Hacking What exactly makes Priiloader not work on vWii?

[leseratte]

Now in the last years, there have been a couple posts of people who tried installing Priiloader on their vWii, and it did no longer work, and they had to use ftpiiU to restore a working vWii system menu.

However I was unable to find an explaination for why that happens. Has anyone who knows more about the WiiU ever looked into that to see why that would happen? I know that there are working vWii system menu themes, so modifications of the system menu shouldn't be the thing that triggers the brick.

Is the brick caused by the WiiU not willing to boot Priiloader? Or is it caused by Priiloader not doing what's expected? Did anyone ever look into that to figure out if there could be a way in the future to install Priiloader in the vWii?

 

[Deleted User]

Now in the last years, there have been a couple posts of people who tried installing Priiloader on their vWii, and it did no longer work, and they had to use ftpiiU to restore a working vWii system menu.

However I was unable to find an explaination for why that happens. Has anyone who knows more about the WiiU ever looked into that to see why that would happen? I know that there are working vWii system menu themes, so modifications of the system menu shouldn't be the thing that triggers the brick.

Is the brick caused by the WiiU not willing to boot Priiloader? Or is it caused by Priiloader not doing what's expected? Did anyone ever look into that to figure out if there could be a way in the future to install Priiloader in the vWii?

I reckon it happens because of security.The WiiU´s cpu has a much higher security.It uses an OS. This OS enables the cpu to use special rights. And this also is intact in vWii-mode!
A restriction-access on WiiU often results in a black-screen.

 

[leseratte]

Yeah, but how does that change when you install Priiloader? The WiiU doesn't check that the TMD be well-signed, otherwise you couldn't install vWii themes (that modify the system menu, too). And the .app file is just a DOL, how would the WiiU be able to verify that?

Or is it just that Priiloader does some of these "high security things" wrong, but it just never mattered on Wii but does matter on WiiU?

 

[Deleted User]

Yeah, but how does that change when you install Priiloader? The WiiU doesn't check that the TMD be well-signed, otherwise you couldn't install vWii themes (that modify the system menu, too). And the .app file is just a DOL, how would the WiiU be able to verify that?

Or is it just that Priiloader does some of these "high security things" wrong, but it just never mattered on Wii but does matter on WiiU?

You just run "Wii-software" in vWii-mode. The cpu of WiiU is the same, but like i said with much higher security added. This cpu knows that you try to run homebrew on it. You don´t have "super-visor" rights & thus restricts your access.

The Wii used the same cpu, but not with those added security-features.And thus you can´t do anything. This isn´t some fancy hardware-based encryption. It´s a software-based solution which works over the higher bandwidth of the WiiU´s cpu. High Bandwidth cannot be "breached" or "circumvented".
And this system works invisible to the user. It´s not something you can hack. I reckon this security is put exactly in the middle of the WiiU´s PowerPC-cpu. This security makes sure nobody without permission can run code with higher speed on it.

And finally: WiiU´s cpu is able to analyze code (dol) before executing it. The cpu checks for special permission-flags.If these aren´t valid or not there, a blackscreen (permission-error) happens.

 

[DacoTaco]

You just run "Wii-software" in vWii-mode. The cpu of WiiU is the same, but like i said with much higher security added. This cpu knows that you try to run homebrew on it. You don´t have "super-visor" rights & thus restricts your access.

The Wii used the same cpu, but not with those added security-features.And thus you can´t do anything. This isn´t some fancy hardware-based encryption. It´s a software-based solution which works over the higher bandwidth of the WiiU´s cpu. High Bandwidth cannot be "breached" or "circumvented".
And this system works invisible to the user. It´s not something you can hack. I reckon this security is put exactly in the middle of the WiiU´s PowerPC-cpu. This security makes sure nobody without permission can run code with higher speed on it.

And finally: WiiU´s cpu is able to analyze code (dol) before executing it. The cpu checks for special permission-flags.If these aren´t valid or not there, a blackscreen (permission-error) happens.

this is horsesh*t and some of it felt like you just smacked words together. you can run homebrew code on the vWii just fine. all you need to do is have a channel that has its booting .app slightly altered ( entrypoint pointing to the binary and not the nand code) or an exploit to run unsigned code with and youre in full control of the vWii

Priiloader doesn't work because the PowerPC CPU verifies & decrypts the code its going to run when it gets reset or enabled.
see my explanation & research here :
https://github.com/DacoTaco/priiloader/issues/220#issuecomment-575986912

in short : System menu's boot binary, that priiloader replaces, is an ancast image that gets verified & decrypted when starting vWii. when booting channels or games it uses a different ancast image that just chainloads what it was asked to boot, which can be anything like on the wii

 

[Alexander1970]

this is horsesh*t and some of it felt like you just smacked words together. you can run homebrew code on the vWii just fine. all you need to do is have a channel that has its booting .app slightly altered ( entrypoint pointing to the binary and not the nand code) or an exploit to run unsigned code with and youre in full control of the vWii

Priiloader doesn't work because the PowerPC CPU verifies & decrypts the code its going to run when it gets reset or enabled.
see my explanation & research here :
https://github.com/DacoTaco/priiloader/issues/220#issuecomment-575986912

in short : System menu's boot binary, that priiloader replaces, is an ancast image that gets verified & decrypted when starting vWii. when booting channels or games it uses a different ancast image that just chainloads what it was asked to boot, which can be anything like on the wii

Thank you for the Clarification and your really great Explanation on github.

 

[Deleted User]

this is horsesh*t and some of it felt like you just smacked words together. you can run homebrew code on the vWii just fine. all you need to do is have a channel that has its booting .app slightly altered ( entrypoint pointing to the binary and not the nand code) or an exploit to run unsigned code with and youre in full control of the vWii

Priiloader doesn't work because the PowerPC CPU verifies & decrypts the code its going to run when it gets reset or enabled.
see my explanation & research here :
https://github.com/DacoTaco/priiloader/issues/220#issuecomment-575986912

in short : System menu's boot binary, that priiloader replaces, is an ancast image that gets verified & decrypted when starting vWii. when booting channels or games it uses a different ancast image that just chainloads what it was asked to boot, which can be anything like on the wii

It isn´t horseshit because you just described in a long text how it exactly works (which i wasn´t correct with). Still i said Short: Security-reasons are why Priiloader can´t run on vWii without changes. Guess what i said in short version? Security. I was right.

 

[DacoTaco]

It isn´t horseshit because you just described in a long text how it exactly works (which i wasn´t correct with). Still i said Short: Security-reasons are why Priiloader can´t run on vWii without changes. Guess what i said in short version? Security. I was right.

'security', yes. (if you patch IOS to boot SM like any other title then you can still run priiloader just fine)
but it has nothing to do with 'super-visor rights' or 'a software-based solution which works over the higher bandwidth of the WiiU´s cpu'.
on top of that 'High Bandwidth cannot be "breached" or "circumvented".' is also utter crap.
it also doesn't check the 'special permission' flags either which i can only guess means the TMD flags, which are ignored since in vWii its baremetal

if all you said was true then HBC could never work and neither could the priiloader installer or my small HBC takeover application/demo

the only reason priiloader doesn't work is because IOS loads the nand loader from SM directly (which is encrypted on nand and decrypted by the cpu's bootrom, not some external software) and not from (encrypted) vWii nandloader titles. thats it.