Hacking [Guide] Kafluke's HardMod CBHC Unbrick guide

danyboy666

Active Member
Newcomer
Joined
Dec 30, 2009
Messages
37
Trophies
0
XP
227
Country
Canada
Just edit broken system.xml (grab it from unpacked slc.bin) and renamed it to syshax.xml

yes it seem to have done the trick I reflashed it but now all i get is a black screen. Does it default to A/V mode after a format? Should I try and hook everything up and test with an AV cable or I have done something wrong? Right now it's hooked up to hdmi with the heatsink dvd and fan. No cmos battery.

In the meantime I'm suppose to get an av cable tonight so I can test. Wiiu pad was telling me to power up the wiiu and choose the right input so it was no help.

--------------------- MERGED ---------------------------

I can't guarantee this is correct, but I extracted my system.xml from redNAND to make sure it's correct. the title id I have is: 0005001010040100

--------------------- MERGED ---------------------------



didn't see your post, but yeah that coincides with what I found in my system.xml.

--------------------- MERGED ---------------------------

his is probably the usa one if he lives in canada, so that should work.

--------------------- MERGED ---------------------------

btw, I have no idea how you inject that back into the nand. that's what cbhc remover is supposed to be for, but doing it manually, no idea. I just how to extract things from the nand.

ah damn i need to reflash it LOLLLLL. ffs. I should have used 0005001010040100 for the wiiu system menu I'll be back in an hour 1/2 :S. I'm pretty sure i'm on the righ tpath anywais you guys are pros thanx.
 
Last edited by danyboy666,
  • Like
Reactions: godreborn

godreborn

Welcome to the Machine
Member
Joined
Oct 10, 2009
Messages
38,471
Trophies
3
XP
29,105
Country
United States
try @SundayWarrior 's app. that may be the only way to inject a new system.xml. those nand tools only extract, not inject, and you don't have a syshax.xml. like I mentioned, it's identical to the system.xml (a copy) except the system.xml is modified for cbhc. extract the system.xml, add that title id, then rename as syshax.xml and try that app.
 

danyboy666

Active Member
Newcomer
Joined
Dec 30, 2009
Messages
37
Trophies
0
XP
227
Country
Canada
try @SundayWarrior 's app. that may be the only way to inject a new system.xml. those nand tools only extract, not inject, and you don't have a syshax.xml. like I mentioned, it's identical to the system.xml (a copy) except the system.xml is modified for cbhc. extract the system.xml, add that title id, then rename as syshax.xml and try that app.

I'm not sure if you were refering to me in you reply? That's what i'm doing. I did it wrong the first time tho I flash it with the wrong title_id. But yeah everything seem to be on track for the rescue. It's reflashing the right slc.bin with @SundayWarrior tool which i reinjected the edited system.xml.

edit: those trace points are horrible to solder to. i don't think i will even attempt to hack my switch if the recovery process is that painful again. i used flux at the end and tried to solder to both contacts points. I used single wired i dont know which awg but it was as thin as those traces lol.
 
Last edited by danyboy666,
  • Like
Reactions: godreborn

godreborn

Welcome to the Machine
Member
Joined
Oct 10, 2009
Messages
38,471
Trophies
3
XP
29,105
Country
United States
btw, I just extracted both system.xml and syshax.xml from my current nand backup. there's only one other location where they're different. it's this line:

<default_device_type type="string" length="16" /> this is the syshax.xml
<default_device_type type="string" length="16"/> this is the system.xml

everything else is identical minus the title id.
 

danyboy666

Active Member
Newcomer
Joined
Dec 30, 2009
Messages
37
Trophies
0
XP
227
Country
Canada
i'm going to trow that console in the trash pretty soon. still a black screen. even with av cable. I flashed the right fw. I getting kinda pissed at it.
 

danyboy666

Active Member
Newcomer
Joined
Dec 30, 2009
Messages
37
Trophies
0
XP
227
Country
Canada
Bad. Change to wiiu menu id
For eur is 0005001010040200
For usa is 0005001010040100
What error you get when console load?

right now no errors, only black screen with a solid blue LED. I did try A/V to be sure.
I don't recall the exact error it was months ago since i bricked the console but i did my search back then it pointed me to bricked console which i did really questionned after seeing lots of similar posts around internet. The original mod was with the brain age game. I do recall doing something after that to make the hack semi permanant but i don't recall which method exactly it was years ago. I'm taking a break from this tonight before i rip my teensy out of there and trow that poc in the garbage, If you have any ideas you're welcome to send them my way. thnks again.

edit: i've validated the title_id from the new slc.bin and of course flashed the right binary. I,m lost.

