Having problems getting HBC working on 4.2E sneek nand

Discussion in 'Wii - Hacking' started by jaybee, Apr 6, 2010.

  1. jaybee
    OP

    Member jaybee GBAtemp Regular

    Joined:
    Jan 29, 2010
    Messages:
    206
    Country:
    United Kingdom
    Hi,

    I know this has been covered many times before but I am finding it strange that HBC will pop up the scam screen on my 4.2E nand with latest compiled Sneek but on my 3.4E Sneek nand it's fine? I've tried to use the Sneek HBC Installer wad and placed the boot.elf from HackMiiInstaller in the root of the sd card but it just reboots the Wii and does nothing?

    I tried to follow a guide to Hex edit some files but found it confusing? Can someone do a quick howto of how to fix this? I want to use switch2sneek with it if poss but I need HBC working properly for that. Also any suggestions for a good free hex editor?

    Your help would be greatly appreciated.

    Many Thanks. [​IMG]
     
  2. gameking66

    Member gameking66 GBAtemp Advanced Fan

    Joined:
    Mar 9, 2010
    Messages:
    576
    Country:
    United States
    I can't get mine to work on 4.2 either. I either get a scam screen or a black screen.
     
  3. jaybee
    OP

    Member jaybee GBAtemp Regular

    Joined:
    Jan 29, 2010
    Messages:
    206
    Country:
    United Kingdom
    I thought it was just me going mad!

    I might just revert back to 3.4E for the time being until someone can offer a howto/solution.

    [​IMG]
     
  4. conanac

    Member conanac Be an Angel

    Joined:
    Sep 13, 2009
    Messages:
    252
    Country:
    United States
    I have not experienced this specific issue with hbc, but I could offer some suggestions on your other questions:

    If you want, you could install switch2sneek wad file into your sneek nand (using showmiiwads application), so you could use it as a channel (outside hbc). The wad file can be obtained in the same link as you get the switch2sneek hbc version.

    I use HxD for hex editing.

    Cheers.
     
  5. Krestent

    Member Krestent What to post?

    Joined:
    Mar 31, 2009
    Messages:
    3,952
    Country:
    United States
    What exactly does this scam screen look like and do? I've been hearing about ti but have never seen it.
     
  6. jaybee
    OP

    Member jaybee GBAtemp Regular

    Joined:
    Jan 29, 2010
    Messages:
    206
    Country:
    United Kingdom
    Hi conanac!

    Great work on Switch2sneek! Using 3.4E at the moment is fine for me as I am just using sneek to play troublesome wii ware thats all. I was looking at the info you put with your switch2sneek program and it states that you must not confuse it by swapping incorrectly when its in use. I was wondering if your program can detect if it is actually running on sneek or the real nand so that it could make the dangerous options unavailable. If you see what I mean. A simple check for the file arrangement would determine what mode it was in currently? I was wondering if it was possible to make a special version that just toggles the files to make life easier?

    This would eliminate the need to press A or B and would just say if mode=nand then swap to sneek, if mode = sneek then swap to nand. What do you think?

    I was thinking of taking a look at your code to see if this would be possible, but as you wrote the app you may be able to implement this far quicker?

    Thanks for your help mate. J.
     
  7. jaybee
    OP

    Member jaybee GBAtemp Regular

    Joined:
    Jan 29, 2010
    Messages:
    206
    Country:
    United Kingdom
    The HBC scam screen is basically what first appears when you run the hackMii installer for the first time. A load of text in a box that stays static for around 30 seconds before the press 1 to continue prompt appears. This usually only pops up the once but for some reason on sneek you get it everytime you run HBC sometimes, then pressing 1 to continue pops up the homebrew channel but instead of the nice pointer its giving you the finger lol
     
  8. fogbank

    Member fogbank GBAtemp Fan

    Joined:
    Oct 28, 2008
    Messages:
    413
    Country:
    United States
    All of my testing indicates that the scam screen is triggered by a mismatch of values stored in the TMD of the HBC and the console ID. When the HBC is installed through the installer on a real NAND, the installer reads the console ID from the device cert, applies an algorithm to it, and writes the result in the TMD of the HBC. These values are the 8 bytes stored at 0x1C6 in the TMD.

    When the HBC is started, it reads the console ID from the device cert, applies the algorithm, and compares that to the values in the TMD. If they do not match it goes to the scam screen. This is how TT attempted to prevent the HBC from being distributed as a WAD (i.e. if you pack HBC from a NAND dump the values in the TMD are tied to your console ID). This is all my working theory. It holds true for all of the tests that I have done, but someone else may have more accurate info.

    When SNEEK starts it attempts to create the device cert by reading the device.cert file in the sys/ folder. If that file does not exist, SNEEK generates the device cert from the actual Wii (remember that device.cert is not a file on the real NAND so it won't be in a NAND dump. It is normally generated by IOS when it is needed). The device cert contains the console ID.

    To prevent the scam screen you must have values in the HBC TMD that match the console ID (after the algorithm has been applied). The simplest way to do that is to use the HBC TMD from a NAND dump that came from the Wii that you are running SNEEK on. If you do that, do not have a device.cert file in the sys/ folder (or if you do, make sure it has the console ID of the Wii you are running SNEEK on).

    The method that I use, and that works every time for me, is to create a device.cert file with a console ID of 11111111 and use an HBC TMD with values B2 B8 8B A4 EB 25 19 51. I have tested this on NANDs from the same Wii and from a different Wii. I have tested it with different setting.txt and sysconf files. I use this method when I create a NAND from scratch and I never get the scam screen (unless I forget to copy the device.cert to the sys/ folder).

    To make it more convenient I have packed this into a WAD that I install on every newly created NAND using ShowMiiWads.

    One final note: You must check the ticket of the HBC to make sure it says "TheMostAwesomest" and not "GottaGetSomeBeer" at 0x1BF. Do not use ShowMiiWads to pack an HBC wad from a NAND dump. It will change the ticket to "GottaGetSomeBeer" (I have no idea why). If you are going to pack an HBC wad you need to gather the necessary files from a NAND dump and use an older tool (I use BFGR WadTools).

    Yes this is long and complicated, but it works for me every time.

    As far as the HBCI installer channel is concerned, it is picky about SD cards. If you can't get it to work try a different SD card.
     
  9. conanac

    Member conanac Be an Angel

    Joined:
    Sep 13, 2009
    Messages:
    252
    Country:
    United States
    Feel free to alter and improve the codes. That is the main reason we have the codes with open source license.
    And if you could share with others the improvements, it will be greatly appreciated.

    I have responded to your PM as well.

    Cheers.
     
  10. jaybee
    OP

    Member jaybee GBAtemp Regular

    Joined:
    Jan 29, 2010
    Messages:
    206
    Country:
    United Kingdom
    Thanks for your help! You are a Star! I've been looking for an app like switch2sneek for some time now and thanks to you and a slight bit of modding to the code, I now have exactly what I was after. I followed your instructions to modify to channel wad and it worked fine on the sneek nand and also on the real nand too. Now I dont really need Homebrew Channel on my sneek nand anymore now! So I might as well flip back to my 4.2E nand and just remove homebrew channel from the sneek nand. I will make a few amendments later on and upload this and link to it so others can try it out. It was hardly rocket science to combine the two options into one. A simple mod. [​IMG]

    Thanks again! I really appreciate all your help and support! [​IMG]
     

Share This Page