Hacking Unsoftmoddable Wii

adidas77 · Mar 17, 2009

Mine is a LU64xxxx and I'm stuck with the same issue, I can't downgrade the IOS. Tried to uninstall 249 but I'm getting and error with ATDELETE, black screen with cios-uninstaller_v1.0 and cios-uninstaller_v1.1.

Looks like I'll need to wait for some new hack version.

fogbank · Mar 17, 2009

adidas77 said:
Mine is a LU64xxxx and I'm stuck with the same issue, I can't downgrade the IOS. Tried to uninstall 249 but I'm getting and error with ATDELETE, black screen with cios-uninstaller_v1.0 and cios-uninstaller_v1.1.

Looks like I'll need to wait for some new hack version.

Can you run Title Lister? I don't think Title Lister uses cIOS, so hopefully it should run.
If so does it definitely list IOS249?

If it does we know that homebrew can still write to the NAND and install a fakesigned title (we know it can still write to the NAND because WADManager is able to install IOS16).

Can you run a backup launcher or any other app that relies on cIOS but does not attempt to modify the NAND (I don't think backup launchers modify the NAND)?

fogbank · Mar 17, 2009

noobwarrior7 said:
nintendo's history of taking the easy way out makes me think this might be a tricky cop-out fix again.

Like the November 17th blocking of PatchMii by giving us IOS254. Easy to work around...

If they are somehow detecting IOS249 it would be fairly simple to install cIOS at a different IOS slot and recode certain apps to run on that IOS instead. But it couldn't be that simple, could it?

QUOTE(noobwarrior7 @ Mar 13 2009, 06:00 PM) it seems to be something with blocking FS access, because "apps" arent fakesigned, so there is no reason they shouldnt run really.

Which is why I would like to know if a simple app that does not attempt FS access can still run on IOS249 (assuming it is really being successfully installed).

I'm just speculating, and I would imagine that a lot of this is already being tested "behind the scenes", but I would be curious to know what else has been discovered on this issue.

joenels · Mar 18, 2009

add me to the list of afflicted...I have posted over in newbie thread and am not very technical on the wii side of things.I was following the guide with the hack pack and installed HBC,then ran wad manager and installed ios16,then ciosfix and after that nothing will run in HBC other than custom wad manager.I have reformatted the SD and tried a couple of different softmad packs and get the same error.If anybody finds a fix please let me know...

fogbank · Mar 19, 2009

joenels said:
add me to the list of afflicted...I have posted over in newbie thread and am not very technical on the wii side of things.I was following the guide with the hack pack and installed HBC,then ran wad manager and installed ios16,then ciosfix and after that nothing will run in HBC other than custom wad manager.I have reformatted the SD and tried a couple of different softmad packs and get the same error.If anybody finds a fix please let me know...

Can you download and attempt to run these apps:

http://www.tepetaklak.com/data/title_lister.rar
http://www.tepetaklak.com/data/title_lister_37_512.rar
http://www.tepetaklak.com/data/title_lister_249.rar

If any of them run you should get a listing of titles on your SD card (titles.txt).

See if there is a title listing for IOS249 on that listing. It should look something like this:

Title=1-f9 (IOS249) vers: 0.7 (7)

EDIT: In order to run the generic title lister (title_lister.rar) from the latest version of the Homebrew Channel you will probably have to convert the .elf to a .dol.

adidas77 · Mar 19, 2009

I'll try this tonight. If 249 rev xxx shows up what will that tell you. I'm pretty sure I was able to install Cios 249 rev 7 from SoftMii. I'll run this later and send the results later.

Thanks

joenels · Mar 19, 2009

I will run these shortly but as adidas says I was able to install cios 249 rev 7 from custom wad manager...it made no difference in the apps locking up.

dwii · Mar 20, 2009

so anything new guys ?

i went out and found a brand new lu3xx wii, everything seems just fine.

just want to thank everyone in this thread that helped me avoid these newer wii's, if they are in fact unsoftmoddable.

Cmurda187 · Mar 20, 2009

The new Wii's are softmoddable. Lets put an end to this rumor. I purchased a new wii 2 weeks ago and absolutly had no problem with softmod. Yes the serial begins with lu3xxxxxxxx.

