Hacking idea for getting the benefits of cioscorp with a less risky installati

tusko · Jan 28, 2009

First, to say that i'm not a developer (not a homebrew developer, i mean) and i'm surely wrong but i am curious about if the following implementation could be possible. If i am very wrong, i'll ask the deletion of this post upon request. Please, do not be harsh.

Background
At the beginning, we had backup loaders. They work because they are able to read backups using an special IOS (249), which is a modification of a previous IOS (37) with patched backup reading functionality (notice that IOS 249 uses a different number that 37, thus you can have both installed, the original and the hacked one). On the other hand, games themselves are compiled to use another IOS numbers (not 249). To solve that, backup loaders force games to use 249 dynamically (on loading), so the games can also access the DVD. However, this is one of the main problems of compatibility, because some games do not work well when forced to work on an IOS 37 derivative.

CIOSCORP avoids compatibility problems by introducing the backup functionality to all the IOS installed in the system. Therefore, any IOS is able to read backups, so the disk channel can load backups, and games can access the data on the DVD backup using the IOS they were programmed for. The problem is that installing CIOSCORP is more riskii

than installing IOS249 and a backup loader, because you are modifying IOSes potentially used now or in the future by the wii system. That is, you are replacing your original IOS 16 for another, instead of only adding one IOS more, that is the riskii thing, isn't it?

Proposal

Two main steps:

a) Do not replace every IOS in the system, but install alternative versions for all of them with numbers that can be calculated from a table or a simple function. For example, 37+212=249, then you can obtain the numbers for 36->248, etc. It is only an example, I will prefer myself an smaller sum (+128) or to change one of the bits in the binary form of the original IOS number.

b) Have a backup loader that does not force 249 to all the games, but force its corresponding modified IOS. If the game requires IOS 36, force 248. That is, you force the IOS which is the same than the required by the game, plus the backup reading functionality.

I think this would solve most compatibility problems, with less risks than replacing all the IOSes in the system.

Potential problems

Space, of course. We double the number of IOSes in the system. Is there enough room? It should be possible to the backup loader to install IOSes dynamically from SD when necessary. But, what happens if an installation goes wrong?

Maybe backup loaders cannot detect which IOS the game is requiring a priori (I assume they can). Anyway backup loaders should let the user to change the forced IOS number from menu, to try different versions and let users to have a database of best IOS-game correspondences.

Games that change IOS during execution are not supported (CIOSCORP should support them right now). If changing the IOS dynamically is performed by the IOS API, maybe this problem could be solved but modifying the implementation to choose the corresponding hacked IOS.

batwings21 · Jan 28, 2009

By not patching the system menu Ios you lose the ability to boot from the disc channel, one of the key benefits of cIOSCORP.

Screemer · Jan 28, 2009

great would be installing a patched ios on the fly corresponding to the one the game needs and forcing the game to load with this ios. even better would be a complete in memory on the fly patching of the necessary ios with no leftover after rebooting. for one of this options i could live without discchannel loading. maybe it would be possible to create a alternative disc loading channel which is capable of displaying the disc banner as well.

tueidj · Jan 28, 2009

Heh, this is exactly what I've done on my system. I've got all the cIOSes installed in their regular positions + 128. Preloader is installed and is set to autoboot a .dol that I made that does the following:
- loads IOS158 (cIOS30)
- patches the system menu so that when it boots a disc it loads the requested IOS+128
- loads the system menu.
Currently I'm trying to patch the cIOSes further so that any IOS reload calls made within the game will also load the cIOSes rather than the real IOSes. Unfortunately this involves patching at least 3 different functions.
Channels launched from the system menu still use the original IOSes.
To disable it all I just set preloader to autoboot the system menu rather than my .dol.

If you want a backup loader that allows you to select which IOS is used, try softchip.

tusko · Jan 28, 2009

tueidj said:
Heh, this is exactly what I've done on my system. I've got all the cIOSes installed in their regular positions + 128. Preloader is installed and is set to autoboot a .dol that I made that does the following:
- loads IOS158 (cIOS30)
- patches the system menu so that when it boots a disc it loads the requested IOS+128
- loads the system menu.
Currently I'm trying to patch the cIOSes further so that any IOS reload calls made within the game will also load the cIOSes rather than the real IOSes. Unfortunately this involves patching at least 3 different functions.
Channels launched from the system menu still use the original IOSes.
To disable it all I just set preloader to autoboot the system menu rather than my .dol.

