Hacking Downgrade for System Menu 4.0
- Thread starter Aurora Wright
- Start date
- Views 189,823
- Replies 372
- Status
While I have a nice setup that completely avoids the need for 4.0 I thought I would come along and say thanks all involved, that was good read mainly as I had no idea how it was done.
While I like simple guides I do endeavour to understand things so I would appreciate someone telling me if I got the idea behind it all correct (I understood most of it before but this is right back to basics):
The wii has a menu and IOS modules, until something like bootmii arrives and changes this these IOS modules do most low level stuff for the wii including signature checking (to make sure the only code that runs is OKed by Nintendo) and NAND writing (where the VC/wiiware, menu and IOS modules are located) while the menu provides the nice frontend to it all. To make life easy for programmers and update makers there are many IOS modules available and said programmers can pick and choose which version to use.
Nintendo messed up this signature checking in a way that could only be described as epic in earlier versions ( http://hackmii.com/2008/04/keys-keys-keys/ and http://debugmo.de/?p=61 detailing the failings of said checks) thus allowing everything we call homebrew and hacking the blossom into what it is today.
We can not simply overwrite newer versions of IOS with older but nicely bugged versions due to the wii checking you are not doing this and the IOS modules having version numbers in the signed section (changing them breaks signing). Of course we can mess with them if we have an IOS that does not check signatures properly available (this would be IOS16-64-v257-prod(.wad) in older versions of the wii menu or a cIOS (cIOS=custom IOS) in any version).
In 4.0 they finally fixed all versions of the IOS floating around (unless you had a custom one on an number not targeted by the update). Of course methods of updating without incurring said fixes appeared but this guide/method is for those who have a 4.0 menu the official way for whatever reason.
There is however another presently unknown/unreleased bug that somehow allows you to bypass the checking that is not fixed in the 4.0 update/menu.
The later versions of the homebrew channel installer use it and so it seems does this dvdx 3.4 installer (dvdx is another customIOS: http://hackmii.com/2009/02/dvdx34/ ), alas for this to work you need the homebrew channel already installed as the only released method of initially getting homebrew working (the twilight hack) was finally blocked (presumably for good) by Nintendo on the 4.0 update. Until another homebrew running method appears (and it seems one is coming in the form of "bannerbomb" and some have hinted at other games having similar exploits to Zelda although nothing has been heard for some time) you are out of luck if you lack a the homebrew channel.
*this is the part I am a bit hazy on*
By using dvd43 we can downgrade IOS35 assuming it exists or if it does not exist (updates do not install every IOS, games are left to install them as required). If it does not exist we can use normal methods to install any properly signed IOS, this includes one with the signing bug.
**
Once we have the signing bug back again we can do what we like including running the IOS downgrader, reverting to an earlier menu, installing a custom IOS and so on. Step 5 onwards of the guide deals with this.
Problems:
How to get the IOS modules as we can not reasonably distribute them without falling foul of copyright.
Solution:
NUS downloader
http://wiibrew.org/wiki/NUS_Downloader
DVDX installer checks your SD card and wii for material it deems to be piracy related. If it detects such content it writes a file to the shared2 "directory" on the wii and then refuses to work in the future.
Solution:
Delete all "piracy" related material (you can put it back later) with something like anytitle deleter. Then you need to also rid yourself of the file in shared2 which you can use the shared2clean app for.
While I like simple guides I do endeavour to understand things so I would appreciate someone telling me if I got the idea behind it all correct (I understood most of it before but this is right back to basics):
The wii has a menu and IOS modules, until something like bootmii arrives and changes this these IOS modules do most low level stuff for the wii including signature checking (to make sure the only code that runs is OKed by Nintendo) and NAND writing (where the VC/wiiware, menu and IOS modules are located) while the menu provides the nice frontend to it all. To make life easy for programmers and update makers there are many IOS modules available and said programmers can pick and choose which version to use.
