Hacking Able to install cIOS with the system menu?

Krestent

Krestent

What to post?
OP
Member
Level 3
Joined
Mar 31, 2009
Messages
3,953
Trophies
0
Website
Visit site
XP
340
Country
United States
I posted that I was going to install SM3.5K into 000000010000009C in another thread, but now I can't find that thread (yes, I searched). So I installed it and also IOS52.

I tested my theory by loading IOS254 with the cIOS rev17 installer, which brought up Bootmii/IOS. But, when I load IOS156 with the installer, it just continues, like if I had selected a trucha signed IOS, and even lets me install the cIOS! How do I get around this?

Running SM4.0, cIOS rev17, installed non-stub IOS52, installed IOS156(really SM3.5K).
 
F

fogbank

Well-Known Member
Member
Level 1
Joined
Oct 28, 2008
Messages
413
Trophies
0
XP
56
Country
United States
tattar8 said:
Testing... but the thing is, I know IOS52 is vulnerable, but running code from the IOS that's really the SM itself?
Click to expand...

Maybe if you load SM in that manner the Wii checks the TMD for the required IOS (52) and loads that first, but the actual System Menu does not load. Either that or the cIOS installer does not load the SM correctly and you are still running the IOS that was being used when you launched the installer (and if that IOS is vulnerable the cIOS installation succeeds).

Just guessing...
 
Krestent

Krestent

What to post?
OP
Member
Level 3
Joined
Mar 31, 2009
Messages
3,953
Trophies
0
Website
Visit site
XP
340
Country
United States
fogbank said:
tattar8 said:
Testing... but the thing is, I know IOS52 is vulnerable, but running code from the IOS that's really the SM itself?
Click to expand...

Maybe if you load SM in that manner the Wii checks the TMD for the required IOS (52) and loads that first, but the actual System Menu does not load. Either that or the cIOS installer does not load the SM correctly and you are still running the IOS that was being used when you launced the installer (and if that IOS is vulnerable the cIOS installation succeeds).

Just guessing...
Click to expand...
So I might next try installing a non-trucha vulnerable IOS to IOS52 and see if the installer still runs?
 
J

Jacobeian

Well-Known Member
Member
Level 4
Joined
May 15, 2008
Messages
1,893
Trophies
0
XP
387
Country
Cuba
Something you don't understand is that system menu and IOS are two completely different things: the fact they can be installed from "wads" as "title" in the Wii memory does not mean they can be handled in a similar way.

System Menu is code running on the PowerPC cpu, while IOS runs on the ARM cpu, those are two fundamentaly different and incompatible binary type, how do you expect that loading the system menu installed as an IOS could work ??? It simply can NOT work, you have to load some IOS code in ARM memory as well as the System Menu code in Main memory at some point, then make cpu starts code execution.

I agree that experimenting stuff is fun but you also need MINIMAL knowledge of what you're doing
wacko.gif



QUOTE said:
but anyway, does Bootmii/IOS use mini or some IOS? If so, how does it run?
Click to expand...

Bootmii/IOS, when loaded (IOS_Reload), will load mini then the interface program, just as BootMii/Boot2 would do when the wii is powered.
 
Krestent

Krestent

What to post?
OP
Member
Level 3
Joined
Mar 31, 2009
Messages
3,953
Trophies
0
Website
Visit site
XP
340
Country
United States
Jacobeian said:
Something you don't understand is that system menu and IOS are two completely different things: the fact they can be installed from "wads" as "title" in the Wii memory does not mean they can be handled in a similar way.

System Menu is code running on the PowerPC cpu, while IOS runs on the ARM cpu, those are two fundamentaly different and incompatible binary type, how do you expect that loading the system menu installed as an IOS could work ??? It simply can NOT work, you have to load some IOS code in ARM memory as well as the System Menu code in Main memory at some point, then make cpu starts code execution.

I agree that experimenting stuff is fun but you also need MINIMAL knowledge of what you're doing
wacko.gif



QUOTE said:
but anyway, does Bootmii/IOS use mini or some IOS? If so, how does it run?
Click to expand...

Bootmii/IOS, when loaded (IOS_Reload), will load mini then the interface program, just as BootMii/Boot2 would do when the wii is powered.
Click to expand...

Then how about this: Would it work if I patched some code that calls the system menu, such as the "return to SYstem Menu" option in some homebrew to call 000000010000009C instead of 00000001000000002?
 
J

Jacobeian

Well-Known Member
Member
Level 4
Joined
May 15, 2008
Messages
1,893
Trophies
0
XP
387
Country
Cuba
using homebrew maybe, at least it would be more realistic, though I don't know what kind of protection/requirements are in those ES functions

edit: in libogc you have this neat little function WII_LaunchTitle(u64 titleID), you could try to load the system menu title installed as IOS and see what happen. The biggest risk is if the korean system menu try to write some files on your NAND when started and this ends up messing your old system configuration, preventing the original system menu to work when you reboot your console.

Be sure to have bootmii as boot2 installed otherwise I won't take that risk if I were you.
 
Krestent

Krestent

What to post?
OP
Member
Level 3
Joined
Mar 31, 2009
Messages
3,953
Trophies
0
Website
Visit site
XP
340
Country
United States
Jacobeian said:
using homebrew maybe, at least it would be more realistic, though I don't know what kind of protection/requirements are in those ES functions

edit: in libogc you have this neat little function WII_LaunchTitle(u64 titleID), you could try to load the system menu title installed as IOS and see what happen. The biggest risk is if the korean system menu try to write some files on your NAND when started and this ends up messing your old system configuration, preventing the original system menu to work when you reboot your console.