If you want a backup loader that allows you to select which IOS is used, try softchip.

Hey, that is great! How is compatibility? Can you tell me which documentation can be helpful to set my system like that?

tusko · Jan 28, 2009

Screemer said:
great would be installing a patched ios on the fly corresponding to the one the game needs and forcing the game to load with this ios. even better would be a complete in memory on the fly patching of the necessary ios with no leftover after rebooting. for one of this options i could live without discchannel loading. maybe it would be possible to create a alternative disc loading channel which is capable of displaying the disc banner as well.

Of course on-the-fly patching is the ideal thing, but it is more complex to implement. What I'm proposing here is more static, you have all the required stuff in place before execution.

FRanatic · Jan 28, 2009

@ tueidj:

Will we be seeing this go public once you reach the goals you've set ?
I'm really interested !

tueidj · Jan 28, 2009

At the moment there's compatability problems with games that reload an IOS while running (as mentioned I'm trying to find a solution, but it's tricky and I'm not very devoted to it) also there may be problems launching gamecube games from the disc channel, I'm not sure because I don't have any. All of my backups work from the disk channel except NTSC Rock Band 2, since it doesn't support PAL.

I'm afraid I can't point to any specific documentation. I modified patchmii to fetch/patch/install the cIOSes to the +128 slots, wrote the .dol myself using devkitpro and came up with the sysmenu patch just by changing the opcodes used by waninkoko's menupatcher.

yakboy · Jan 28, 2009

I don't know why people keep saying that CIOS is risky. There is a lot of hype around it and plenty of people have installed it with out issues. Maybe a WAD that would go through and install them one by one and then back out if there was error and install the normal MOD back in it's place. I have loaded CIOS and haven't looked back. What needs to be focused on is x6 speed.

tueidj · Jan 28, 2009

FRanatic said:
@ tueidj:

Will we be seeing this go public once you reach the goals you've set ?
I'm really interested !

I don't intend to make a public release. For starters people here would see it as a competitor to cIOSCORP/softmii/riskiimod/whateverii and probably bag the crap out of it. Secondly I could never in good conscience recommend installing preloader; even though I am willing to use it myself (it comes in very handy to make the wii boot straight to HBC when developing) I think most people don't fully consider the risks and also in most cases they don't even need it.

WiiPower · Jan 28, 2009

Sorry, that's wrong. You could install the cIOS36 as every IOS, maybe except IOS30 for the disc channel and nearly all games would be running fine. The problems in Gamma and SoftChip come from games loading their IOS themselves(IOS Version patching games) and from the fact that they are loading games differently from the disc channel(Sam & Max, Far Cry and 002 error games).

The IOS Version patch only patches the game to think, it wants IOS249, it's just a change from one number to 249. (and the signature of course). When you know that, you know why overwriting the original IOS with a backup cIOS lets you play the game with a 1:1 copy with ALL methods to launch backups.

tusko · Jan 28, 2009

tueidj said:
At the moment there's compatability problems with games that reload an IOS while running (as mentioned I'm trying to find a solution, but it's tricky and I'm not very devoted to it) also there may be problems launching gamecube games from the disc channel, I'm not sure because I don't have any. All of my backups work from the disk channel except NTSC Rock Band 2, since it doesn't support PAL.

I'm afraid I can't point to any specific documentation. I modified patchmii to fetch/patch/install the cIOSes to the +128 slots, wrote the .dol myself using devkitpro and came up with the sysmenu patch just by changing the opcodes used by waninkoko's menupatcher.

Is there a lot of games performing IOS reloading?

On the other hand, I would not follow exactly the same route. For me, the easiest way to try this is a) first use patchmii as you say and b) install softchip and try manually if i am able to load backups that can be loaded only with CIOSCORP without glitches.