Nintendo messed up this signature checking in a way that could only be described as epic in earlier versions ( http://hackmii.com/2008/04/keys-keys-keys/ and http://debugmo.de/?p=61 detailing the failings of said checks) thus allowing everything we call homebrew and hacking the blossom into what it is today.
We can not simply overwrite newer versions of IOS with older but nicely bugged versions due to the wii checking you are not doing this and the IOS modules having version numbers in the signed section (changing them breaks signing). Of course we can mess with them if we have an IOS that does not check signatures properly available (this would be IOS16-64-v257-prod(.wad) in older versions of the wii menu or a cIOS (cIOS=custom IOS) in any version).
In 4.0 they finally fixed all versions of the IOS floating around (unless you had a custom one on an number not targeted by the update). Of course methods of updating without incurring said fixes appeared but this guide/method is for those who have a 4.0 menu the official way for whatever reason.
There is however another presently unknown/unreleased bug that somehow allows you to bypass the checking that is not fixed in the 4.0 update/menu.
The later versions of the homebrew channel installer use it and so it seems does this dvdx 3.4 installer (dvdx is another customIOS: http://hackmii.com/2009/02/dvdx34/ ), alas for this to work you need the homebrew channel already installed as the only released method of initially getting homebrew working (the twilight hack) was finally blocked (presumably for good) by Nintendo on the 4.0 update. Until another homebrew running method appears (and it seems one is coming in the form of "bannerbomb" and some have hinted at other games having similar exploits to Zelda although nothing has been heard for some time) you are out of luck if you lack a the homebrew channel.
*this is the part I am a bit hazy on*
By using dvd43 we can downgrade IOS35 assuming it exists or if it does not exist (updates do not install every IOS, games are left to install them as required). If it does not exist we can use normal methods to install any properly signed IOS, this includes one with the signing bug.
**
Once we have the signing bug back again we can do what we like including running the IOS downgrader, reverting to an earlier menu, installing a custom IOS and so on. Step 5 onwards of the guide deals with this.
Problems:
How to get the IOS modules as we can not reasonably distribute them without falling foul of copyright.
Solution:
NUS downloader
http://wiibrew.org/wiki/NUS_Downloader
DVDX installer checks your SD card and wii for material it deems to be piracy related. If it detects such content it writes a file to the shared2 "directory" on the wii and then refuses to work in the future.
Solution:
Delete all "piracy" related material (you can put it back later) with something like anytitle deleter. Then you need to also rid yourself of the file in shared2 which you can use the shared2clean app for.
Never mind, as i was closing the windows pc and closed nusd i noticed the .bat file wasn't yet ready... i just copied the wad 0000001000024.wad from the dir.. but instead i needed to wait for it to get patched! so those that have the same error, simply close nusd
lol.. pretty stupid.
jaymed said:Never mind, as i was closing the windows pc and closed nusd i noticed the .bat file wasn't yet ready... i just copied the wad 0000001000024.wad from the dir.. but instead i needed to wait for it to get patched! so those that have the same error, simply close nusdlol.. pretty stupid.
Hmm, there was in issue that the NUS Downloader wad doesn't match the wad from disc exactly. That's why this patching is required.
I am tryin to find a way so my g/f can downgrade her wii from a 4.0. She does not have the homebrew channel and wants to down grade to get it. But so far every thing we find is to down grade as long as u already have the HBC. Is there another way to downgrade without the HBC already on it?
I believe I have a so called "3.4U V2". All other methods I have tried failed, they all ended up with that IOSdowngrader freezing up with a black screen. This method is no exception: everyting went fine until when I tried to run WMIOS35, it froze with the banner. I then tried WM 1.3 for IOS16, installed CIOSv9.wad, then run IOSdowngrader and got stuck with a black screen with no response from the wiimote.
Here is my question, what if I keep the HBC and use online update to 4.0U, and then use this method to downgrade? any suggestion would be appreciated.
Here is my question, what if I keep the HBC and use online update to 4.0U, and then use this method to downgrade? any suggestion would be appreciated.
