Install vWii ios 58 without Homebrew Channel or ios 236

Discussion in 'Wii U - Hacking & Backup Loaders' started by blaze5, Nov 28, 2016.

  1. blaze5
    OP

    blaze5 Newbie

    Newcomer
    9
    2
    Nov 27, 2016
    United States
    I bought a Wii U off of eBay with Error code 162-3006 which has vWii issues. Particularly the vWii ios 58 is a Wii ios v6176 instead of the newer vWii ios 58 v6432 and I am unable to install Homebrew Channel using an exploit (bathaxx in my case, also have smashstack available). I have tried using YAWMM rev 5e to install the vWii ios 58, but I get error -1017 every time. I have been using a 2 GB microSD so there shouldn't be any issues from there. I've tried installing WADs from USB also with no luck.

    The only way I've been successful at launching any homebrew has been through Homebrew Launcher. Bathaxx will only load .elf files, so YAWMM rev 5e and Homebrew Launcher along with loadMii 0.4 (couldn't load anything) are all I've been able to launch directly. I tried using loadMii 0.4 REBiRTH, but nothing happened whenever I selected a dol to load. I tried getting a Syscheck Dump using Syscheck HDE, but it would always freeze whenever it got to ios 223. I tried modifying the meta.xml file to skip ios 223 during the check, but I'm guessing since I used Homebrew Launcher to run Syscheck HDE that it never properly read from the meta.xml file. I tried adding the meta.xml file to the root directory of the SD card and the skip ios argument still never worked. I was able to look at the ios versions and patches using Wii Mod Lite though and all of the ios were the correct vWii versions with no patches except for a Wii version ios 58.

    I don't have a vulnerable ios to install the WAD containing the vWii ios 58 to get Homebrew Channel working. I tried installing ios 236 with IOS236_Installer_MOD_v8, but without Homebrew Channel (or something else) to provide AHBPROT I can't get ios 236 installed either. I had another working Wii U which I used to dump the vWii ios 58 (with fakesign) using YABDM but I have no way of installing the WAD at the moment. I tried using DOP-Mii v16 and DOP-Mii WiiBrew Edition v16 along with Multi-Mod Manager 13.4 too, but without cios, AHBPROT, or another vulnerable ios, I haven't been able to install any WADs and I get error -1017

    If I either get ios 236 or Homebrew Channel working, I can fix everything else easily but I haven't figured out a way to install a WAD without ios 236, another vulnerable ios, or something that can provide AHBPROT. I don't think Homebrew Launcher is providing AHBPROT for apps I launch from it and therefore I can't install the vWii ios 58 to fix everything. Thanks for your help.

    Here are some of the guides and posts I looked at to help solve the issue:
    https://gbatemp.net/threads/guide-how-to-fix-your-vwii-semi-brick.431980/#post-6473328
    https://gbatemp.net/threads/problems-installing-wad-on-vwii.412981/#post-6037431 (last post)
    https://gbatemp.net/threads/basic-dos-and-do-nots-of-vwii-modding.339337/page-3 (Kill_AntiSysTitleInstall patches)
    https://gbatemp.net/threads/i-can-install-ios-in-vwii-but.338809/page-14
    https://gbatemp.net/threads/vwii-semi-bricked.353595 (read about riivolution but don't have cios or ios 236)

    Edit: Looking at Wii Mod Lite, for every ios installed on the system, Fakesign Bug (Trucha bug), EsIdentify (ES_DiVerify), /dev/flash (Flash access), USB2 Tree, boot2, NAND Permissions, and GetSysMenuVersion are all [No] including for cios. It shows cios 202, 222, 223, and 224, with v65535 and 245-252 with v21010. The Hermes cios 222 and 223, along with Waninkoko cios 249 and 250 all have Latest non-stub: (none) which means they are stubs and are not installed. I checked the Wii IOS - vWii IOS Comparison from https://wiki.wii-homebrew.com/VWii#Wii_IOS_-_vWii_IOS_Vergleich and all vWii ios had the correct version except ios 58 which was cyan in Wii Mod Lite and had the Wii v6176 ios installed.

