Repaired My Fully Bricked Wii without a Infectus\Nand Dump

Discussion in 'Wii - Hardware, Devices and Utilities' started by Thomas83Lin, Mar 12, 2016.

  1. Thomas83Lin
    OP

    Thomas83Lin Retro Gamer

    Member
    1,550
    420
    Jul 22, 2009
    United States
    Thought I'd share my little adventure fixing my Wii, I know this isn't a logical method, because it breaks another Wii but worked good for my purposes, plus I wanted to see if I could do it.

    Ok so I've been sitting on this bricked Wii since before Bootmii even got released, by installing a stubbed system menu IOS. Since this was my first Wii I wanted to repair it as cheaply as possible. My plan was to purchase a ProgSkeet. But found it would actually be cheaper to just purchase a donor Wii

    First thing to understand when using a donor Wii is that the Boot1 needs to match and the boot2 needs to be equal or greater than the Bricked Wii your fixing. Both Wii's Need to be BootMii Boot2 compatible also for this to work.

    Now I done some research on the serial of my bricked Wii and determined it was likely a boot1b. So I found a broken donor Wii on Ebay for $15 that was close as possible to my serial. Donor Wii ended up being a boot1b also, So this worked out. Also this broken donor Wii had a stuck sync button, which needed to be fixed before I could continue. After that here is the steps I took to get the keys and fix my bricked Wii.

    1. I first Installed bootmii to boot2 on donor Wii and done a nand backup.
    2. Removed both Wii's nand chip and installed the donor Wii nand chip to my bricked Wii.
    3. Bricked Wii now able to load bootmii, I performed a nand dump and received the keys from the dump.
    4. Used ohneschwanzenegger to rebuild nand with the received keys, then flashed back
    5. Loaded System Menu and performed a system menu update.
    6. Drink a Coke and play some games. and then wonder why I destroyed a Wii to fix another Wii:unsure:

    Extra- I do have the donor Wii's Nand Backup in case I ever decide to fix it. but doing so will require a Infectus or Progskeet (may not need a infectus or progskeet if Nand Hot swapping is possible, I read it is but haven't tested. May be a good project for later.

    Repair Pics

    Thanks:
    Gaintpune- creator of ohneschwanzenegger
    DeadlyFoez- Very helpful info needed to complete the task
    and to the creators of Bootmii Thanks for a very handy program!
     
    Last edited by Thomas83Lin, Mar 15, 2016
    DinohScene likes this.
  2. DinohScene

    DinohScene Dino May Fire

    Member
    GBAtemp Patron
    DinohScene is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    15,594
    11,970
    Oct 11, 2011
    Antarctica
    В небо
    Heh interesting.
    Never knew this was possible, I though the entire NAND was encrypted with the Wii console specific keys.
     
  3. Thomas83Lin
    OP

    Thomas83Lin Retro Gamer

    Member
    1,550
    420
    Jul 22, 2009
    United States
    Its my understanding bootmii boot2 is encrypted with the common key and signed but not with the console specific key. All the data after is then encrypted with the console specific key. I researched this heavily before starting this project and honestly wasn't 100% sure it would work. Until I actually did it. And it does work.

    edit: Further researching its showing boot1 0x3f is what is not encrypted using the Console Specific key, I guess since that is where the vulnerability lives that it allows bootmii to load without being encrypted with the console key, I'm really not sure there isn't much info on the subject. But it does work as seen here.
     
    Last edited by Thomas83Lin, Mar 12, 2016
  4. DinohScene

    DinohScene Dino May Fire

    Member
    GBAtemp Patron
    DinohScene is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    15,594
    11,970
    Oct 11, 2011
    Antarctica
    В небо
    Well TIL.
    Wii's are dirt cheap these days so transplanting an entire system is easier ;p
     
  5. Thomas83Lin
    OP

    Thomas83Lin Retro Gamer

    Member
    1,550
    420
    Jul 22, 2009
    United States
    I didn't do it for the Wii, I done it because it was a challenge. I also failed to mention this was my first time removing\replacing a tsop48
     
    Last edited by Thomas83Lin, Mar 13, 2016
  6. DinohScene

    DinohScene Dino May Fire

    Member
    GBAtemp Patron
    DinohScene is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    15,594
    11,970
    Oct 11, 2011
    Antarctica
    В небо
    It's an extremely interesting challenge.

    I'd say add these findings to Wiibrew.
     
  7. Thomas83Lin
    OP

    Thomas83Lin Retro Gamer

    Member
    1,550
    420
    Jul 22, 2009
    United States
    Fairly sure this is known info, it just not wide spread.
     
  8. stalker4len

    stalker4len Newbie

    Newcomer
    2
    0
    Apr 13, 2017
    Serbia, Republic of
  9. Thomas83Lin
    OP

    Thomas83Lin Retro Gamer

    Member
    1,550
    420
    Jul 22, 2009
    United States
    looking back at this, mainly this was a clever way of getting the keys from my fully bricked wii, Now if i wanted to fix the donor wii I could just flash a nand chip using the nand backup I took on step 1. I have many options now to fix the other wii.
     
  10. stalker4len

    stalker4len Newbie

    Newcomer
    2
    0
    Apr 13, 2017
    Serbia, Republic of
    Yes many options is good. Now i have a bricked Wii, and still have teensy 2.0 ++ (I use it for ps3) so I think it should work for wii.