Hardware Does an ohneswanzenegger-built nand.bin erase boot2?

[Kickbub]

Let's say I have a bricked boot1c Wii because of some messed up IOS, and I purchase a used boot1b Wii. Then I use Infectus or some NAND writing tool to flash Bootmii into boot2, then I remove the original NAND chip from the boot1b Wii and transplant the boot1c's chip into the boot1b Wii, fire it up and do a NAND backup. After extracting the keys and rebuilding a nand.bin file from scratch, flash it into the boot1c Wii's NAND chip. Then finally put it back into the boot1c Wii.

In theory, would this method work?

 

[leseratte]

Keys are not on the NAND chip. If you have a bricked boot1c Wii and don't already have the keys, you won't get them. The boot1b Wii will not boot with the NAND on the boot1c chip because the keys won't match.

 

[Kickbub]

Then how does getwiinandkey work? Also will ohneswanzenegger nand.bin files overwrite Bootmii if flashed over?

 

[GerbilSoft]

getwiinandkey extracts the NAND keys from a BootMii NAND dump. BootMii dumps the keys (which are stored in OTP ROM) and appends them to the end of the NAND dump.

You *can* install BootMii as boot2 directly if boot1 is vulnerable, since boot2 is not encrypted. However, you can *not* install a different version of boot1 compared to what the Wii in question shipped with, since boot1's hash is stored in OTP ROM and verified by boot0.

EDIT: Re-reading what you want to do:

• Wii with boot1c (no Bootmii): Bricked due to IOS.
• Wii with boot1b (Bootmii capable)
• Take NAND from boot1c system, install boot1b and Bootmii as boot2 using NAND programmer, install in boot1b system
• Use Bootmii to dump NAND and keys...

You'll end up getting the keys from the boot1b system, not the boot1c system, since the keys are stored in OTP ROM on the CPU itself, not the NAND flash chip.