    Edit 2: There are also post by Zymf which I have been looking at with a similar problem since I think he said his cios didn't work. He posting a link for Fixing Your IOSes for the HackMii Installer. As far as I'm aware, for at least bathaxx, I can only load boot.elf and I get an error when I try to run dol files. Loading DOP-Mii WiiBrew Edition from Homebrew Launcher hasn't worked for me, but if loading DOP-Mii directly provides full HW access with AHBPROT on its own (instead of trying to get it from HBC like most everything) then that may also work.
    https://gbatemp.net/threads/hackmii-installer-freezes.366961/page-2
    wiisixtyfour.webs.com/WHG/IOSFix.html#Continue

    Edit 3: I can't seem to load a dol directly from Bathaxx or Smash Stack. Am I doing something wrong? This site https://sites.google.com/site/completesg/exploits suggests that I should be able to use an elf or dol file for Bathaxx and Smash Stack. The only one on the WiiBrew site that mentioned it could load dol files explicitly was Yu-Gi-Vah, so I can get a copy of that and try it if it'll help. I get the "Opening boot.elf: boot.elf not found (-1) USBGecko not found No code found to load, hanging." when I try to load a boot.dol with no boot.elf in the root directory. Sorry for the large number of edits, I want to include as much information as possible and I'm still trying stuff on my own.
     
    Last edited by blaze5, Nov 28, 2016
    paulloeduardo likes this.
  2. ::Phoenix::

    ::Phoenix:: GBAtemp Regular

    Member
    184
    173
    May 11, 2010
    Italy
    You should Not need vulnerabile ios ti install a properly signed vwii iOS 58. The thing you can do is asking someone here to send you their clean non-fake signed vwii iOS 58 and install it with YAWM.
     
  3. blaze5
    OP

    blaze5 Newbie

    Newcomer
    9
    2
    Nov 27, 2016
    United States
    I also dumped a vWii ios 58 v6432 WAD from a good system without fakesigning using YABDM and I still get "Install Ticket... Error! (ret = -1017)" with YAWMM. I thought I read the vWii ios were cryptographically signed for each system, so a clean vWii ios would have to be backed up before. So a clean vWii ios for one system would not work for another system, correct? The fakesigned vWii ios should be the same for everyone, so do I need to use the crypto key specific to my system to encrypt/sign the decrypted/base ios to generate a clean vWii ios for my system since there was no way for me to back one up in the first place? I would dump my encryption keys with xyzzy and then sign or encrypt a clean ios? Provided I have a clean vWii ios 58 for my system, which ios should I select for YAWMM or does it not matter? I've tried ios 36, 80, and others and I get the same error -1017. Using ios 249 just crashes YAWMM since I don't have it installed.
     
    Last edited by blaze5, Nov 28, 2016
  4. ::Phoenix::

    ::Phoenix:: GBAtemp Regular

    Member
    184
    173
    May 11, 2010
    Italy
    Another way I can think of is using iosuhax on the Wii U side and manually replace the IOS58 title files with the vwii ones. IRC, wii content is not sigchecked on load but only during installation.

    — Posts automatically merged - Please don't double post! —

    So, you should extract your ios58 wad to plain files and replace the corresponding files on your vWii partition.
     
    Last edited by ::Phoenix::, Nov 28, 2016
  5. ::Phoenix::

    ::Phoenix:: GBAtemp Regular

    Member
    184
    173
    May 11, 2010
    Italy
    Another thing you could do is to use wuphax to replace the vwii mii channel with an elf of your choiche and before running it, give it AHBPROT permissions manually via iosuhax. I remember a write up for f0f stating that enabling AHBPROT on a title is just a matter of setting some flag in one file.

    Here is the article talking about AHBPROT and where these flags are stored in the tmd file https://hackmii.com/2009/08/of-tmds-and-hardware/
    Dunno if the TMD is signed, though.
     
    Last edited by ::Phoenix::, Nov 28, 2016
  6. blaze5
    OP

    blaze5 Newbie

    Newcomer
    9
    2
    Nov 27, 2016
    United States
    Edit: wuphax v1.1 just crashes when I load it from Homebrew Launcher or directly from an exploit. I unpacked the non-fakesigned ios 58 WAD using WadMii.exe from Wii.cs Tools 0.3, but I'm not sure what homebrew tool (FSTOOLBOX?) I would launch to copy/install the individual ios files plus I may need AHBPROT permissions. I see the syscall_54 function which sets the HW_AHBPROT address to 0x80000DFE which enables full HW access if factory_mode is true, but I'm not familiar enough with the Wii/vWii system to include the appropriate kernel headers to make the system call or gain AHBPROT access through iosuhax. Isn't iosuhax from the Wii U side and not the vWii? I guess AHBPROT patches can be added to the source code of one of the tools similar to how the Hackmii installer works without vulnerable ios. I haven't done development on the Wii or Wii U, so I'd need to get more familiar with the system before I'm useful there. I'm guessing if it's PPC architecture you cross compile or can run a compiler on the system directly. I'm not sure what it takes to compile dol or elf binary executables but there is plenty of source code to look at for examples I guess.

