Hacking [Guide] Kafluke's HardMod CBHC Unbrick guide

BaamAlex · Mar 2, 2021

christianacqua said:
I know it is useless but I also need it to do some experiments, I think it is safe because it does not touch the vc game on which I have installed cbhc

It makes no sense dude. Check that. You can use "shortcuts" in the autoboot menu from cbhc. But it doesn't matter what i say. You do it either way.

christianacqua · Mar 2, 2021

BaamAlex said:
It makes no sense dude. Check that. You can use "shortcuts" in the autoboot menu from cbhc. But it doesn't matter what i say. You do it either way.

Ok, ty

danyboy666 · Apr 21, 2021

Hello guys,
i'm trying to revive my wii u wich I bricked by formatting it... I did not remeber how I installed that softmod so yeah that's that. At least i have a otp.bin backup.
So here i am. after dumping the nand i get HMAC errors

bad HMAC for "/sys/title/00050010/1000400a/code/fw.img"
bad HMAC for "/scfm.img"

and i get this from nandfixer

** nandFixer : Fix incomplete dump, add ECCs and HMACs **
built: Mar 25 2017 01:05:33
NandBin::ItemFromPath ->item not found "/sys/config/syshax.xml"
"Can't find system.xml backup, are you sure CBHC is installed?"

Can i revive this console or is it a lost cause? I,m asking because i'm not sure i want to spend another afternoon checking those wires and resoldering everything.

godreborn · Apr 21, 2021

syshax.xml iirc is the original system.xml iirc. it creates that backup so that you can fix it easily if something goes wrong. the file doesn't technically exist. system.xml is the file that does cbhc, so you need both files. I don't know what's causing your error though.

--------------------- MERGED ---------------------------

here's an example of my redNAND with no cbhc installed. as you can see, syshax.xml doesn't exist:

--------------------- MERGED ---------------------------

here's with cbhc installed:

danyboy666 · Apr 21, 2021

godreborn said:
syshax.xml iirc is the original system.xml iirc. it creates that backup so that you can fix it easily if something goes wrong. the file doesn't technically exist. system.xml is the file that does cbhc, so you need both files. I don't know what's causing your error though.

--------------------- MERGED ---------------------------

here's an example of my redNAND with no cbhc installed. as you can see, syshax.xml doesn't exist:

View attachment 259476

--------------------- MERGED ---------------------------

here's with cbhc installed:

View attachment 259478

So i'm asking again, Can i revive this console with juste the opt.bin? How can i "mount" that file? I don't really do this stuff often to be honest this is one of those case I should have read the fn manual

Anywais 4 years later after installing that console playing zelda with it than reboxing it i forgot everything i did with this. The teensy is still soldered i tested again i fit could boot by itself before attempting anything else. But now i'm stuck as I don't really know what i need to do to fix the nand. The guide doesnt specify my particular case or maybe i'm just not reading it properly...

edit: nand extractor i guess

I think i will try another dump to compare it could be a bad dump too

godreborn · Apr 21, 2021

probably a bad dump, yeah. I don't think @Kafluke has signed in in months, so it may be difficult to get an answer. the otp.bin is all you really need if it's a cbhc brick, because you can just dump the nand, then decrypt it with the otp. I'm sorry, I don't know what else to suggest. I'm familiar with the tutorial, but I've never had a cbhc brick.

danyboy666 · Apr 21, 2021

godreborn said:
probably a bad dump, yeah. I don't think @Kafluke has signed in in months, so it may be difficult to get an answer. the otp.bin is all you really need if it's a cbhc brick, because you can just dump the nand, then decrypt it with the otp. I'm sorry, I don't know what else to suggest. I'm familiar with the tutorial, but I've never had a cbhc brick.

it's ok you're cool enough to have anwered i'll wait a bit do another dump from a linux machine, windows has lots of issues with usb serial stuff from my experience. Thanx man

SundayWarrior · Apr 21, 2021

danyboy666 said:
Hello guys,
i'm trying to revive my wii u wich I bricked by formatting it... I did not remeber how I installed that softmod so yeah that's that. At least i have a otp.bin backup.
So here i am. after dumping the nand i get HMAC errors

bad HMAC for "/sys/title/00050010/1000400a/code/fw.img"
bad HMAC for "/scfm.img"

and i get this from nandfixer

** nandFixer : Fix incomplete dump, add ECCs and HMACs **
built: Mar 25 2017 01:05:33
NandBin::ItemFromPath ->item not found "/sys/config/syshax.xml"
"Can't find system.xml backup, are you sure CBHC is installed?"

