Hacking cIOSX rev21d2x: Yet Another Hot Fix!!!!

[digdug3]

Is there any disadvantage if you turn on block-ios-reload for all games?
The advantage is that everything works as espected (wii menu/title selection for example)

As far as I know d2x writes the current state somewhere on the nand every time an IOS reload request is done and nothing else.

 

[madri1]

I don't see much point in adding the signature retroactively to older cIOSs since it's important to be able to detect the older versions that aren't signed.
I don't see much of a point in anyone continuing to program pimpmywii or ever using it when modmii exists.

i don't see much a point in using modmii when pimp my wii exists

xlak

And if pimpmywii will be unable to detect, for example, a hermes v5 cIOS installed using the official installer (ie. no new signature) than that is a fail even for pimpmywii. So like I said, I don't see much point in adding the signature retroactively to older cIOSs since it's important to be able to detect the older versions that aren't signed.

pimp my wii can still detect hermes cios even unsigned. There is a special command for hermes cios which pimp use to detect hermes cios.

 

[anttaz]

Ok So how would you suggest making cIOS247[37]d2x5 and cIOS248[56]d2x5 if my methods are wrong then people?

 

[damysteryman]

daveboal, I have a feature request...

Could you please add Korean Common Key support to the d2x cIOS?

Korean Discs are encrypted with a different Common Key, so cannot normally be played on non-Korean Wiis. Adding the Korean Key to the cIOS would allow non-Korean Wiis to play Korean games.

I have already done this with DARKCORP a while ago, but IMO support for Korean Games in Disc and USB loaders would be nice too.


All it is, is 2 search-and-replace patches within an IOS's ES module:

Spoiler

Korean Key Support Patch 1 of 2
(Tells the Wii to use default Korean key inside IOS instead of looking for it in EEPROM)

Search for
28 00 D0 0A 20 3A 1C 21

Replace with
28 00 E0 0A 20 3A 1C 21

Korean Key Support Patch 2 of 2
(Replaces the default Korean key (which is all zeros) with the actual Korean key

Search for
27 B8 A5 F2 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Replace with
27 B8 A5 F2 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
63 B8 2B B4 F4 61 4E 2E 13 F2 FE FB BA 4C 9B 7E

These patches will work with cIOS bases 37 and 40+ (IOS bases 38, and 36 and lower are not compatible).

I have already manually edited in these patches into the ES module of cIOS-d2x-v6-beta1-base56-slot249 with a hex editor and then reinstalled it with these patches applied, and successfully tested some Korean games (The Legend of Zelda: Twilight Princess KOR + Animal Crossing: City Folk KOR) on a non-Korean Wii with NeoGamma R9 Beta 49 Fixed and CFG USB Loader r69a6 (CFG needed a minor edit though).

What do you think? Do you think you would add this feature?

 

[WiiPower]

Do non korean games continue to work fine with this modification?

 

[damysteryman]

Yes, non-Korean games still work too.

 

[Wiimm]

wit has also korean support for a long time. ticket.bin at offset 0x1f1 tells if korean (1) or standard (0).
http://opensvn.wiimm.de/viewvc/wii/trunk/w...otate=2655#l598
Perhaps it's a 16 bit value at offset 0x1f0, but wiibrew.org tells a byte value.

 

[davebaol]

@damysteryman
So those patches work for all the bases supported by ModMii except for base 38, right?

 

[damysteryman]

wit has also korean support for a long time. ticket.bin at offset 0x1f1 tells if korean (1) or standard (0).
http://opensvn.wiimm.de/viewvc/wii/trunk/w...otate=2655#l598
Perhaps it's a 16 bit value at offset 0x1f0, but wiibrew.org tells a byte value.Ah yes. I remember when that was added to wit a while back

The byte 0x1f1 check is done by the IOS though, not by the loader... so either the ISO or the cIOS would need to be modified (and maybe the loader too, if they try to decrypt stuff using a common key precompiled into them instead of IOS doing it).
Modifying the ISO to use the ordinary common key would work, but cIOS (and most loaders) do not support unaltered Korean games though...

And yeah, AFAIK it is just a byte value.


QUOTE(davebaol @ Jun 4 2011, 09:08 PM) @damysteryman
So those patches work for all the bases supported by ModMii except for base 38, right?

That is correct.

 

[davebaol]

@damysteryman
Hmmm... ok... if I give you a new ESP module that applies those patches to the ES module of base 56 can you test it with a korean game?

 

[Jogait]

It seams that the download link for the installer is not working, can someone re-upload it?

I supose that this is better than the waninkokos ciosx 21?!

Witch is the best based ios that you recommend?

Thanks.

 

[damysteryman]

@damysteryman
Hmmm... ok... if I give you a new ESP module that applies those patches to the ES module of base 56 can you test it with a korean game?

