Generating cIOS wad

Discussion in 'Wii - Hacking' started by ddp127, Jun 23, 2009.

Jun 23, 2009

Generating cIOS wad by ddp127 at 7:01 AM (2,769 Views / 0 Likes) 15 replies

  1. ddp127
    OP

    Member ddp127 GBAtemp Fan

    Joined:
    Jan 14, 2009
    Messages:
    449
    Country:
    Netherlands
    if you want to do that, you have to dump your nand, and make the wad from the dump, because waninkoko made a safety measure (?) so you cant dump ios 249
     
  2. s3phir0th115

    Member s3phir0th115 GBAtemp Advanced Fan

    Joined:
    Dec 31, 2008
    Messages:
    700
    Country:
    United States
    I was wondering if there is a legal way to generate your own cIOS wad. I have tried WAD Creator but it keeps giving me errors when I try to extract it.
     
  3. Tichinde925

    Member Tichinde925 Marth Ditto Money Match?

    Joined:
    Jul 14, 2008
    Messages:
    1,096
    Location:
    Warwick, Rhode Island
    Country:
    United States
    I misread topic, ignore.
     
  4. fogbank

    Member fogbank GBAtemp Fan

    Joined:
    Oct 28, 2008
    Messages:
    413
    Country:
    United States
    I have done it with cIOS rev9 (but not higher) using IOS36-64-v1042, bspatch.exe, and patch files that were in a 4.0 downgrader pack. The batch file looks something like this:

    Warning: Spoilers inside!

    The batch file is an excerpt from the downgradehelper.bat included in the pack.

    The point is in order to do it this way you have to have the "diff" files to patch the base IOS. I don't know if they exist for revisions other than 9.
     
  5. s3phir0th115

    Member s3phir0th115 GBAtemp Advanced Fan

    Joined:
    Dec 31, 2008
    Messages:
    700
    Country:
    United States
    Which tool do I use to pack that wad with? tf_wad_packer doesn't seem to show everything like wad creator did.
     
  6. FenrirWolf

    Member FenrirWolf GBAtemp Psycho!

    Joined:
    Nov 19, 2008
    Messages:
    4,343
    Location:
    Beaverton, OR
    Country:
    United States
    Is there some tool that can change the number of an IOS? If so you could dump IOS250 (which is a copy of 249) and then change the titleid or whatever to make it into IOS249. Of course that's assuming it dumps IOS250 correctly in the first place.
     
  7. s3phir0th115

    Member s3phir0th115 GBAtemp Advanced Fan

    Joined:
    Dec 31, 2008
    Messages:
    700
    Country:
    United States
    I think there is a tool to patch what IOS something will use, but not change the IOS itself. I could be wrong though.


    Man, you'd think information like this would be more readily available. All I'm wanting to do is make a wad so I can more easily hack 4.0 Wii's when I come across them instead of installing a trucha patched wad then running the installer.
     
  8. FenrirWolf

    Member FenrirWolf GBAtemp Psycho!

    Joined:
    Nov 19, 2008
    Messages:
    4,343
    Location:
    Beaverton, OR
    Country:
    United States
    You'll have to install a trucha patched wad to be able to get a cIOS wad installed anyway. But it will save you from having to install an old cIOS and then update it.
     
  9. s3phir0th115

    Member s3phir0th115 GBAtemp Advanced Fan

    Joined:
    Dec 31, 2008
    Messages:
    700
    Country:
    United States
    Well, from what I understand with the cboot2 workaround, the wad manager you're using will allow any IOS to be modified. That's how you're able to uninstall then install a trucha vulnerable wad in the first place. I would just want a cIOS wad so I can skip what I see as an unneeded step.

    Not only that, but I think it would also allow me to deal with LU64+ Wii's as well, since I'd be installing something designed to work with them.
     
  10. FenrirWolf

    Member FenrirWolf GBAtemp Psycho!

    Joined:
    Nov 19, 2008
    Messages:
    4,343
    Location:
    Beaverton, OR
    Country:
    United States
    Oh, right. cboot2 will install it without some other fakesigned wad.
     
  11. fogbank

    Member fogbank GBAtemp Fan

    Joined:
    Oct 28, 2008
    Messages:
    413
    Country:
    United States
    Yes, it can be done using a hex editor and modifying the TMD. Change the value at 0x18C and pack the WAD.

    Also, if you know how to read the TMD it should be possible to extract the correct .app files from a NAND dump. The "contents" section in the TMD starts at 0x1E4 and lists each file in the title. The files with type = '0001' are local files (in the CONTENT folder of that title) and the files with type = '8001' are shared files (in the SHARED1 folder). You would have to look for the files in the SHARED1 folder with the hash that corresponds to the hash listed in the TMD.

    You could use a NAND dump or a tool such as FSToolbox to obtain the correct files from the NAND.

    I think this would be a lot of work and not easy to obtain accurate results though... There is probably an easier way [​IMG]
     
  12. fogbank

    Member fogbank GBAtemp Fan

    Joined:
    Oct 28, 2008
    Messages:
    413
    Country:
    United States
    Aside from the old "cios_fix" WAD there is at least one other cIOS widely available in WAD form (LU64 fix). It is a beta version of cIOS rev11 and can easily be found. It will get you cIOS installed, but you would still have to run the installer for higher revisions.
     
  13. kyogc

    Member kyogc GBAtemp Fan

    Joined:
    Nov 24, 2008
    Messages:
    324
    Country:
    Taiwan
    It's not that hard if you know what files you want in NAND.

    By using FSToolBox and Hex, I have moved rev10 to IOS35, rev13 to IOS222 and else.

    You can use FSToolBox to dump cert, tik, title and shared1 folders, and all files you need to pack a cIOS are inside these folders.
     
  14. s3phir0th115

    Member s3phir0th115 GBAtemp Advanced Fan

    Joined:
    Dec 31, 2008
    Messages:
    700
    Country:
    United States
    Would you mind sharing what procedure you could follow for that? I have a full nand dump ready to go. I just need to know which files to get and what to use to pack them.
     
  15. fogbank

    Member fogbank GBAtemp Fan

    Joined:
    Oct 28, 2008
    Messages:
    413
    Country:
    United States
    Start here:

    http://wiibrew.org/wiki/Title_metadata

    Extract the TMD of 0000001000000F9 and check the contents section starting at 0x1E4.

    Note: this process would only allow you to recreate the cIOS revision that you currently have installed (afaik).

    Example:

    File 00000000.app
    Index = 0000
    Type = 0001 (local)
    Hash = 0D1C3FFCE20046BA0D861F25315F295DB4C9CA32

    This one's easy because it's local (already in the CONTENTS folder).

    File 00000001.app
    Index = 0001
    Type = 8001 (shared)
    Hash = B40F265AD296F362E6FBADCA53A350260656DF64

    Find the file in the SHARED1 folder with that hash and include it in the WAD as 00000001.app.

    I believe that is the process.

    EDIT: SHARED2 should have been SHARED1
     
  16. s3phir0th115

    Member s3phir0th115 GBAtemp Advanced Fan

    Joined:
    Dec 31, 2008
    Messages:
    700
    Country:
    United States
    Hmm. This is quite complicated compared to what I thought it'd be. I will take a stab at it I suppose.
     

Share This Page