mike360X1 said:
For starters, if you don't know what OTP means it's one time programmable which means that it only lets you edit, modify, change, etc, only once. That means if you have that kind of version of boot2 (or 1, don't remember) You wont be able to install bootmii. So, that being said, Why can't we just download the fixed bug of boot 2 from the nus server (Nintendo server) and analyze it or kind of study it. (are you with me here?) People can then develop a application that lets you delete that boot and replace that boot with the boot that already has the bootmii patch? Correct me if I'm wrong..... if this can be possible, then why didn't those programmers develop that already? But, I could be wrong. maybe OTP can't be deleted too.
Boot0 is inside your cpu and can't be changed.
Boot1 is in nand with a hash in OTP, the nand can be changed but the hash in OTP can't (*).
Boot2 is in nand and the signature is checked by boot1.
The bug is in boot1 on old Wii's & it's difficult for anyone including Nintendo to change boot1 as the OTP can't be changed (*).
If you don't have a bugged boot1 then the only possible ways of installing a custom boot2 are:
1. Sieve Nintendo's private key.
2. Create a custom boot1 with a hash collision with the fixed boot1. This could either be based on the bugged boot1 or something completely custom, but you need to keep changing unused bytes until the hash matches.
Both of these are hard.
(*) Technically OTP can be changed, you can change 1's to 0's but you can't change 0's back to 1's. But as you can't change all bits then it doesn't help to change any of them.