Ohneswanzenegger Not Working?

Discussion in 'Wii - Hacking' started by drfsupercenter, Sep 28, 2013.

  1. drfsupercenter
    OP

    drfsupercenter Flash Cart Aficionado

    Member
    1,898
    234
    Mar 26, 2008
    United States
    So I had read that guide about how to do a complete reset of your Wii and thought I would try it. After transferring all my channels to the Wii U, all I was left with was the free stuff anyway, so I figured I mayaswell wipe it out and start from scratch, since I've had quite a lot of cIOS-type hacks over the years.

    So I took a working BootMii NAND dump, opened it up and formatted it, then installed 4.1u. I followed this guide here exactly:
    http://www.hacksden.com/showthread.php/5574-Format-Wii-Nand-Using-ohneswanzenegger-Guide

    I also appended the keys.bin and restored it. But the few times I've tried it, I am left with a bricked Wii. As in, I take the SD card out (so it bypasses bootmii), turn it on and it's just a black screen. I've left it on for 10 minutes and nothing.

    I'm able to restore my good NAND dump just fine, but does anyone know why I can't get this Ohneswanzenegger to work? It sounded like a really useful idea. (I've got one of the first-model Wiis from early 2007 with a vulnerable boot2 and BootMii installed, FYI)
     


  2. drfsupercenter
    OP

    drfsupercenter Flash Cart Aficionado

    Member
    1,898
    234
    Mar 26, 2008
    United States
    Bump... come on, surely SOMEONE here knows how to use that program?
     
  3. mauifrog

    mauifrog DA KINE WiiHacker

    Member
    1,585
    90
    Jan 21, 2010
    United States
    load bootmii and make a new nand backup. Use that with ohneswanzenegger to make a new nand.bin. Format it, install 4.1u, then restore to wii. It is also a good idea to check the new nand.bin for errors with nandbincheck before restoring.
     
  4. drfsupercenter
    OP

    drfsupercenter Flash Cart Aficionado

    Member
    1,898
    234
    Mar 26, 2008
    United States
    That's exactly what I did.

    I took my nand.bin from bootmii, loaded it in Ohneswanzenegger, formatted it and put 4.1u. Appended the keys.bin, restored to Wii and got greeted by a black screen. :wacko:
     
  5. Krestent

    Krestent What to post?

    Member
    3,953
    33
    Mar 31, 2009
    United States
    Did you remember to install IOS60 (the older, non-stubbed version)?
     
  6. drfsupercenter
    OP

    drfsupercenter Flash Cart Aficionado

    Member
    1,898
    234
    Mar 26, 2008
    United States
    Uh, what?

    I literally typed "4.1u" in the box, hit "Get It" and that was it. After formatting.

    Are you saying I have to install IOS60 *as well*?
     
  7. Luigi2012SM64DS

    Luigi2012SM64DS G-old member

    Banned
    2,060
    309
    Aug 27, 2011
    Canada
    Minecrapt
    i belive it should do that automaticly. did you wait for all the titles to download?
     
  8. drfsupercenter
    OP

    drfsupercenter Flash Cart Aficionado

    Member
    1,898
    234
    Mar 26, 2008
    United States
    Yes I did. Here's doing it again from the cached downloads:

    [​IMG]

    Here's the full log...

    Code:
    Set path to nand as C:/Users/Danny/Desktop/ohneswanzenegger_r85/nand.bin
     
    Formatting nand...
     
    Done!
     
    Received a completed download from NUS
    Installed title 0000000100000002 v449 to nand
     
    Received a completed download from NUS
    Installed title 0000000100000004 v65280 to nand
     
    Received a completed download from NUS
    Installed title 0000000100000009 v521 to nand
     
    Received a completed download from NUS
    Installed title 000000010000000a v768 to nand
     
    Received a completed download from NUS
    Installed title 000000010000000b v256 to nand
     
    Received a completed download from NUS
    Installed title 000000010000000c v12 to nand
     
    Received a completed download from NUS
    Installed title 000000010000000d v16 to nand
     
    Received a completed download from NUS
    Installed title 000000010000000e v263 to nand
     