Thanks everybody for this ive been stressing out for ages!!!! went from 4.0E to 2.1E THANKS THANKS THANKS!!!!
When I reach "8) Launch the Homebrew Channel again, and run WMIOS35." I proceed to tell itto run WMIOS35 but all it ever does is freeze my wii. The wii remote stops working, the buttons on the wii won't work. I get no error just freezes. I have to unplug the power in order to get it working normally. I've asked for help on several other forums but so far I have been ignored. Can someone here please help me? If it helps I have version 4.0U.
I kept on getting error ret -1035 for a while, until I realized I had to close NUS to get the real wad.
Then after I tried ciosv9.wad I got error ret -2011.
Can anyone help me with this? Thank you very much.
Then after I tried ciosv9.wad I got error ret -2011.
Can anyone help me with this? Thank you very much.
bralbers said:
I've had similar problems and nobody has the answers, i could never run this app it always gives me the title bar and then freezes. The only thing i can think is that the ios35 never downgraded properly, because this app uses ios35(correct me if i'm wrong someone) also i'm never able to install the ciosv9...? i'm wondering if this wii is not moddable, but it does have the HBC(glad its not mine lol)
Ochobobo said:
Same here.... nobody seems to know why err does not answer if they do... I've spent too many hours on my fiance's brothers wii to give up now. i've had mine since day one, so i just stay up to date on the goings on
can someone help me? I ran CMDVDX34 as the guide says but in the downloading in part 15 CODE DUMP apeared and I restarted the system. I run HBC and went to CMDVDX34 again but it said Failed to add title, maybe you already ran this?... in the guide there is a solution but I can't figure it out on how to do it. HELP??? I mean how do I run this WAD from a game? WAD Manager doesn't work
I was hoping this would be the answer to all my problems, guess not, I'm getting a -2011 error when trying to install ciosv9.wad on step 9. I'm running vista and a PAL Wii, if that helps.
Cheers
Cheers
Is there another place to download the archive linked in the first post? Mediafire seems to not be working.
EDIT: never mind it's working now!
EDIT: never mind it's working now!
I've got a PAL Wii...will Step 5:
work okay or will it brick my Wii..? Is this downgrade method only available for NTSC-U Wiis or doesn't the region of the console matter..?
Also, I'm not interested in installing Wads and stuff, I just want to be able to legitimately use the Shop Channel and play Trucha Signed/Scrubbed games. Am assuming that this will do the job for me? Have got a PAL Wii on 4.0 firmware with no cIOS installed and the Homebrew Channel, I also have a Wiikey with 1.9g firmware.
Thanks in advance for any help given
QUOTE said:
work okay or will it brick my Wii..? Is this downgrade method only available for NTSC-U Wiis or doesn't the region of the console matter..?
Also, I'm not interested in installing Wads and stuff, I just want to be able to legitimately use the Shop Channel and play Trucha Signed/Scrubbed games. Am assuming that this will do the job for me? Have got a PAL Wii on 4.0 firmware with no cIOS installed and the Homebrew Channel, I also have a Wiikey with 1.9g firmware.
Thanks in advance for any help given
bytor said:I've got a PAL Wii...will Step 5:
QUOTE said:
work okay or will it brick my Wii..? Is this downgrade method only available for NTSC-U Wiis or doesn't the region of the console matter..?
Also, I'm not interested in installing Wads and stuff, I just want to be able to legitimately use the Shop Channel and play Trucha Signed/Scrubbed games. Am assuming that this will do the job for me? Have got a PAL Wii on 4.0 firmware with no cIOS installed and the Homebrew Channel, I also have a Wiikey with 1.9g firmware.
Thanks in advance for any help given
IOS versions are not region specific. It should be safe to install.
- Status
Similar threads
- No one is chatting at the moment.
-
-
@
Psionic Roshambo:
I really need to dig out my USB Wii sensor bar and experiment with Wii emulation and synching Wii remotes with BT lol -
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
