Hacking How to unbrick you Wii 101

pspmte

Well-Known Member
OP
Member
Joined
Oct 23, 2008
Messages
244
Trophies
0
XP
224
Country
I made this guide to help people unbrick their Wii's, and have been working on it for well over a year. May I present to you: Wii Unbricking 101.

Items Required:
An Infectus
A TSOP socket 48A (Farnell part number 109-5884)
A Triwing screwdriver
Solder/Desolder
To know what Broadway chip you have, such as 5070 or 5048.
A Hex Editor
Betwiin

The guide

First, take the Wii apart, and unsolder the NAND chip from the board and install it to your Infectus with Socket, I had spent forever trying to hardwire the Infectus to the Wii's NAND but had failed.

Now we need to install Bootmii by Team Twiizers to your Wii, I used Soft-Xavbox-Programmer to install a Boot1b Boot2v3 Bootmii (My broadway ID was 5070) and then I proceeded to flash the NAND blocks 0-8.

Now carefully resolder the NAND back on the Wii's board and half build the Wii using the heat sink, Bluetooth and Wifi card and power on the Wii with the appropriate Bootmii files on the SD card, you should be in Bootmii.

Use Bootmii to make a NAND backup, as we need the HMAC and NAND key to fix the Wii. Now take out the SD card and open the NAND.bin with WinHex (I also reccomend making a backup on your PC) and get the keys, and save the last 1024 bytes of the file as you will need this later.


The HMAC-key is 20 bytes on $21000144
The NAND-key is 16 bytes on $21000158

Save the keys to Betwiin's output folder and then when Betwiin is done you should have a flash.bin file.

Open the flash.bin file in WinHex and add the last 1024 bytes from NAND.bin to it.

Open NAND.bin and copy 250 pages starting at $0 and then paste it to flash.bin starting at $0.

Save the file as NAND.bin an copy to your SD card, and restore it with Bootmii.

Your Wii should be fixed!

Thanks to:
Bushing/Team Twiizers for their programs and Bootmii.
Hibit for telling me about the HMAC and NAND keys
BeeGee7730 for my guide mod

http://i424.photobucket.com/albums/pp322/l...id/DSC04388.jpg

http://i424.photobucket.com/albums/pp322/l...id/DSC04391.jpg
 

wyndcrosser

Well-Known Member
Member
Joined
May 28, 2009
Messages
725
Trophies
0
XP
200
Country
United States
pspmte, if what you are saying actually works GREAT, however you need to supply better grammar and pictures, while removing that font. This could cause mass confusion and noobs shouldn't be modding/soldering if they can't handle a simple softmod.

Again, nice post. Please fix some of your issues.

Wynd
 

G0dLiKe

who needs a title ;)
Member
Joined
Aug 2, 2009
Messages
1,674
Trophies
0
Website
db.tt
XP
206
Country
United States
Well done.

As stated above this indeed could cause mass confusion...

Make your post a bit more structured.
 

SifJar

Not a pirate
Member
Joined
Apr 4, 2009
Messages
6,022
Trophies
0
Website
Visit site
XP
1,175
Country
Perhaps you could split stuff into seperate steps and get all spelling and grammar right, and it a bit better laid out? With that, this could be amazing. As it is, it looks like it'd give me a headache if I tried to read it (no offence). Great job putting this together though.
 
D

Deleted-171178

Guest
Here it is with better grammar.

I made this guide to help people unbrick their Wii's, and have been working on it for well over a year. May I present to you: Wii Unbricking 101.

Items Required:[*]An Infectus[*]A TSOP socket 40A (Farnell part number 109-5884)[*]A Triwing screwdriver[*]Solder/Desolder[*]To know what Broadway chip you have, such as 5070 or 5048.[*]A Hex Editor[*]BetwiinThe guide

First, take the Wii apart, and unsolder the NAND chip from the board and install it to your Infectus with Socket, I had spent forever trying to hardwire the Infectus to the Wii's NAND but had failed.

Now we need to install Bootmii by Team Twiizers to your Wii, I used Soft-Xavbox-Programmer to install a Boot1b Boot2v3 Bootmii (My broadway ID was 5070) and then I proceeded to flash the NAND blocks 0-8.

Now carefully resolder the NAND back on the Wii's board and half build the Wii using the heat sink, Bluetooth and Wifi card and power on the Wii with the appropriate Bootmii files on the SD card, you should be in Bootmii.

Use Bootmii to make a NAND backup, as we need the HMAC and NAND key to fix the Wii. Now take out the SD card and open the NAND.bin with WinHex (I also reccomend making a backup on your PC) and get the keys, and save the last 1024 bytes of the file as you will need this later.


The HMAC-key is 20 bytes on $21000144
The NAND-key is 16 bytes on $21000158

Save the keys to Betwiin's output folder and then when Betwiin is done you should have a flash.bin file.

