Betwiin v.10

Discussion in 'Wii - Hacking' started by pembo, Aug 10, 2009.

  1. longtom1

    longtom1 Keep an eye on my posts cause I quick edit frequen

    Member
    2
    Jan 12, 2009
    Honey Oils inc.
    you can use any Wii nand chip you want so you can change the nand from say 3.2e to 4.0j or u with the change of a nand chip seen a video on-line of someone doing this looks really cool
     
  2. pspmte

    pspmte GBAtemp Regular

    Member
    2
    Oct 23, 2008
    Yes with the infectus and bushing amoxy program u can dump nands and reflash

    I have 2 wiis bricked on 3.4 will go into the recovery buts that it

    only way I can see me fixing this is making a new NAND from another wii
    so I need to install bootmii with a hex editor onto the bricked nands
    then use bootmii to dump the NAND.bin then hex the keys and the use betwiin
     
  3. HiBit

    HiBit GBAtemp Fan

    Member
    2
    Jun 19, 2009
    Gambia, The
    The problem is you can only fix the bricked Wii if you have the NAND-Key and the HMAC-Key.

    Without that you can't add working code, and if you have the keys you can make a full backup
    from another Wii and there is no need to add bootmii with an hex editor.
     
  4. WiiCrazy

    WiiCrazy Be water my friend!

    Member
    2
    May 8, 2008
    Istanbul
    Well, you can find the keys of the broken wii by just flashing bootmii into it and taking a nand dump. Of course applicable only to those wiis that bootmii can be installed as boot2...
     
  5. HiBit

    HiBit GBAtemp Fan

    Member
    2
    Jun 19, 2009
    Gambia, The
    http://debugmo.de/?p=59%29

    And much more ppl say the full code is encryptet.


    Is that wrong?


    Edit
    It seems you are right and boot1/2 can be used onto another Wii if boot* has the same version.

    At this moment i compare a original and a converted dump and something more and the bootcode is the same. [​IMG]
     
  6. pspmte

    pspmte GBAtemp Regular

    Member
    2
    Oct 23, 2008
    Just to add to this

    I had 2 wiis both leh13xxxxx serial number

    one worked and i installed bootmii
    the other bricked no recovery ect
    so i took the bricked wiis nand flash off and swapped it with the working wiis nand flash
    The bricked wii booted into bootmii and i could do a dump of the nand with keys (so the nand dump was from the working wii but the keys where from the bricked wii)
    So now i know that bootmii has the keys at the end, thats how you get keys from a bricked wii
    We really should put all this info together and make an unbricking guide
     
  7. HiBit

    HiBit GBAtemp Fan

    Member
    2
    Jun 19, 2009
    Gambia, The
    Thats a good idea, there is something to know.

    Started with python, pycrypto and numpy.
    Than how to edit the NAND(for me the last 1kb must be removed before i could convert a dump).
    Followed by how to insert the last 1kb that bootmii accept the converted dump and something more.
     
  8. WiiCrazy

    WiiCrazy Be water my friend!

    Member
    2
    May 8, 2008
    Istanbul
    Well everything is right there [​IMG]

    If only I had good soldering skills, the exploration stops there for me..
    besides I educated people here in Turkey against bricks very well, even if I was able to unbrick people this way possibly I'll have no customers at all..
     
  9. Swizler

    Swizler GBAtemp Regular

    Member
    1
    Jul 28, 2009
    United States
    San Antonio,Texas
    then why not make said thread and sticky it?
     
  10. Swizler

    Swizler GBAtemp Regular

    Member
    1
    Jul 28, 2009
    United States
    San Antonio,Texas
    then why not make said thread and sticky it?
     
  11. pspmte

    pspmte GBAtemp Regular

    Member
    2
    Oct 23, 2008
    Yes they should
     
  12. superbob

    superbob GBAtemp Regular

    Member
    3
    Jan 30, 2008
    France
    Toulouse, France
    As for me it's a major concern, and a sufficent reason not to use it. Too risky.
     
