In memory of Ben “bushing” Byer, who passed away on Monday, February 8th, 2016.

Difference between revisions of "IOS253"

From WiiBrew
Jump to navigation Jump to search
(Page creation.)
 
(updated info to stuff found in the code)
 
(2 intermediate revisions by 2 users not shown)
Line 1: Line 1:
 
{{Infobox IOS
 
{{Infobox IOS
 
| version = v31337
 
| version = v31337
| type = Temporary IOS
+
| type = Temporary [[IOS]]
 
}}
 
}}
  
'''IOS255''' is a temporary [[IOS]], created by older versions of "[[xyzzy]]", that sometimes remains in the [[NAND]]. It can be safely deleted.  
+
'''IOS253''' is a temporary [[IOS]], created by older versions of "[[xyzzy]]", that sometimes remains in the [[NAND]]. It can be safely deleted.  
  
 
=== How it works ===
 
=== How it works ===
The reason for the IOS being there, becomes clear when you look at how "xyzzy" used to work. The following is taken from [https://hackmii.com/2008/07/xyzzy/ hackmii.com]:  
+
The reason for the IOS being there becomes clear when you look at how "xyzzy" used to work. The following is taken from [https://hackmii.com/2008/07/xyzzy/ hackmii.com]:  
  
* Download IOS11 from the Nintendo Update Server
+
* Download [[IOS11]] from the Nintendo Update Server
 
* Patch it to remove the MEM2 protection (so the PPC can access all 64MB of it)
 
* Patch it to remove the MEM2 protection (so the PPC can access all 64MB of it)
 
* Patch it to allow it to delete itself later using ES_DeleteTitle()
 
* Patch it to allow it to delete itself later using ES_DeleteTitle()
* '''Find an unused IOS slot (counting downward from IOS255)'''
+
* Install the hacked IOS11 into IOS253
* Install the hacked IOS11 there
 
 
* Reboot into the hacked IOS
 
* Reboot into the hacked IOS
 
* Copy the private key structure from the IOS address space into MEM1
 
* Copy the private key structure from the IOS address space into MEM1

Latest revision as of 09:31, 10 July 2022

IOS253
WiiDrawing.png
Technical info
TypeTemporary IOS


IOS253 is a temporary IOS, created by older versions of "xyzzy", that sometimes remains in the NAND. It can be safely deleted.

How it works

The reason for the IOS being there becomes clear when you look at how "xyzzy" used to work. The following is taken from hackmii.com:

  • Download IOS11 from the Nintendo Update Server
  • Patch it to remove the MEM2 protection (so the PPC can access all 64MB of it)
  • Patch it to allow it to delete itself later using ES_DeleteTitle()
  • Install the hacked IOS11 into IOS253
  • Reboot into the hacked IOS
  • Copy the private key structure from the IOS address space into MEM1
  • Reboot back into a sane IOS
  • Delete the temporary, hacked IOS
  • Display the keys on screen
  • Try to write them to a file on the SD card — keys.txt
  • Pause for 60 seconds to allow you to copy the keys down using pen and paper,if necessary
Version Signing bug? STM Release Exploit? Notes
v31337 Yes Yes Temporary IOS, created by old versions of xyzzy.
v  d  e
IOS
Common
IOS9 · IOS12 · IOS14 · IOS17 · IOS21 · IOS22 · IOS28 · IOS33 · IOS34 · IOS35 · IOS36 · IOS37 · IOS38 · IOS43 · IOS45 · IOS46 · IOS48 · IOS53 · IOS55 · IOS56 · IOS57 · IOS58
System Menu
IOS4 · IOS9 · IOS10 · IOS11 · IOS20 · IOS30 · IOS40 · IOS50 · IOS52 · IOS60 · IOS70 · IOS80
Specialized
IOS3 · IOS5  · IOS13 · IOS15 · IOS16 · IOS19  · IOS31 · IOS41 · IOS51  · IOS59  · IOS61  · IOS62 · IOS254
Anti-cIOS Stubs
See also


Retrieved from "https://wiibrew.org/w/index.php?title=IOS253&oldid=117505"