Hacking BOOTMII UNBRICKED A WII B4 BOOTMII!!

[pspmte]

Yes it works the hacked boot2 will let you boot a bricked wii up into bootmii

Heres what i did

1 Get a broken wii fully bricked open it to the motherboard

2 Get a good wii with boot2 hacked(bootmii) open it to the motherboard

3 Desolder the nandflashs with the bricked wii for the good wiis flash and solder it back- with power turned off

4 Then turn on your bricked wii with the good nandflash with bootmii installed

5 dump the wii flash to get the keys from the bad wii

pls note homebrew or system menu will not work at all, its just a method to get the wiis keys


Hope this a better guide


Btw bootmii boots up without the wifi card or blue tooth plugged in

 

[WiiCrazy]

Hmm, not a surprise

bootmii itself has access to the keys and can dump them I guess... did you give it a go that way?

 

[FenrirWolf]

HAY GUYZ IT'S CAPS-LOCK FRIDAY IN THIS TOPIC!

 

[pspmte]

Done its guys unbricked a wii we can now unbrick anywiis

You get the keys buy dumping the nand

 

[cwstjdenobs]

So swap out the NAND, run BootMii backup to get the keys from the Wii, encrypt an unencrypted NAND dump and use a NAND programmer to put that on the bricked Wiis NAND? or is it easier than that

 

[pspmte]

Yes thats it, use bootmii to dump it back

 

[FenrirWolf]

I can only assume you mean swapping nand dumps and not opening up the Wii and swapping the chips. You need to write things more clearly.

 

[pspmte]

No FenrirWolf i desoldered the nands and swapped them, did say its hard core lol

 

[cwstjdenobs]

No FenrirWolf i soldered the nands and swapped them, did say its hard core lol

Swapped them while the Wii was running? While some may call that hard core others would have less polite phrases in mind, lol. Well done though. I guess a Wii is cheaper than the otherwise needed kit

 

[LxTrix]

A mod should delete this thread for all caps.

 

[kyle007]

all this talk about NAND and 4.0 has got me thinking (since 4.0 writes to the NAND quite abit if you play games from the sd menu) would it be possible to buy NAND (its just flash memory right?) and flash your data onto it and install it? im just worried that once our NAND's go out we'll have to send em back to nintendo lol does anyone know if such a thing is possible?

 

[Vidboy10]

IT'S SO COOL TALKING IN CAPS ISN'T IT?

 

[Shinigami Kiba]

Aren't Boot1 and 2 part of the NAND? If so I don't see how this would work since by swapping NANDS from one wii to the other you move bootmii with them too, UNLESS he did it while the working bootmii wii was still running, but would that be risky? I mean you're soldering and crap while the system is running....

 

[pspmte]

I did move bootmii from the good wii to the bad wii that had never had bootmii installed on it

Both wii were powered off when i swapped the nand, im an electronics engineer not silly lol

Now does anybody know how i can read the nand.bin from bootmii?

 

[Shinigami Kiba]

is bootmii part of the NAND? The way I understand it is, bootmii installs in the very first bytes of the NAND, the ones used as boot2.

so are boot1 and boot2 part of the Nand or are they on a different piece of hardware the wii runs the flash memory off of?

If boot1 and 2 are part of the NAND, the internal flash memory all you basically did was swap the NANDS so you're still left with one bricked and one unbricked Wii, or did you manage to move bootmii ALONE to the bricked NAND?

 

[knowthing]

I'm curious what software is used to unencrypt one nand dump and re-encrypt it with another wii's key? Or have I misunderstood the process?

 

[fogbank]

so are boot1 and boot2 part of the Nand or are they on a different piece of hardware the wii runs the flash memory off of?

They are stored on the NAND.

 

[knowthing]

so are boot1 and boot2 part of the Nand or are they on a different piece of hardware the wii runs the flash memory off of?

They are stored on the NAND.

I thought boot1 was stored in some kind of rom memory that can't be erased or re-written. boot2 must be stored on the nand chip for this to have worked. Also I guess the bricked wii must have a vulnerable boot1 also.

 

[FenrirWolf]

No, boot1 is stored on the NAND with everything else. However, its SHA-1 hash is stored in non-writable memory.

 

[pspmte]

Ok so i have a nand.bin dump of my bad wii with good flash bootmii, how do i get the keys from the nand.bin?

Btw all that boots at the moment is ppcboot.elf now if some clever guy could code the xxyyzz dol to ppc
we would get the keys then