Hacking IOS that launches bootmii

obcd

Well-Known Member
Member
Joined
Apr 5, 2011
Messages
1,594
Trophies
0
XP
432
Country
Belgium
I would like to have a wii setup that can boot real nand and emulated nand at the same time.

I know you can use the switch2uneek application to do so, but I would prefer to have a different ios that boots the sneek armboot.bin from a different folder. I believe sorgelig did something like that. The idea is to have everything on real nand working as without sneek/uneek, and to launch the specific ios to run sneek/uneek. This would simply mean that it should launch the armboot.bin (sneeky one) from a different folder.

I start to understand (a little) how cios replace some of the ios modules in an ios, and I have looked at the "custom ios project" code.

It's a bit unclear what exactly is done in the bootmii ios254. It's loading and running armboot.bin from the sd card, but I can't find anything that resembles that functionallity. While the sources for bootmii and mini are freely available, I can't find anything about how it is suposed to be launched (Source level I mean. Please don't tell me to go to the homebrew channel and choose 1 + launch bootmii....)

So, any link to something similar or tools that can help in analysing or extracting the bootmii ios will be appreciated.
I don't mind digging out things myself, but it helps if you know where to dig.


http://www.mediafire.com/?o9jib542bgydk6g

This is the result of my digging....
 

XFlak

Wiitired but still kicking
Member
Joined
Sep 12, 2009
Messages
11,642
Trophies
1
Age
35
Location
Cyprus, originally from Toronto
Website
modmii.github.io
XP
5,078
Country
Cyprus
You should be able to use bluedump or showmiiwads\showmiinand to dump IOS254. Then use a wad unpacker to unpack it. From there you can try opening it in a hex editor and changing the path it's loading... ie. change from SD:\bootmii\ to SD:\bootmiiuneek\. Note that this is all speculation, and I wouldn't be surprised at all if this method doesn't work and leads to a dead end.

On a side note, you can use "bootios" to boot IOS254 (or any IOS u choose if u modify the source code)

Which I could be more help,
Cheers
 

obcd

Well-Known Member
Member
Joined
Apr 5, 2011
Messages
1,594
Trophies
0
XP
432
Country
Belgium
Thanks again XFlak. I had been thinking something similar, but I thought the tools could only handle channels and wiiware wads.

I will give it a try as soon as I find the time. It just won't give me much inside information about the inner workings.
(And I probably better choose a folder with the same or a smaller length than bootmii)

I assume I can use multi mod manager to reinstall the wad in a different slot number.
 

obcd

Well-Known Member
Member
Joined
Apr 5, 2011
Messages
1,594
Trophies
0
XP
432
Country
Belgium
I can confirm the method works.

I just don't have the time for a detailed description in case someone would like to try it out right now.
I even wonder if it might intrest others.
So, it normally boots up the real nand with bootmii as boot2 if needed.
I can launch ios253 to start the uneek+di emulated nand. Switch2uneek could launch that one as well instead of the ios254.

If I select run bootmii in HBC, it launches IOS254 and runs bootmii as expected.

I asume if I have priiloader auto launch the bootios application (slightly modified to boot ios253 instead of ios254), it should auto boot into uneek+di.
 

JoostinOnline

Certified Crash Test Dummy
Member
Joined
Apr 2, 2011
Messages
11,004
Trophies
0
Location
The Twilight Zone
Website
www.hacksden.com
XP
4,294
Country
United States
I'm actually quite surprised that this worked. A month or so ago I tried dumping the HBC v1.0.8 and changed the title ID, but found out that they blocked that a long time ago. It just goes to the scam screen on the hackmii installer. I assumed they would do something similar for bootmii, which is why I didn't bother trying.
 

kylster

mich weich töten
Member
Joined
Sep 11, 2010
Messages
1,393
Trophies
0
Age
34
Location
Fr33D0M R1N6
XP
440
Country
United States
QUOTE said:
I can confirm the method works.

I just don't have the time for a detailed description in case someone would like to try it out right now.
I even wonder if it might intrest others.
So, it normally boots up the real nand with bootmii as boot2 if needed.
I can launch ios253 to start the uneek+di emulated nand. Switch2uneek could launch that one as well instead of the ios254.

If I select run bootmii in HBC, it launches IOS254 and runs bootmii as expected.

I asume if I have priiloader auto launch the bootios application (slightly modified to boot ios253 instead of ios254), it should auto boot into uneek+di.
When you get time I would love to try this method out if you wouldnt mind sharing
smile.gif
Also do you think this would be easily adopted since people could have bootmii and emu-nand both at the same time? Thanks in advance.
 

obcd

Well-Known Member
Member
Joined
Apr 5, 2011
Messages
1,594
Trophies
0
XP
432
Country
Belgium
Basically, the ios just loads the bootxxx/armboot.bin into memory and launches it. I used Multi mod manager to install the repacked wad.
What I did now is just a dirty hex edit hack of their launcher. I would like to write my own, so that maybe I could launch from usb as well.
Sorgelig did something like that, but never released his sources. I hate to invent the wheel again.., and I am still missing the knowledge how an arm program can be changed to an app, so that it can be packed in a wad again. The original armboot.bin launching code from TT is not U8 packed. I could simply hex edit the app.