    Received a completed download from NUS
    Installed title 000000010000000f v266 to nand
     
    Received a completed download from NUS
    Installed title 0000000100000010 v512 to nand
     
    Received a completed download from NUS
    Installed title 0000000100000011 v518 to nand
     
    Received a completed download from NUS
    Installed title 0000000100000014 v256 to nand
     
    Received a completed download from NUS
    Installed title 0000000100000015 v525 to nand
     
    Received a completed download from NUS
    Installed title 0000000100000016 v780 to nand
     
    Received a completed download from NUS
    Installed title 000000010000001c v1293 to nand
     
    Received a completed download from NUS
    Installed title 000000010000001e v2816 to nand
     
    Received a completed download from NUS
    Installed title 000000010000001f v3092 to nand
     
    Received a completed download from NUS
    Installed title 0000000100000021 v2834 to nand
     
    Received a completed download from NUS
    Installed title 0000000100000022 v3091 to nand
     
    Received a completed download from NUS
    Installed title 0000000100000023 v3092 to nand
     
    Received a completed download from NUS
    Installed title 0000000100000024 v3094 to nand
     
    Received a completed download from NUS
    Installed title 0000000100000025 v3612 to nand
     
    Received a completed download from NUS
    Installed title 0000000100000026 v3610 to nand
     
    Received a completed download from NUS
    Installed title 0000000100000032 v5120 to nand
     
    Received a completed download from NUS
    Installed title 0000000100000033 v4864 to nand
     
    Received a completed download from NUS
    Installed title 0000000100000035 v5149 to nand
     
    Received a completed download from NUS
    Installed title 0000000100000037 v5149 to nand
     
    Received a completed download from NUS
    Installed title 000000010000003c v6174 to nand
     
    Received a completed download from NUS
    Installed title 000000010000003d v4890 to nand
     
    Received a completed download from NUS
    Installed title 00000001000000fe v3 to nand
     
    Received a completed download from NUS
    Installed title 0000000100000100 v5 to nand
     
    Received a completed download from NUS
    Installed title 0000000100000101 v9 to nand
     
    Received a completed download from NUS
    Installed title 0001000248414141 v2 to nand
     
    Received a completed download from NUS
    Installed title 0001000248414241 v16 to nand
     
    Received a completed download from NUS
    Installed title 0001000248414341 v6 to nand
     
    Received a completed download from NUS
    Installed title 0001000248414641 v3 to nand
     
    Received a completed download from NUS
    Installed title 0001000248414645 v7 to nand
     
    Received a completed download from NUS
    Installed title 0001000248414741 v3 to nand
     
    Received a completed download from NUS
    Installed title 0001000248414745 v7 to nand
     
    Received a completed download from NUS
    Installed title 0001000248415941 v3 to nand
     
    Received a completed download from NUS
    Installed title 0001000848414b45 v2 to nand
     
    Received a completed download from NUS
    Installed title 0001000848414c45 v2 to nand
     
    NUS object is done working
    
     
  9. mauifrog

    mauifrog DA KINE WiiHacker

    Member
    1,585
    90
    Jan 21, 2010
    United States
    Backup sd:/nand.bin and key.bin, then delete them from sd card.
    Load bootmii, make a new nand backup
    Copy nand.bin and key.bin to folder with ohneswanzenegger
    Open nand.bin with ohneswanzenegger, format nand.bin
    type 4.1u and get it
    Enter wii serial number into setting.txt
    close ohneswanzenegger
    open command prompt shell
    Check nand.bin with nandbincheck
    Code:
    nandbincheck nand.bin -all -v
    Copy nand.bin and key.bin back to sd card
    Load bootmii and restore nand

    That is it, nothing more or less.
    http://www.mediafire.com/download/9778sgmybexww1o/giantpune's+Nand+Tools.zip
     
  10. drfsupercenter
    OP

    drfsupercenter Flash Cart Aficionado

    Member
    1,898
    234
    Mar 26, 2008
    United States
    Code:
    C:\Users\Danny\Desktop\giantpunes Nand Tools>nandBinCheck.exe nand.bin -all -v
    ** nandBinCheck : Wii nand info tool **
      from giantpune
      built: Jan 29 2011 03:36:05
    checking boot1 & 2...
    Boot1 B (vulnerable)
    found 3 copies of boot2
    "blocks 1 & 2: Marked as bad blocks; Content Sha1 matches TMD; TMD officially si
    gned; Ticket officially signed; Version 4"
    "blocks 3 & 4: Used for booting; Content Sha1 matches TMD; TMD is fakesigned; Ti
    cket officially signed; BootMii (Unk)"
    "blocks 7 & 6: Backup copy; Content Sha1 matches TMD; TMD officially signed; Tic
    ket officially signed; Version 4"
    checking uid.sys...
    checking content.map...
    checking "/shared1/00000000.app" ...
    checking "/shared1/00000001.app" ...
    checking "/shared1/00000002.app" ...
    checking "/shared1/00000003.app" ...
    checking "/shared1/00000004.app" ...
    checking "/shared1/00000005.app" ...
    checking "/shared1/00000006.app" ...
    checking "/shared1/00000007.app" ...
    checking "/shared1/00000008.app" ...
    checking "/shared1/00000009.app" ...
    checking "/shared1/0000000a.app" ...
    checking "/shared1/0000000b.app" ...
    checking "/shared1/0000000c.app" ...
    checking "/shared1/0000000d.app" ...
    checking "/shared1/0000000e.app" ...
    checking "/shared1/0000000f.app" ...
    checking "/shared1/00000010.app" ...
    checking "/shared1/00000011.app" ...
    checking "/shared1/00000012.app" ...
    checking "/shared1/00000013.app" ...
    checking "/shared1/00000014.app" ...
    checking "/shared1/00000015.app" ...
    checking "/shared1/00000016.app" ...
    checking "/shared1/00000017.app" ...
    checking "/shared1/00000018.app" ...
    checking "/shared1/00000019.app" ...
    checking "/shared1/0000001a.app" ...
    checking "/shared1/0000001b.app" ...
    checking "/shared1/0000001c.app" ...
    checking "/shared1/0000001d.app" ...
    checking "/shared1/0000001e.app" ...
    checking "/shared1/0000001f.app" ...
    checking "/shared1/00000020.app" ...
    checking "/shared1/00000021.app" ...
    checking "/shared1/00000022.app" ...
    checking "/shared1/00000023.app" ...
    checking "/shared1/00000024.app" ...
    checking "/shared1/00000025.app" ...
    checking "/shared1/00000026.app" ...
    checking "/shared1/00000027.app" ...
    checking "/shared1/00000028.app" ...
    checking "/shared1/00000029.app" ...
    checking "/shared1/0000002a.app" ...
    checking "/shared1/0000002b.app" ...
    checking "/shared1/0000002c.app" ...
    checking "/shared1/0000002d.app" ...
    checking "/shared1/0000002e.app" ...
    checking "/shared1/0000002f.app" ...
    checking "/shared1/00000030.app" ...
    checking "/shared1/00000031.app" ...
    checking "/shared1/00000032.app" ...
    checking "/shared1/00000033.app" ...
    checking "/shared1/00000034.app" ...
    checking "/shared1/00000035.app" ...
    checking "/shared1/00000036.app" ...
    checking "/shared1/00000037.app" ...
    checking "/shared1/00000038.app" ...
    checking "/shared1/00000039.app" ...
    checking "/shared1/0000003a.app" ...
    checking "/shared1/0000003b.app" ...
    checking "/shared1/0000003c.app" ...
    checking "/shared1/0000003d.app" ...
    checking "/shared1/0000003e.app" ...
    checking "/shared1/0000003f.app" ...
    found 42 titles installed
     
    Checking 00000001-00000009 ...
            version: 2.9        521        hex: 209
     
    Checking 00000001-0000000c ...
            version: 0.12      12        hex: c
     
    Checking 00000001-0000000d ...
            version: 0.16      16        hex: 10
     
    Checking 00000001-0000000e ...
            version: 1.7        263        hex: 107
     
    Checking 00000001-0000000f ...
            version: 1.10      266        hex: 10a
     
    Checking 00000001-00000011 ...
            version: 2.6        518        hex: 206
     
