Hacking Bushing's DVD Exploit (Part 2)

Status
Not open for further replies.

teq

Well-Known Member
OP
Member
Joined
May 13, 2008
Messages
1,232
Trophies
0
XP
5
Country
United States
QUOTE said:
Would it be possible to patch different IOS on the fly from the thing i said in my other post depending on the disk? would it be possible to identify and then patch the according ios?

Why bother with "on the fly" when it could just be done and over with in one patch?


bryehn said:
So... pardon my ignorance, but how is what you guys are talking about different than Waninkoko's custom firmware?

It isn't; it's an elaboration on it.


zant
In regards to re-writing the NAND flash, talk with Dark AleX or Fanjita from the PSP scene. Somehow, the idea was to force the battery to boot to the memstick which in turn re-wrote the files. The memstick slot is provided with the SD front slot, now we have to figure out how to direct the boot sequence to the SD Slot, then to the wii system menu, sort of like the BIOS boot sequence.

just my 2 cents


The Wii is not a PSP.

http://hackmii.com/2008/06/your-wii-is-not-a-psp/#more-45
 

linkinworm

Well-Known Member
Member
Joined
May 30, 2008
Messages
1,597
Trophies
1
Age
33
Location
Birmingham (England)
XP
1,951
Country
Certificate ID:..... Hash Algorithm: %s.... Issuer Name Hash:..... Issuer Key Hash:.. Serial Number:.... Single Extensions:.. Request Extensions:..... Signature Algorithm:

ok, well i was just looking through random part of the IOS37 and found these, could we not patch the system to either
1:skip these commands and just read ahead to bootable data on the disk
2:delete them as so the system will not check for them
3:Patch them to just accept anything on the disk?

these are NOT the whole of everything, i think they were in 2-3 parts of the file

could this be used for anything?

there would need to be some hell of a lot of work tho with this
 

Jademalo

Well-Known Member
Member
Joined
May 23, 2007
Messages
330
Trophies
0
XP
345
Country
teq said:
QUOTE said:
Would it be possible to patch different IOS on the fly from the thing i said in my other post depending on the disk? would it be possible to identify and then patch the according ios?

Why bother with "on the fly" when it could just be done and over with in one patch?

1. SO that the wii is not permanantly patched, and nintendo cant brick it if they detect that it has been
2. so you can take it round to a friends without causing "damage" to their system
3. So if you have to send it back to nintendo, they cant tell youve had it on.
 

zant

Well-Known Member
Member
Joined
Apr 30, 2008
Messages
372
Trophies
0
XP
240
Country
United States
@ teq

FORGET THE WII-PSP THING!

just consider the idea! why would it not work? put the file system dump on the sd card, and just point the start up to the sd card first. Forget the PSP, and think BIOS Boot sequence!

oh, and that link you posted, why doesn't everybody just back up their "unique" NAND so that they can use it when an unbricker comes out? memory is cheap these days (2gb for 10$)
 

Wabsta

you fight like a dairy farmer
Member
Joined
Apr 25, 2008
Messages
2,495
Trophies
0
Age
32
Location
SCUMM Bar
Website
www.wabsta.com
XP
449
Country
Netherlands
Okay, why does everyone starts thinking about this because this (whats his name again? Bushing?) said he found a way?
Why didn't people tried this like... before?
tongue.gif
 

Jademalo

Well-Known Member
Member
Joined
May 23, 2007
Messages
330
Trophies
0
XP
345
Country
wabsta said:
Okay, why does everyone starts thinking about this because this (whats his name again? Bushing?) said he found a way?
Why didn't people tried this like... before?
tongue.gif

because we didnt know much about IOS hacking, didnt want to tamper with it, and thaught it wasnt ossible.

now he says it is, were gonna find i.
 

linkinworm

Well-Known Member
Member
Joined
May 30, 2008
Messages
1,597
Trophies
1
Age
33
Location
Birmingham (England)
XP
1,951
Country
wabsta said:
Okay, why does everyone starts thinking about this because this (whats his name again? Bushing?) said he found a way?
Why didn't people tried this like... before?
tongue.gif
because if wii god number 1 finds a way then we know its possible, and its actualy worth trying as we know theres a way somehow, befor they said it wasnt possible, "no way" but now hes all scared, i cna imagine that when he was hacking it was like "ok hmm whats this..... *cue dark orchestrated music" O....MY....GOD.... no that cant be right, run it again, HOLY SHIT. what have i done WHAT HAVE I DONE!!!!!" something like that, then shiggy turned up and was like, bushing, you are my son.
 

