Able to install cIOS with the system menu?

Discussion in 'Wii - Hacking' started by Krestent, Jan 20, 2010.

  1. Krestent
    OP

    Krestent What to post?

    Member
    3,953
    33
    Mar 31, 2009
    United States
    I posted that I was going to install SM3.5K into 000000010000009C in another thread, but now I can't find that thread (yes, I searched). So I installed it and also IOS52.

    I tested my theory by loading IOS254 with the cIOS rev17 installer, which brought up Bootmii/IOS. But, when I load IOS156 with the installer, it just continues, like if I had selected a trucha signed IOS, and even lets me install the cIOS! How do I get around this?

    Running SM4.0, cIOS rev17, installed non-stub IOS52, installed IOS156(really SM3.5K).
     


  2. BBking83

    BBking83 GBAtemp Advanced Fan

    Member
    676
    4
    Oct 23, 2008
    Australia
    It's vulnerable...

    http://wiibrew.org/wiki/IOS52

    I wouldn't be installing different SMs, especially different region ones.
    What were you trying to get out of this? Just testing?
     
  3. Krestent
    OP

    Krestent What to post?

    Member
    3,953
    33
    Mar 31, 2009
    United States
    Testing... but the thing is, I know IOS52 is vulnerable, but running code from the IOS that's really the SM itself?
     
  4. SifJar

    SifJar Not a pirate

    Member
    6,022
    891
    Apr 4, 2009
    How did you install System Menu as IOS? Just change the title ID? I assume you needed trucha to install it...
     
  5. fogbank

    fogbank GBAtemp Fan

    Member
    413
    0
    Oct 28, 2008
    United States
    Maybe if you load SM in that manner the Wii checks the TMD for the required IOS (52) and loads that first, but the actual System Menu does not load. Either that or the cIOS installer does not load the SM correctly and you are still running the IOS that was being used when you launched the installer (and if that IOS is vulnerable the cIOS installation succeeds).

    Just guessing...
     
  6. Krestent
    OP

    Krestent What to post?

    Member
    3,953
    33
    Mar 31, 2009
    United States
    So I might next try installing a non-trucha vulnerable IOS to IOS52 and see if the installer still runs?
     
  7. SifJar

    SifJar Not a pirate

    Member
    6,022
    891
    Apr 4, 2009
    Yeah, try that. If it does indeed check the TMD of the SM and switch to IOS52, with an unpatched IOS52 installation will fail.
     
  8. Krestent
    OP

    Krestent What to post?

    Member
    3,953
    33
    Mar 31, 2009
    United States
    I'm out of the house at the moment...but anyway, does Bootmii/IOS use mini or some IOS? If so, how does it run?
     
  9. Jacobeian

    Jacobeian GBAtemp Advanced Maniac

    Member
    1,881
    122
    May 15, 2008
    Cuba
    Something you don't understand is that system menu and IOS are two completely different things: the fact they can be installed from "wads" as "title" in the Wii memory does not mean they can be handled in a similar way.

    System Menu is code running on the PowerPC cpu, while IOS runs on the ARM cpu, those are two fundamentaly different and incompatible binary type, how do you expect that loading the system menu installed as an IOS could work ??? It simply can NOT work, you have to load some IOS code in ARM memory as well as the System Menu code in Main memory at some point, then make cpu starts code execution.

    I agree that experimenting stuff is fun but you also need MINIMAL knowledge of what you're doing [​IMG]


    Bootmii/IOS, when loaded (IOS_Reload), will load mini then the interface program, just as BootMii/Boot2 would do when the wii is powered.
     
  10. Krestent
    OP

    Krestent What to post?

    Member
    3,953
    33
    Mar 31, 2009
    United States
    Then how about this: Would it work if I patched some code that calls the system menu, such as the "return to SYstem Menu" option in some homebrew to call 000000010000009C instead of 00000001000000002?
     
  11. Jacobeian

    Jacobeian GBAtemp Advanced Maniac

    Member
    1,881
    122
    May 15, 2008
    Cuba
    using homebrew maybe, at least it would be more realistic, though I don't know what kind of protection/requirements are in those ES functions

    edit: in libogc you have this neat little function WII_LaunchTitle(u64 titleID), you could try to load the system menu title installed as IOS and see what happen. The biggest risk is if the korean system menu try to write some files on your NAND when started and this ends up messing your old system configuration, preventing the original system menu to work when you reboot your console.

    Be sure to have bootmii as boot2 installed otherwise I won't take that risk if I were you.
     
  12. Krestent
    OP

    Krestent What to post?

    Member
    3,953
    33
    Mar 31, 2009
    United States
    In that case I'll try to make SM2.0U work...Whatever it wrote to the nand is probably still there from the time my Wii was virgin.

    And OF COURSE I have Bootmii/boot2. I'm not that stupid.
     
  13. SifJar

    SifJar Not a pirate

    Member
    6,022
    891
    Apr 4, 2009
    If you do this, you could have multiple System Menus installed. Reasonably pointless really, but you could modify MyMenu to install themes to a "backup" System Menu so you could test them without risk of bricking. That's about the only use for it I can think of.
     
  14. Krestent
    OP

    Krestent What to post?

    Member
    3,953
    33
    Mar 31, 2009
    United States
    What open-source homebrew has this feature?
     
  15. SifJar

    SifJar Not a pirate

    Member
    6,022
    891
    Apr 4, 2009
    If MyMenuify isn't open source, i dont think there is another theming homebrew. Other than softmii, but its long dead and crap.

    Anyway, the only other use for this I can think of would be for StartPatch. You could make a modified version which would install to a fake SM, then you could safely test patches without any risk. But you could also update Menu Loader or use Banana Patcher to test the patches, in the later you just need to change the format a little.

    In short, it'd be an interesting experiment, but not very useful I think. But you never know, maybe it'd be useful to have a backup SM, and perhaps someone could write a MINI app which would load titles off the NAND, so if you messed up your System Menu, you could use that app with the backup SM installed elsewhere to boot your Wii. Maybe I'm being ridiculous though...
     
  16. XFlak

    XFlak Wiitired but still kicking

    Member
    9,127
    532
    Sep 12, 2009
    Canada
    Ontario
    i happen to have the source code for mymenuify---if any1 needs/wants it just pm me
     
  17. Cmurda187

    Cmurda187 GBAtemp Regular

    Member
    230
    0
    Oct 24, 2008
    United States
    The depths of HELL
    Didn't Wanin do somethig kind of similar to this with a nand emulation project he was working on before. I remember seeing some video where he was using different system menus with nand emulation
     
  18. tueidj

    tueidj I R Expert

    Member
    2,569
    820
    Jan 8, 2009
    The system menu is expected to be title 0000000100000002, it's hard-coded in things all over the place.
     
  19. Krestent
    OP

    Krestent What to post?

    Member
    3,953
    33
    Mar 31, 2009
    United States
    But will that stop a system menu installed to 000000010000009C from launching?
     
  20. tueidj

    tueidj I R Expert

    Member
    2,569
    820
    Jan 8, 2009
    You can't launch a title from there. 1-3 to 1-255 is reserved for IOSes only.