What do you think about this plan? The difficult part is the a) part. Any help will be welcome. For a start, what patches include patchmii? is the dvd reading functionality added by default or do you need some patch file? Did you added a loop to patchmii to fetch/patch/install several IOSes at once or did you use a safest route (i.e., modify patchmii for each IOS that you want to install). Finally, there can appear region issues? (my wii is PAL, yours seems NTSC).

tusko · Jan 28, 2009

WiiPower said:
Sorry, that's wrong. You could install the cIOS36 as every IOS, maybe except IOS30 for the disc channel and nearly all games would be running fine. The problems in Gamma and SoftChip come from games loading their IOS themselves(IOS Version patching games) and from the fact that they are loading games differently from the disc channel(Sam & Max, Far Cry and 002 error games).

The IOS Version patch only patches the game to think, it wants IOS249, it's just a change from one number to 249. (and the signature of course). When you know that, you know why overwriting the original IOS with a backup cIOS lets you play the game with a 1:1 copy with ALL methods to launch backups.

Ok. I understand. Sorry for posting with wrong assumptions. If I do not get any other response confirming what I thought from a developer, I'll edit the post and ask the moderators for closing/deletion soon. If that happens, sorry for increasing the noise ratio.

tueidj · Jan 28, 2009

WiiPower said:
Sorry, that's wrong. You could install the cIOS36 as every IOS, maybe except IOS30 for the disc channel and nearly all games would be running fine.Guitar Hero World Tour and Rock Band 2 have several problems running on any IOS other than 37. Animal Crossing needs another specific IOS IIRC. It's logical that these problems are going to be more common in the future. Also I think it's a better idea to have channels/wiiware/VC run on unmodified IOS since they can be updated easily by nintendo (unlike discs where the software is typically 3 or 4 months old before it even hits the shelves).

tuskoIs there a lot of games performing IOS reloading?

It's uncommon, House of the Dead 2 + 3 is one that springs immediately to mind (probably reloads IOS because it's really 2 separate titles with a startup choice menu).

By default patchmii will only patch the trucha bug fix and the unencrypted dvd sector read limit. I added waninkoko's dip module and his additional ES patches (cause you know, if you're going to patch the signature check, may as well nuke it completely). Initially I set patchmii to loop and did IOS30 and up (skipping the early monolothic kernels) then reconfigured it to install cIOS30 as IOS137(9) and IOS149(21). They're the only early IOS versions that get used on my wii. Regions aren't an issue, the same IOS builds are used everywhere.

WiiPower · Jan 28, 2009

tusko said:
WiiPower said:

Sorry, that's wrong. You could install the cIOS36 as every IOS, maybe except IOS30 for the disc channel and nearly all games would be running fine. The problems in Gamma and SoftChip come from games loading their IOS themselves(IOS Version patching games) and from the fact that they are loading games differently from the disc channel(Sam & Max, Far Cry and 002 error games).

The IOS Version patch only patches the game to think, it wants IOS249, it's just a change from one number to 249. (and the signature of course). When you know that, you know why overwriting the original IOS with a backup cIOS lets you play the game with a 1:1 copy with ALL methods to launch backups.

Click to expand...

Ok. I understand. Sorry for posting with wrong assumptions. If I do not get any other response confirming what I thought from a developer, I'll edit the post and ask the moderators for closing/deletion soon. If that happens, sorry for increasing the noise ratio.

Your idea isn't bad, you just made (in my eyes) false premises that's it. Look at SoftChip if you haven't done it yet, it allows you to select the IOS to load and it can detect which IOS is "required"(wanted) by the game. As soon as SoftChip gets a function to reload the IOS after the wanted IOS is detected, you could do exactly what you wanted. I'm thinking of a table or something, when the wanted IOS is 9,21,35,36 then load IOS249, if the wanted IOS is 37 then load IOS232 ...

Consider this on my wishlist for SoftChip.

fogbank · Jan 28, 2009

tusko said:
Two main steps:

a) Do not replace every IOS in the system, but install alternative versions for all of them with numbers that can be calculated from a table or a simple function. For example, 37+212=249, then you can obtain the numbers for 36->248, etc. It is only an example, I will prefer myself an smaller sum (+128) or to change one of the bits in the binary form of the original IOS number.

It might be possible to replace the following .APP files in SHARED1 on the NAND with DIP'ed versions:

00000008.APP
00000015.APP
0000003B.APP
00000044.APP

This might work instead of replacing every IOS with CIOS. I believe that all IOS versions above 22 use one of these four shared .APP files for DVD access. It would be best if each one of these .APP files had the DIP functionality patched into them rather than use a generic DIP patched .APP file. This wouldn't work for IOS versions 9-22 though.