    Checking 00000001-00000015 ...
            version: 2.13      525        hex: 20d
     
    Checking 00000001-00000016 ...
            version: 3.12      780        hex: 30c
     
    Checking 00000001-0000001c ...
            version: 5.13      1293      hex: 50d
     
    Checking 00000001-0000001f ...
            version: 12.20      3092      hex: c14
     
    Checking 00000001-00000021 ...
            version: 11.18      2834      hex: b12
     
    Checking 00000001-00000022 ...
            version: 12.19      3091      hex: c13
     
    Checking 00000001-00000023 ...
            version: 12.20      3092      hex: c14
     
    Checking 00000001-00000024 ...
            version: 12.22      3094      hex: c16
     
    Checking 00000001-00000025 ...
            version: 14.28      3612      hex: e1c
     
    Checking 00000001-00000026 ...
            version: 14.26      3610      hex: e1a
     
    Checking 00000001-00000035 ...
            version: 20.29      5149      hex: 141d
     
    Checking 00000001-00000037 ...
            version: 20.29      5149      hex: 141d
     
    Checking 00000001-0000003c ...
            version: 24.30      6174      hex: 181e
     
    Checking 00000001-0000003d ...
            version: 19.26      4890      hex: 131a
     
    Checking 00000001-000000fe ...
            version: 0.3        3          hex: 3
    found 21 bootable IOS
     
    Checking 00000001-00000002 ...
            version: 1.193      449        hex: 1c1
     
    Checking 00000001-00000004 ...
            version: 255.0      65280      hex: ff00
     
    Checking 00000001-0000000a ...
            version: 3.0        768        hex: 300
     
    Checking 00000001-0000000b ...
            version: 1.0        256        hex: 100
     
    Checking 00000001-00000010 ...
            version: 2.0        512        hex: 200
     
    Checking 00000001-00000014 ...
            version: 1.0        256        hex: 100
     
    Checking 00000001-0000001e ...
            version: 11.0      2816      hex: b00
     
    Checking 00000001-00000032 ...
            version: 20.0      5120      hex: 1400
     
    Checking 00000001-00000033 ...
            version: 19.0      4864      hex: 1300
     
    Checking 00000001-00000100 ...
            version: 0.5        5          hex: 5
     
    Checking 00000001-00000101 ...
            version: 0.9        9          hex: 9
     
    Checking 00010002-48414141 (HAAA) ...
            version: 0.2        2          hex: 2
     
    Checking 00010002-48414241 (HABA) ...
            version: 0.16      16        hex: 10
     
    Checking 00010002-48414341 (HACA) ...
            version: 0.6        6          hex: 6
     
    Checking 00010002-48414641 (HAFA) ...
            version: 0.3        3          hex: 3
     
    Checking 00010002-48414645 (HAFE) ...
            version: 0.7        7          hex: 7
     
    Checking 00010002-48414741 (HAGA) ...
            version: 0.3        3          hex: 3
     
    Checking 00010002-48414745 (HAGE) ...
            version: 0.7        7          hex: 7
     
    Checking 00010002-48415941 (HAYA) ...
            version: 0.3        3          hex: 3
     
    Checking 00010008-48414b45 (HAKE) ...
            version: 0.2        2          hex: 2
     
    Checking 00010008-48414c45 (HALE) ...
            version: 0.2        2          hex: 2
    Checking for 003 error ...
    Checking setting.txt stuff...
    system menu resource matches setting.txt AREA setting.
     