WiiPower · Mar 20, 2009

About the serials:
If LU62xxxx Wiis have 3.3 firmware, then i guess only the LU64xxxx+, or maybe even only the LU644xxx+ are not softmoddable. And if you bought a Wii 2 weeks ago, it could be a 4 weeks old batch, and if somebody bought a Wii yesterday it could be a Wii produced less than a week before. Just my 2 cents about that.

About the not moddable Wiis:
So installation of IOS16 and a cIOS works, and then the problems begin? Do ALL programs black screen in the HBC or only the ones which use IOS249 if available(most of Waninkoko's for example)?

Deinstallation of stuff will fail because 1. the cIOS can't be used, 2. 3.4 IOS don't allow you to delete system stuff and 3. i'm almost sure IOS16 isn't able to delete stuff(at least not with the commands you use with other IOS). And deinstallation is required to onrder to "overwrite" IOS or the system menu.

bellevillerc · Mar 20, 2009

WiiPower said:
About the serials:
If LU62xxxx Wiis have 3.3 firmware, then i guess only the LU64xxxx+, or maybe even only the LU644xxx+ are not softmoddable. And if you bought a Wii 2 weeks ago, it could be a 4 weeks old batch, and if somebody bought a Wii yesterday it could be a Wii produced less than a week before. Just my 2 cents about that.

About the not moddable Wiis:
So installation of IOS16 and a cIOS works, and then the problems begin? Do ALL programs black screen in the HBC or only the ones which use IOS249 if available(most of Waninkoko's for example)?

Deinstallation of stuff will fail because 1. the cIOS can't be used, 2. 3.4 IOS don't allow you to delete system stuff and 3. i'm almost sure IOS16 isn't able to delete stuff(at least not with the commands you use with other IOS). And deinstallation is required to onrder to "overwrite" IOS or the system menu.

I am having the same issues. My serial starts out LU645... and has/came with 3.4U on it. The installation of IOS16 and cIOS worked, and then the problems did begin. Can't run WADmanager, but can run the custom wad manager and the wadmanager16 works also. Prior to installing the IOS16 and a cIOS the WADmanager would work, and so would the other basic apps that are downloadable with the HBC. After installation, only a select few items i listed above will now work. Everything else just gives a black screen and locks up, and you have to manually shut the wii down and turn it back on again. Also installation of other wads (using the custom WAD manager) look like they are working but then give errors.

I'm not at home rtight now so to give exact errors and apps would be difficult till i have them infront of me later.

Hope this info helps somewhow, and hopefully someone can help me =)

thanks,

WiiPower · Mar 20, 2009

@everybody with unmoddable Wiis, try this Wad Manager:
http://rapidshare.com/files/211486724/WAD-...IOS249.zip.html

It loads IOS16 first and then IOS249. There's a slight chance this solves the problem. I'm not sure, but i think the ios reload command is inside the IOS and maybe there's a ios reload block in the new IOS which blocks trucha signed IOS.

PS: In theory you will only need this WAD Manager for all purposes as it uses IOS249 if available, if not avaiable, it uses IOS16 if available and if not, it just uses the IOS it was loaded with.
PPS: This WAD Manager is ported to the new libogc and only supports sd and usb storage.

adidas77 · Mar 20, 2009

Ok, here's the info from title lister, I had to use title_lister_37_512 because teh other ones were locking up the system before asking to write to the file.

