Hacking Betwiin v.10

Thomas83Lin · Aug 18, 2009

yup on bootmiiv1.0 if your using keys.bin file to get your keys

Hmac-Key is 20 bytes long and you find it on 0x144
Nand-Key is 16 bytes Long and you find it on 0x158

hibit good luck on fixing your Wii post how everything goes

HiBit · Aug 19, 2009

BlackAce83 said:
hibit good luck on fixing your Wii post how everything goes

Thank you, but i need two, three or four days to fix a little problem(i need something).

I solder two pin's from the NAND together but i have no desoldering wick and/or soldering flux @ home(shit, all other connections are fine).

I think it's to dangerous for me to try another way as use soldering flux and a little bit of desoldering wick to fix this problem.
Possible that other user use a scalpel or whatever to fix problems like this, but i didn't like that.

Now i order desoldering wick and soldering flux first and if it is here i report more.

QUOTE(Maisto @ Aug 18 2009, 09:24 PM) Can you mount a Infectus in a bricked wii's NAND without soldering?

I think no, but if anyone know an ic-clip that support soldered TSOP48 please tell me where i can buy it.

The other text i didn't understand, possible that it is my problem because also my english is very bad.

Maisto · Aug 19, 2009

HiBit mayby you can use this one

http://www.chip-service.de/product_info.ph...%20Meritec.html

WiiCrazy · Aug 19, 2009

@Hibit : infectus, is it something you solder onto nand and the rest is handled on the pc side or you need further soldering on the pc side? I'm sure soldering onto nand itself a big problem itself but further soldering may distract even the advanced wii hacker...

btw, has infectus proper software for low level flashing at least?

HiBit · Aug 19, 2009

@Maisto
Thanks, but this is a standard ic socket and to use this device i must solder out the whole NAND into the socket.

@WiiCrazy
I must "only" solder the infectus to the NAND(if it looks easy try to solder it

) and program it with the infectus, also it's possible to remove the NAND from the Wii motherboard and put it into a tsop socket and flash it with the infectus.

Example for soldering a infectus to the NAND:

Then i must program the NAND, of cause. That is possible if i flash the infectus with a NAND programmer tool(It's a code for the Actel, the infectus could be a NAND programmer, a modchip, a ...), short D0 to ground during startup the Wii(it block the use of the NAND) and use Tools like InfectusProgrammer(www.infectus.biz), Xavbox programmer(www.xavbox.com), ...(google), or amoxiflash(http://hackmii.com/2008/05/amoxiflash-binary-for-win32/) from bushing.

Thats the theory.

I read something about problems with the infectus(it add also sometimes $FF to any address of binary code), but i hope it work to flash the first blocks of a NAND to startup bootmii.

Thats all for this moment, if i get the flux i fix my little problem with the NAND and than i try to unbrick this and three other Wii motherboards.

p.s. I hope you understand what i mean.

Regards.

tony996 · Aug 20, 2009

HiBit said:
pspmte said:

Yes with the infectus and bushing amoxy program u can dump nands and reflash

I have 2 wiis bricked on 3.4 will go into the recovery buts that it

only way I can see me fixing this is making a new NAND from another wii
so I need to install bootmii with a hex editor onto the bricked nands
then use bootmii to dump the NAND.bin then hex the keys and the use betwiin

Click to expand...

The problem is you can only fix the bricked Wii if you have the NAND-Key and the HMAC-Key.

Without that you can't add working code, and if you have the keys you can make a full backup
from another Wii and there is no need to add bootmii with an hex editor.

alright, i was reading this and this looks like what i need to fix my wii, i need help i am a real noob. I have a bricked wii with bootmii installed but no backup of working nand. I also have a working wii with bootmii installed. Thus, i have a nand file that is good and one that is bad, now what do i have to do to change my bad nand to a good one. please explain a little further for me i am way lost. Thank you

Hicksy · Aug 20, 2009

I've given up for the moment. I got betwiin to run and thru it all it kept saying u fail it as it went thru the NAND tested both ways I posted above. Hopefully a more soft Modder friendly pc app will come available . In the meantime I got less then 20 stats left on Mario galaxy to collect

HiBit · Aug 20, 2009

tony996 said:
alright, i was reading this and this looks like what i need to fix my wii, i need help i am a real noob. I have a bricked wii with bootmii installed but no backup of working nand. I also have a working wii with bootmii installed. Thus, i have a nand file that is good and one that is bad, now what do i have to do to change my bad nand to a good one. please explain a little further for me i am way lost. Thank you

Please read the thread and start around Post #54. There we discuss what is to install, how to get the keys, how to use a hex editor, ...
http://gbatemp.net/index.php?showtopic=173...t&p=2183625

gajo · Aug 20, 2009

hi
you can put a NAND from another wii on a wii Blick, if not the key has the same? using these tools and infectus? or the starting point is to have the backup of your NAND wii blick.
Excuse my poor English

gd48202 · Aug 20, 2009

HiBit,

I have been following this thread, but lurking. You may want to look at a solderless clip for the infectus. Here is a link

http://www.modchip.ca/store/product.php?pr...=321&page=1

GD

Maisto · Aug 20, 2009

He cannot use this because the infectus is in this point not for the DVD drive but for the NAND chip.

