Hacking KongsNutz IOS information thread.

KongsNutz

[Team Oceanic]
OP
Member
Joined
Jul 19, 2008
Messages
1,677
Trophies
1
XP
1,564
Country
United States
Hello,

I started this thread in hope to shed some light on the IOS files that people
keep asking about in hope that after this thread the questions like
"I thought CIOS and IOS36 are the same thing!" will be eradicated.

(I recommend that you do not install soft-mods before reading this)

So IOS Breakdown:

CIOS rev7, rev8 and rev9 = a modified IOS36 that installs to your system as IOS249.
(this allows the playing of backup discs)(installing any revision of CIOS will overwrite an old one)

IOS36-64-1042 = an original IOS36 from system firmware 3.2 that allows unsigned code to run.
(system menu 3.2 doesn't run from IOS36 but this file that is used by all loaders and installers is from 3.2)

IOS60 Trucha patched = an IOS60 file from menu 4.0 that has been modified to run unsigned code.
(allows the running of VC/Wiiware games and Custom Channels from SD card on 4.0)

IOS37 Trucha patched = a modified IOS37 that installs as either 248 or 232 on your system.
(mainly used to run guitar hero and rockband under softchip and backuplauncher, the game needs to be patched to use either 248 or 232)(thanks Arek1985)

IOS222 = kwiirks's modified IOS36 that installs on your system as IOS222 to use his USB2.0 features and run games from USB HDD(rev9 CIOS does the same)
(this is only required when installing USB2.0 for other apps or making Homebrew Channel loaders for individual games using wbfs tools)

I will add more if need be!

NOTE: These are mainly for soft-modding the Wii and aren't ones that are required for NEW or retail games. (only CIOS is required to run backups)
 

Arek1985

Well-Known Member
Newcomer
Joined
May 12, 2008
Messages
85
Trophies
0
XP
86
Country
United States
The only Custom IOS I beleive Kong has neglected is CiOS 37, which is typically installed as 248 or 232 for Rock Band instrument support through soft chip. I know it's not as important as the other CIOS's but it still maybe asked about.

IOS36 from my understanding was the IOS 3.2 system men ran off of, so if anyone wanted to modify the IOS the system ran off of they could. Also CIOS36 is the basis for most of the soft mods that allow the backups to load from the disc channel use.

The real reason only waninkoko knows why IOS36 is used. (or other knowledgeable hackers)
 

BlackEnigma

Well-Known Member
Member
Joined
Mar 1, 2009
Messages
344
Trophies
0
XP
211
Country
United States
I see, and thanks.

smile.gif


I didn't even know there was such a thing as IOS when I had 3.2

Ever since having the homebrew channel I did wonder why it specifically said which version of IOS36 you had under the homebrew channel version.

I had always seen version 12.18 until downgrading the IOSes and then it was v4.18

But that's just me, I'm curious about everything.
 

KongsNutz

[Team Oceanic]
OP
Member
Joined
Jul 19, 2008
Messages
1,677
Trophies
1
XP
1,564
Country
United States
Thanks Arek1985 for the IOS37 info (i never played rockband or guitar hero)

added to list.


BlackEnigma -

Homebrew Channel displays what IOS36 you have installed on your system and doesn't display CIOS at all. so the lower the better
wink.gif
 

Bloodlust

Well-Known Member
Member
Joined
May 25, 2006
Messages
1,122
Trophies
0
Website
Visit site
XP
609
Country
Hong Kong
kongsnutz said:
Hello,

I started this thread in hope to shed some light on the IOS files that people
keep asking about in hope that after this thread the questions like
"I thought CIOS and IOS36 are the same thing!" will be eradicated.

(I recommend that you do not install soft-mods before reading this)

So IOS Breakdown:

CIOS rev7, rev8 and rev9 = a modified IOS36 that installs to your system as IOS249.
(this allows the playing of backup discs)(installing any revision of CIOS will overwrite an old one)

IOS36-64-1042 = an original IOS36 from system firmware 3.2 that allows unsigned code to run.
(system menu 3.2 doesn't run from IOS36 but this file that is used by all loaders and installers is from 3.2)

IOS60 Trucha patched = an IOS60 file from menu 4.0 that has been modified to run unsigned code.
(allows the running of VC/Wiiware games and Custom Channels from SD card on 4.0)

IOS37 Trucha patched = a modified IOS37 that installs as either 248 or 232 on your system.
(mainly used to run guitar hero and rockband under softchip and backuplauncher, the game needs to be patched to use either 248 or 232)(thanks Arek1985)

IOS222 = kwiirks's modified IOS36 that installs on your system as IOS222 to use his USB2.0 features and run games from USB HDD(rev9 CIOS does the same)
(this is only required when installing USB2.0 for other apps or making Homebrew Channel loaders for individual games using wbfs tools)

I will add more if need be!

