Hacking SNEEK v2

[bert02]

thanks buffdog

@Wever
my appologies i didnt explain it right
after turning off my wii and removing the sd card (sneek) and trying to run it normally again my wii remotes wouldnt sync even with the sync button but after a few reboots they eventually decided to work


ok with showmywads i have opened my sneek and deleted the useless stuff
how do i install wads to update them if i dont have it in that backup eg as i used my 3.2 backup and want to update to 4.2 but dont have some of the ios in the 3.2 version
i can see how to install ontop of another 1 just not a new 1

 

[VashTS]

So has anyone made this load fast enough to seem like real NAND yet? if so what configuration of files are you using i would like to test it out.

 

[lifebook]

So has anyone made this load fast enough to seem like real NAND yet? if so what configuration of files are you using i would like to test it out.

this below the fastest for me , setting from minimum configuration then install others (ios, channel, etc)

I used bootmii nand backup, then i extracted using showmiiwad.
after that use showmiiwad again to remove all title (ios, channel, etc) except sysmenu 4.1 & ios 60 (other sysmenu , different ios).
then i use windows explorer to remove content of extract nand,

all in /shared2
all in /meta, except /meta/00000001
all in /title, except /title/00000001
all in /ticket, except /ticket/00000001

all in /title/00000001, except /title/00000001/00000002 and /title/00000001/00000003c
all in /ticket/00000001, except /ticket/00000001/00000002.tik and /ticket/00000001/0000003c.tik

done
run sneek

note:
00000002 and 0000003c > depend on your sysmenu and ios , check by showmiiwad, see the filename (remember we just delete all title except sysmenu and ios for sysmenu). 02 > sysmenu, 3c > ios 60

when sneek booting in first time, it will take a few minute then we will be asked to set wii setting (language, country , date time , etc),
after all above , you can update ios (cioscorp 3.6 for backup game), channel (hbc, others) , sysmenu, etc via shomiiwad / disc /wad manager

and i think, the speed is enough for me.

 

[bert02]

i cant seem to get any apps to run off the usb drive i can see them but when i load them they load to a black screen then dont do anything...

also my hbc is upside down for some reason how do i re install it if i cant use my sd card with hackmii on it do i put hackmii on the usb? but then how do i load it if nothing is loading from my usb



created a new nand backup of my 4.2 but priiloader boots to cfg loader yet it wont load in sneek and i cant get into the priiloader menu to change where priiloader boots

 

[fogbank]

also my hbc is upside down for some reason how do i re install it if i cant use my sd card with hackmii on it do i put hackmii on the usb? but then how do i load it if nothing is loading from my usb

You can delete the last ~30KB of the HBC 00000001.app starting at 0x68420 using a hex editor. Your HBC should then load right side up.
Make a backup copy of the .app file first.
You can also reinstall a clean, unpatched verion of the IOS that HBC is running on and then reinstall HBC on your real NAND, then make another dump.
OR
You can get the HackMii installer to run on SNEEK if you mess around with it enough. Compile SNEEK with the SD enabled (see previous posts, the FAQ, etc...), look for wilsoff's HBCI channel, put the HackMii installer in the root of your USB device, try different SD cards, etc...

The quickest and most direct method is to hex edit the 00000001.app file.

 

[bert02]

cheers but i ended up re ripping my nand and it worked

 

[zoomx]

I can confirm that a serial made of all zeroes works, so I believe that there isn't any check on it.

After discovering some mistakes I made I was able to start sneek with only 3.4E system menu, IOS30 and IOS 35.

I a Hex editor seiing.txt seems to have a strange line separator made of two carriage return and one line feed (13 13 10 or 0D 0D 0A) so i made the change using it instead of using notepad, like willsoff wrote.

 

[wilsoff]

You can delete the last ~30KB of the HBC 00000001.app starting at 0x68420 using a hex editor. Your HBC should then load right side up.

You can get the HackMii installer to run on SNEEK if you mess around with it enough. Compile SNEEK with the SD enabled (see previous posts, the FAQ, etc...), look for wilsoff's HBCI channel, put the HackMii installer in the root of your USB device, try different SD cards, etc...

Good find on the hex edit of 01.app.

Have you got HBCI to run on a USA systemmenu? It always hangs for me on 3.2U. It works fine for me on 3.2J, 3.2E, 3.5K though. Random,

 

[ande_00]

Hi!

I'm totally new to the Wii modding scene but I've been doing a lot of reading around here. In fear of bricking my console I have not yet done any modification to it but using sneek v2 seems pretty much like a waterproof plan. I have a 4.0e console and i would like a clarification if possible.
As i want to leave my real NAND untouched, do i still need to follow every step in the huge "Modify and Wii 4.2 and below"-thread?

Can steps 1, 3,4,5,6 can be done after i have installed sneek v2? As I've understood, the essenatials to be able to use sneek is HBC, BootMii (and PriiLoader if i want to autoboot)


"1] Updates your wii to the latest firmware.
2] Installs the Homebrew Channel, Bootmii, & DVDX onto your wii.
3] Enables the trucha bug your Wii for homebrew to operate correctly.
4] Installs custom IOS 202 [USB 2.0 support], 222 & 223 [Hermes v4], 249 & 250 [Waninkoko v17] to your wii.
5] Allows your Wii to play Wii backups through a backup loader, directly from the disc channel, &/or via usb.
6] Play Wiiware & Virtual Console games off the sd card menu." - (taken from "Modify and Wii 4.2 and below"-thread)

Grateful for any help
Thanks!

 

[giantpune]

the only thing you need to do is use bannerbomb to run the hackmii installer to install bootmii. you also need a way to start bootmii. if you can only install it as a IOS, then install HBC.

 

[Det1re]

You can delete the last ~30KB of the HBC 00000001.app starting at 0x68420 using a hex editor. Your HBC should then load right side up.
Make a backup copy of the .app file first.

Has this been confirmed to work? wilsoff points in that direction, but I'm unsure... ^^

 

[conanac]

In case anyone wants to use wiird with sneek or want to keep USBGecko plugged in the memory slot B when running sneek, I have compiled armboot.bin, esmodule.elf and fsmodule.elf without gecko links (and with sd card access for
wiibrew applications so you could run a game with sd cheats in geckoos).

In these testing videos (parts 1 and 2) below, you could find the link to download the zipped file which contains those files.

To sneek developer/gurus -- thanks always for creating this great app, and for assisting us on using it.

Cheers.

 

[fogbank]

Good find on the hex edit of 01.app.

Have you got HBCI to run on a USA systemmenu? It always hangs for me on 3.2U. It works fine for me on 3.2J, 3.2E, 3.5K though. Random,

Yes. Do you have your 3.2U on a different SD card than the NANDs that worked? For me it came down to the SD card I was using. It didn't work for me on 3.2E or 3.2U until I tried a different SD card. Even with the HackMii installer boot.elf on USB.

 

[fogbank]

You can delete the last ~30KB of the HBC 00000001.app starting at 0x68420 using a hex editor. Your HBC should then load right side up.
Make a backup copy of the .app file first.

Has this been confirmed to work? wilsoff points in that direction, but I'm unsure... ^^

I have tested it several times with HBC v1.06. I doubt it would work with earlier versions since the size of the .app file may be different.

An upside down HBC will have a 01.app file of approx. 448KB. A rightside up HBC will have a 01.app file of approx. 418KB. If you do a file compare the only difference is the last ~30KB. I have done an in-place edit on a SNEEK NAND, deleted the last ~30KB difference, and had a working 1.06 rightside up HBC.

 

[Krestent]

The weird thing is, my cIOSCORP 3.5 SNEEK NAND runs HBC right-side up.

 

[fogbank]

The weird thing is, my cIOSCORP 3.5 SNEEK NAND runs HBC right-side up.

Also weird is the fact that my real NAND HBC never ran upside down, even with the 448KB app file. But my first SNEEK NANDs from BootMii dumps did.

When using a real NAND the HBC must check something else before flipping upside down. Something that SNEEK doesn't handle correctly, or something that is not dumped/extracted correctly(?)

 

[diego71102244]

hi guys quick question here, i have a wii lu39xxxx with a 4.2 SM and im on my way to try a 3.2U version of sneek on my wii, i hear somewhere that new wiis does not support a SM below 3.4, so my question is:

with sneek i will be able to run a 3.2 SM on a wii lu39xxxxx??

thanks for advance.

 

[Krestent]

hi guys quick question here, i have a wii lu39xxxx with a 4.2 SM and im on my way to try a 3.2U version of sneek on my wii, i hear somewhere that new wiis does not support a SM below 3.4, so my question is:

with sneek i will be able to run a 3.2 SM on a wii lu39xxxxx??

thanks for advance.

SNEEK can run any system menu on any Wii

 

[fogbank]

When using a real NAND the HBC must check something else before flipping upside down. Something that SNEEK doesn't handle correctly, or something that is not dumped/extracted correctly(?)

In my BootMii dumps where the 01.app file is 448KB but the HBC still loads rightside up (using real NAND) the content size and SHA-1 in the TMD match the 418KB .app file, NOT the size and SHA-1 of the 448KB .app file.

Here's a theory on how this might be happening:

On real NAND the HBC checks the SHA-1 of the 01.app in the TMD. If it finds the correct SHA-1 for the 418KB .app file it loads right-side up. If not, it attempts to load upside down using the 448KB .app file. As a failsafe, if it can't load upside down (let's say the 418KB .app file exists instead of the 448KB file) it then loads rightside up.

On SNEEK NAND the HBC also checks the SHA-1 of the 01.app in the TMD. If SNEEK does not handle this check correctly it will not return the correct SHA-1 (NULL?) and HBC will attempt to load upside down. Again, as a failsafe, HBC will load rightside up if only the 418KB file exists.

So on my real NAND the HBC always loaded righside up because the SHA-1 of the 01 content in the TMD matched the known SHA-1 of the 418KB .app file. This occurred despite the fact that the 448KB .app file was on the NAND.

On my SNEEK NAND the HBC loaded upside down because it could not retrieve the correct SHA-1 value from the TMD and because the 448KB .app file existed on the NAND. Once I hexedited the .app file and remove the ~30KB from the end the "failsafe" kicked in and the HBC loaded rightside up.

This is purely speculation.

 

[tylerzentz]

I'm having issues getting SNEEK to work on one of my Wiis. It loads up just fine on one Wii, but when I take the SD card out and put it in the other, I load bootmii IOS from HBC and the screen goes black as if there is no video input but the Wii remains powered on and nothing happens if I let it go. Suggestions?