    00000000  41524541 3d555341 0d0a4d4f 44454c3d  AREA=USA..MODEL=
    00000010  52564c2d 30303128 55534129 0d0a4456  RVL-001(USA)..DV
    00000020  443d300d 0a4d5043 483d3078 37464645  D=0..MPCH=0x7FFE
    00000030  0d0a434f 44453d4c 550d0a53 45524e4f  ..CODE=LU..SERNO
    00000040  3d----------------------- 56494445  =[removed]..VIDE
    00000050  4f3d4e54 53430d0a 47414d45 3d55530d  O=NTSC..GAME=US.
    00000060  0a000000 00000000 00000000 00000000  ................
    00000070  00000000 00000000 00000000 00000000  ................
    00000080  00000000 00000000 00000000 00000000  ................
    00000090  00000000 00000000 00000000 00000000  ................
    000000a0  00000000 00000000 00000000 00000000  ................
    000000b0  00000000 00000000 00000000 00000000  ................
    000000c0  00000000 00000000 00000000 00000000  ................
    000000d0  00000000 00000000 00000000 00000000  ................
    000000e0  00000000 00000000 00000000 00000000  ................
    000000f0  00000000 00000000 00000000 00000000  ................
    AREA=USA
    MODEL=RVL-001(USA)
    DVD=0
    MPCH=0x7FFE
    CODE=LU
    SERNO=[removed]
    VIDEO=NTSC
    GAME=US
     
    Comparing uid.sys against the filesystem...
            00010000-3132334a (123J) was installed at the factory and is now missing
     
            00010000-0000dead (....) was installed at the factory and is now missing
     
            00010000-3132314a (121J) was installed at the factory and is now missing
     
            00010000-31323245 (122E) was installed at the factory and is now missing
     
            00010000-30303032 (0002) was installed at the factory and is now missing
     
    47 titles were installed before any user intervention
    checking for lost clusters...
    total used clusters 1ae1 of 0x8000
    found 0 lost clusters
    UNK ( 0xffff ) 19 (2644, 2645, 2646, 2647, 2d77, 630c, 630d, 630e, 630f, 6568, 6
    569, 656a, 656b, 656c, 656d, 656e, 656f, 6898, 6899, 689a, 689b, 689c, 689d, 689
    e, 689f)
    free            5cbb
    verifying ecc...
    2 out of 577856 pages had incorrect ecc.
    they were spread through 2 clusters in 2 blocks:
    (2, 6)
    0 of those clusters are non-special (they belong to the fs)
    verifying hmac...
    verifying hmac for 246 files
    0 files had bad HMAC data
    checking HMAC for superclusters...
    0 superClusters had bad HMAC data
     
    C:\Users\Danny\Desktop\giantpunes Nand Tools>
    
    Does this mean anything to you? I don't really know what I'm looking at.
    Not sure what it means by "installed at the factory and is now missing".
     
  11. drfsupercenter
    OP

    drfsupercenter Flash Cart Aficionado

    Member
    1,898
    234
    Mar 26, 2008
    United States
    Come on guys, don't leave me hanging :(
     
  12. mauifrog

    mauifrog DA KINE WiiHacker

    Member
    1,585
    90
    Jan 21, 2010
    United States
    Your nandbincheck looks perfectly normal. Restore your new nand.bin to the wii. If the wii does not work, make a new nand dump and check it with nandbincheck. Compare both nandbinchecks together and look for any changes.
     
  13. Antidote

    Antidote GBAtemp Regular

    Member
    108
    38
    Jul 13, 2011
    United States
    You might want to replace your hex section with mine.
     
  14. drfsupercenter
    OP

    drfsupercenter Flash Cart Aficionado

    Member
    1,898
    234
    Mar 26, 2008
    United States
    Whoops, totally forgot to remove the hex data, thanks for pointing that out.

    OK so. I flashed that exact same nand.bin that I showed above using BootMii - since I appended the keys, I didn't have any errors and it restored fine. As expected, it bricked and left me with a black screen.
    So I re-dumped the NAND, and now I get this huge red-text error:

    What the heck does that mean? Is it not flashing properly? I would expect it to be the same contents before/after, since all I did was restore that NAND, try to return to the Wii Menu from BootMii (which gave me a black screen), rebooted the Wii to a black screen *again* and then dumped the NAND.

    Also, ironically enough, the keys.bin file has different contents each time. I'm not sure why, since technically can't NAND keys not change?
     
  15. Antidote

    Antidote GBAtemp Regular

    Member
    108
    38
    Jul 13, 2011
    United States
    http://wiibrew.org/wiki//sys/uid.sys

    uid.sys just contains the titles registered to that particular wii, It's also stored remotely on Nintendo's servers

    I missread that, uid.sys, if i read this correctly, contains a list of user id's for each title (users being the games) I'm not entirely certain, Giantpune, tuidj, and a few others should be able to provide a better answer.

