Hacking I bricked my Wii U because I changed system.xml: flash NAND guide?

Will could I fix my console?

  • Yes

    Votes: 10 16.4%
  • No

    Votes: 28 45.9%
  • Maybe

    Votes: 23 37.7%

  • Total voters
    61

Scoop111

Well-Known Member
Newcomer
Joined
Feb 15, 2015
Messages
67
Trophies
0
Age
37
XP
93
Country
Gambia, The
@QuarkTheAwesome - Wait, from what I understand (could be wrong), the OP has a backup of his NAND from before he made any changes. So why would he need the keys? He could just flash that backup to NAND. From my understanding he only needed the keys if he didn't make a backup beforehand to dump, decrypt, repair and re-encrypt.
 

Irastris

Well-Known Member
Member
Joined
May 3, 2015
Messages
1,115
Trophies
0
XP
862
Country
United States
He was able to fix it, so why wouldn't the OP be able to?

Because Smealum had his OTP keys, if I recall correctly. Meaning he was able to decrypt his NAND dump, revert the changes to system.xml, re-encrypt and flash the fixed NAND.

OP doesn't have a copy of the OTP keys for his console.
 

AboodXD

I hack NSMB games, and other shiz.
Member
Joined
Oct 11, 2014
Messages
2,873
Trophies
1
Location
Not under a rock.
XP
2,877
Country
United Arab Emirates
Because Smealum had his OTP keys, if I recall correctly. Meaning he was able to decrypt his NAND dump, revert the changes to system.xml, re-encrypt and flash the fixed NAND.

OP doesn't have a copy of the OTP keys for his console.
Well, that's dumb.
I would recommend everyone to dump their OTP in case something like this happens.
 

Scoop111

Well-Known Member
Newcomer
Joined
Feb 15, 2015
Messages
67
Trophies
0
Age
37
XP
93
Country
Gambia, The
That's what I meant. If you have a backup from before you did any changes to system.xml, what changes do you want to revert? The system.xml in that backup should be already okay. No need to repair anything, cause it was taken from a running system. The keys would only be needed if you didn't make any backup to fix a broken NAND backup made after the brick.
 
Last edited by Scoop111,
  • Like
Reactions: wicksand420

Irastris

Well-Known Member
Member
Joined
May 3, 2015
Messages
1,115
Trophies
0
XP
862
Country
United States
That's what I meant. If you have a backup from before you did any changes to system.xml, what changes do you want to revert? The system.xml in that backup should be alraedy okay.
He doesn't have a backup of his sysNAND from the NAND chip. He only has a dump of the NAND on his SD card from redNAND.

Even if he found a way to merge the 3 IMGs created by SDio into one proper IMG, whose to say the console would even play nice with a modified NAND like that.
 

Scoop111

Well-Known Member
Newcomer
Joined
Feb 15, 2015
Messages
67
Trophies
0
Age
37
XP
93
Country
Gambia, The
I haven't read into redNAND much. But isn't the process like dumping original NAND, then inject patches into it. So at some point there should be an unaltered backup, that can just be flashed back. About the three files, I thought the WiiU had two NAND banks, one for Wii, one for WiiU. I don't know where the third comes from, but they should be flashable seperately.
I'm just curious to learn more, because I only used my teensey2++ on PS3 before...
 
Last edited by Scoop111,

Irastris

Well-Known Member
Member
Joined
May 3, 2015
Messages
1,115
Trophies
0
XP
862
Country
United States
I haven't read into redNAND much. But isn't the process like dumping original NAND, then inject patches into it. So at some point there should be an unaltered backup, that can just be flashed back. About the three files, I thought the WiiU had two NAND banks, one for Wii, one WiiU. I don't know where the third comes from, but they should be flashable seperately.
I'm just curious, because I only used my teensey2++ on PS3 before...
I'm honestly not certain. I haven't researched whether or not the NAND dump from redNAND is clean, and the fw.img holds the patches, or if the NAND dump gets patched and the fw.img is only responsible for loading in to it.

Either way, sounds to me like OP has already thrown away his console, unless he was just summing up the situation earlier.
 
Last edited by Irastris,

QuarkTheAwesome

Working for Hugs
Member
Joined
Apr 19, 2015
Messages
970
Trophies
1
Location
Stuck in the PowerPC
XP
3,302
Country
Australia
@QuarkTheAwesome - Wait, from what I understand (could be wrong), the OP has a backup of his NAND from before he made any changes. So why would he need the keys? He could just flash that backup to NAND. From my understanding he only needed the keys if he didn't make a backup beforehand to dump, decrypt, repair and re-encrypt.

He doesn't have a backup of his sysNAND from the NAND chip. He only has a dump of the NAND on his SD card from redNAND.