But if he do some remake on the socket i have linket to he can use it as a clip. for the nand.

The only think he need to do is soldering the infectus to the socket and make som moddifcation to the socket.

HiBit · Aug 20, 2009

gd48202 said:
I have been following this thread, but lurking. You may want to look at a solderless clip for the infectus. Here is a link

http://www.modchip.ca/store/product.php?pr...=321&page=1

That's not a TSOP48 test clip, that's a clip for the Wii dvd controller.

But we need to connect the infectus to the NAND and it is a TSOP48:

There a different ic sockets available, but to use this sockets you must remove the NAND completely.

I hope now understand all what i mean.

Regards,
HB

Edit:
Btw it's not a big problem to solder the cables to the NAND(if i get the solder flux, ...).
But a clip should be very easy for everyone if it is already soldered to an infectus.

Open the Wii > put the clip on the NAND > flash it > reassemble the Wii and fix the NAND with bootmii and betwiin

That could be a job for everyone that understand for what is a screwdriver.

Thomas83Lin · Aug 21, 2009

A clip for the nand would be sweet, cause many people wont be able to solder the infectus to the nand, cause you will need some pretty good experience with soldering to do so.

tony996 · Aug 21, 2009

I can see the finish line but i need some help; did everything on this wonderful guide (thanks guys), and i think this is where my problem lies when i try to save nand key and nand hmac ultra edit saves them as bak file, very tired and i can't think but how do i get it to save as just a file????

HiBit · Aug 21, 2009

The .bak file in UltraEdit is only a backup of the original file.

tony996 · Aug 21, 2009

man, oh man, oh man.... so close yet so far away. okay, here is my problem got python to run and it even gave me a good flash bin, then when i inserted it in my wii, bootmii told me the nand belonged to another system and did not want to download. help, this is getting frustrating.

alright in the input folder insert nand (with last 1024 bytes deleted) 0x21000000
renamed to flash.bin ---good wii
then get the hmac keys 20 bytes from good wii 0x21000144
then get the nand key 16 bytes from good wii 0x21000158

in the ouput folder get the hmac keys form bad wii and the nand key from bad wii

The nand-key is 16 bytes long and you find it on $

Run betwiin

get nand from ouput folder and add the last 1024 bytes from good wii.

am i missing something, help me
both wii are the same v. 3.4

HiBit · Aug 21, 2009

tony996 said:
get nand from ouput folder and add the last 1024 bytes from good wii.

You must insert the 1024 bytes from the bricked Wii.

tony996 · Aug 21, 2009

NOOOOOOOO!!!!! this is what bootmii tells me

bootmii found in boot2, ok to proceed.
Warning: boot1 mismatch, not writing
sry, i haz fail: -1

what the hell does that mean!!!!!!!!!! What do i do next!!!!!!

HiBit · Aug 21, 2009

Let me quote the readme of betwiin:

QUOTE said:
1) The version of boot1 you flash to a NAND chip must match the
original one that shipped with that Wii. No exceptions.

I think that's your problem.

QUOTEWhat do i do next!!!!!!

Use another dump from an Wii where bootmii is installed.

Edit:
Btw, today i get the tools i need to fix my solder problem.
I'm sure tomorrow it's possible for me to tell you more about this ^^.

If you can wait it could be possible for me to release a "Patch-Tool" that insert bootmii to every NAND.

Sorry if i need some days to do this, but - and this is no joke - i'm a newbie.
I get my first Wii on the registration date @ gbatemp and it was the 19-June-2009.

It's hard for me to understand all this, but i give my best to help.

Regards,
HB

tony996 · Aug 21, 2009

thought that might be the problem, that succckkksssssssss. this is the oldest wii i have, and i don't have an idea where to get another one. Okay, i will figure it out, how can i tell if they have the same boot1. thanks H . so close, almost there and then this..... I hate this wii.....

Hacking Betwiin v.10

Retro Gamer

Well-Known Member

Well-Known Member

Be water my friend!

Well-Known Member

Member

Active Member

Well-Known Member

Member

Member

Well-Known Member

Well-Known Member

Retro Gamer

Member

Well-Known Member

Member

Well-Known Member

Member

Well-Known Member

Member

Similar threads

Popular threads in this forum