Be sure to have bootmii as boot2 installed otherwise I won't take that risk if I were you.
Click to expand...

In that case I'll try to make SM2.0U work...Whatever it wrote to the nand is probably still there from the time my Wii was virgin.

And OF COURSE I have Bootmii/boot2. I'm not that stupid.
 
SifJar

SifJar

Not a pirate
Member
Level 7
Joined
Apr 4, 2009
Messages
6,022
Trophies
0
Website
Visit site
XP
1,175
Country
Jacobeian said:
using homebrew maybe, at least it would be more realistic, though I don't know what kind of protection/requirements are in those ES functions

edit: in libogc you have this neat little function WII_LaunchTitle(u64 titleID), you could try to load the system menu title installed as IOS and see what happen. The biggest risk is if the korean system menu try to write some files on your NAND when started and this ends up messing your old system configuration, preventing the original system menu to work when you reboot your console.

Be sure to have bootmii as boot2 installed otherwise I won't take that risk if I were you.
Click to expand...

If you do this, you could have multiple System Menus installed. Reasonably pointless really, but you could modify MyMenu to install themes to a "backup" System Menu so you could test them without risk of bricking. That's about the only use for it I can think of.
 
Krestent

Krestent

What to post?
OP
Member
Level 3
Joined
Mar 31, 2009
Messages
3,953
Trophies
0
Website
Visit site
XP
340
Country
United States
SifJar said:
Jacobeian said:
using homebrew maybe, at least it would be more realistic, though I don't know what kind of protection/requirements are in those ES functions

edit: in libogc you have this neat little function WII_LaunchTitle(u64 titleID), you could try to load the system menu title installed as IOS and see what happen. The biggest risk is if the korean system menu try to write some files on your NAND when started and this ends up messing your old system configuration, preventing the original system menu to work when you reboot your console.

Be sure to have bootmii as boot2 installed otherwise I won't take that risk if I were you.
Click to expand...

If you do this, you could have multiple System Menus installed. Reasonably pointless really, but you could modify MyMenu to install themes to a "backup" System Menu so you could test them without risk of bricking. That's about the only use for it I can think of.
Click to expand...
What open-source homebrew has this feature?
 
SifJar

SifJar

Not a pirate
Member
Level 7
Joined
Apr 4, 2009
Messages
6,022
Trophies
0
Website
Visit site
XP
1,175
Country
tattar8 said:
SifJar said:
Jacobeian said:
using homebrew maybe, at least it would be more realistic, though I don't know what kind of protection/requirements are in those ES functions

edit: in libogc you have this neat little function WII_LaunchTitle(u64 titleID), you could try to load the system menu title installed as IOS and see what happen. The biggest risk is if the korean system menu try to write some files on your NAND when started and this ends up messing your old system configuration, preventing the original system menu to work when you reboot your console.

Be sure to have bootmii as boot2 installed otherwise I won't take that risk if I were you.
Click to expand...

If you do this, you could have multiple System Menus installed. Reasonably pointless really, but you could modify MyMenu to install themes to a "backup" System Menu so you could test them without risk of bricking. That's about the only use for it I can think of.
Click to expand...
What open-source homebrew has this feature?
Click to expand...

If MyMenuify isn't open source, i dont think there is another theming homebrew. Other than softmii, but its long dead and crap.

Anyway, the only other use for this I can think of would be for StartPatch. You could make a modified version which would install to a fake SM, then you could safely test patches without any risk. But you could also update Menu Loader or use Banana Patcher to test the patches, in the later you just need to change the format a little.

In short, it'd be an interesting experiment, but not very useful I think. But you never know, maybe it'd be useful to have a backup SM, and perhaps someone could write a MINI app which would load titles off the NAND, so if you messed up your System Menu, you could use that app with the backup SM installed elsewhere to boot your Wii. Maybe I'm being ridiculous though...
 
C

Cmurda187

Well-Known Member
Member
Level 7
Joined
Oct 24, 2008
Messages
234
Trophies
1
Location
The depths of HELL
XP
1,083
Country
United States
tattar8 said:
Jacobeian said:
using homebrew maybe, at least it would be more realistic, though I don't know what kind of protection/requirements are in those ES functions

edit: in libogc you have this neat little function WII_LaunchTitle(u64 titleID), you could try to load the system menu title installed as IOS and see what happen. The biggest risk is if the korean system menu try to write some files on your NAND when started and this ends up messing your old system configuration, preventing the original system menu to work when you reboot your console.

Be sure to have bootmii as boot2 installed otherwise I won't take that risk if I were you.
Click to expand...

In that case I'll try to make SM2.0U work...Whatever it wrote to the nand is probably still there from the time my Wii was virgin.

And OF COURSE I have Bootmii/boot2. I'm not that stupid.
Click to expand...
Didn't Wanin do somethig kind of similar to this with a nand emulation project he was working on before. I remember seeing some video where he was using different system menus with nand emulation
 

Site & Scene News

Go to forum More news

Popular threads in this forum

Hacking Tutorial Project  Wiiflow lite 5.5.4 , 10 themes in one pack 2024 - with extras

Hacking  Bricked Wii Family Edition

64DD on Wii?

Astebros doesn't work on GenPlusGx

All Channels Discussion

Feedback  Hacking The Internet Channel. "Internet Channel Deluxe" ? [WIP]

Hacking  Animal Crossing City Folk not working on any USBLoader

Gaming  Way to fully test very scratched game without a full play through?

General chit-chat
Help Users
  • No one is chatting at the moment.
    Veho @ Veho: Her boob is the cause of all this current shit :angry: