Hacking Nintendo Update System Title?

[brianBTB]

Is there any way to see where the Update system is on the wii? I am nearly positive it is not an IOS, but it has to be on there somewhere...
I would like to experiment with it.

Brian
EDIT:
I know it is a hard question. lol

Is it even poosible to modify stuff on the nand that is not stored in an IOS?

 

[PPSainity]

Is there any way to see where the Update system is on the wii? I am nearly positive it is not an IOS, but it has to be on there somewhere...
I would like to experiment with it.

Brian
EDIT:
I know it is a hard question. lol

Is it even poosible to modify stuff on the nand that is not stored in an IOS?

Never having taken a look into the SM binaries this is a total guess. Everything I know about patching the Wii tells me that the update routines are most likely contained in the System Menu. The SM must use the normal dev/fs commands in the SM IOS for file access, I don't think that raw dev/flash access is used or is even available. This is a total guess. If you really want to find where the routines are located just dump your NAND and fire up IDA Pro.

You can modify anything on you NAND, except for certain information like the KEYS which are actually in the OTP memory. WiiBrew has a partial look into the Wii's NAND file structure.

-[]D

 

[brianBTB]

Never having taken a look into the SM binaries this is a total guess. Everything I know about patching the Wii tells me that the update routines are most likely contained in the System Menu. The SM must use the normal dev/fs commands in the SM IOS for file access, I don't think that raw dev/flash access is used or is even available. This is a total guess. If you really want to find where the routines are located just dump your NAND and fire up IDA Pro.

You can modify anything on you NAND, except for certain information like the KEYS which are actually in the OTP memory. WiiBrew has a partial look into the Wii's NAND file structure.

-[]D

Would a bootmii dump be sufficient?
and a link to IDA pro would be nice...
Brian

 

[PPSainity]

.....
Would a bootmii dump be sufficient?
and a link to IDA pro would be nice...
Brian

This post has been edited by brianBTB: Today, 01:22 PM

Of course. Understand that you have to extract the contents from that NAND dump. The NAND dump is just a huge binary image which needs to be unencrypted and parsed into files. There are many guides and utilities available to do this; many can be found in Sneek setup guides. You're going to have to search or wait for other's to step in here as you now are going out of my area of expertise.

As for a link to IDA Pro, well that is a no no. Forum rules, no link to warez... But if you are so inclined....Google can be helpful in such endeavors

Personally, when I was a student I bought IDA Pro through my university bookstore cheap. It was a good investment. So if you're still in school, think about that.

-[]D

 

[brianBTB]

As for a link to IDA Pro, well that is a no no. Forum rules, no link to warez... But if you are so inclined....Google can be helpful in such endeavors

Personally, when I was a student I bought IDA Pro through my university bookstore cheap. It was a good investment. So if you're still in school, think about that.

-[]D

THAT is not what I meant. i had not heard of IDA pro and wanted a link to the website!

Lol.

Brian

 

[PPSainity]

THAT is not what I meant. i had not heard of IDA pro and wanted a link to the website!

Lol.

Brian

My bad

http://www.hex-rays.com/idapro/

-[]D

 

[brianBTB]

Would the free version work?

Brian

PS anyone who wants to jump on board can help. This is part one of NUSPOR, or Nintendo Update System Patch Or Rewrite, a pet project of mine. The goal is to decompile. reverse engineer, and modify the Nintendo Update System on the wii.

PPS i am working with this page idle in the background...

 

[PPSainity]

Would the free version work?

Brian

PS anyone who wants to jump on board can help. This is part one of NUSPOR, or Nintendo Update System Patchm Or Rewrite, a pet project of mine. The goal is to decompile. reverse engineer, and modify the Nintendo Update System on the wii.

AFAIK the evaluation version does ARM, but does not do PPC so no, it won't work. There are some free utilities listed on WiiBrew but I don't think there is a disassembler listed. Maybe some of the expert Wii hackers can fill in here...