It's a pitty that TT won't let the HBC work in Uneek + DI. Uneek is an extra layer of protection on the wii nand.
The homebrew filter is closed source as well I believe, so I can't adjust it for my "uneek usb fs" either.
 

obcd

Well-Known Member
Member
Joined
Apr 5, 2011
Messages
1,594
Trophies
0
XP
432
Country
Belgium
@kylster:

I don't mind sharing. The adaption is very easy:

Install the wad with multi mod manager. Other wad installers might work as well. I haven't tested any yet.
Create a bootsnk folder on your sd card and put the sneek - uneek armboot.bin in that folder.
Copy the original bootmii armboot.bin , ini file and ppcboot.elf back into the bootmii folder.

Bootios and switch2uneek should be modified to launch ios 253 instead of 254.
switch2uneek should also be modified not to alter the contents of the bootmii folder anymore.

If you add the Bootios.dol to a channel wad, you can use it to start Uneek.

I will try to create a package with the wad and the Bootios application.

As usual, I accept no responsibility if something goes wrong when you install the wad. But it should be safe.
 

XFlak

Wiitired but still kicking
Member
Joined
Sep 12, 2009
Messages
11,642
Trophies
1
Age
35
Location
Cyprus, originally from Toronto
Website
modmii.github.io
XP
5,078
Country
Cyprus
obcd said:
I will try to create a package with the wad and the Bootios application.FYI, the bootios mod your allowed to share on gbatemp, but not a modified bootmii IOS wad. Other forums might allow u to share that but here it's probably best you just describe the exact steps you took to create that wad so ppl can recreate your steps. I imagine it's something similar to the steps I suggested to you above (http://gbatemp.net/t290489-ios-that-launches-bootmii?view=findpost&p=3614758).

I'm not a mod or anything, so this isn't an official warning or anything like that. I'm just giving u a heads up that if u share that wad on gbatemp it will eventually be removed... that's probably all the mods would do unless you have repeat offenses, but it's possible they could do more... who knows.

edit:QUOTE(obcd @ Apr 29 2011, 02:29 PM) As usual, I accept no responsibility if something goes wrong when you install the wad. But it should be safe.
As long as showmiiwads confirms the slot # is >200 there should be zero risk to installing it.
 

obcd

Well-Known Member
Member
Joined
Apr 5, 2011
Messages
1,594
Trophies
0
XP
432
Country
Belgium
Yes, XFlak, I followed your suggestions.

I will post a description how I did it, but I am missing the time for it now.

I hadn't expected much interest for it...Just wanted to post it was doable in case someone was searching for something identical.

The original wad I started with is not a big N one. Wouldn't that make a difference?
I don't know if TT has copyright issues for it? I will remove the link if someone feels it's violating some rights.
 

XFlak

Wiitired but still kicking
Member
Joined
Sep 12, 2009
Messages
11,642
Trophies
1
Age
35
Location
Cyprus, originally from Toronto
Website
modmii.github.io
XP
5,078
Country
Cyprus
I didn't even realize you had already shared a link in the first post!

The wad might not contain any ninty copyrighted content, but it contains closed source TT copyrighted content. No1 is even allowed to share\mirror the hackmii installer, we're just supposed to link to "http://bootmii.org/download/". Anyways, u can do w/e u want, I'm not gonna bitch about it, but eventually some1 probably will.

Take your time with the instructions, if u followed my steps then the basic instructions are already available anyways. When you find the time then u can write better instructions for everyone. Good job!
 

obcd

Well-Known Member
Member
Joined
Apr 5, 2011
Messages
1,594
Trophies
0
XP
432
Country
Belgium
QUOTE said:
No1 is even allowed to share\mirror the hackmii installer
This makes sense as it ensures everyone looking for it will use the latest version...

QUOTEI didn't even realize you had already shared a link in the first post!

Beginners enthousiasm I assume. I didn't expect it to be so easy either.

Installing the IOS has one side effect. The syscheck program will hang when it checks that ios.

There is a version in the link that has that issue solved. I will post it's modified sources...
 

lulwut

Well-Known Member
Member
Joined
Mar 19, 2010
Messages
331
Trophies
0
XP
34
Country
obcd said:
I asume if I have priiloader auto launch the bootios application (slightly modified to boot ios253 instead of ios254), it should auto boot into uneek+di.
or just write an app that reloads to that ios so you dont need to alter priiloader

also, ill remind you that re-distributing that bootmii ios is illegal by the licence used by TT
 

obcd

Well-Known Member
Member
Joined
Apr 5, 2011
Messages
1,594
Trophies
0
XP
432
Country
Belgium
QUOTE said:
or just write an app that reloads to that ios so you dont need to alter priiloader

I have such an application. That's exactly what bootios does.
I don't want to alter priiloader for that, I just want priiloader to launch that application in case I want to autoboot into sneek/uneek.

There was someone reporting that starting sneek/uneek with a priiloader autoboot wasn't working. I gave him a bootios with a delay,
but I have no confirmation so far that it solves the issue...
 

Hielkenator

Well-Known Member
Member
Joined
Feb 7, 2010
Messages
4,210
Trophies
0
XP
652
Country
Netherlands
JoostinOnline said:
I'm actually quite surprised that this worked. A month or so ago I tried dumping the HBC v1.0.8 and changed the title ID, but found out that they blocked that a long time ago. It just goes to the scam screen on the hackmii installer. I assumed they would do something similar for bootmii, which is why I didn't bother trying.

? I had no problem with that.
Just changed the ID with customize mii. Installs fine on Uneek.
 

Site & Scene News

General chit-chat
Help Users
    kenenthk @ kenenthk: I'd feel bad for anyone still on 2.3