What Wiis have vulnerable boot1?

Discussion in 'Wii - Hacking' started by haru3173, May 17, 2009.

May 17, 2009
  1. haru3173
    OP

    Newcomer haru3173 Advanced Member

    Joined:
    Feb 2, 2009
    Messages:
    56
    Country:
    United States
    I get a message from Bootmii saying Boot Can be installed in one variant” -The installed boot1 version prevents a boot2 install (-2). So I installed bootmii as IOS. Is it because of hardware or software? Can I make my wii to have vulnerable boot1 so I can install bootmii boot2? My wii is Lu35 if that helps.
     
  2. jan777

    Member jan777 motion control..? srsly? so 2008. 3DS is teh bombz

    Joined:
    Jan 4, 2008
    Messages:
    2,829
    Country:
    Philippines
    i think its hardware

    because if it was software, they would have tried to fix it first before distributing it

    maybe just wait where bootmii develops and eventually theyll be able to install it on all wiis
     
  3. frostyfrosty

    Member frostyfrosty GBAtemp Regular

    Joined:
    Oct 17, 2008
    Messages:
    188
    Location:
    California
    Country:
    United States
    btw its boot2 =P
     
  4. _Alex_

    Newcomer _Alex_ Member

    Joined:
    Feb 8, 2009
    Messages:
    16
    Country:
    Germany
    boot1 is software too, but its secured with a sha-1 encryption + hash, so if it's changed and doesn't match, your wii is permantly bricked...
     
  5. Slowking

    Member Slowking GBAtemp Maniac

    Joined:
    Dec 31, 2006
    Messages:
    1,396
    Country:
    Germany
    It's boot1...

    Boot1 sits on a read only chip, so you can not change it and it verifys boot2. Since boot1s produced after mid 2008 don't have the signing bug in them anymore you can't fakesign boot2. It's that simple.
     
  6. haru3173
    OP

    Newcomer haru3173 Advanced Member

    Joined:
    Feb 2, 2009
    Messages:
    56
    Country:
    United States
    Does that mean there's no hope for us?
     
  7. Don Killah

    Member Don Killah GBAtemp Maniac

    Joined:
    Nov 21, 2002
    Messages:
    1,127
    Country:
    France
    yep, there's nothing we can do.
    basically there's 2 type of Wii:
    - those which can install as boot2 -> ultimate brick proof.
    - all the others (mines fall into this categorie [​IMG]) and install as ios -> brick proof with preloader...
     
  8. supagusti

    Member supagusti GBAtemp Regular

    Joined:
    Feb 2, 2008
    Messages:
    287
    Country:
    Austria
    not till the real certificates are leaked...

    edit: but maybe we can change the flash where boot1 resides. Is it a discrete chip or only part of something other - haven't found a systemboard layout yet!
     
  9. PNo4

    Member PNo4 GBAtemp Regular

    Joined:
    Apr 10, 2009
    Messages:
    259
    Country:
    Sweden
    boot1 is protected by boot0, and boot0 is inside the Hollywood Starlet.
     
  10. supagusti

    Member supagusti GBAtemp Regular

    Joined:
    Feb 2, 2008
    Messages:
    287
    Country:
    Austria
    That's real shit !
    Cause according to http://wiire.org/Wii/console/motherboard and the datasheet of U14 (the NAND, see http://pdf1.alldatasheet.com/datasheet-pdf...9F4G08U0A.html) there is no technical reason, why we cannot exchange boot1 to an older versions (if it really resides on the chip)
     
  11. supagusti

    Member supagusti GBAtemp Regular

    Joined:
    Feb 2, 2008
    Messages:
    287
    Country:
    Austria
    Ok - i've found it here: http://wiibrew.org/wiki/Boot_process
    boot1 is secured through a hash:
    As we know there are many different versions of code that produce the same hash.
    So it is indeed possible to modify the boot1 on any console out there (although it cannot be done by me ;-))
     
  12. PNo4

    Member PNo4 GBAtemp Regular

    Joined:
    Apr 10, 2009
    Messages:
    259
    Country:
    Sweden
    @supagusti

    No need to complicate the explanations, with 2-3 pages of linked information.

    boot1 is protected from alteration, by the sha-1 stored in OTP area, boot0 checks boot1 sha-1 against that sha-1 stored in the OTP area when you startup the Wii.

    Oh and for someone to find a correct boot1 alteration that works and produce the same sha-1 as the one stored in the OTP area, i don't think we'll see that before Wii 50 has come if ever [​IMG]
     

Share This Page