I am intrigued by NUSPOR. What is the ultimate goal of the project though? I am assuming it is something more than just disabling online/disc updates. Homebrew hosted update server?

-[]D

 

[brianBTB]

I am intrigued by NUSPOR. What is the ultimate goal of the project though? I am assuming it is something more than just disabling online/disc updates. Homebrew hosted update server?
-[]D

Yes and no. Support for multiple update servers, but especially patching official updates realtime.

This is the first mention of the project online...
I put it one my website, btbgeek.com, but the site is down...
Brian

 

[SifJar]

Little point in a custom update server really. To be able to use it, you'd need to patch SM, and if you can patch stuff, may as well just patch stuff straight from NUS with a tool like DOP-Mii, instead of having the hassle of building and maintaining a custom update server. (Which BTW would require the SM IOS to have trucha bug/fakesign enabling patch)

 

[brianBTB]

Yes and no. Support for multiple update servers, but especially patching official updates realtime.
Brian


QUOTE(SifJar @ Feb 17 2011, 05:26 PM) Little point in a custom update server really. To be able to use it, you'd need to patch SM, and if you can patch stuff, may as well just patch stuff straight from NUS with a tool like DOP-Mii, instead of having the hassle of building and maintaining a custom update server. (Which BTW would require the SM IOS to have trucha bug/fakesign enabling patch)

It would patch nintendo updates to avoid issues with deletion of Homebrew, cIOS's, and IOS patches,.

Brian

 

[SifJar]

Yes and no. Support for multiple update servers, but especially patching official updates realtime.
Brian


QUOTE(SifJar @ Feb 17 2011, 05:26 PM) Little point in a custom update server really. To be able to use it, you'd need to patch SM, and if you can patch stuff, may as well just patch stuff straight from NUS with a tool like DOP-Mii, instead of having the hassle of building and maintaining a custom update server. (Which BTW would require the SM IOS to have trucha bug/fakesign enabling patch)

It would patch nintendo updates to avoid issues with deletion of Homebrew, cIOS's, and IOS patches,.

Brian

I know what you wish to do, and what I said applies. There is zero point reverse engineering Nintendo's update server enough to make a working replica, when a tool like DOP-Mii does EXACTLY what you want already. It doesn't patch SM, so doesn't stop HBC being deleted, but that is IT, and it can install Priiloader when it updates SM, so you can use Priiloader hacks to prevent HBC being deleted. There is no point doing what you are asking for. You would need to have SM IOS that accepts fake signatures, and a patched System Menu. With DOP-Mii, you don't even need a patched IOS IIRC (works from AHBPROT, and can install patched IOS and selectively update IOS to prevent removal of non-regular IOS).

 

[brianBTB]

Ok

Just to clarify you realize I do not plan to clone Nintendo's servers but rather modify the update procedure on the Wii SM

And also still no answer to the original question...

Brian

PS and I am not "asking for" anything! I just have a project I am working on, partly for fun, and I know what DOP mii does so if you are not going to be helpful go away.

 

[SifJar]

Yeah I know, you want to redirect the update in SM to your own server. Quite simple to do. But for the Wii to accept it as a valid update server, it will have to be a near perfect clone of Nintendo's servers, with your own content on it. I still see zero point in what you want to do, but you just need to patch System Menu, Priiloader can do the job fairly easily.

Here's a patch to do what you want:

[Custom update server]
maxversion=518
minversion=1
amount=1
hash=0x68747470,0x733a2f2f,0x25732f6e,0x75732f73
patch=0x68747470, 0x733A2F2F, 0x6578616D, 0x706C652E, 0x636F6D2F, 0x4E555346, 0x414B452F, 0x73757064, 0x61746572

(hash_hacks.ini format obviously)

That'll redirect the update to: https://example.com/NUSFAKE/supdater

That is as long as the URL can be (in normal usage, the actual domain is substituted in at runtime, and the URL is longer, but because you want a different domain, you need to put the domain in too). If you want to use a shorter one, pad the patch with 0x00s.

