De_Fuse: Unable to Dump OTP.bin: Firmware Mismatch

[Bman3990wx]

Hello All,
Taking a stab at another Wii U recovery. Boots the the Wii U logo and freezes. Tried UDPIH and nothing happened, so I moved on to De_Fuse. De_Fuse seemed to install correctly, but the output in Putty gets scrambled after the exploit starts (which is why I am not posting outputs from Putty in the initial post. Sorry, I know those are preferred for cases like this). The output on the TV is fine though, so I kept going and installed a nandaid board and new SD card.

Attempting to Dump OTP.bin with PRSHhax results in "Unknown Prod boot1 version: v1610612831 (2068) either your nand is corrupt or you got something exotic" error. I looked around the gbatemp forums and found https://gbatemp.net/threads/how-to-...ii-u-internal-memory-mlc.636309/post-10226220 in here, shinyquagsire posts the hash of a BOOT1_SLC.RAW and a website to verify what the hash is. I looked at mine and I do not get the same hash (MD5: mine: f2fccabb8ecf9f720b9fc6a2de45e84c shiny: c941ed70442744feafcb8578e5625c09).

At this point I'm assuming that my boot1 is somehow corrupt or this is a really interesting Wii U. Is there anything that I can do? I see that it's possible to flash a new boot1 through minute, but not sure if that's tied to the console. (Attached is the Boot1_SLC that I dumped if you want to have a look. I also have dumps of SLC.RAW, SLCCMPT.RAW, and seeprom.bin if that helps).

 

[Lazr1026]

can you send me the SEEPROM? The SEEPROM key seems to be identical between all retail wiius, so I should be able to decrypt it.

 

[Bman3990wx]

can you send me the SEEPROM? The SEEPROM key seems to be identical between all retail wiius, so I should be able to decrypt it.

Absolutely!

 

[Lazr1026]

try putting the otp.bin from here onto the sd root, dump the otp and seeprom in minute, and then send the decrypted seeprom

delete this otp after dumping the seeprom. booting iosu with the wrong otp can be dangerous

 

[Bman3990wx]

try putting the otp.bin from here onto the sd root, dump the otp and seeprom in minute, and then send the decrypted seeprom

delete this otp after dumping the seeprom. booting iosu with the wrong otp can be dangerous

Ok. Here's what I got from that

 

[Lazr1026]

your boot1 version is v8339, which is really old. i bet iosu is also really old, so udpih not working makes sense

Post automatically merged: Apr 27, 2024

i just checked, this wiiu is running somewhere around 3.0.0!

 

[Bman3990wx]

oh holy hek! lmao

Post automatically merged: Apr 27, 2024

Thatsssss gotta have been sitting in the closet for a while....

 

[Lazr1026]

I think the best thing to do here is to flash the latest boot1 to the slc, and then let it fix the seeprom. you would need to have that otp on the sd though. PRSHhax should work after that

Post automatically merged: Apr 28, 2024

this should be the latest version of boot1. you would just copy the BOOT1_SLC.RAW and restore it in minute and let it fix the seeprom.

 

[Bman3990wx]

Ok. So do I get that through JNUS (found the title ID) and flash it through minute using the Restore BOOT1_SLC.RAW? Or do I need to obtain another BOOT1_SLC.RAW from another Wii U?

 

[Lazr1026]

i already sent you a boot1 you can flash. the boot1 packages from nus arent in a neat little format you can just flash

 

[Bman3990wx]

ope sorry, didn't refresh to see that post. I'll give it a shot!

Post automatically merged: Apr 28, 2024

That got farther, but it blackscreens on the reboot.

 

[Lazr1026]

you have the otp i sent you on the sd?

 

[Bman3990wx]

Oh sorry, I took that out after I flashed the BOOT1_SLC.RAW.

Tried to dump the OTP again with that OTP.bin on the sd card after and get this:

After these flashes, I get a black screen.

Post automatically merged: Apr 28, 2024

I wondered what would happen if I unpluged and plugged back in De_Fuse when the system showed a black screen and it comes up with the below:
View attachment 1714270333781.jpeg

Potentially an issue SEEPROM?

Post automatically merged: Apr 28, 2024

Ok big news.

I had another idea. I didn't like how the putty terminal was outputting garbage after the console launched the minute menu. So I tried an older version of De_Fuse/minute and my Putty terminal returned to normal.

I then tried dumping the OTP on this setup and it successfully dumped!!!!! Now to put it back on the new version and install some cafe os.

 

[V10lator]

Now to put it back on the new version and install some cafe os.

In case the data on the console isn't important for you I would suggest to do a complete firmware update by rebuilding the MLC as described here: https://gbatemp.net/threads/how-to-upgrading-rebuilding-wii-u-internal-memory-mlc.636309/

Just make sure to not only install the MLC titles but the SLC titles, too (as the guide says: If your console has an old firmware it might also be necessary to get the latest SLC titles). Installing both, MLC and SLC titles is equal to a firmware update.

You can even upgrade the SD card in the NAND-AID to 64 GB while doing so (or even higher with permanent ISFSHax or de_fuse).

 

[Bman3990wx]

In case the data on the console isn't important for you I would suggest to do a complete firmware update by rebuilding the MLC as described here: https://gbatemp.net/threads/how-to-upgrading-rebuilding-wii-u-internal-memory-mlc.636309/

Just make sure to not only install the MLC titles but the SLC titles, too (as the guide says: If your console has an old firmware it might also be necessary to get the latest SLC titles). Installing both, MLC and SLC titles is equal to a firmware update.

You can even upgrade the SD card in the NAND-AID to 64 GB while doing so (or even higher with permanent ISFSHax or de_fuse).

Yep! I got the SLC files and the MLC ones, threw them on the as card and went off to the races…. 30 mins of troubleshooting bad solder joints on my nandaid later and I’m in Caffe OS!

I wish I had a bigger SD card on hand but 32gb was what I had laying around.

Thank you for your help everyone!!!!