Can i revive this console or is it a lost cause? I,m asking because i'm not sure i want to spend another afternoon checking those wires and resoldering everything.

Check my answer in theme. Im upload patched chbc remover, you can edit system.xml and eject it in backup with pathed stuff

https://gbatemp.net/threads/guide-kaflukes-hardmod-cbhc-unbrick-guide.476725/page-9#post-8656458

godreborn · Apr 21, 2021

yeah, afaik, the nand fixer creates those bytes of the nand that don't get dumped (kinda like how it is with the rednand dumper). my rednand is slightly smaller than my regular nand, because the dumper doesn't know how about those extra bytes. I think that's why so many people's rednand got corrupted over time. anyway, I don't think nand fixer is meant to repair a cbhc brick. you want cbhc remover for that.

danyboy666 · Apr 21, 2021

godreborn said:
yeah, afaik, the nand fixer creates those bytes of the nand that don't get dumped (kinda like how it is with the rednand dumper). my rednand is slightly smaller than my regular nand, because the dumper doesn't know how about those extra bytes. I think that's why so many people's rednand got corrupted over time. anyway, I don't think nand fixer is meant to repair a cbhc brick. you want cbhc remover for that.

That's what I did. I think it's calling nandFixer anywais:

Code:

C:\Users\dferron\Desktop\WiiU rescue>nandCbhcRemover.exe slc.bin
** nandFixer : Fix incomplete dump, add ECCs and HMACs **
   built: Mar 25 2017 01:05:33
NandBin::ItemFromPath ->item not found "/sys/config/syshax.xml"
"Can't find system.xml backup, are you sure CBHC is installed?"

C:\Users\dferron\Desktop\WiiU rescue>nandBinCheck.exe slc.bin -all
** nandBinCheck : Wii nand info tool **
   from giantpune
   built: Mar 24 2017 23:49:06
NAND Type: SLC (WiiU)
checking boot1...
Boot1 hash: "3806d41a5c5f139f5b09bbe5b74a5ec45e0f5507"
Boot1 OK!
checking for lost clusters...
found 0 lost clusters
UNK ( 0xffff ) 6a (5fe7, 608d, 608e, 608f, 6268, 6269, 626a, 626b, 626c, 626d, 626e, 626f, 6318, 6319, 631a, 631b, 631c, 631d, 631e, 631f, 6320, 6321, 6322, 6323, 6324, 6325, 6326, 6327, 6330, 6331, 6332, 6333, 6334, 6335, 6336, 6337, 6407, 67c0, 67c1, 67c2, 67c3, 67c4, 67c5, 67c6, 67c7, 67d0, 67d1, 67d2, 67d3, 67d4, 67d5, 67d6, 67d7, 6828, 6829, 682a, 682b, 682c, 682d, 682e, 682f, 6960, 6961, 6962, 6963, 6964, 6965, 6966, 6967, 69f8, 69f9, 69fa, 69fb, 69fc, 69fd, 69fe, 69ff, 6a18, 6a19, 6a1a, 6a1b, 6a1c, 6a1d, 6a1e, 6a1f, 6bb0, 6bb1, 6bb2, 6bb3, 6bb4, 6bb5, 6bb6, 6bb7, 6bb8, 6bb9, 6bba, 6bbb, 6bbc, 6bbd, 6bbe, 6bbf, 7693, 7694, 7695, 7696, 7697)
free            4934
verifying ecc...
0 out of 897792 pages had incorrect ecc.
they were spread through 0 clusters in 0 blocks:
 ()
0 of those clusters are non-special (they belong to the fs)
verifying hmac...
verifying hmac for 421 files
hmac bad (3)
"fw.img" is dfd200 bytes ( 380 ) clusters