Hope that is "helpful" enough for you

 

[brianBTB]

Yeah I know, you want to redirect the update in SM to your own server. Quite simple to do. But for the Wii to accept it as a valid update server, it will have to be a near perfect clone of Nintendo's servers, with your own content on it. I still see zero point in what you want to do, but you just need to patch System Menu, Priiloader can do the job fairly easily.

Here's a patch to do what you want:

[Custom update server]
maxversion=518
minversion=1
amount=1
hash=0x68747470,0x733a2f2f,0x25732f6e,0x75732f73
patch=0x68747470, 0x733A2F2F, 0x6578616D, 0x706C652E, 0x636F6D2F, 0x4E555346, 0x414B452F, 0x73757064, 0x61746572

(hash_hacks.ini format obviously)

That'll redirect the update to: https://example.com/NUSFAKE/supdater

That is as long as the URL can be (in normal usage, the actual domain is substituted in at runtime, and the URL is longer, but because you want a different domain, you need to put the domain in too). If you want to use a shorter one, pad the patch with 0x00s.

Hope that is "helpful" enough for you

...

I -NO - WANT - CUSTOM - SERVER. (Clear enough?)

Lol.

Anyway what I want is to patch the SM UPDATE so that when you download OFFICIAL updates it patches them.

Wow.

Brian

PS yes that was helpful though...

 

[Donkey Plonk]

I'm with SifJar. Can't see a point to this. You are simply putting a pretty wii front end to an already achievable task. May aswell create a new backup loader.

If you insist there is still a point though, just explain what that point is. If nothing else, we're trying to save you wasting lots of time achieving something that can already be done, not slating you for thinking outside the box, just let us in to your secret.

 

[brianBTB]

I don't think that there is a large benefi to what I want to do over the normal method. but:

I would have fun working on it,
I would partially do it for proof of concept,
and I would learn alot from it.

My original question stands:

If I want to modify the SM Update proceedure, where do I start.


Brian

PS: gawd this is hopeless. please do not get frustrated at me, but I did not ever "insist there is still a point." I never said any benefit would come doing what I want to do over the existing method. And hey, a new backup loader? what the heck does that have to do with anything??

 

[Donkey Plonk]

I don't think that there is a large benefi to what I want to do over the normal method. but:

I would have fun working on it,
I would partially do it for proof of concept,
and I would learn alot from it.

My original question stands:

If I want to modify the SM Update proceedure, where do I start.


Brian

PS: gawd this is hopeless. please do not get frustrated at me, but I did not ever "insist there is still a point." I never said any benefit would come doing what I want to do over the existing method. And hey, a new backup loader? what the heck does that have to do with anything??

The same that a new way to update your system menu has to do with anything. Its just as pointless and very good examples of each already exist.

But if you're learning then thats fine, nothing wrong with learning as long as you understand that its wasted time as far as the scene is concerned. But obviously may be beneficial to you to learn.

 

[DKAngel]

u would first need to know what nintendo are planning to patch b4 u could even have the sm just patch it

nintendo would allways be one step ahead, i dont think what u want to do is even possible

 

[Taleweaver]

PS: gawd this is hopeless. please do not get frustrated at me, but I did not ever "insist there is still a point." I never said any benefit would come doing what I want to do over the existing method. And hey, a new backup loader? what the heck does that have to do with anything??

Well...you do want help, right? People will be more likely to help with things they see a point in, than in random projects that don't add anything.

What you're attempting to do may be very educational for you, but it would be ill-advised for anyone else (or anyone without proper brick-protection, for that matter). Your project involves editting the system menu, and therefore has roughly carries same risks as a custom wii theme (if you do a search on that, you'll find more than a few ppl managed to brick themselves with it).


To take a comparison: your project is like building a firewall for windows. Nothing wrong with that...but except that instead of just writing the application, you're looking to change and edit all sorts of dll's in order to replace the standard windows firewall. No one is going to argue that the default one is crappy...but the risks removing it simply don't outweigh just leaving it alone and getting an external program that does the exact same thing.