What Wiis have vulnerable boot1?

Discussion in 'Wii - Hacking' started by haru3173, May 17, 2009.

  1. haru3173
    OP

    haru3173 Advanced Member

    Newcomer
    56
    0
    Feb 2, 2009
    United States
    I get a message from Bootmii saying Boot Can be installed in one variant” -The installed boot1 version prevents a boot2 install (-2). So I installed bootmii as IOS. Is it because of hardware or software? Can I make my wii to have vulnerable boot1 so I can install bootmii boot2? My wii is Lu35 if that helps.
     
  2. jan777

    jan777 motion control..? srsly? so 2008. 3DS is teh bombz

    Member
    2,829
    36
    Jan 4, 2008
    i think its hardware

    because if it was software, they would have tried to fix it first before distributing it

    maybe just wait where bootmii develops and eventually theyll be able to install it on all wiis
     
  3. frostyfrosty

    frostyfrosty GBAtemp Regular

    Member
    191
    0
    Oct 17, 2008
    United States
    California
    btw its boot2 =P
     
  4. _Alex_

    _Alex_ Member

    Newcomer
    24
    2
    Feb 8, 2009
    Gambia, The
    boot1 is software too, but its secured with a sha-1 encryption + hash, so if it's changed and doesn't match, your wii is permantly bricked...
     
  5. Slowking

    Slowking GBAtemp Maniac

    Member
    1,396
    24
    Dec 31, 2006
    Gambia, The
    It's boot1...

    Boot1 sits on a read only chip, so you can not change it and it verifys boot2. Since boot1s produced after mid 2008 don't have the signing bug in them anymore you can't fakesign boot2. It's that simple.
     
  6. haru3173
    OP

    haru3173 Advanced Member

    Newcomer
    56
    0
    Feb 2, 2009
    United States
    Does that mean there's no hope for us?
     
  7. Don Killah

    Don Killah GBAtemp Maniac

    Member
    1,127
    0
    Nov 21, 2002
    France
    yep, there's nothing we can do.
    basically there's 2 type of Wii:
    - those which can install as boot2 -> ultimate brick proof.
    - all the others (mines fall into this categorie [​IMG]) and install as ios -> brick proof with preloader...
     
  8. supagusti

    supagusti GBAtemp Regular

    Member
    287
    0
    Feb 2, 2008
    Australia
    not till the real certificates are leaked...

    edit: but maybe we can change the flash where boot1 resides. Is it a discrete chip or only part of something other - haven't found a systemboard layout yet!
     
  9. PNo4

    PNo4 GBAtemp Regular

    Member
    259
    0
    Apr 10, 2009
    boot1 is protected by boot0, and boot0 is inside the Hollywood Starlet.
     
  10. supagusti

    supagusti GBAtemp Regular

    Member
    287
    0
    Feb 2, 2008
    Australia
    That's real shit !
    Cause according to http://wiire.org/Wii/console/motherboard and the datasheet of U14 (the NAND, see http://pdf1.alldatasheet.com/datasheet-pdf...9F4G08U0A.html) there is no technical reason, why we cannot exchange boot1 to an older versions (if it really resides on the chip)
     
  11. supagusti

    supagusti GBAtemp Regular

    Member
    287
    0
    Feb 2, 2008
    Australia
    Ok - i've found it here: http://wiibrew.org/wiki/Boot_process
    boot1 is secured through a hash:
    As we know there are many different versions of code that produce the same hash.
    So it is indeed possible to modify the boot1 on any console out there (although it cannot be done by me ;-))
     
  12. PNo4

    PNo4 GBAtemp Regular

    Member
    259
    0
    Apr 10, 2009
    @supagusti

    No need to complicate the explanations, with 2-3 pages of linked information.

    boot1 is protected from alteration, by the sha-1 stored in OTP area, boot0 checks boot1 sha-1 against that sha-1 stored in the OTP area when you startup the Wii.

    Oh and for someone to find a correct boot1 alteration that works and produce the same sha-1 as the one stored in the OTP area, i don't think we'll see that before Wii 50 has come if ever [​IMG]