> Priiloader (same named as System menu) -> System menu (renamed)
bootmii+prii wii: switch ON -> boot0 -> Boot1 -> Bootmii loaded from SD, or boot2 -> Priiloader -> System menu

From Bootmii:
- If you have the SD card inserted with bootmii application on it, it will be loaded instead of the real Boot2.
- You can disable the delay, just edit the .ini file on your SD card. set delay to 0.
- You can choose to automatically load System menu, Bootmii or HBC.
- You don't need priiloader to disable it! priiloader doesn't make a timer to do something to bootmii, priiloader is launched AFTER bootmii if you select to launch System menu.

From Priiloader:
- You can choose to automatically load System menu (default), or HBC
- You can choose to launch an installed homebrew.
- If you launch an installed homebrew directly from Priiloader, you won't have AHB access. install a forwarder and autoboot the forwarder instead. (I think it depends which version or priiloader you are using, there a version with AHB support)


You can have both Bootmii and priiloader installed.
- Priiloader replace the system menu, so if in Bootmii settings you choose to load System Menu, it will in fact load Priiloader, which will itself load the renamed System menu or HBC or a homebrew.
- If you set Bootmii to load HBC, it will not load priiloader at all, and the priiloader patches usually applied to the system menu will not be present.


when you exit a game, it reloads the System menu, but if you have priiloader installed it instead load priiloader which will load the System menu (or any installed homebrew you selected).


If the console you are hacking can have bootmii installed at boot2, prefer this to autoboot HBC, it will be faster.
if you want to autoboot into a homebrew, then you will have to use either priiloader, or a modified bootmii (which is an application on the SD card launched instead of loading Boot2) to do something else than bootmii, for example load USBGX forwarder.

 

[WiiPower]

I think the boot process with BootMii boot2 is like this:
boot0 -> boot1 -> patched boot2 with injected loader stub -> loader stub checks sd card, in case of no BootMii on sd card -> original boot2 -> system menu IOS -> system menu
or
boot0 -> boot1 -> patched boot2 with injected loader stub -> loader stub checks sd card, in case of BootMii on sd card -> BootMii mini -> BootMii ppc -> BootMii menu(=BootMii ppc)/HBC/system menu

An important detail here is that the system menu IOS is launched by boot2, and the IOS launches the system menu. This is the reason why a damaged system menu IOS is bricking Wiis, even if there's priiloader installed. Also priiloader might change which IOS is the system menu IOS, if it does this in some cases, i don't know.

It is is boot2 that is patched, not boot1. Funny thing is that this patched boot2 is installed next to the (i think 2 copies) of boot2, but with the info that the original one(s) are damaged(CRC error). This way boot1 starts the patched one, while the original one is still there and can be used.

PS: Ok, i'm not so sure it is a CRC error, but the patched boot2 somehow contains info that tells boot1, that the other one(s) are broken.

 

[Cyan]

You detailed it even more than I did !

I thought Boot1 was patched to accept the new Boot2 crc
and in newer wii, boot1 vulnerability was fixed (it can't be patched anymore, or boot0 check boot1 crc?)

Well, I still have to learn things.

 

[WiiPower]

You detailed it even more than I did !

I thought Boot1 was patched to accept the new Boot2 crc
and in newer wii, boot1 vulnerability was fixed (it can't be patched anymore, or boot0 check boot1 crc?)

Well, I still have to learn things.

Boot1 just doesn't accept any boot2, it checks its signature. But the old Wiis' boot1 have the trucha bug, so the signing is not a problem. Boot1 is on some kind of read-only memory, which is why nintendo can overwrite BootMii boot2, but it can't patch Wiis to not allow installing it. The newer hardware revisions have the trucha bug fixed in boot1 of course.

 

[Cyan]

You are right. It make sense.