Hacking Xell version for wii with bootmii to get the nand key

[pancho]

Can we make any live linux or xell version with bootmii ported on it, so that we could flash the nand with a nand programmer and get the nand key? Just like those genius xbox 360 hackers did. Then use betwiin to assemble a good image nand and flash it on to the wii nand so that we could revive all those dead Wiis. I don't know if this is possible but what do you think guys?

Xell version for wii with bootmii to get the nand key, is this possible?

 

[FenrirWolf]

EDIT: Nevermind, misunderstood the context

 

[Jacobeian]

huh ? does it even make sense ?

Betwiin + Bootmii already let you do that

1/ you get the NAND key from both wii (using bootmii NAND dump function or another app)
2/ you dump your NAND with bootmii
3/ you convert it with betwiin
4/you flash the NAND to the other wii with bootmii

what would a boot linux or xell helps to do ???

 

[FenrirWolf]

Okay, I think I understand what you're asking now. In the case of consoles with the old boot1 you can simply flash BootMii to it and get the keys that way. Ones with the new boot1 are out of luck from what I know.

 

[pancho]

sorry for my english, and context. I mean we could back up the nand of the wii first by using a wii nand programmer which i've saw in wiibrew, then flash the nand chip of the wii, with bootmii ported in linux or xell so that we could get a copy of the nand key, I know that the nand key is located to what they called hollywood chip, so by flashing it with any linux ported with bootmii on the nand, we could force the holywood chip to show the nand key of the wii. when we get the key, then we can make a good image that belongs to other unit and bind it with the key we get so that we could revive dead wiis that were damage by any software we install on the wii. I hope you get what i mean? sorry again for my bad english...

 

[pancho]

we just need the key of the damage wii, when we get the key, then we can use the app called betwiin to assemble a good image ready to flash on a broken wii. This is to revive dead Wiis. I don't know if this hack is possible.

 

[pancho]

i think this is good for the last resort only, if everything we do fails to revive a broken wii.

 

[smf]

Is it possible. Of course, anything is possible. Will it ever happen, I would not count on it.

There is a lot of things that would need to happen to get that far, and there is already easier methods that don't have such extremely high hurdles to overcome.

In the end, it wont happen.

Today you can take the flash off a wii motherboard, flash bootmii onto it & resolder.
At this point you should be able to fix your nand to the point that the system menu will boot.

You don't need linux or betwin, you do however need a boot1 that has the trucha bug.

 

[fabi280]

There is a Modchip used for such a Work.
They are using it to dump and reflash the NAND.

Try to look for "infectus"

 

[raulpica]

There is a Modchip used for such a Work.
They are using it to dump and reflash the NAND.

Try to look for "infectus"

Meh, the Infectus sucks. A great chip with a poor team behind it. It's a real shame.

 

[fabi280]

But its good to revive broken Wiis

 

[pancho]

We could only have the infectuz as our nand programmer, for backing up and flashing image on the nand of the wiis motherboard. It would be nice also if bootmii, could be flashed in new boot1 wii. But if bootmii can't do it alone then linux could help bootmii to do it. But if ever bushing came up with a new bootmii in support for new boot1 wii then we don't need linux.

I'm just sharing my idea, this might help I think. Anymore idea's out there?

 

[WiiCrazy]

You need any one of these for the hardware recovery option...

1. Bricked wii's keys... these are enough to build a healthy image for the target wii
2. A nand dump
3. old boot1 with the trucha bug...

If you don't have these... essentially the 1st one... you won't be able to recover the bricked wii...

Flashing something is not an option on new boot1 unless you know the nintendo's private signing key...

All is left, getting the key out of the cpu... I don't think that's an option that can be realized so easily....

boot1 is in the cpu itself and this hash checking stuff is done internally since the arm chip is also in the cpu...

I'm not an expert in this stuff but I think it's still open to hacking/hijacking by hardware...

maybe you can with a fine timing switch the nand...(I don't mean by hand of course electronically)
say if checking the signature and loading the stuff are two distinct jobs by the current arm process and checking the signature happens first then you may switch the nand just after the signature check... and may force the process load the actual stuff from the other nand... just a thought, dunno if it's doable...

another idea, collect private key information from people and hope that they are generated in a deterministic fashion using correlation based on machine serial number or something... again dunno, possibly an unrealistic crazy idea...