Hacking RealWnD - Wii Mini Edition

[nitr8]

Here comes the Wii Mini NAND dumper.

R-E-A-D C-A-R-E-F-U-L-L-Y

It's straight forward: Run it from within HBC.

It dumps directly to an attached USB drive with ECC data included.

No inputs required.

In order to accomplish the dumping process, you need these prerequisites:

https://gbatemp.net/threads/simpleiospatcher-wii-mini-edition.553353/

IF you have all the above prerequisites, the app does the following:

1.) Reloads into IOS236
2.) Disables AHBPROT automatically
3.) Disables MEMPROT automatically
4.) Patches IOS for gaining access back to /dev/flash (will be patched until the console is turned off)
5.) (Ab)uses IOS and mounts /dev/flash
6.) (Ab)uses IOS and dumps to usb:/WiiFlash_n_ECC.img (encrypted NAND binary)
7.) (Ab)uses IOS and dumps to usb:/WFD_XXX_YY.img ("Error" data - which is not really neccessary)
8.) Creates LOGFILE usb:/WiiFlash.log

??? - What's missing: The NAND key. You can obtain it using @DarkMatterCore's modified version of @bushing's Xyzzy.

Have phun.

Info for the new release:

- no longer needs YOU to dump and patch the AHBPROT bit within the IOS TMD

The NEW release is right here: http://www.mediafire.com/file/a1dzg9b6ahkdj06/RealWnD_Mini.zip/file

 

[FancyNintendoGamer567]

uwu? But anyways, nice.

 

[nitr8]

Updated because:

- way easier for the end user (just simply dump your Wii Mini NAND by running it)

! CAUTION: You need to have at least YOUR Wii Mini's IOS36 patched to a custom IOS into slot 236 !
(See first post in this thread on how to do this)

 

[Vila_]

Nice!

 

[asper]

Great ! What is the average dumping time ? In my case it tooks about 30 mins. Is there a tool to automatically add the 1024 footer used in bootmii and in every Wii NAND manager software taking it from Xyzzy keys.txt ?

Anyway I manually hex-edited the dump and decrypted/loaded it with showmiiwads:

Thank you !

 

[DarkKnight_TJ]

i used both attached file and mediafire link, in both apps i get AHBPROT is not disabled error and then exits. i have installed "simpleiospatcher" with no errors. any idea?. thanks!

 

[DarkKnight_TJ]

well, i had to do "simpleiospatcher" manually to patch "AHBPROT", then i was able to dump wii mini nand. Is there any nand writer available for mini?

 

[DarkKnight_TJ]

is there any way to get a "normal" dump instead of an ".ecc" one? just for testing purposes (trying to make a "full dump" using a "normal" wii dump and encrypting using wii mini keys, would be nice to have full sytem capabilities back in wii mini xD). (i own a hardware programmer)

 

[tech_land]

Great ! What is the average dumping time ? In my case it tooks about 30 mins. Is there a tool to automatically add the 1024 footer used in bootmii and in every Wii NAND manager software taking it from Xyzzy keys.txt ?Anyway I manually hex-edited the dump and decrypted/loaded it with showmiiwads:
Thank you !

is there a tool? is there a guide line to edit the dump with hex editor?

 

[asper]

is there a tool? is there a guide line to edit the dump with hex editor?

Just add the bootmii 1024 bytes at the end of the nand dump using the hexeditor you prefere.

 

[SanktyRG]

Hi there, thank you so much for this, it is nice to have the Wii Mini's NAND available and safe.

Great ! What is the average dumping time ? In my case it tooks about 30 mins. Is there a tool to automatically add the 1024 footer used in bootmii and in every Wii NAND manager software taking it from Xyzzy keys.txt ?

Anyway I manually hex-edited the dump and decrypted/loaded it with showmiiwads:

Spoiler

Thank you !

Hi there, maybe this is a stupid question, but may I ask how you got your console specific 1024-bytes? Thanks in advance.

 

[asper]

Hi there, thank you so much for this, it is nice to have the Wii Mini's NAND available and safe.




Hi there, maybe this is a stupid question, but may I ask how you got your console specific 1024-bytes? Thanks in advance.

The 1024 bytes contains the OTP dump. You can obtain it using various tools, I used the latest Xyzzxy-mod (it is able to dump directly to a file and you just can copy-past the 1024 bytes at the end of the nand image). More info here, unfortunately not in english).

 

[SanktyRG]

The 1024 bytes are the OTP dump. You can obtain it using various tools, I used the latest Xyzzxy-mod (it is able to dump directly to a file and you just can copy-past the 1024 bytes at the end of the nand image). More info here, unfortunately not in english).

I was able to create my BootMii NAND with your instructions and the website you linked, thank you very much!

 

[Zane_Julien]

After using the simple Ios Patcher and then starting RealWnD on my Wii mini, it first shows some information about the tool and then just a blackscreen, is that normal?