  13. Hicksy

    Hicksy Member

    Newcomer
    1
    Apr 29, 2009
    United States
    usa
    Is there any easy way to get betwiin.py to run? i'm a noob to python and cant seem to get betwiin running. Or could someone convert this to a .exe? any help would be appreciated..... what i have so far is: xyzzy keys.txt from good wii in the input folder, then i renamed my nand.bin to flash.bin and put in input folder, then i put the bad wii's keys.txt file from xyzzy into the output folder. Now all i need to do is run betwiin.py but can't, so is there a program that'll run this for me quickly or am i screwed?
     
  14. HiBit

    HiBit GBAtemp Fan

    Member
    2
    Jun 19, 2009
    Gambia, The
    And ... and ... and.


    Good luck and sorry for my bad english, but i hope you understand what i mean(it's a problem for me to take all this in correct words). [​IMG]
    This is the reason why i didn't write a FAQ and also i didn't have a infectus at this time(i have a galep4, but it didn't support the NAND [​IMG]). I hope a infectus reach me this week and than i try all this an two bricked Wii that i bought @ ebay.
     
  15. Maisto

    Maisto GBAtemp Regular

    Member
    1
    Apr 16, 2009
    Ok if i get this right i need to do following.

    1. Install python -> http://python.org/ftp/python/2.6.2/python-2.6.2.msi
    2. Install PyCrypto into the same folder-> http://www.voidspace.org.uk/downloads/pycr...win32-py2.6.exe
    3. Install numpy into the same folder -> http://sourceforge.net/projects/numpy/file....6.exe/download
    4. copy my NAND.BIN to input folder and rename to flash.bin (from the working wii)
    5. find the nand and hmac keys ind nand.bin whit at hex editor
    6. copy the keys (from the working wii) (nand-key and hmac-key) to input folder (what file type do it need?) just file format?
    6. copy the nand-key and hamc-key to output folder (from the bricked wii)
    7. and then run betwiin.py whit python.

    Is that right or am i totally wrong?
     
  16. HiBit

    HiBit GBAtemp Fan

    Member
    2
    Jun 19, 2009
    Gambia, The
    Thats right, but also you must remove the last 1024 bytes from the flash.bin @ the input folder if you use a bootmii NAND dump.
     
  17. Maisto

    Maisto GBAtemp Regular

    Member
    1
    Apr 16, 2009
    can you explain me how i do that, how do i save the keys fr0m the hex editor?

    the keys i need to save from the nand dump is that only the 20 and the 16 bytes?

    and the 1024 bytes i need to remote is that from the flash.bin in the input folder and do i need to do it before running betwiin.py?
     
  18. Hicksy

    Hicksy Member

    Newcomer
    1
    Apr 29, 2009
    United States
    usa
    ok i got python working. now i need an idea on a hex editor. which do u recommend being the easiest and could u walk me thru the keys process slowly. and also how do i get rid of the last 1024 bytes ? i did get betwiin.py running tho. and it gave me some error,but it also gave me a nand file in the output folder. the normal nand.bin from boot mii is 540,673kb this file is 540,672kb any ideas? i'm afraid to try using this cus i didn't do all the hex editing and that.
     
  19. HiBit

    HiBit GBAtemp Fan

    Member
    2
    Jun 19, 2009
    Gambia, The
    @Maisto
    Yes, thats right and of cause you must do it before you run betwiin.

    @Hicksy
    I think ultra edit is a great editor because you can see the adresse where you are, you can see how much bytes you select(e.g. go to the last byte and if you hold ctrl and go down/up you see when you have 1024 bytes selected) and much more.
    http://www.ultraedit.com/downloads/ultraedit_download.html

    I can make some screenshots later if i'm back at home.
     
  20. Hicksy

    Hicksy Member

    Newcomer
    1
    Apr 29, 2009
    United States
    usa
    So how do we re - add the 1024 bytes back into the output folder's newly created flash.bin ? i'm going to use the hex editor later today and gonna retry all of this step by step. and thanks you've been very helpful HiBit!!


    Update: I got ultraedit and punched ctrl f to find $21000144 and it says not found, ok i feel pretty dumb now....lol but being this is the first time i'm using a hex editor i hope i can be forgiven, i am going to step away from my keyboard and await assistance before i f@*! something up.....lol
     
Loading...