Hacking Dump Mii NAND - a BootMii format (nand.bin) NAND dumper for vWii/Wii

[uyjulian]

Hmm, nice tool.

Nand writing might not be a good idea 'cause somebody pulls the plug, bye-bye Vii.

Probably a risk in system updating too, but nand writing may take longer, so more risk.

 

[JoostinOnline]

Nand writing might not be a good idea 'cause somebody pulls the plug, bye-bye Vii.

And how are you supposed to run the app?

 

[Maxternal]

Nand writing might not be a good idea 'cause somebody pulls the plug, bye-bye Vii.

And how are you supposed to run the app?

exactly.

Probably a risk in system updating too, but nand writing may take longer, so more risk.

Also, I'd assume a system update would just update one file at a time so you could still get lucky.
Lose power in the middle of writing a raw NAND dump and you'd have to be REALY, REALLY lucky for what's been written so far to match up with what hasn't in a even semi-usable way. (let's just call it impossible)

 

[Ray Lewis]

exactly.
Also, I'd assume a system update would just update one file at a time so you could still get lucky.
Lose power in the middle of writing a raw NAND dump and you'd have to be REALY, REALLY lucky for what's been written so far to match up with what hasn't in a even semi-usable way. (let's just call it impossible)

That is why hardware methods of reading/writing nand/emmc seemed like a great idea. 3ds people find it useful although the last time I checked they could only revert to the earliest version of firmware they had saved/read. I was hoping people would take more of an interest and we could get experienced (hardware) people to create guides to follow like with any other system before the Wii U. Even the Xbone has had it's nand read, lol!!!

Having backups and the ability to recover via HARDWARE basically takes the risk (most) out of playing around and testing. Want to mod a file? Oops, theory was wrong...so you reflash it and go on your way. I have not looked at pictures/diagrams in a while BUT I thought somebody claimed to have used infectus to read/write vWii nand.

 

[DeadlyFoez]

FINALLY! Someone made a dumper for the vwii instead just dumping the FS. Too bad I don't have Wii U to do the full final test for you... and actually I still don't have all of my tools and stuff back and setup again since the evil cheating ex threw me out.

 

[obcd]

Deadly, could you explain to Ray how restoring a vwii nand is not exactly the same as restoring an Emmc when you do it the hardware way.
If I remember well, you have (had) some pictures of the procedure you are using on a wii?

 

[Ray Lewis]

Deadly, could you explain to Ray how restoring a vwii nand is not exactly the same as restoring an Emmc when you do it the hardware way.
If I remember well, you have (had) some pictures of the procedure you are using on a wii?

I am curious obcd.

 

[bravest]

From what I recall the Wii U actually has 2 flash systems, one for vWii(512mb) and the new eMMC that has the cafe filesystem. The eMMC can just be dumped/flashed with an SD reader.

-bravest

 

[obcd]

Emmc = 4 to 8 connections
nand = 26 to 32 connections. (Deadly desoldered the chip to reprogram it as the connections to the wii arm chip make it difficult to program it in circuit.)

So, for Emmc, you can leave the wires soldered to it.

For nand, you can't. Further, vwii is only half of the nand flash chip. The other half is used in wiiu mode and not accessible in vwii mode.
If it's accessible, we don't know how at the moment. Likely, an address line is switched from low to high, under control of one of the arm gpio lines? (Speculation)

bravest
dumped, yes
flashed... we don't know yet. It's a 300 bucks failure if it fails...

 

[DarkMatterCore]

There is one thing that still bugs me: were you guys able to get any SEEPROM-related information in the obtained vWii dumps? Remember that chat we had about how I wasn't able to initialize it under vWii using my Xyzzy mod and all that stuff?

You can get some of the information commonly stored in the SEEPROM by dumping the device.cert, anyway, but I find rather interesting that Nintendo removed it from vWii (at least that's what it looks like). The OTP registers can be used just fine, for example.

I'm just curious, I still haven't been able to get a Wii U.