Found 48 titles:
1: Title=10001-48415858 (downloaded channel 'HAXX') vers: 0.1 (1) FW: IOS36
2: Title=10000-524d4745 (savedata for 'RMGE') FW: IOS33
3: Title=10000-525a4445 (savedata for 'RZDE') FW: IOS9
4: Title=10000-00555044 (savedata for '.UPD') FW: IOS4
5: Title=10000-52535045 (savedata for 'RSPE') FW: IOS21
6: Title=10000-00555045 (savedata for '.UPE') vers: 0.2 (2) FW: IOS4
7: Title=10008-48414c45 (hidden? channel 'HALE') vers: 0.2 (2) FW: IOS31
8: Title=10008-48414b45 (hidden? channel 'HAKE') vers: 0.2 (2) FW: IOS31
9: Title=10002-48414745 (system channel 'HAGE') vers: 0.7 (7) FW: IOS31
10: Title=10002-48414741 (system channel 'HAGA') vers: 0.3 (3) FW: IOS13
11: Title=10002-48414241 (system channel 'HABA') vers: 0.13 (13) FW: IOS51
12: Title=10002-48414645 (system channel 'HAFE') vers: 0.7 (7) FW: IOS31
13: Title=10002-48414641 (system channel 'HAFA') vers: 0.3 (3) FW: IOS13
14: Title=10002-48415941 (system channel 'HAYA') vers: 0.2 (2) FW: IOS31
15: Title=10002-48414141 (system channel 'HAAA') vers: 255.0 (65280) FW: IOS13
16: Title=10002-48414341 (system channel 'HACA') vers: 0.6 (6) FW: IOS31
17: Title=1-f9 (IOS249) vers: 0.7 (7)
18: Title=1-10 (IOS16) vers: 1.1 (257)
19: Title=1-fe (IOS254) vers: 0.2 (2)
20: Title=1-37 (IOS55) vers: 18.25 (4633)
21: Title=1-35 (IOS53) vers: 16.17 (4113)
22: Title=1-33 (IOS51) vers: 18.25 (4633)
23: Title=1-32 (IOS50) vers: 19.25 (4889)
24: Title=1-26 (IOS38) vers: 14.25 (3609)
25: Title=1-25 (IOS37) vers: 14.25 (3609)
26: Title=1-23 (IOS35) vers: 12.16 (3088)
27: Title=1-22 (IOS34) vers: 12.15 (3087)
28: Title=1-21 (IOS33) vers: 11.16 (2832)
29: Title=1-1f (IOS31) vers: 12.16 (3088)
30: Title=1-1e (IOS30) vers: 11.0 (2816)
31: Title=1-1c (IOS28) vers: 5.12 (1292)
32: Title=1-16 (IOS22) vers: 3.9 (777)
33: Title=1-15 (IOS21) vers: 2.10 (522)
34: Title=1-14 (IOS20) vers: 1.0 (256)
35: Title=1-11 (IOS17) vers: 2.5 (517)
36: Title=1-f (IOS15) vers: 1.9 (265)
37: Title=1-e (IOS14) vers: 1.6 (262)
38: Title=1-d (IOS13) vers: 0.15 (15)
39: Title=1-c (IOS12) vers: 0.11 (11)
40: Title=1-b (IOS11) vers: 1.0 (256)
41: Title=1-a (IOS10) vers: 3.0 (768)
42: Title=1-9 (IOS9) vers: 2.8 (520)
43: Title=1-24 (IOS36) vers: 12.18 (3090)
44: Title=1-3 (IOS3) vers: 255.0 (65280)
45: Title=1-101 (MIOS) vers: 0.9 (9)
46: Title=1-100 (BC) vers: 0.5 (5)
47: Title=1-2 (System Menu) vers: 1.129 (385) FW: IOS50
48: Title=1-4 (IOS4) vers: 255.0 (65280)

Thanks

Diffusion · Mar 20, 2009

adidas77 said:
44: Title=1-3 (IOS3) vers: 255.0 (65280)

Only thing I caught that looks new

, and it isn't on NUS.

shadowmanr6 · Mar 20, 2009

WiiPower said:
About the serials:
If LU62xxxx Wiis have 3.3 firmware, then i guess only the LU64xxxx+, or maybe even only the LU644xxx+ are not softmoddable. And if you bought a Wii 2 weeks ago, it could be a 4 weeks old batch, and if somebody bought a Wii yesterday it could be a Wii produced less than a week before. Just my 2 cents about that.

About the not moddable Wiis:
So installation of IOS16 and a cIOS works, and then the problems begin? Do ALL programs black screen in the HBC or only the ones which use IOS249 if available(most of Waninkoko's for example)?

Deinstallation of stuff will fail because 1. the cIOS can't be used, 2. 3.4 IOS don't allow you to delete system stuff and 3. i'm almost sure IOS16 isn't able to delete stuff(at least not with the commands you use with other IOS). And deinstallation is required to onrder to "overwrite" IOS or the system menu.