Open the flash.bin file in WinHex and add the last 1024 bytes from NAND.bin to it.

Open NAND.bin and copy 250 pages starting at $0 and then paste it to flash.bin starting at $0.

Save the file as NAND.bin an copy to your SD card, and restore it with Bootmii.

Your Wii should be fixed!

Thanks to:
Bushing/Team Twiizers for their programs and Bootmii.
Hibit for telling me about the HMAC and NAND keys.

Images:

DSC04388.jpg

DSC04391.jpg
 

mattjd

Well-Known Member
Member
Joined
Aug 1, 2009
Messages
233
Trophies
0
Location
Malvern
Website
Visit site
XP
55
Country
I think a clear picture with each instruction would help people alot.

Maybe some download links to the programmes you used. Maybe a programme which grabs the keys.bin for the user, obviously for the HEX noobs.

If this was very clear then it would save alot of users that are really serious about fixing there wii without sending to nintendo (Modchip users).

Maybe a couple of warnings saying only for advanced unbrickers and experienced solderers (like me
smile.gif
)

edit: Would this also enable people who can not install bootmii to install it if they flashed there nand chip with an infectus? Maybe for the serious people out there that really want bootmii
tongue.gif
 

SifJar

Not a pirate
Member
Joined
Apr 4, 2009
Messages
6,022
Trophies
0
Website
Visit site
XP
1,175
Country
that's better. Good guide, it was just badly formatted. thanks beegee7730. BTW, the pictures show up fine for me, why are they showing as moved or deleted in your post?
 

baicunko

Member
Newcomer
Joined
Oct 20, 2009
Messages
10
Trophies
0
XP
11
Country
Cote d'Ivoire
I'm going to try what you are doing, im waiting for my infectus chip.
do i need to desolder the nand from the mother board?
Can i try soldering the wires directly to nand?
thanks
 

pspmte

Well-Known Member
OP
Member
Joined
Oct 23, 2008
Messages
244
Trophies
0
XP
224
Country
edit: Would this also enable people who can not install bootmii to install it if they flashed there nand chip with an infectus? Maybe for the serious people out there that really want bootmii
tongue.gif

[/quote]


This is my next project to find this out
 

pspmte

Well-Known Member
OP
Member
Joined
Oct 23, 2008
Messages
244
Trophies
0
XP
224
Country
baicunko said:
I'm going to try what you are doing, im waiting for my infectus chip.
do i need to desolder the nand from the mother board?
Can i try soldering the wires directly to nand?
thanks


As i said in my guide i could not get a good write to the nandflash with the infectus connected in parallel to the wii
The best result is to take the flash off and then write the boot1b boot2vX
 

Lindfalas

Active Member
Newcomer
Joined
Feb 26, 2009
Messages
33
Trophies
0
XP
24
Country
pspmte said:
I will when i get chance but the fact is it really works, i have fixed 3 bricked wiis


This sounds great. Maby I can fix a broken Wii I got here( got it free).
But the guid need some more info.
Like how to wire all.

Before I go out to buy a infectios2 chip I need to know this will work on all Wii.
The Wii I got here I dont know much about.
I already tryed all things I know, but no luck yet to get it to work.
But this seems intressting.
Can you make a video on it to?

Greetz
 

techboy

Well-Known Member
Member
Joined
Mar 15, 2009
Messages
1,720
Trophies
0
Age
32
Location
Pennsylvania
Website
Visit site
XP
316
Country
United States
Well, I always wondered how to install bootmii and restore a wii with an infectus...

Anyway, this won't work if the wii has a fixed boot1, seeing that we can't modify it, and bootmii boot2 won't run on those wiis. Can you simply flash the entire flash.bin (without the bootmii key footer) using the infectus?
 

D1RTMANN

Member
Newcomer
Joined
Jan 10, 2010
Messages
11
Trophies
0
XP
23
Country
United States
pspmte said:
I made this guide to help people unbrick their Wii's, and have been working on it for well over a year. May I present to you: Wii Unbricking 101.

Items Required:
An Infectus
A TSOP socket 48A (Farnell part number 109-5884)
A Triwing screwdriver
Solder/Desolder
To know what Broadway chip you have, such as 5070 or 5048.
A Hex Editor
Betwiin

The guide

First, take the Wii apart, and unsolder the NAND chip from the board and install it to your Infectus with Socket, I had spent forever trying to hardwire the Infectus to the Wii's NAND but had failed.

Now we need to install Bootmii by Team Twiizers to your Wii, I used Soft-Xavbox-Programmer to install a Boot1b Boot2v3 Bootmii (My broadway ID was 5070) and then I proceeded to flash the NAND blocks 0-8.