NOTE: These are mainly for soft-modding the Wii and aren't ones that are required for NEW or retail games. (only CIOS is required to run backups)

If this guide came out before your system 4.0 guide. There won't be so many helpless souls now.. IMO, releasing this now has no or little significance.
unsure.gif
 

ether2802

we have the techno...!!
Former Staff
Joined
Oct 14, 2007
Messages
4,349
Trophies
0
Age
41
Location
Pto. Vallarta
XP
312
Country
Mexico
kongsnutz said:
IOS222 = kwiirks's modified IOS36 that installs on your system as IOS222 to use his USB2.0 features and run games from USB HDD(rev9 CIOS does the same)
(this is only required when installing USB2.0 for other apps or making Homebrew Channel loaders for individual games using wbfs tools)

Yes rev9 does the same, with the tinny exception that it gets installed as IOS249...!!!
smile.gif
 

WiiPower

Well-Known Member
Member
Joined
Oct 17, 2008
Messages
8,165
Trophies
0
XP
345
Country
Gambia, The
You should add information about the rev5 cIOS, and that cios_fix is the inofficial rev5b cIOS. Well The HBC loads IOS36 for all applications, so if an application doesn't have an IOS reload, it runs at IOS36, that's why it's that important to have v1042 and not one of the newer versions installed.

And general information about IOS would be nice, that you always have to sperate the IOS a IOS/cIOS is based on and where it is installed on your Wii. And that all IOS are installed at the same time on your Wii, but that the Wii is always running one. Every application has an IOS slot that it loads whatever IOS is there.

PS:
rev5: 1st backup cIOS, runs only decrypted discs, very slow(Waninkoko)
cios_fix: a little improved rev5 cIOS made by PPC_GBA
rev6: a lot faster than rev5, support for DL discs, doesn't support all games(Waninkoko+WiiGator)
rev7: faster, no DL support, most SL games supported (depending on the booting method loader/disc channel)(Waninkoko+WiiGator)
rev8: DL support, 001 and 002 error fixing, might cause problems with 001 and 002 in the disc channel(Waninkoko)
rev9: rev8 + usb loader support(Waninkoko+Kwiirk)
PPS:
Calling cIOS in this name scheme would be nice : cIOS36rev9, which means in the long term: custom IOS based on IOS36, revision 9, (installed as IOS249)
 

BenJeremy

Well-Known Member
Newcomer
Joined
Mar 31, 2009
Messages
45
Trophies
0
XP
74
Country
United States
This does need to be a sticky... something headlined like "CIOS and why they are important to hard modders as well as soft modders"

Also, I understand some of it, but honestly (and this comes from a software engineer with 25 years experience, much of it in embedded systems - and somebody who has been heavily involved in the Xbox scene, writing one of the first homebrew games and of course, the MXM menu system), I haven't seen any good explanation of the whole thing. CIO36 is IOS249? Are they patches or extensions? What is the difference between a fakesign exploit and a banner exploit - i.e. why is the CIOS the most important thing?

I know a lot more now than I did a week ago, and I'm still fuzzy on some things. When I chipped my son's Wii a year ago, I did have a vague understanding of the significance of the Trucha bug and fake signing, but the cIOS stuff back then was too confusing and didn't seem necessary - now I'm stuck sitting in 4.0 without the USB loader, even though I have the homebrew channel and homebrew code running fine. Had somebody put together a straight forward FAQ on these subjects, I'd have better prepared myself. Part of my hesitation in using custom code comes from the Xbox 360 scene, where Live bans happen the minute Microsoft sees "custom" code.

At any rate... thanks for the info.
 

fogbank

Well-Known Member
Member
Joined
Oct 28, 2008
Messages
413
Trophies
0
XP
56
Country
United States
I would change the wording of "allows unsigned code to run".

The older IOS versions have the "strncmp" bug that allow them to be used to add fakesigned content to the filesystem (NAND). This is not the same as running unsigned code. Realistically only the Homebrew Channel and the Twilight Hack have the ability to run unsigned code.

Fakesigned content/titles are still signed, they are just signed with a signature that can trick the IOS into validating them and allowing them to be added to the filesystem.

So older IOS versions with the "fakesign" bug allow fakesigned titles to be added to the filesystem.

Please correct me if I'm wrong here
smile.gif


I do think this is a good thread with lots of useful info in the original post...
 

BlackEnigma

Well-Known Member
Member
Joined
Mar 1, 2009
Messages
344
Trophies
0
XP
211
Country
United States
WiiPower said:
Calling cIOS in this name scheme would be nice : cIOS36rev9, which means in the long term: custom IOS based on IOS36, revision 9, (installed as IOS249)


I like this definition right here. It took me longer than it should have to understand that IOS249 is like an address that cIOS36 gets installed at.

Before it was like cIOS36? IOS249? do I have to have both of those?
or, hmm I think I installed it but I have no idea where it went... how can I know if I have it?

I've gone from hearing that wads are "bad and dangerous" and you should never install them to actually understanding why they can be dangerous but still aren't something to avoid completely if I know the risks involved. Wads are kind of dangerous in the same way that fire is dangerous but still very useful. I can't be scared of fire if I want to harness its power.

And I guess a brick can be likened to burning yourself while using a flamethrower.

The last few weeks have made everything a whole lot clearer.
 

fogbank

Well-Known Member
Member
Joined
Oct 28, 2008
Messages
413
Trophies
0
XP
56
Country
United States
BenJeremy said:
CIO36 is IOS249? Are they patches or extensions? What is the difference between a fakesign exploit and a banner exploit - i.e. why is the CIOS the most important thing?

Great questions. I'll take a stab:

CIOS36 is not really IOS249 per se. The Wii has IOS "slots" in which IOS'es can be installed. They are numbered from 0 to 254. Only the lower slots (61 and below) are currently used by legitimate Wii IOS'es. The rest are unused.

cIOS36 is a customized version of the legitimate Wii IOS version 36. Technically it could be installed into any unusued IOS slot, but it is most commonly installed into slot # 249. That then becomes IOS249.

The fakesign exploit came about when it was discovered that the Wii developers used a flawed version of the C string compare function (strncmp) to check the validity of content signatures. The function would check each character of the signature string until it reached the end of the string or until it reached a null byte. I think the issue here is that it did not check the length of the signature string to begin with. If you create a signature string with a null byte early in the string, the mathematical odds of it being seen as valid are much greater, since there are far fewer characters to compare (the strncmp function stops at the first null byte).

START SPECULATION
The banner exploit is new to the Wii and has not been publicly released yet. In general a banner exploit would be similar to other exploits on other systems where there is a flaw in processing graphic images (think TIFF exploit on PSP, BMP or PNG exploits on Windows, etc...). The exploit would likely involve an unchecked buffer and employ a stack or heap corruption method.
END SPECULATION

cIOS is important to softmodders because later versions included code to access DVD content from the Wii's optical drive. This allows the cIOS to be used to read burned games as DVD's. Additional PPC code (i.e. a "loader") is then used to tell the system to load the game from the DVD.

Whew...

Most of this I believe to be accurate, but there are always those who know it better
smile.gif
 

gunslinger

Well-Known Member
Newcomer
Joined
Apr 3, 2009
Messages
53
Trophies
0
XP
13
Country
United States
So what's the difference between IOS222 and IOS202? For YAL Binary Channel Loading I had read you will need the .dol out of cios_usb2_usbloader.tar.bz2 installed... But isn't it the same as I install cIOS36-rev09 (what I already done)?
 

Bloodlust

Well-Known Member
Member
Joined
May 25, 2006
Messages
1,122
Trophies
0
Website
Visit site
XP
609
Country
Hong Kong
IOS36-64-1042 = an original IOS36 from system firmware 3.2 that allows unsigned code to run.
(system menu 3.2 doesn't run from IOS36 but this file that is used by all loaders and installers is from 3.2)

-----------------

Do you mean IOS36-64-(v)1042? Or is there really a IOS36-64-1042 wad ??
 

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
  • No one is chatting at the moment.
  • Sicklyboy @ Sicklyboy:
    maaaaan that's so awesome but I also don't want to fork over a hundo for it
  • Veho @ Veho:
    The fuuuuu---
  • Veho @ Veho:
    I thought it was an actual xBox at that price.
  • Sicklyboy @ Sicklyboy:
    I wanna grab a 360 Slim and a 360 E one of these days. Missed the boat of getting them at their lowest though, once they were discontinued. Could've got them for cheap back when I was a broke 20 something working at Target, but then again, I was a broke 20 something working at Target
  • Veho @ Veho:
    Being broke is no fun.
  • K3Nv2 @ K3Nv2:
    @Sicklyboy, $150 isn't that bad for a jtag slim on ebay
  • Veho @ Veho:
    I only wish it was actually playable.
  • Veho @ Veho:
    There's a guy on the Tube of You that makes playable mechanical arcade games out of Lego. This could work on the same principle.
  • Veho @ Veho:
    Just a couple of guys taking their manatee out for some fresh air, why you have to molest them?
  • Veho @ Veho:
    Stupid Chinese shop switched their shipping company and this one is slooooooow.
  • LeoTCK @ LeoTCK:
    STOP BUYING CHINESE CRAP THEN
  • LeoTCK @ LeoTCK:
    SUPPORT LOCAL PRODUCTS, MAKE REVOLUTION
  • LeoTCK @ LeoTCK:
    THEY KEEP REMOVING LOCAL SHIt AND REPLACING WItH INFERIOR CHINESE CRAP
  • LeoTCK @ LeoTCK:
    THATS WHY MY PARTNER CANT GET A GOOTWEAR HIS SIZE ANYMORE
  • LeoTCK @ LeoTCK:
    HE HAS BIG FOOT AND BIG DUCK
  • LeoTCK @ LeoTCK:
    d*ck i mean*
  • LeoTCK @ LeoTCK:
    lol
  • Veho @ Veho:
    Mkay.
  • Veho @ Veho:
    I just ordered another package from China just to spite you.
  • SylverReZ @ SylverReZ:
    Leo could not withstand communism.
  • SylverReZ @ SylverReZ:
    Its OUR products to begin with lol.
    SylverReZ @ SylverReZ: Its OUR products to begin with lol.