00000000  ffe35422 f0d951cf 31b5c3b3 25eedea8  ..T"..Q.1...%...
00000010  ba8633b4 67e35422 f0d951cf 31b5c3b3  ..3.g.T"..Q.1...
00000020  25000000 00000000 00000000 00000000  %...............
00000030  630d630d 74048b0b 990a6605 86048604  c.c.t.....f.....

00000000  ffe35422 f0d951cf 31b5c3b3 25eedea8  ..T"..Q.1...%...
00000010  ba8633b4 67e35422 f0d951cf 31b5c3b3  ..3.g.T"..Q.1...
00000020  25000000 00000000 00000000 00000000  %...............
00000030  8604790b de092106 fd090206 d50c2a03  ..y...!.......*.

00000000  e35422f0 d951cf31 b5c3b325 eedea8ba  .T"..Q.1...%....
00000010  8633b467                             .3.g
bad HMAC for "/sys/title/00050010/1000400a/code/fw.img"
hmac bad (1)
"scfm.img" is 8004000 bytes ( 2001 ) clusters

00000000  ff000000 00000000 00000000 00000000  ................
00000010  00000000 00000000 00000000 00000000  ................
00000020  00000000 00000000 00000000 00000000  ................
00000030  00000000 00000000 00000000 00000000  ................

00000000  ff000000 00000000 00000000 00000000  ................
00000010  00000000 00000000 00000000 00000000  ................
00000020  00000000 00000000 00000000 00000000  ................
00000030  00000000 00000000 6b046b04 9b0d6402  ........k.k...d.

00000000  8307637d c3a54861 effb8cea f880896f  ..c}..Ha.......o
00000010  ebcbf469                             ...i
bad HMAC for "/scfm.img"
2 files had bad HMAC data
checking HMAC for superclusters...
0 superClusters had bad HMAC data

SundayWarrior said:
Check my answer in theme. Im upload patched chbc remover, you can edit system.xml and eject it in backup with pathed stuff

https://gbatemp.net/threads/guide-kaflukes-hardmod-cbhc-unbrick-guide.476725/page-9#post-8656458

Thank you I will definitly check this out.

godreborn · Apr 21, 2021

I'm not sure if the nand is supposed to have a specific size, but it's 528MBs (not sure if it needs specific byte size, but probably).

danyboy666 · Apr 21, 2021

SundayWarrior said:
Check my answer in theme. Im upload patched chbc remover, you can edit system.xml and eject it in backup with pathed stuff

https://gbatemp.net/threads/guide-kaflukes-hardmod-cbhc-unbrick-guide.476725/page-9#post-8656458

what should I rename the title_id for?

--------------------- MERGED ---------------------------

Code:

<?xml version="1.0" encoding="utf-8"?>
<system type="complex" access="777">
  <version type="unsignedInt" length="4">21</version>
  <cmdFlags type="unsignedInt" length="4">0</cmdFlags>
  <default_os_id type="hexBinary" length="8">000500101000400a</default_os_id>

  <default_title_id type="hexBinary" length="8">0005000010179b00</default_title_id>

  <log type="complex" length="0">
    <enable type="unsignedInt" length="4">0</enable>
    <max_size type="unsignedInt" length="4">8388607</max_size>
  </log>
  <standby type="complex" length="0">
    <enable type="unsignedInt" length="4">0</enable></standby>
  <ramdisk type="complex" length="0">
    <cache_user_code type="unsignedInt" length="4">0</cache_user_code>
    <max_file_size type="unsignedInt" length="4">10485760</max_file_size>

    <cache_delay_ms type="unsignedInt" length="4">10000</cache_delay_ms>
  </ramdisk>
  <simulated_ppc_mem2_size type="hexBinary" length="4">00000000</simulated_ppc_mem2_size>