Jacobeian · Jan 28, 2009

tueidj said:
Heh, this is exactly what I've done on my system. I've got all the cIOSes installed in their regular positions + 128. Preloader is installed and is set to autoboot a .dol that I made that does the following:
- loads IOS158 (cIOS30)
- patches the system menu so that when it boots a disc it loads the requested IOS+128
- loads the system menu.
Currently I'm trying to patch the cIOSes further so that any IOS reload calls made within the game will also load the cIOSes rather than the real IOSes. Unfortunately this involves patching at least 3 different functions.
Channels launched from the system menu still use the original IOSes.
To disable it all I just set preloader to autoboot the system menu rather than my .dol.

If you want a backup loader that allows you to select which IOS is used, try softchip.

that's a cleaner & more serious approach than anything else imo

you could also patch the system menu (in memory, with this preloader dol) to force the reloaded IOS version to the latest CIOS for any games (regardless of game IOS version)
this will reduce the number of CIOS to only one, supposing that older games are still compatible with newer IOS

a better approach would still be to add a patch in CIOS that would make the IOS detect the title id when it is supposed to be launched and, when it is an IOS title, force it to reload the CIOS (or do nothing), as you are trying to do but I don't know if it's possible and require extended IOS disassembling and analysing

the preloader dol could be configured (to enable/disable CIOS and/or system menu patch) and your native IOS would be unmodified which is safer

Screemer · Jan 28, 2009

fogbank said:
tusko said:

Two main steps:

a) Do not replace every IOS in the system, but install alternative versions for all of them with numbers that can be calculated from a table or a simple function. For example, 37+212=249, then you can obtain the numbers for 36->248, etc. It is only an example, I will prefer myself an smaller sum (+128) or to change one of the bits in the binary form of the original IOS number.

Click to expand...

It might be possible to replace the following .APP files in SHARED1 on the NAND with DIP'ed versions:

00000008.APP
00000015.APP
0000003B.APP
00000044.APP

This might work instead of replacing every IOS with CIOS. I believe that all IOS versions above 22 use one of these four shared .APP files for DVD access. It would be best if each one of these .APP files had the DIP functionality patched into them rather than use a generic DIP patched .APP file. This wouldn't work for IOS versions 9-22 though.

i like that idea.

tusko · Jan 28, 2009

Jacobeian said:
you could also patch the system menu (in memory, with this preloader dol) to force the reloaded IOS version to the latest CIOS for any games (regardless of game IOS version)
this will reduce the number of CIOS to only one, supposing that older games are still compatible with newer IOS

This is what is posted here, isn't?
disk channel loading without cioscorp

QUOTE(WiiPower @ Jan 28 2009, 05:07 PM) Sorry, that's wrong. You could install the cIOS36 as every IOS, maybe except IOS30 for the disc channel and nearly all games would be running fine. The problems in Gamma and SoftChip come from games loading their IOS themselves(IOS Version patching games) and from the fact that they are loading games differently from the disc channel(Sam & Max, Far Cry and 002 error games).

WiiPower, that means that the method of aquilino (from the previous url) should be better than my idea (regarding compatibility), and also it will not have the problems that backup loaders have with Sam&Max, Far Cry, 002 errors...

tueidj · Jan 29, 2009

Jacobeian said:
a better approach would still be to add a patch in CIOS that would make the IOS detect the title id when it is supposed to be launched and, when it is an IOS title, force it to reload the CIOS (or do nothing), as you are trying to do but I don't know if it's possible and require extended IOS disassembling and analysing

I can't patch an IOS in memory and I'm not aware if it's ever been done (maybe it's the mystery exploit that the HBC installer uses

).

Hacking idea for getting the benefits of cioscorp with a less risky installati

Member

Active Member

Well-Known Member

I R Expert

Member

Member

Well-Known Member

I R Expert

Well-Known Member

I R Expert

Well-Known Member

Member

Member

I R Expert

Well-Known Member

Well-Known Member

Well-Known Member

Well-Known Member

Member

I R Expert

Similar threads

Popular threads in this forum