While I have a nice setup that completely avoids the need for 4.0 I thought I would come along and say thanks all involved, that was good read mainly as I had no idea how it was done.
While I like simple guides I do endeavour to understand things so I would appreciate someone telling me if I got the idea behind it all correct (I understood most of it before but this is right back to basics):
The wii has a menu and IOS modules, until something like bootmii arrives and changes this these IOS modules do most low level stuff for the wii including signature checking (to make sure the only code that runs is OKed by Nintendo) and NAND writing (where the VC/wiiware, menu and IOS modules are located) while the menu provides the nice frontend to it all. To make life easy for programmers and update makers there are many IOS modules available and said programmers can pick and choose which version to use.
Nintendo messed up this signature checking in a way that could only be described as epic in earlier versions (
http://hackmii.com/2008/04/keys-keys-keys/ and
http://debugmo.de/?p=61 detailing the failings of said checks) thus allowing everything we call homebrew and hacking the blossom into what it is today.
We can not simply overwrite newer versions of IOS with older but nicely bugged versions due to the wii checking you are not doing this and the IOS modules having version numbers in the signed section (changing them breaks signing). Of course we can mess with them if we have an IOS that does not check signatures properly available (this would be IOS16-64-v257-prod(.wad) in older versions of the wii menu or a cIOS (cIOS=custom IOS) in any version).
In 4.0 they finally fixed all versions of the IOS floating around (unless you had a custom one on an number not targeted by the update). Of course methods of updating without incurring said fixes appeared but this guide/method is for those who have a 4.0 menu the official way for whatever reason.
There is however another presently unknown/unreleased bug that somehow allows you to bypass the checking that is not fixed in the 4.0 update/menu.
The later versions of the homebrew channel installer use it and so it seems does this dvdx 3.4 installer (dvdx is another customIOS:
http://hackmii.com/2009/02/dvdx34/ ), alas for this to work you need the homebrew channel already installed as the only released method of initially getting homebrew working (the twilight hack) was finally blocked (presumably for good) by Nintendo on the 4.0 update. Until another homebrew running method appears (and it seems one is coming in the form of "bannerbomb" and some have hinted at other games having similar exploits to Zelda although nothing has been heard for some time) you are out of luck if you lack a the homebrew channel.
*this is the part I am a bit hazy on*
By using dvd43 we can downgrade IOS35 assuming it exists or if it does not exist (updates do not install every IOS, games are left to install them as required). If it does not exist we can use normal methods to install any properly signed IOS, this includes one with the signing bug.
**
Once we have the signing bug back again we can do what we like including running the IOS downgrader, reverting to an earlier menu, installing a custom IOS and so on. Step 5 onwards of the guide deals with this.
Problems:
How to get the IOS modules as we can not reasonably distribute them without falling foul of copyright.
Solution:
NUS downloader
http://wiibrew.org/wiki/NUS_Downloader
DVDX installer checks your SD card and wii for material it deems to be piracy related. If it detects such content it writes a file to the shared2 "directory" on the wii and then refuses to work in the future.
Solution:
Delete all "piracy" related material (you can put it back later) with something like anytitle deleter. Then you need to also rid yourself of the file in shared2 which you can use the shared2clean app for.