  <dev_mode type="unsignedInt" length="4">0</dev_mode>
  <prev_title_id type="hexBinary" length="8">0000000000000000</prev_title_id>

  <prev_os_id type="hexBinary" length="8">0000000000000000</prev_os_id>
  <default_app_type type="hexBinary" length="4">90000001</default_app_type>

  <default_device_type type="string" length="16"></default_device_type>
  <default_device_index type="unsignedInt" length="4">0</default_device_index>

  <fast_relaunch_value type="unsignedInt" length="4">0</fast_relaunch_value>

  <default_eco_title_id type="hexBinary" length="8">0005001010066000</default_eco_title_id>

</system>

is it possible that this was the original title_id?

<default_eco_title_id type="hexBinary" length="8">0005001010066000</default_eco_title_id>

I think I,ve got it:

** nandFixer : Fix incomplete dump, add ECCs and HMACs **
built: May 29 2019 00:54:35
Restoring system.xml backup

I edited the title_id for the wiiu system menu, saved as syshax.xml and ran
>nand777.exe slc.bin USA syshax.xml

I'll report in a while thanks.

godreborn · Apr 21, 2021

that nand doesn't look complete. I think there are four files in the config folder.

danyboy666 · Apr 21, 2021

godreborn said:
that nand doesn't look complete. I think there are four files in the config folder.

for real.. which config folder?
nevermind i need to extract the entire rom for that config folder

sys_prod.xml and system.xml . i should have just look at my screen capture lol.. idk man i'll upload the nand see what it,ll do at this point i have nothing to lose i guess.

godreborn · Apr 21, 2021

the image above shows eco.xml and rtc.xml. I don't know what those are for. rtc might pertain to the internal clock based on the name, but no idea what eco.xml is for.

SundayWarrior · Apr 21, 2021

danyboy666 said:
<default_title_id type="hexBinary" length="8">0005000010179b00</default_title_id

Bad. Change to wiiu menu id
For eur is 0005001010040200
For usa is 0005001010040100
What error you get when console load?

godreborn · Apr 21, 2021

I can't guarantee this is correct, but I extracted my system.xml from redNAND to make sure it's correct. the title id I have is: 0005001010040100

--------------------- MERGED ---------------------------

SundayWarrior said:
Bad. Change to wiiu menu id
For eur is 0005001010040200
For usa is 0005001010040100
What error you get when console load?

didn't see your post, but yeah that coincides with what I found in my system.xml

--------------------- MERGED ---------------------------

his is probably the usa one if he lives in canada, so that should work.

--------------------- MERGED ---------------------------

btw, I have no idea how you inject that back into the nand. that's what cbhc remover is supposed to be for, but doing it manually, no idea. I just how to extract things from the nand.

SundayWarrior · Apr 21, 2021

godreborn said:
btw, I have no idea how you inject that back into the nand. that's what cbhc remover is supposed to be for, but doing it manually, no idea. I just how to extract things from the nand.

Im upload pathed cbhc remover - its can do this.

godreborn · Apr 21, 2021

I'd like a copy of that, so be sure to upload it to temp.

SundayWarrior · Apr 21, 2021

godreborn said:
I'd like a copy of that, so be sure to upload it to temp.

Im upload'ed - sorry for bad english
https://gbatemp.net/threads/guide-kaflukes-hardmod-cbhc-unbrick-guide.476725/page-9#post-8656458

Im fixed my wiiu with this. If nand not have backup system.xml - its very usefull

Hacking [Guide] Kafluke's HardMod CBHC Unbrick guide

UDE GA NARU ZE!

Well-Known Member

Active Member

Welcome to the Machine

Active Member

Welcome to the Machine

Active Member

Well-Known Member

Welcome to the Machine

Active Member

Welcome to the Machine

Active Member

Welcome to the Machine

Active Member

Welcome to the Machine

Well-Known Member

Welcome to the Machine

Well-Known Member

Welcome to the Machine

Well-Known Member

Similar threads

Popular threads in this forum