    As for the keys.bin thing, yeah that's a problem, I don't know what's going on there.
     
  16. drfsupercenter
    OP

    drfsupercenter Flash Cart Aficionado

    Member
    1,898
    234
    Mar 26, 2008
    United States
    Yeah, basically Ohneswanzenegger isn't generating a valid uid.sys for me, or something.

    Or wait... maybe it is... but why is it not working when I flash it back, don't know.
     
  17. mauifrog

    mauifrog DA KINE WiiHacker

    Member
    1,585
    90
    Jan 21, 2010
    United States
    After you make the nand.bin, just restore it in bootmii. Try not appending any keys. I think your killing the nand.bin at this step in your process. You could also nandbincheck after you append the keys.

    I never append my keys to my nand.bin, works fine everytime. I think that is only needed on older bootmii installs.

    Also the keys never change, so there is an issue there. Possibly your appending the wrong keys to the nand.bin.
     
  18. drfsupercenter
    OP

    drfsupercenter Flash Cart Aficionado

    Member
    1,898
    234
    Mar 26, 2008
    United States
    Hm, well it could also be that the program appending the keys is reading my keys.bin wrong.

    Though the funny thing is, last night when I did it, I *didn't* append the keys. I took that nand.bin file that I displayed info on, and put it right on my SD and restored it. BootMii didn't even complain about the keys being different. Weird.

    I will try this, since I am assuming this is the safest process:

    -Restore a working NAND backup (I keep about 10 of them on my PC)
    -Verify that the Wii boots and everything's proper
    -Dump the NAND again for my sanity's sake
    -Take that nand.bin and format it in Ohneswanzenegger
    -Type 4.1u, hit Get It and let it work
    -Enter my serial in the info screen, hit OK, and immediately copy the nand.bin back onto my SD
    -Restore

    Do I need the keys.bin at all since I'm not appending the keys?
     
  19. drfsupercenter
    OP

    drfsupercenter Flash Cart Aficionado

    Member
    1,898
    234
    Mar 26, 2008
    United States
    Sigh, no dice.

    Again, here is the exact steps I did.

    • Restore a known working backup to my Wii
    • Erase SD card (except BootMii), restart Wii and make a NAND backup
    • Take nand.bin, copy it to Ohneswanzenegger folder
    • Open Ohneswanzenegger, select NAND, copy my serial from setting.txt
    • Format NAND
    • Type 4.1u, hit Get it
    • Paste serial in box and click OK
    • Close Ohneswanzenegger, copy to SD card (replacing the other one)
    • Turn on Wii, restore using BootMii
    • Immediately get black screen after restoring when selecting Wii menu or Homebrew Channel
    • Take SD card out, still black screen
    • Erase SD card yet again (except BootMii), make a new NAND backup
    • Gives the missing uid.sys error seen above
    It's worth noting that if I take the nand.bin from Ohneswanzenegger's folder, it checks out just fine in giantpunes Nand Tools, similar to my pasted code segment above.

    So as you can see I didn't touch the keys, append them, or anything. I just left keys.bin where it was on the root of the SD.

    Something is clearly being corrupted when restoring the NAND, either that or my Wii rejects it and just wipes it after it's been restored. I really don't know what else to do, this is driving me nuts. I'd be happy to upload my nand.bin and keys.bin somewhere if someone wants to open it up and poke around...
     
  20. mauifrog

    mauifrog DA KINE WiiHacker

    Member
    1,585
    90
    Jan 21, 2010
    United States
    Try again
    Put the nand tools on your sd card
    Load bootmii make new nand bin
    Format nand.bin from sd card, etc
    Do nandbincheck from sd card
    Load bootmii and restore.

    No copy, move, etc.

    Do nandbincheck again on sd card, no changes?
    Make new nand bin again and do nandbincheck, still no UID?

    What version of bootmii?
    Perhaps load current hackmii installer from bootmii sd loader via bootmini.elf, update bootmii and update bootmii sd files.
    If you do load the hackmii installer, remove sd card and format, then install bootmii and prepare sd card.