 

[Maxternal]

There is one thing that still bugs me: were you guys able to get any SEEPROM-related information in the obtained vWii dumps? Remember that chat we had about how I wasn't able to initialize it under vWii using my Xyzzy mod and all that stuff?

You can get some of the information commonly stored in the SEEPROM by dumping the device.cert, anyway, but I find rather interesting that Nintendo removed it from vWii (at least that's what it looks like). The OTP registers can be used just fine, for example.

I'm just curious, I still haven't been able to get a Wii U.

Yeah, that part of the footer is all zeroes. I'd assume that if trying to access it from the ARM kernel doesn't work you can't get any higher level access while still being in vWii mode.

Now that you mention it, though, I kinda wonder what would happen trying to write to it. I seem to remember that there was a little homebrew app meant to change the language setting in there for GameCube games ... wonder what that would do. *me goes to look up the app*

EDIT : never mind, I was thinking of sram
EDIT2 : [garbled crap edit removed]

 

[DarkMatterCore]

Yeah, Open Sram Language Modifier (OSLM, for short). It was originally made by emu_kidid, IIRC, but it's Wii port was made by suloku; you might remember him from GCMM.

Though it doesn't write to the SEEPROM, it writes to the Wii's SRAM (the one that's volatile and depends on the little CR2032 battery. It also keeps the system clock running).

 

[Maxternal]

Yeah, Open Sram Language Modifier (OSLM, for short). It was originally made by emu_kidid, IIRC, but it's Wii port was made by suloku; you might remember him from GCMM.

Though it doesn't write to the SEEPROM, it writes to the Wii's SRAM (the one that's volatile and depends on the little CR2032 battery. It also keeps the system clock running).

ninja'd

Yeah, I caught myself on that one but I guess not fast enough (and then the edit window got all screwed up ... silly GBATemp )

Anyway, I DO seem to remember someone (JoostinOnline apparently) doing something with an app that would add/remove/alter/something the korean key which I think is in there which makes me wonder how compatibility for Korean Wii games works in vWii mode (if at all)

 

[DarkMatterCore]

That would be JoostinOnline.

The SEEPROM write code was actually made by tueidj. Joostin used it to make KoreanKii.

 

[JoostinOnline]

That would be JoostinOnline.

The SEEPROM write code was actually made by tueidj. Joostin used it to make KoreanKii.

^This. tueidj did all the real work, I mostly wrote a menu and added a few safety checks.
http://gbatemp.net/threads/seeprom.334693/
http://www.hacksden.com/showthread.php/6457-KoreanKii-Add-or-remove-the-Korean-key-from-your-Wii
http://wiibrew.org/wiki/Hardware/SEEPROM

I should probably update that to prevent it running on the vWii, as well as doing a little maintenance on the code.

 

[Keylogger]

Making a NAND backup is a bit useless IF we can't write the NAND back, isnt it?

 

[Maxternal]

I should probably update that to prevent it running on the vWii, as well as doing a little maintenance on the code.

Well, the SEEPROM seems to be empty/gone on vWii ... so not sure how much damage you could really do

Making a NAND backup is a bit useless IF we can't write the NAND back, isnt it?

You can write it back in hardware (which is the only option when you have a brick and you really NEED to write it back)

 

[JoostinOnline]

Well, the SEEPROM seems to be empty/gone on vWii ... so not sure how much damage you could really do

I doubt that will be the case for the Korean Wii U, if it's ever released.

 

[Cyan]

Making a NAND backup is a bit useless IF we can't write the NAND back, isnt it?

You can always extract its content if you need a file from your NAND (users often do things not recommended, like replacing vWii IOS58 with Wii IOS58).
You can make a copy of your files with FStoolbox too, but the NAND dump in binary form could be useful one day.

 

[Maxternal]

I just updated the link on the download page with a new version that will also create a keys.bin file.
It will now create sd:/nand.bin and sd:/keys.bin to avoid confusion (instead of putting them in the same folder as the boot.dol as it did before) unless you specify a different path in the XML file.

Also updated OP with that info. ... and the new icon by Joostin