Now carefully resolder the NAND back on the Wii's board and half build the Wii using the heat sink, Bluetooth and Wifi card and power on the Wii with the appropriate Bootmii files on the SD card, you should be in Bootmii.

Use Bootmii to make a NAND backup, as we need the HMAC and NAND key to fix the Wii. Now take out the SD card and open the NAND.bin with WinHex (I also reccomend making a backup on your PC) and get the keys, and save the last 1024 bytes of the file as you will need this later.


The HMAC-key is 20 bytes on $21000144
The NAND-key is 16 bytes on $21000158

Save the keys to Betwiin's output folder and then when Betwiin is done you should have a flash.bin file.

Open the flash.bin file in WinHex and add the last 1024 bytes from NAND.bin to it.

Open NAND.bin and copy 250 pages starting at $0 and then paste it to flash.bin starting at $0.

Save the file as NAND.bin an copy to your SD card, and restore it with Bootmii.

Your Wii should be fixed!

Thanks to:
Bushing/Team Twiizers for their programs and Bootmii.
Hibit for telling me about the HMAC and NAND keys
BeeGee7730 for my guide mod

http://i424.photobucket.com/albums/pp322/l...id/DSC04388.jpg

http://i424.photobucket.com/albums/pp322/l...id/DSC04391.jpg


I cannot get betwiin to work it says error on line 4 could not load numpy, whatever that means.

Also if you could not be so VAGUE with the instructions of usage with betwiin, not everyone knows as much as you may. I know it involves more then just puttin keys in the output folder.

How about What exactly you put in output folder including what you may have to name the files, same for output folder.

I/we need more info then

* Copy input dump file to input/flash.bin.
 

Erikie

Active Member
Newcomer
Joined
Jan 12, 2010
Messages
36
Trophies
0
XP
29
Country
Netherlands
I flashed many samsung nand chips with the nand still on the board without any problem.
So I don't know why you keep telling you need to remove them. It is simply not true
 

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
  • SylverReZ @ SylverReZ:
    Google isn't very helpful anymore, you get recommended loads of crap that doesn't solve the thing that you're looking for.
    +1
  • Sicklyboy @ Sicklyboy:
    @K3Nv2, afaik yeah but I also don't think that it runs on home grade routers like openwrt/dd-wrt does. OPNsense runs on full-on x86 PC hardware
  • K3Nv2 @ K3Nv2:
    Sadly openwrt seems to be dying for support unless it's just. Anew name
  • K3Nv2 @ K3Nv2:
    Like made by the same devs different architecture
  • Sicklyboy @ Sicklyboy:
    idk, I mean it had a new release back in March https://github.com/openwrt/openwrt/releases
  • Sicklyboy @ Sicklyboy:
    Not sure how recent hardware it supports though
  • K3Nv2 @ K3Nv2:
    I mean for 1st party routers iirc linksys use to support it
  • Sicklyboy @ Sicklyboy:
    ahhhh that I have no idea
  • Sicklyboy @ Sicklyboy:
    pretty cool though if so
  • K3Nv2 @ K3Nv2:
    Or from what ive heard ways to set custom imgs for 1st party routers so locked down now days
  • Sicklyboy @ Sicklyboy:
    OPNsense VM and specs and specs of system it's running on. https://imgur.com/a/S9wgGUD
  • Sicklyboy @ Sicklyboy:
    I've turned more features on in OPNsense lately and it's getting kind of high on RAM usage, I see. Probably bump that up to 4GB soon
  • K3Nv2 @ K3Nv2:
    I wanna make a 8core router with support for 20gbps doesn't even sound that silly lol
  • Sicklyboy @ Sicklyboy:
    I only have 1 gig internet but internally I have 10 gig connectivity for everything on my lan lol
  • Sicklyboy @ Sicklyboy:
    fiber connection from my desktop PC back to my core network switch
  • Sicklyboy @ Sicklyboy:
    2 port HPE SFP+ PCIE NIC in my desktop and all of my servers
  • Sicklyboy @ Sicklyboy:
    silly shit
  • Sicklyboy @ Sicklyboy:
    eventually this desktop is going to act as a server too, just for the hell of it. Because this PC is WAY fucking overkill for how little I use it.
  • Sicklyboy @ Sicklyboy:
    And once I do that, my desktop OS that I interact with is just going to be a virtual machine and use GPU passthrough to connect everything
  • K3Nv2 @ K3Nv2:
    Send it to me ffs
  • Sicklyboy @ Sicklyboy:
    No because it's my desktop lol
  • Sicklyboy @ Sicklyboy:
    The most use this PC is getting right now is 979 Chrome tabs open right now
  • K3Nv2 @ K3Nv2:
    This is my desktop there are many like it but it is mine alone
  • K3Nv2 @ K3Nv2:
    Enabled PPPoE on router now no wifi connection lul
    Sicklyboy @ Sicklyboy: F