    I do have a question though. When I'm using YABDM and dumping a WAD (or files) ios 58 without fakesigning from my good system, is that a clean vWii ios 58 for my bad system or is there something else I need to do such as encrypt the ios with the key for my system? I have another working Wii U with homebrew that I can use to get a clean vWii ios myself if I know how to dump it or make one or if someone else already has a tool or something set up and can get me one, that would also work and I'd appreciate it. From what I read on YABDM, it just uses AES encryption with some padding for the block.
     
    Last edited by blaze5, Nov 29, 2016
  7. ::Phoenix::

    ::Phoenix:: GBAtemp Regular

    Member
    184
    173
    May 11, 2010
    Italy
    That's I recall people were doing for fixing ioses. A clean non fake signed iOS from another vwii should be enough and also installable without patches or full hardware access since the ticket is valid and the vwii will install it.
     
  8. blaze5
    OP

    blaze5 Newbie

    Newcomer
    9
    2
    Nov 27, 2016
    United States
    Do I not have a clean vWii ios for my bad system then? I thought the only way to have a clean vWii ios was to back it up first using Blue Dump Mod since the clean ios images are specific to each system being cryptographically signed/encrypted. Since I was unable to dump a clean ios specific to my bad system beforehand, then I would need a way to generate a clean vWii ios for my system or force an install of another vWii ios not matched to my system.
     
  9. cmf2k1

    cmf2k1 Member

    Newcomer
    21
    4
    Jun 6, 2016
    Sorry to thread nap but I'm having same issue. Where can I download a properly signed vWii ios 58. I'm using wuphax to boot YAWMM.

    Any help is appreciated
     
  10. blaze5
    OP

    blaze5 Newbie

    Newcomer
    9
    2
    Nov 27, 2016
    United States
    Using wuphax, I'm able to boot YAWMM as well, but I always get "Install Ticket... Error! (ret = -1017)" when trying to install my IOS58 v6432.wad I got from another system. I don't have ios 249 installed, so when I try to load storage with YAWMM it just hangs. I am able to select different wad files from ios 36 and ios 80, but that gives me the -1017 error. In green underneath the list of wad files in my directory, it says "IOS = Channel IOS | HW = HW_AHBPROT | Pass = Age restriction". I'm not sure what to do at this point. If someone has properly signed vWii ios 58 for @cmf2k1 and I or can tell us how to make one that would help a lot.

    BTW thanks for all your help so far Phoenix

    Edit: I got Homebrew Channel installed on my vWii and I'm all set. I was on firmware 5.5.0, so I was able to do a disc based update to 5.5.1 (I used Star Fox Zero, Mario Color Splash should also work) which fixed my vWii issues. I feel like I cheated since I wasn't able to fix it another way and if I was already on 5.5.1 I don't know what I would have done.

    What firmware are you on @cmf2k1? The internet updates wouldn't work for me, but if you aren't on the most recent firmware and can do a disc based update that may help. I'm still curious to see how to fix vWii ios without Homebrew Channel, cios, or ios 236.

    Edit 2: Maybe this post by The Chield https://gbatemp.net/threads/ios58-brick-no-hbc-need-help.366651/ can be helpful to you @cmf2k1. Also someone posted an elf version of the ios 236 installer in the same thread, but when I tried to inject that from wuphax that didn't work for me either.
     
    Last edited by blaze5, Dec 16, 2016
  11. stl25

    stl25 GBAtemp Advanced Fan

    Member
    973
    546
    Feb 3, 2008
    United States
    Here, there and everywhere
  12. cmf2k1

    cmf2k1 Member

    Newcomer
    21
    4
    Jun 6, 2016
    Thanks blaze and stl25 for information. Unfortunately I'm on 5.5.1 so cannot system update via disc. Double checked with Star Fox Zero but doesn't perform system update. Can launch into Homebrew Launcher using wuphax and from there tried Wii Mod, MMM and YAWMM but all give me an Install Ticket... Error! (ret = -1017) when trying to install IOS .wad and -2011 if I try installed HBC .wad.

    236 installer errors when attempting to install IOS

    Anyone else got any ideas please?
     