Even if he found a way to merge the 3 IMGs created by SDio into one proper IMG, whose to say the console would even play nice with a modified NAND like that.

You may have a point.
I'm unfamiliar with the formats and such redNAND uses; so I can't say for sure exactly what's behind those files.
What I will say is that if the names of the files are to be believed; each one is a dump of a physically separate chip on the Wii U; thus you don't need to merge them since each one is for a different chip. If you're lucky you'll only need to flash the SLC file to fix system.xml.
There are a few prerequisites:
  • The .img is correctly encrypted with your console-specific key OR you have an OTP dump
  • The image is a complete dump of the whole chip and is not corrupt.
  • The image is clean; with no fake titles or patches.
These conditions met and with confirmation by someone familiar with redNAND you may be able to use a Teensy to flash your SLC.
I also meant to tag @Sans-Serif in the last post; somehow messed that up :3
 
  • Like
Reactions: Ryccardo

Scoop111

Well-Known Member
Newcomer
Joined
Feb 15, 2015
Messages
67
Trophies
0
Age
37
XP
93
Country
Gambia, The
lrastris - Yeah, considering the costs for some decent soldering equipment + a teensy and the time and efford he's probably better off just getting a new WiiU. Still sad to see one getting trashed. Anyway, thank you for sharing those infos. Always happy to learn more about the hardware-side of things...
 

Scoop111

Well-Known Member
Newcomer
Joined
Feb 15, 2015
Messages
67
Trophies
0
Age
37
XP
93
Country
Gambia, The
@Irastris - Haha, can understand that ^^

@QuarkTheAwesome - That's exactly my thoughts. From the little I've read, CFWbooter should create a NAND dump from the chips. If it doesn't alter anything in that process, one should be able to just flash those images back through the teensy. I would actually test this if I had a spare WiiU ^^ Probably in the future...
 
Last edited by Scoop111,

mp3man

Member
Newcomer
Joined
Dec 4, 2009
Messages
17
Trophies
0
XP
379
Country
United States
But what was the reason of bricking? Did you write something wrong besides the correct number in Region_Game? What does Brain Age have a connection with the brick? I couldn't get it..
 
Last edited by mp3man,

NintendU_the_great

OFFICIAL GBATEMP TROLLER
Banned
Joined
Oct 4, 2015
Messages
252
Trophies
0
Age
19
Location
in yer toilet!
Website
www.gbatemp.net
XP
60
Country
India
But what was the reason of bricking? Did you write something wrong besides the correct number in Region_Game? What does Brain Age have a connection with the brick? I couldn't get it..
seting default title to something not in internal storage - in the USB instead. but the wii u can only mount (access) USB when wii u menu loads, but instead the game / title from USB was gonna load.... you get the idea.

edit : ninja'd xD
 

sdtg34520

GURU MEDITATION ERROR
Banned
Joined
Mar 26, 2016
Messages
194
Trophies
0
XP
434
Country
New Zealand
You may have a point.
I'm unfamiliar with the formats and such redNAND uses; so I can't say for sure exactly what's behind those files.
What I will say is that if the names of the files are to be believed; each one is a dump of a physically separate chip on the Wii U; thus you don't need to merge them since each one is for a different chip. If you're lucky you'll only need to flash the SLC file to fix system.xml.
There are a few prerequisites:
  • The .img is correctly encrypted with your console-specific key OR you have an OTP dump
  • The image is a complete dump of the whole chip and is not corrupt.
  • The image is clean; with no fake titles or patches.
These conditions met and with confirmation by someone familiar with redNAND you may be able to use a Teensy to flash your SLC.
I also meant to tag @Sans-Serif in the last post; somehow messed that up :3
alright big papa
y'all gonna need like 17 wires for a single side SLC mod. these are gonna have to be soldered onto tiny ass SMD resistor spots. now these ain't your daddy's solder pads like on the 3DS, these things are small. oh, and don't forget to wick up excess solder. i shorted my SLC and killed it by not doing that, needed to get the whole console replaced.

you're also going to need a clean 3.3V power supply. i suggest building one out of a USB cable and a 5V > 3.3V buck converter, you can find these on AliExpress. mine are "Canton-Power" boards.

it's a Teensy++ 2.0 you need, specifically for the extra pins and horsepower. you can find NANDway pinouts online for where you solder to the Teensy, just remember you're only restoring the Wii U side of the SLC, so use the signal booster version.

http://wiiubrew.org/wiki/TSOP_NAND
good luck, if you're knew to this god fucking knows you'll need it
 

nikeymikey

This is now a Spiderman thread.........
Member
Joined
Nov 19, 2008
Messages
1,478
Trophies
0
XP
2,161
Country
United Kingdom
IMG_4454.jpg
 
General chit-chat
Help Users
    linuxares @ linuxares: just indian scammers trying to get money