The last Wii i grabbed about a week ago came as a LU646xxx serial, had 3.4u on it, was able to put load both wad manager 1.3 and the WAD_Manager_IOS16 (not sure which this is) was able to do the offline wad install method with all the appropriate wads followed by sysmenu249, then the offline installer for gators cios fix thing, had no errors

Jacobeian · Mar 20, 2009

WiiPower said:
@everybody with unmoddable Wiis, try this Wad Manager:
http://rapidshare.com/files/211486724/WAD-...IOS249.zip.html

It loads IOS16 first and then IOS249. There's a slight chance this solves the problem. I'm not sure, but i think the ios reload command is inside the IOS and maybe there's a ios reload block in the new IOS which blocks trucha signed IOS.

PS: In theory you will only need this WAD Manager for all purposes as it uses IOS249 if available, if not avaiable, it uses IOS16 if available and if not, it just uses the IOS it was loaded with.
PPS: This WAD Manager is ported to the new libogc and only supports sd and usb storage.

IOS_Reload is a libogc function, it only send common ES_ command to IOS via the IPC mechanism (ES_GetNumTicketViews, ES_GetTicketViews, ES_LaunchTitle)
ES_LAunchTitle (aka IPC RELAUNCH command) might be the one that has been modified in the ES module with additional title ID checking, which means neither IOS16 or IOS249 could be launched, even if previously installed

seems like a logical protection to me, with IOS16 locked and signature bug patched everywhere, there is absolutely no more ways to install fakesigned titles

WiiPower · Mar 20, 2009

Where is the ES_LaunchTitle defined? The people with these Wiis report that they can use IOS16 to install a cIOS, but can't use that cIOS. So if ES_LaunchTitle is defined inside the IOS, this WAD Manager mod has a chance to solve the problems. (Until nintendo finally includes a trucha patched IOS16)

Jacobeian · Mar 20, 2009

yes, that might be , I now understand what you have done

ES functions are indeed only a set of command being "sent" to the Starlet IOS which is himself responsible of executing those commands

if IOS16 can still be loaded but not IOS249, then they obviously only added signature check in the "launch" command execution
so launching IOS249 "from" a running IOS16 should be possible since it's the only "clean" IOS remaining

I don't know how advanced they are and if they know that IOS16 is used by pirates however
if their next step is to patch this last hole, game is over

fogbank · Mar 20, 2009

Diffusion said:
adidas77 said:

44: Title=1-3 (IOS3) vers: 255.0 (65280)

Click to expand...

Only thing I caught that looks new

, and it isn't on NUS.

I think that's enough evidence that there is something different about the latest batch of Wii's. The next logical step would be to find someone with a LU64xxxx+ Wii that succesfully softmodded their system and still had IOS3 installed from the factory.

Can anyone confirm that they have a successfully softmodded Wii that contains IOS3?

IOS3 may be a red herring....?

fogbank · Mar 20, 2009

adidas77 said:
Ok, here's the info from title lister, I had to use title_lister_37_512 because teh other ones were locking up the system before asking to write to the file.

Found 48 titles:
17: Title=1-f9 (IOS249) vers: 0.7 (7)

44: Title=1-3 (IOS3) vers: 255.0 (65280)

Thanks

This tells us 3 things:

1. cIOS has been successfully installed to IOS249 and remains after a reset. Not that we couldn't trust the result code from the custom WAD manager, but it's useful to independently verify that the cIOS is truly present.

2. The title_lister_37_512 can successfully read the contents of the NAND (at least enough to make the listing) while the others cannot. There is something different about it that allows it to do so.

3. There is a new IOS (3) that I've never heard of (as Diffusion pointed out).

Thanks for doing that!

Hacking Unsoftmoddable Wii

Member

Well-Known Member

Well-Known Member

Member

Well-Known Member

Member

Member

Well-Known Member

Well-Known Member

Well-Known Member

Member

Well-Known Member

Member

Well-Known Member

Well-Known Member

Well-Known Member

Well-Known Member

Well-Known Member

Well-Known Member

Well-Known Member

Similar threads

Popular threads in this forum