Yes, I can do that for you

 

[Etheboss]

So it was mentioned that ripping games was broken since d2x v4. Is this only if CFG uses IOS249 to boot or can you just use IOS222 instead when loading CFG?

No problem here ripping to FAT 32.

Yep, it is already picked up, maybe it is a NTFS thing, and tracked it down to changes made to the EHCI module, V3 works fine, v4 not..
I build a d2x v6 beta1 cIOS using modmii with the v3 EHCI module. Ripping works for me now.

 

[davebaol]

@damysteryman
One more thing, are you sure korean games are not supported already?
ES ioctlv command 0x45 (see http://wiibrew.org/wiki/dev/es) is already intercepted by the cios in order to return always error -1017 (see ERROR 003: http://wiibrew.org/wiki/Error_003).
However this command is called by the system menu so I believe korean games through usbloader are not involved.
Can you confirm?

 

[FIX94]

Yep, it is already picked up, maybe it is a NTFS thing, and tracked it down to changes made to the EHCI module, V3 works fine, v4 not..
I build a d2x v6 beta1 cIOS using modmii with the v3 EHCI module. Ripping works for me now.

It definitely can't be a lib problem because v69a7 still needs EHCI v3 or older to write a game to NTFS.

 

[damysteryman]

@damysteryman
One more thing, are you sure korean games are not supported already?
ES ioctlv command 0x45 (see http://wiibrew.org/wiki/dev/es) is already intercepted by the cios in order to return always error -1017 (see ERROR 003: http://wiibrew.org/wiki/Error_003).
However this command is called by the system menu so I believe korean games through usbloader are not involved.
Can you confirm?

Well, yes and no.
On Korean Wiis, yes, as they have the Korean Common Key programmed into their sEEPROM, but non-Korean Wiis (which I would assume makes up the majority of Wiis in existence), cannot play Korean games without either having the Korean Common Key added into the IOS (technically it is possible to reprogram the sEEPROM, but I have no idea how to, modifying the IOS is easier) or by reencrypting the iso with the regular Common Key. So.. short answer for majority of Wiis is no. Trying to load a Korean Wii game without Korean Key support will make the Wii hang.

As for ioctlv 0x45 and Error 003, you are right, only the Wii System Menu (4.2 and 4.3) actually make use of ioctlv 0x45, meaning it should not affect anything related to game loaders.

 

[IceIceBird]

@damysteryman
One more thing, are you sure korean games are not supported already?
ES ioctlv command 0x45 (see http://wiibrew.org/wiki/dev/es) is already intercepted by the cios in order to return always error -1017 (see ERROR 003: http://wiibrew.org/wiki/Error_003).
However this command is called by the system menu so I believe korean games through usbloader are not involved.
Can you confirm?

Well, yes and no.
On Korean Wiis, yes, as they have the Korean Common Key programmed into their sEEPROM, but non-Korean Wiis (which I would assume makes up the majority of Wiis in existence), cannot play Korean games without either having the Korean Common Key added into the IOS (technically it is possible to reprogram the sEEPROM, but I have no idea how to, modifying the IOS is easier) or by reencrypting the iso with the regular Common Key. So.. short answer for majority of Wiis is no. Trying to load a Korean Wii game without Korean Key support will make the Wii hang.

As for ioctlv 0x45 and Error 003, you are right, only the Wii System Menu (4.2 and 4.3) actually make use of ioctlv 0x45, meaning it should not affect anything related to game loaders.

Can the dev common key also be implemented in the "same way" ?

 

[doncaruana]

Yep, it is already picked up, maybe it is a NTFS thing, and tracked it down to changes made to the EHCI module, V3 works fine, v4 not..
I build a d2x v6 beta1 cIOS using modmii with the v3 EHCI module. Ripping works for me now.

It definitely can't be a lib problem because v69a7 still needs EHCI v3 or older to write a game to NTFS.

Seems like this is related to the wiiflow/cover issue as well, possibly? Just wondering...are there any plans to address this? I'd hate to switch my drive from NTFS back to FAT32, but there seem to keep being support problems on NTFS...

 

[damysteryman]

@IceIceBird
Kinda, but not really. I did try that once, but I had to edit the wad (I was trying to install a dev-only channel, the Disc Check wad). Dev stuff not only uses a different key, but also uses different certs too. And in order to even use the 2nd key, byte 0x1f1 in the ticket must = 0x01, and only Korean titles have that.

In the end, to get it to work, I had to decrypt the wad with the dev-key, then switch out the dev certs with the retail ones, then reencrypt it with the common key, then install it normally.

 

[FIX94]

Seems like this is related to the wiiflow/cover issue as well, possibly?

Davebaol also guess there is a connection between these two problems, I'm sure he currently works on it.