Hacking Bootmii Boot2 25th red Wii

[creedof69]

Hi everyone, I own a white Wii hacked for years with a defective disc drive. I use it with USB loader gx etc and bootmii on boot2.
So I planned to buy an other one in order to use some Wii and GameCube games from disc, make proper dump etc. And I say why not the red Wii ?

After many reading, my question is. Is it possible, in 2024 to install bootmii as boot2 on a red Wii ? I heard something about sdboot...

Thanks for future answer

 

[XFlak]

Bootmii boot2, no

SD boot, yeah probably, but sd boot in its current form will refuse to boot without an SD card with appropriate files on it, so if u ask me it's actually more of a brick risk, because if the sd card slot dies then u lose all functionality until the hardware is repaired

In theory there's work being done inspired by sd boot, that if accomplished could install something like bootmii boot2 on all wii's, but even if it can be done, unless it can be reverse engineered somehow or recreated using content from NUS, it can't work without either blatantly violating copyright laws and redistributing sd boot (or a modified version of it), or by requiring you source it yourself in order to actually use whatever tool is potentially released

I wouldn't hold my breath

 

[truemaster]

sdboot cease of development is dissapointing. they didnt had to include the copyright wads. but everything else. and leave up to the user to source the copyright wads from the nintendo leak.

 

[KleinesSinchen]

Cheating: Swap an old Wii motherboard with BootMii@boot2 into the red shell.

Otherwise I'd prefer a hash collision attack in order to replace boot1 over various hurdles with copyrighted content. SHA1 is somewhat broken with a practical exmaple of a known exmaple of chosen prefix collision.

Still no source for the used tool to my knowledge.

A custom boot1 would less likely to be an easy target for copyright trolls like big N is one.

 

[tech3475]

IIRC SDboot had other issues, such as being restricted to non-SDHC cards.

This would mean you're limited to 2GB and in this case getting a fake card could lead to a semi-brick.

 

[truemaster]

i dont think its a boot1 that been replace with the leaked data. boot0 checks the crc of boot1 that is stored in otp chip. if it doesnt match the boot sequence will halted. otherwise the old (bugged) boot1 that allow the bootmii would be installed (via hack) on all wiis. yes the downside of this hack is that only the old non sdhc card can be used, along with that without the sdcard the wii will not boot.

 

[The Real Jdbye]

Cheating: Swap an old Wii motherboard with BootMii@boot2 into the red shell.

Otherwise I'd prefer a hash collision attack in order to replace boot1 over various hurdles with copyrighted content. SHA1 is somewhat broken with a practical exmaple of a known exmaple of chosen prefix collision.

Still no source for the used tool to my knowledge.

A custom boot1 would less likely to be an easy target for copyright trolls like big N is one.

I don't know what state it's in, there's no documentation or release, but there's some source code here: https://github.com/RedBeesRGD/rgdboot-installer (the last commit was fairly recent)

 

[KleinesSinchen]

i dont think its a boot1 that been replace with the leaked data. boot0 checks the crc of boot1 that is stored in otp chip. if it doesnt match the boot sequence will halted. otherwise the old (bugged) boot1 that allow the bootmii would be installed (via hack) on all wiis. yes the downside of this hack is that only the old non sdhc card can be used, along with that without the sdcard the wii will not boot.

No, boot1 has not been replaced by leaked data. Of course not. I would love to see boot1 being replaced with a homebrew version by a SHA1 collision attack. That would be a clean (no copyright issues) way of booting arbitrary code.
It would be so nice if the source for the collision attack was released. Nobody should rely on SHA1 anymore and it has been years since it was proven insecure.

Using tainted (leaked) stuff can lead to attacks against devs.

 

[creedof69]

Sorry to dig up this thread but i learned that if We install priiloader, bootmii as an ios could do the job compared to bootmii as boot2. Any advices ?

 

[truemaster]

not enrirely. priiloader is basicly system menu that needs also the ios the system menu needs. if you instll something that brick system menu and interfere with priiloadr as well is goodbye. if you install an ios that system menu needs and that ios is bad or power out when you install it is also goodbye. but you can make a nanddump using bootme as ios. worst case scenario if bricked is to use hardware flasher and flash back the bootme backup nanddump

 

[creedof69]

not enrirely. priiloader is basicly system menu that needs also the ios the system menu needs. if you instll something that brick system menu and interfere with priiloadr as well is goodbye. if you install an ios that system menu needs and that ios is bad or power out when you install it is also goodbye. but you can make a nanddump using bootme as ios. worst case scenario if bricked is to use hardware flasher and flash back the bootme backup nanddump

I wanted to try something (before just swapping cases solution )
Can I, install priiloader and set it to autoboot to sneek, neek2o, and then reinstall priiloader and bootmii ios (which should be on the emunand) and install all cios. When we are on the emunand all things which install cios or restore nand are done ON the emunand right ? For example if I open bootmii in my emunand and press restore nand, it overwrite my emunand not the real one right ? I ask because i thought that maybe these homebrew bypass emunand to go do their things directly to real nand

 

[truemaster]

that i dont know. i never use emunand.