zant

Well-Known Member
Member
Joined
Apr 30, 2008
Messages
372
Trophies
0
XP
240
Country
United States
more like "Bushing, I.... AM...... YOUR....... FATHER (cue in heavy mechanical breathing)"
 

teq

Well-Known Member
OP
Member
Joined
May 13, 2008
Messages
1,232
Trophies
0
XP
5
Country
United States
linkinworm said:
Certificate ID:..... Hash Algorithm: %s.... Issuer Name Hash:..... Issuer Key Hash:.. Serial Number:.... Single Extensions:.. Request Extensions:..... Signature Algorithm:

ok, well i was just looking through random part of the IOS37 and found these, could we not patch the system to either
1:skip these commands and just read ahead to bootable data on the disk
2:delete them as so the system will not check for them
3:Patch them to just accept anything on the disk?

these are NOT the whole of everything, i think they were in 2-3 parts of the file

could this be used for anything?

there would need to be some hell of a lot of work tho with this

Anything you find that's a string is not relevant data to the Wii(it's not even part of the code), but rather there for ease of readability.

QUOTE said:
FORGET THE WII-PSP THING!

just consider the idea! why would it not work? put the file system dump on the sd card, and just point the start up to the sd card first. Forget the PSP, and think BIOS Boot sequence!

There are more sophisticated pieces of hardware in place that prevent you from doing that... that's why.


QUOTE
1. SO that the wii is not permanantly patched, and nintendo cant brick it if they detect that it has been
2. so you can take it round to a friends without causing "damage" to their system
3. So if you have to send it back to nintendo, they cant tell youve had it on.

That's what marcan's nand restore function is for.
 

hjfbv1

Well-Known Member
Newcomer
Joined
Jul 5, 2008
Messages
88
Trophies
0
XP
89
Country
United States
because there was no custom firmware possibility before wabsta, as soon as the firmware from wanakino(i know i probably misspelled it... very badly) came out showing that u can take controll of the wii disc drive people started working on it. it never really became this hot/public of a topic untill bushing said he found a hack that could do it and it talking to nintendo to fix it because he loves nintendo and is strongly against piracy. everyone else.. well thats a diffrent matter. so now everyones working as fast as they can looking for this exploit before nintendo contacts bushing and they fix it.

this is what ive gathered sofar of the current sitiuation
 

zant

Well-Known Member
Member
Joined
Apr 30, 2008
Messages
372
Trophies
0
XP
240
Country
United States
like what teq? I'd like to learn. Not being sarcastic at all. This is interesting shit
 

teq

Well-Known Member
OP
Member
Joined
May 13, 2008
Messages
1,232
Trophies
0
XP
5
Country
United States
zant said:
like what teq? I'd like to learn. Not being sarcastic at all. This is interesting shit

Like Starlet, for one.

Starlet is an entire system on a chip. That is, it contains all of the functionality you'd find in a motherboard: a programmable processor, memory, I/O, and a layer of security.

This is how it's able to manage so much of the Wii without acting as a bottleneck.
 

linkinworm

Well-Known Member
Member
Joined
May 30, 2008
Messages
1,597
Trophies
1
Age
33
Location
Birmingham (England)
XP
1,951
Country
teq said:
linkinworm said:
Certificate ID:..... Hash Algorithm: %s.... Issuer Name Hash:..... Issuer Key Hash:.. Serial Number:.... Single Extensions:.. Request Extensions:..... Signature Algorithm:

ok, well i was just looking through random part of the IOS37 and found these, could we not patch the system to either
1:skip these commands and just read ahead to bootable data on the disk
2:delete them as so the system will not check for them
3:Patch them to just accept anything on the disk?

these are NOT the whole of everything, i think they were in 2-3 parts of the file

could this be used for anything?

there would need to be some hell of a lot of work tho with this

Anything you find that's a string is not relevant data to the Wii(it's not even part of the code), but rather there for ease of readability.
yes i know this, but all of this is still part of the system somewhere along the line with the checking of everything, waninkoko must of done something like this to get the low level dvd reading to work
 

teq

Well-Known Member
OP
Member
Joined
May 13, 2008
Messages
1,232
Trophies
0
XP
5
Country
United States
linkinworm said:
yes i know this, but all of this is still part of the system somewhere along the line with the checking of everything, waninkoko must of done something like this to get the low level dvd reading to work

There's a difference between editing strings and editing code. Strings do nothing but display on the screen. They aren't processed.

What Waninkoko did was change actual code, which isn't a string.


QUOTEcan starlet be modified? what did waninkoko do in his CIOS?

I believe it's programmable, yes.

But what little we can do to it must be done through IOS.
 
Status
Not open for further replies.

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
  • No one is chatting at the moment.
    straferz @ straferz: Anybody know why this is happening to my ACWW town...