Hacking RealWnD - Wii Mini Edition

nitr8

Well-Known Member
OP
Member
Joined
Apr 4, 2007
Messages
352
Trophies
0
Website
vermillion57.wixsite.com
XP
1,160
Country
Gambia, The
Here comes the Wii Mini NAND dumper.

R-E-A-D C-A-R-E-F-U-L-L-Y

It's straight forward: Run it from within HBC.

It dumps directly to an attached USB drive with ECC data included.

No inputs required.

In order to accomplish the dumping process, you need these prerequisites:

https://gbatemp.net/threads/simpleiospatcher-wii-mini-edition.553353/

IF you have all the above prerequisites, the app does the following:

1.) Reloads into IOS236
2.) Disables AHBPROT automatically
3.) Disables MEMPROT automatically
4.) Patches IOS for gaining access back to /dev/flash (will be patched until the console is turned off)
5.) (Ab)uses IOS and mounts /dev/flash
6.) (Ab)uses IOS and dumps to usb:/WiiFlash_n_ECC.img (encrypted NAND binary)
7.) (Ab)uses IOS and dumps to usb:/WFD_XXX_YY.img ("Error" data - which is not really neccessary)
8.) Creates LOGFILE usb:/WiiFlash.log

??? - What's missing: The NAND key. You can obtain it using @DarkMatterCore's modified version of @bushing's Xyzzy.

Have phun.

Info for the new release:

- no longer needs YOU to dump and patch the AHBPROT bit within the IOS TMD

The NEW release is right here: http://www.mediafire.com/file/a1dzg9b6ahkdj06/RealWnD_Mini.zip/file
 

Attachments

  • RealWnD_Mini.zip
    121.1 KB · Views: 185
Last edited by nitr8,

asper

Well-Known Member
Member
Joined
May 14, 2010
Messages
931
Trophies
0
XP
1,691
Country
United States
Great ! What is the average dumping time ? In my case it tooks about 30 mins. Is there a tool to automatically add the 1024 footer used in bootmii and in every Wii NAND manager software taking it from Xyzzy keys.txt ?

Anyway I manually hex-edited the dump and decrypted/loaded it with showmiiwads:
eDpB2y0.png


Thank you !
 
Last edited by asper,

DarkKnight_TJ

Member
Newcomer
Joined
Oct 22, 2019
Messages
7
Trophies
0
Age
34
XP
285
Country
Mexico
i used both attached file and mediafire link, in both apps i get AHBPROT is not disabled error and then exits. i have installed "simpleiospatcher" with no errors. any idea?. thanks!
 

DarkKnight_TJ

Member
Newcomer
Joined
Oct 22, 2019
Messages
7
Trophies
0
Age
34
XP
285
Country
Mexico
well, i had to do "simpleiospatcher" manually to patch "AHBPROT", then i was able to dump wii mini nand. Is there any nand writer available for mini?
 

DarkKnight_TJ

Member
Newcomer
Joined
Oct 22, 2019
Messages
7
Trophies
0
Age
34
XP
285
Country
Mexico
is there any way to get a "normal" dump instead of an ".ecc" one? just for testing purposes (trying to make a "full dump" using a "normal" wii dump and encrypting using wii mini keys, would be nice to have full sytem capabilities back in wii mini xD). (i own a hardware programmer)
 

tech_land

Member
Newcomer
Joined
Feb 10, 2018
Messages
12
Trophies
0
Age
42
XP
43
Country
Italy
Great ! What is the average dumping time ? In my case it tooks about 30 mins. Is there a tool to automatically add the 1024 footer used in bootmii and in every Wii NAND manager software taking it from Xyzzy keys.txt ?Anyway I manually hex-edited the dump and decrypted/loaded it with showmiiwads:
Thank you !

is there a tool? is there a guide line to edit the dump with hex editor?
 

felixsrg

Temp's Ghost
Member
Joined
Aug 20, 2008
Messages
266
Trophies
0
Location
Here and there
XP
1,616
Country
Colombia
Hi there, thank you so much for this, it is nice to have the Wii Mini's NAND available and safe.


Great ! What is the average dumping time ? In my case it tooks about 30 mins. Is there a tool to automatically add the 1024 footer used in bootmii and in every Wii NAND manager software taking it from Xyzzy keys.txt ?

Anyway I manually hex-edited the dump and decrypted/loaded it with showmiiwads:
eDpB2y0.png
Thank you !

Hi there, maybe this is a stupid question, but may I ask how you got your console specific 1024-bytes? Thanks in advance.
 

asper

Well-Known Member
Member
Joined
May 14, 2010
Messages
931
Trophies
0
XP
1,691
Country
United States
Hi there, thank you so much for this, it is nice to have the Wii Mini's NAND available and safe.




Hi there, maybe this is a stupid question, but may I ask how you got your console specific 1024-bytes? Thanks in advance.
The 1024 bytes contains the OTP dump. You can obtain it using various tools, I used the latest Xyzzxy-mod (it is able to dump directly to a file and you just can copy-past the 1024 bytes at the end of the nand image). More info here, unfortunately not in english).
 
Last edited by asper,
  • Like
Reactions: felixsrg

felixsrg

Temp's Ghost
Member
Joined
Aug 20, 2008
Messages
266
Trophies
0
Location
Here and there
XP
1,616
Country
Colombia
The 1024 bytes are the OTP dump. You can obtain it using various tools, I used the latest Xyzzxy-mod (it is able to dump directly to a file and you just can copy-past the 1024 bytes at the end of the nand image). More info here, unfortunately not in english).

I was able to create my BootMii NAND with your instructions and the website you linked, thank you very much!
 
  • Like
Reactions: asper
General chit-chat
Help Users
  • No one is chatting at the moment.
    KenniesNewName @ KenniesNewName: https://youtube.com/shorts/mSSVwQ9i-UU?feature=share