BOOTMII UNBRICKED A WII B4 BOOTMII!!

Discussion in 'Wii - Hacking' started by pspmte, May 15, 2009.

May 15, 2009
  1. pspmte
    OP

    Member pspmte GBAtemp Regular

    Joined:
    Oct 23, 2008
    Messages:
    243
    Country:
    United Kingdom
    Yes it works the hacked boot2 will let you boot a bricked wii up into bootmii

    Heres what i did

    1 Get a broken wii fully bricked open it to the motherboard

    2 Get a good wii with boot2 hacked(bootmii) open it to the motherboard

    3 Desolder the nandflashs with the bricked wii for the good wiis flash and solder it back- with power turned off

    4 Then turn on your bricked wii with the good nandflash with bootmii installed

    5 dump the wii flash to get the keys from the bad wii

    pls note homebrew or system menu will not work at all, its just a method to get the wiis keys


    Hope this a better guide


    Btw bootmii boots up without the wifi card or blue tooth plugged in
     


  2. WiiCrazy

    Member WiiCrazy Be water my friend!

    Joined:
    May 8, 2008
    Messages:
    2,391
    Location:
    Istanbul
    Country:
    Turkey
    Hmm, not a surprise [​IMG]

    bootmii itself has access to the keys and can dump them I guess... did you give it a go that way?
     
  3. FenrirWolf

    Member FenrirWolf GBAtemp Psycho!

    Joined:
    Nov 19, 2008
    Messages:
    4,343
    Location:
    Beaverton, OR
    Country:
    United States
    HAY GUYZ IT'S CAPS-LOCK FRIDAY IN THIS TOPIC!
     
  4. pspmte
    OP

    Member pspmte GBAtemp Regular

    Joined:
    Oct 23, 2008
    Messages:
    243
    Country:
    United Kingdom
    Done its guys unbricked a wii we can now unbrick anywiis

    You get the keys buy dumping the nand
     
  5. cwstjdenobs

    Member cwstjdenobs Sodomy non sapiens

    Joined:
    Mar 10, 2009
    Messages:
    1,757
    Location:
    Ankh-Morpork
    Country:
    United Kingdom
    So swap out the NAND, run BootMii backup to get the keys from the Wii, encrypt an unencrypted NAND dump and use a NAND programmer to put that on the bricked Wiis NAND? or is it easier than that
     
  6. pspmte
    OP

    Member pspmte GBAtemp Regular

    Joined:
    Oct 23, 2008
    Messages:
    243
    Country:
    United Kingdom
    Yes thats it, use bootmii to dump it back
     
  7. FenrirWolf

    Member FenrirWolf GBAtemp Psycho!

    Joined:
    Nov 19, 2008
    Messages:
    4,343
    Location:
    Beaverton, OR
    Country:
    United States
    I can only assume you mean swapping nand dumps and not opening up the Wii and swapping the chips. You need to write things more clearly.
     
  8. pspmte
    OP

    Member pspmte GBAtemp Regular

    Joined:
    Oct 23, 2008
    Messages:
    243
    Country:
    United Kingdom
    No FenrirWolf i desoldered the nands and swapped them, did say its hard core lol
     
  9. cwstjdenobs

    Member cwstjdenobs Sodomy non sapiens

    Joined:
    Mar 10, 2009
    Messages:
    1,757
    Location:
    Ankh-Morpork
    Country:
    United Kingdom
    Swapped them while the Wii was running? While some may call that hard core others would have less polite phrases in mind, lol. Well done though. I guess a Wii is cheaper than the otherwise needed kit
     
  10. LxTrix

    Member LxTrix GBAtemp Advanced Fan

    Joined:
    Feb 3, 2009
    Messages:
    613
    Country:
    United States
    A mod should delete this thread for all caps.
     
  11. kyle007

    Member kyle007 GBAtemp Fan

    Joined:
    Oct 5, 2008
    Messages:
    387
    Country:
    United States
    all this talk about NAND and 4.0 has got me thinking (since 4.0 writes to the NAND quite abit if you play games from the sd menu) would it be possible to buy NAND (its just flash memory right?) and flash your data onto it and install it? im just worried that once our NAND's go out we'll have to send em back to nintendo lol does anyone know if such a thing is possible?
     
  12. Vidboy10

    Member Vidboy10 Tsardom

    Joined:
    Dec 15, 2008
    Messages:
    2,617
    Location:
    Vancouver, B.C
    Country:
    Canada
    IT'S SO COOL TALKING IN CAPS ISN'T IT?
     
  13. Shinigami Kiba

    Member Shinigami Kiba GBAtemp Advanced Fan

    Joined:
    Oct 28, 2007
    Messages:
    606
    Country:
    Macedonia, The Former Yugoslav Republic of
    Aren't Boot1 and 2 part of the NAND? If so I don't see how this would work since by swapping NANDS from one wii to the other you move bootmii with them too, UNLESS he did it while the working bootmii wii was still running, but would that be risky? I mean you're soldering and crap while the system is running....
     
  14. pspmte
    OP

    Member pspmte GBAtemp Regular

    Joined:
    Oct 23, 2008
    Messages:
    243
    Country:
    United Kingdom
    I did move bootmii from the good wii to the bad wii that had never had bootmii installed on it

    Both wii were powered off when i swapped the nand, im an electronics engineer not silly lol

    Now does anybody know how i can read the nand.bin from bootmii?
     
  15. Shinigami Kiba

    Member Shinigami Kiba GBAtemp Advanced Fan

    Joined:
    Oct 28, 2007
    Messages:
    606
    Country:
    Macedonia, The Former Yugoslav Republic of
    is bootmii part of the NAND? The way I understand it is, bootmii installs in the very first bytes of the NAND, the ones used as boot2.

    so are boot1 and boot2 part of the Nand or are they on a different piece of hardware the wii runs the flash memory off of?

    If boot1 and 2 are part of the NAND, the internal flash memory all you basically did was swap the NANDS so you're still left with one bricked and one unbricked Wii, or did you manage to move bootmii ALONE to the bricked NAND?
     
  16. knowthing

    Newcomer knowthing Member

    Joined:
    May 14, 2009
    Messages:
    11
    Country:
    United States
    I'm curious what software is used to unencrypt one nand dump and re-encrypt it with another wii's key? Or have I misunderstood the process?
     
  17. fogbank

    Member fogbank GBAtemp Fan

    Joined:
    Oct 28, 2008
    Messages:
    413
    Country:
    United States
    They are stored on the NAND.
     
  18. knowthing

    Newcomer knowthing Member

    Joined:
    May 14, 2009
    Messages:
    11
    Country:
    United States
    I thought boot1 was stored in some kind of rom memory that can't be erased or re-written. boot2 must be stored on the nand chip for this to have worked. Also I guess the bricked wii must have a vulnerable boot1 also.
     
  19. FenrirWolf

    Member FenrirWolf GBAtemp Psycho!

    Joined:
    Nov 19, 2008
    Messages:
    4,343
    Location:
    Beaverton, OR
    Country:
    United States
    No, boot1 is stored on the NAND with everything else. However, its SHA-1 hash is stored in non-writable memory.
     
  20. pspmte
    OP

    Member pspmte GBAtemp Regular

    Joined:
    Oct 23, 2008
    Messages:
    243
    Country:
    United Kingdom
    Ok so i have a nand.bin dump of my bad wii with good flash bootmii, how do i get the keys from the nand.bin?

    Btw all that boots at the moment is ppcboot.elf now if some clever guy could code the xxyyzz dol to ppc
    we would get the keys then
     

Share This Page