<default_title_id type="hexBinary" length="8">0005001010040100</default_title_id>

--------------------- MERGED ---------------------------

btw, I just extracted both system.xml and syshax.xml from my current nand backup. there's only one other location where they're different. it's this line:

<default_device_type type="string" length="16" /> this is the syshax.xml
<default_device_type type="string" length="16"/> this is the system.xml

everything else is identical minus the title id.
yeah not sure if that space really matter since it's xml.
 
Last edited by danyboy666,

godreborn

Welcome to the Machine
Member
Joined
Oct 10, 2009
Messages
38,471
Trophies
3
XP
29,105
Country
United States
I'm out of ideas, at least software wise. I did notice that you were missing both cos.xml and rtc.xml in the config folder. I'm not really sure what either does, but they're a part of all three of my nand backups.
 

danyboy666

Active Member
Newcomer
Joined
Dec 30, 2009
Messages
37
Trophies
0
XP
227
Country
Canada
Do you unsolder gnd point on teensy after flash? If not do that = black screen

at first I did power up the wiiu with the GND still soldered. I realized after some reading I needed to desolder it. I will give this another try today.

I have a question does it matter if the console has no cmos battery? Would it boot if removed?

edit: still black screen.

I will desolder the teensy. The only thing i can think of at this point is that the flux might be conductive enough to prevent the console from booting. those wires are so tiny i did want to take any chances with sticking a toothbrush in there and scrap the whoel job since the teensy did dump the slc.bin.

the new slc.bin is there is confirmed the system.xml was edited. i did not redo a dump to check at this point all this is a waste of time.

rtfm :S
 
Last edited by danyboy666,
  • Like
Reactions: godreborn

SundayWarrior

Well-Known Member
Member
Joined
Jul 1, 2018
Messages
166
Trophies
0
Age
34
XP
1,132
Country
Russia
Two things - check solder point - if ways to cpu damaged - no read =no boot
If good - try flash back backup without changes
Check fuses on board.
And first time you read backup twise? If yes compare it.

And dont give up - if otp.bin from your console - softbrick fixable. In theory can be get decrypted donor dump and crypt it with cpu key (otp.bin ~same), after flash console can boot. But needed deep mod cbhc remover
 
Last edited by SundayWarrior,
  • Like
Reactions: danyboy666

danyboy666

Active Member
Newcomer
Joined
Dec 30, 2009
Messages
37
Trophies
0
XP
227
Country
Canada
Ooooh and it lives!!!
 

Attachments

  • yeah.jpg
    yeah.jpg
    85.4 KB · Views: 129

danyboy666

Active Member
Newcomer
Joined
Dec 30, 2009
Messages
37
Trophies
0
XP
227
Country
Canada
Two things - check solder point - if ways to cpu damaged - no read =no boot
If good - try flash back backup without changes
Check fuses on board.
And first time you read backup twise? If yes compare it.

And dont give up - if otp.bin from your console - softbrick fixable. In theory can be get decrypted donor dump and crypt it with cpu key (otp.bin ~same), after flash console can boot. But needed deep mod cbhc remover

I have the wiiu pad sync issue now but it seems fixable? I still need to srew everything back in pace.
My guess why it didn't work I was trying to boot the console without anything screwed, when i reassembled the thing I noticed there was a contact point around where the CPU is located there is a pin that might be some sort of protection.

Anywais i desoldered everything screwed the 2 face plates heatsink fan power btn and dvd.

Now that I think of it the dvd ribbon cable might have been in cause too.

Anywais it seem to want to live for another day so i'm good.

--------------------- MERGED ---------------------------

congratulations. I'm glad you managed to fix it. I put @SundayWarrior 's app in my wii u nand tools folder in case I ever need it.

thanks man i'm glad i got support here for this old relic :P thanks again guys.

Now what can i do for that wiiu pad sync? It doesn seem to want to sync whatever I do.
 
Last edited by danyboy666,

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
    Xdqwerty @ Xdqwerty: Out of nowhere I got several scars on my forearm and part of my arm and it really itches.