  13. cmf2k1

    cmf2k1 Member

    Newcomer
    21
    4
    Jun 6, 2016
    This is a dump of Wii U syscheck

    SysCheck HDE v2.4.0 HacksDen Edition by JoostinOnline
    ...runs on IOS36 (rev 3864).
    Region: PAL
    System Menu 4.3E (v610)
    Could not detect the drive date!
    Homebrew Channel 1.1.2 running on IOS58
    Hollywood v0x0
    Console ID: 608159785
    Console Type: Wii
    Shop Channel Country: United Kingdom (110)
    Boot2 v0
    Found 52 titles.
    Found 31 IOS on this console. 0 of them are stubs.
    IOS9 (rev 1290): No Patches
    IOS12 (rev 782): No Patches
    IOS13 (rev 1288): No Patches
    IOS14 (rev 1288): No Patches
    IOS15 (rev 1288): No Patches
    IOS17 (rev 1288): No Patches
    IOS21 (rev 1295): No Patches
    IOS22 (rev 1550): No Patches
    IOS28 (rev 2063): No Patches
    IOS31 (rev 3864): No Patches
    IOS33 (rev 3864): No Patches
    IOS34 (rev 3864): No Patches
    IOS35 (rev 3864): No Patches
    IOS36 (rev 3864): No Patches
    IOS37 (rev 5919): No Patches
    IOS38 (rev 4380): No Patches
    IOS41 (rev 3863): No Patches
    IOS43 (rev 3863): No Patches
    IOS45 (rev 3863): No Patches
    IOS46 (rev 3863): No Patches
    IOS48 (rev 4380): No Patches
    IOS53 (rev 5919): No Patches
    IOS55 (rev 5919): No Patches
    IOS56 (rev 5918): No Patches
    IOS57 (rev 6175): No Patches
    IOS58 (rev 6176): USB 2.0
    IOS59 (rev 9249): No Patches
    IOS62 (rev 6942): No Patches
    IOS80 (rev 7200): No Patches
    vIOS512 (rev 7): No Patches
    vIOS513 (rev 1): No Patches
    Report generated on 12/16/2016.

    If I'm reading correctly only IOS58 has been patched. I tried running DOP Mii to overwrite the IOS58 with vWii version (renamed to v6176) but DOP Mii recognises that .WAD is the vWii version and errors due to version mismatch. Anyone know if DOP Mii could be updated to support the vWii versions or ignore the versioncheck?
     
  14. Jayro

    Jayro MediCat USB and Mini Windows 10 Developer

    Member
    GBAtemp Patron
    Jayro is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    5,228
    2,863
    Jul 23, 2012
    United States
    Octo Canyon
    Thanks for the misleading thread title. I assumed that this was a thread to install vWii IOS58 without HB Channel or IOS236, not a "Help me" thread.
     
  15. blaze5
    OP

    blaze5 Newbie

    Newcomer
    9
    2
    Nov 27, 2016
    United States
    @Jayro Yeah I realized that as soon after I posted it. I wanted to change it, but couldn't edit the title, just the text. I think a mod would need to edit the title or there is something I am missing (it was also my first post).
    @cmf2k1 Sorry to hear you're already on the latest firmware and that won't work. This link I had in my first post will show you the correct vWii ios versions. https://wiki.wii-homebrew.com/VWii#Wii_IOS_-_vWii_IOS_Vergleich. Your ios 58 is definitely a Wii version, but I didn't check the other ones. My best guess would be to decrypt someone else's vWii ios 58, and re-encrypt it with the key from your system. I haven't seen anyone do this and I don't know exactly what encryption (I think AES but idk about padding, block size, etc.) Nintendo uses for their ios files, but there might be something out there on it and you could look into YABDM to see what they do for ios backups. I'm guessing you already got a vWii ios 58 from someone, so maybe see if you can get your system keys using xyzzy so you can resign it with your system keys (someone correct me if this won't work). You can also try what @::Phoenix:: mentioned above and try to replace the individual files instead of installing the .wad.

    Also Homebrew Channel is open-source now, so maybe someone could see how it provides full HW AHBPROT access to other apps or gets permissions to run homebrew on a stock ios with full access.
     
    Last edited by blaze5, Dec 17, 2016
  16. flzmx

    flzmx Advanced Member

    Newcomer
    94
    16
    Nov 12, 2016
    United States
    A very complicated way may be to load homebrew on the Wii U, get Mocha and wupserver (FTPiiU_everywhere may also work), then go into the Wii NAND and manually edit things there. You would need a working (and extracted) vWii IOS 58 and its title ID though, but the IOS works on all vWiis...

    EDIT: Also, you can try WiiModLite. That worked for me to install a patched IOS 31 for RiiConnect24
     
    Last edited by flzmx, Dec 17, 2016
  17. cmf2k1

    cmf2k1 Member

    Newcomer
    21
    4
    Jun 6, 2016
    Hi blaze5 and flzmx thanks for the suggestions will try and report back.

    @flzmx I have the vWii IOS 58 wad but how do I obtain the titleid?

    thanks
     
  18. flzmx

    flzmx Advanced Member

    Newcomer
    94
    16
    Nov 12, 2016
    United States
    Probably on the WiiBrew wiki. You'll have to find an IOS extractor.