Changes

'''/dev/flash''' provides a raw interface to the NAND flash memory. On older [[IOS]] revisions, file system permissions restrict the access to the NAND memory, however, the contents are encrypted. This was fixed on newer revisions.

'''/dev/flash''' provides a raw interface to the NAND flash memory to update [[boot1]] and test usable blocks. It was previously used by homebrew to get a raw NAND dump, although this was not very useful due to the keys being encrypted, which led to retail IOSes being binary patched to treat opening this device as opening a file.

Be careful when using these interfaces! Calling the wrong ioctl (or calling write() instead of read()) could have unfortunate results.

Be careful when using these interfaces! Calling the wrong ioctl (or calling write() instead of read()) could have unfortunate results.

=== Reading ===

== Reading ==

/dev/flash may be read to get the raw, encrypted contents of the Wii NAND flash chip. You must either read with a block size of 2048 or 2112 (2048 + 64); the former will give you the normal contents of one page, and the latter will give you the same data plus the 64 bytes of OOB / spare / ECC data. The read buffer must be 32 Byte aligned, because a hardware engine is used for copying data. If you hope to use this to eventually restore the contents of your Wii, you MUST back up the spare data.

/dev/flash may be read to get the raw, encrypted contents of the Wii NAND flash chip. You must either read with a block size of 2048 or 2112 (2048 + 64); the former will give you the normal contents of one page, and the latter will give you the same data plus the 64 bytes of OOB / spare / ECC data. The read buffer must be 32 Byte aligned, because a hardware engine is used for copying data. If you hope to use this to eventually restore the contents of your Wii, you MUST back up the spare data.

In between each read, you should seek() to the page number you are trying to read; for example, seeking to 0x200 would put you at page 0x200, the start of the encrypted filesystem. That is to say, you must seek before every access, and the "file position" is in terms of pages, not bytes. There are 256K (262,144) total pages.

In between each read, you should seek() to the page number you are trying to read; for example, seeking to 0x200 would put you at page 0x200, the start of the encrypted filesystem. That is to say, you must seek before every access, and the "file position" is in terms of pages, not bytes. There are 256K (262,144) total pages.

=== Ioctls ===

== Ioctls ==

{| class="wikitable"

{| class="wikitable"

|-

|-

| 0  

| 0  

| 0x198 bytes  

| 0x198 bytes  

| ?

| get some data of the current ios' nand error log

|-

|-

| 3  

| 3  

| check_bad_block: if return value is -13, indicates that the block at the current fpos is bad  

| check_bad_block: if return value is -13, indicates that the block at the current fpos is bad  

|}

|}

=== Return Codes ===

 

== Return codes ==

(These names were taken from a NAND flash diagnostic program scraped from flash)

(These names were taken from a NAND flash diagnostic program scraped from flash)

* -128: NAND_RESULT_FATALERROR

* -128: NAND_RESULT_FATALERROR

=== Example Dump Code ===

== Example dump code ==

 

Here is an example code for dumping complete NAND including ECC:

Here is an example code for dumping complete NAND including ECC: