Need some clarification

Discussion in 'Wii - Hacking' started by Hikari06, Oct 11, 2014.

  1. Hikari06
    OP

    Hikari06 GBAtemp Advanced Fan

    Member
    901
    642
    Nov 20, 2012
    France
    Hello.
    I hacked my Wii a long time ago but, recently, I started wondering a few things about how it works and thought you could help me.
    If I understood well, Nintendo uses a combination of Asymetric encryption and hash functions in order to check if a content was approved. And this is stored in what we call certficates, right ?
    So, If I can understand that exploits allow to run unsigned code, what seems obscure to me is how, for instance, the Hombrew Channel can be installed. I heard about Trucha and STM exploits but they are patched, aren't they ? So, does the Bootmii installer use another exploit ? I think it does, although its code must be obfuscated.
    But that raises another question : How can wads be installed ?
    I think clean dumped channels contain the right certificates, so it shouldn't be a problem, should it ?
    But what about other self-made channels ? How do we manage to trick the Wii to make it think it was signed by Nintendo without the trucha bug ? Do wad installers use the same exploit as bootmii installer ?
    Also, when does the signing check occur? During installation ? When the system-menu boots ? Before booting a channel ?
    Thanks for your help !
     
  2. smf

    smf GBAtemp Maniac

    Member
    1,116
    218
    Feb 23, 2009
    Getting from just having the homebrew channel installed to having a custom IOS installed is a step that has changed many times over the course of time. At one time it involved installing an old test IOS from Nintendo that was not shipped on retail consoles, which still had the trucha bug.

    Now you can use HW_AHBPROT to patch the running IOS to allow you to install anything. The last wad manager I used relied on a IOS patched to add the trucha signing bug back, but that patched IOS was installed using HW_AHBPROT. I guess backup managers could also avoid requiring CIOS by using HW_AHBPROT, but AFAIK none of them do.
     
  3. Hikari06
    OP

    Hikari06 GBAtemp Advanced Fan

    Member
    901
    642
    Nov 20, 2012
    France
    Thank you for you reply.
    So, I guess it means that the only time the signing check occurs is during installation, and we bypass it thanks to HW_AHBPROT.
    But that would also mean that the system menu doesn't do it, right ?