Hacking Dump Mii NAND - a BootMii format (nand.bin) NAND dumper for vWii/Wii

[JoostinOnline]

Just saying, if its something this simple, a short inline asm would make this a distinct possibility.

[Edit] I'm not quite sure whether nintendont disables AHB or just takes the setting from HBC as it seems to do both. [End Edit]

from the nintendont source: svn/trunk/kernel/

syscall.h:
#define EnableAHBProt(a) syscall_54(a)
void syscall_54( u32 a );

syscall.s:
.global syscall_54
.type syscall_54 STT_FUNC
syscall_54:
.long 0xe6000a90
bx lr

main.c:
EnableAHBProt(-1); //Disable AHBPROT

You need to run it from the HBC, which gives you the access rights to disable the HW_AHBPROT register.

 

[Bug_Checker_]

You need to run it from the HBC, which gives you the access rights to disable the HW_AHBPROT register.

You can't just use HW_MEMMIRR/HW_AHBPROT combo?

#define HW_MEMMIRR 0x0d800060
#define HW_AHBPROT 0x0d800064 // defaults to 0xFFFFFFFF on boot

void syscall_54(int factory_mode) {
if (factory_mode) {
set32(HW_MEMMIRR, 8); // this probably enables access to Hollywood regs from PPC
set32(HW_AHBPROT, 0x80000DFE); // re-enable PPC access to (previously) disabled hardware devices
write16(0x0d8b4202, 0); // dunno what this does
} else {
clear32(HW_MEMMIRR, 8); // this probably disables to Hollywood regs from PPC
clear32(HW_AHBPROT, 0x80000DFE); // disable access to some hardware devices from PPC
write16(0x0d8b4200, 0x18); // dunno what this does
}
}

Source:
http://hackmii.com/2009/08/of-tmds-and-hardware/
HW_MEMMIRR= 0x0d800060= HOLLYWOOD[0x60] on
http://wiibrew.org/wiki/Hardware/Main_Memory
text in red color are my additions
I'm guessing HW_MEMMIRR is short for Memory Mirror (handling bank switching etc.)

 

[pelago]

Thanks for the recent posts. It seems to me that it should be possible to make this work using AHBPROT without running it from HBC, although I appreciate it might involve adding a bunch more code.

 

[JoostinOnline]

You can't just use HW_MEMMIRR/HW_AHBPROT combo?

I guess I don't know. It hasn't been done after all these years, so I'm doubtful.

 

[megatokyo500]

That is ARM code, which you can't run unless AHBPROT is already disabled (unless you find an IOS exploit). You can't just "ask" ES to disable AHBPROT for you either, it's meant to be a security feature.

 

[nastys]

My SD card is very slow (1 block every 4 seconds), is it possible to dump to USB?

EDIT: never mind, I just dumped to SD.

 

[flo]

Does it also work on normal Wii ?

 

[panmusic]

Does it also work on normal Wii ?

I don't think so...But don't try to do it before someone gives you a verified answer.

Anyway, I am very curious when (and if ) the restore nand option will be released...

 

[NWPlayer123]

Anyway, I am very curious when (and if ) the restore nand option will be released...

When someone develops an IOSU exploit so it's possible to write to the NAND in the first place.

 

[dreassica]

Ca't seem to get this to run through HBC, it constantly errors and says it is not a valid wii application.

 

[helicon9]

I just set this going on Wii U (vWii) and it's going incredibly slow!
Has been running almost 2 hours and only done 373 blocks.
Do I just have an incredibly slow SD card??
At this rate it's going to take almost 24hrs to complete.
Do I just leave it running or is there anyway to cancel it without breaking anything, then maybe buy a better SD card.

 

[TeamScriptKiddies]

I just set this going on Wii U (vWii) and it's going incredibly slow!
Has been running almost 2 hours and only done 373 blocks.
Do I just have an incredibly slow SD card??
At this rate it's going to take almost 24hrs to complete.
Do I just leave it running or is there anyway to cancel it without breaking anything, then maybe buy a better SD card.

It shouldn't take nearly that long....... something's not right here....

 

[helicon9]

It shouldn't take nearly that long....... something's not right here....

That's what I thought
Almost 7 hours in now and it's at 1453 / 4096.

It's only a 1gb SD card, not sure what class as I can't now take it out and check!
Should even a class 2 take this long?

 

[TeamScriptKiddies]

like 10 mins tops dude. Idk what's going on with that....

EDIT: mine took about 2-3 mins when I did it. Your dump will likely be corrupt. Just let it run for now and see what the file size is (it will be the nand.bin on the root of your sd card), it should be about 512mb. Even then I wouldn't trust it when the time comes that there's a way to flash that NAND image back to the vWii. Its probably a good idea to redump it with another sd card when this one is finished. Because even if the file size is correct, it could still be corrupted.

 

[helicon9]

like 10 mins tops dude. Idk what's going on with that....

EDIT: mine took about 2-3 mins when I did it. Your dump will likely be corrupt. Just let it run for now and see what the file size is (it will be the nand.bin on the root of your sd card), it should be about 512mb. Even then I wouldn't trust it when the time comes that there's a way to flash that NAND image back to the vWii. Its probably a good idea to redump it with another sd card when this one is finished. Because even if the file size is correct, it could still be corrupted.

Ok thanks.
Do you think it's best to just stop it? And how would I do that if it's even possible?
Really don't want to brick my vWii !!

 

[TeamScriptKiddies]

Ok thanks.
Do you think it's best to just stop it? And how would I do that if it's even possible?
Really don't want to brick my vWii !!

Honestly, better safe than sorry, just let it run. I mean it isn't writing anything to NAND but its still reading from it. I wouldn't recommend forcing it off/pulling the plug in the off chance it could brick it. Just let it run to the very end then switch it off.

 

[helicon9]

Honestly, better safe than sorry, just let it run. I mean it isn't writing anything to NAND but its still reading from it. I wouldn't recommend forcing it off/pulling the plug in the off chance it could brick it. Just let it run to the very end then switch it off.

Ok thanks very much for your help.

 

[TeamScriptKiddies]

Ok thanks very much for your help.

best of luck! let me know if you have any other troubles

 

[helicon9]

best of luck! let me know if you have any other troubles

It finally finished this morning, about 9:30am (started it at 1pm yesterday!).
I wasn't in when it finished so the Wii U had powered itself down as it had been idle for over an hour.
Put the SD in the PC and checked the nand.bin, it's 528MB but of course no way of knowing if it's corrupt.

I've ordered another SD card and will try again tomorrow when it arrives, really hope I don't have the same problem.

 

[b17bomber]

Did the author ever allow writing/overwriting?