Difference between revisions of "MINI"
Jump to navigation
Jump to search
Hallowizer (talk | contribs) m (→IPC_SDMMC_ACK: removed the #) |
AndrewPiroli (talk | contribs) Tag: Undo |
||
| (15 intermediate revisions by 5 users not shown) | |||
| Line 1: | Line 1: | ||
{{Infobox homebrew | {{Infobox homebrew | ||
| − | | title = | + | | title = MINI |
| type = system tool | | type = system tool | ||
| author = [[Team Twiizers]] | | author = [[Team Twiizers]] | ||
| source = https://github.com/fail0verflow/mini | | source = https://github.com/fail0verflow/mini | ||
}} | }} | ||
| − | ''' | + | '''MINI''' Is Not [[IOS]] -- but it is a limited replacement that can fulfill many low-level tasks that IOS might interfere with. |
The name is an allusion to GNU, which stands for "GNU's Not Unix" | The name is an allusion to GNU, which stands for "GNU's Not Unix" | ||
| − | = Features = | + | It was developed alongside [[BootMii]] as a replaceable [[Starlet]] executable, however, it was made mostly redundant by the [[Homebrew Channel]] and AHBPROT. There are still a few features that cannot be achieved that way, such as arbitrary ARM execution without exploits or NAND modification. |
| + | |||
| + | Code from MINI was later re-used for [https://github.com/AsahiLinux/m1n1 m1n1] as part of a project to boot Linux on the [https://en.wikipedia.org/wiki/Apple_M1 Apple M1]. | ||
| + | |||
| + | == Homebrew using MINI == | ||
| + | * [[CEIL1NG_CAT]] | ||
| + | * [[HackMii Installer]] | ||
| + | * [[Wii-Linux]] | ||
| + | * [https://github.com/lewurm/ppcskel ppcskel], basic example code that runs alongside MINI | ||
| + | |||
| + | == Features == | ||
* Light-weight -- binary is approximately 50kbytes, 11,673 lines of code as of first release | * Light-weight -- binary is approximately 50kbytes, 11,673 lines of code as of first release | ||
* Mostly IRQ driven :) | * Mostly IRQ driven :) | ||
| Line 22: | Line 32: | ||
* Not dependent on IOS in any way -- as long as you can run it, it can do whatever it wants, regardless of what security features Nintendo patches into newer versions of [[IOS]]. | * Not dependent on IOS in any way -- as long as you can run it, it can do whatever it wants, regardless of what security features Nintendo patches into newer versions of [[IOS]]. | ||
| − | = Limitations = | + | == Limitations == |
* No real kernel architecture; no threading model, but most calls are asynchronous | * No real kernel architecture; no threading model, but most calls are asynchronous | ||
* No USB support (including Bluetooth for Wiimotes) | * No USB support (including Bluetooth for Wiimotes) | ||
| Line 32: | Line 42: | ||
Note that this cannot execute at the same time as IOS; you can only have one or the other executing at any point in time. Switching back and forth between the two is left as an exercise for the developer. | Note that this cannot execute at the same time as IOS; you can only have one or the other executing at any point in time. Switching back and forth between the two is left as an exercise for the developer. | ||
| − | Since the discovery of the AHBPROT register, | + | Since the discovery of the AHBPROT register, MINI enables direct PPC access to all devices. It is often used together with [[Wii Linux]] to enable full hardware functionality and performance. |
| − | == IPC == | + | == IPC documentation == |
IPC messages take the following format: | IPC messages take the following format: | ||
struct { | struct { | ||
| Line 42: | Line 52: | ||
} | } | ||
| − | = | + | {| class="wikitable" |
| − | Simply pings the [[Starlet]] for testing. | + | ! Command |
| − | + | ! Description | |
| − | + | |- | |
| − | Shuts down | + | | IPC_SYS_PING |
| − | + | | Simply pings the [[Starlet]] for testing. | |
| − | + | |- | |
| − | Fetches the | + | | IPC_SYS_JUMP |
| − | + | | Shuts down MINI and jumps to the code passed. | |
| − | + | |- | |
| − | Fetches | + | | IPC_SYS_GETVERS |
| − | + | | Fetches the MINI version. | |
| − | + | |- | |
| − | Disables and re-enables the [[Hardware/NAND Interface|NAND Interface]]. | + | | IPC_SYS_GETGITS |
| − | + | | Fetches MINI's Git version. | |
| − | + | |- | |
| − | Retrieves the [[Hardware/NAND|NAND]]'s physical ID. | + | | IPC_NAND_RESET |
| − | + | | Disables and re-enables the [[Hardware/NAND Interface|NAND Interface]]. | |
| − | + | |- | |
| − | Sends the GETSTATUS command to the NAND. | + | | IPC_NAND_GETID |
| − | + | | Retrieves the [[Hardware/NAND|NAND]]'s physical ID. | |
| − | + | |- | |
| − | Reads a raw page from the NAND. | + | | IPC_NAND_STATUS |
| − | + | | Sends the GETSTATUS command to the NAND. | |
| − | + | |- | |
| − | Writes a raw page to the NAND. | + | | IPC_NAND_READ |
| − | + | | Reads a raw page from the NAND. | |
| − | + | |- | |
| − | Erases a block on the NAND. | + | | IPC_NAND_WRITE |
| − | + | | Writes a raw page to the NAND. | |
| − | + | |- | |
| − | Changes the lowest writable page enforced by | + | | IPC_NAND_ERASE |
| − | + | | Erases a block on the NAND. | |
| − | + | |- | |
| − | Fetches the lowest writable page enforced by | + | | IPC_NAND_SETMINPAGE |
| − | + | | Changes the lowest writable page enforced by MINI to prevent accidental bricking. | |
| − | + | |- | |
| − | Initializes the SDHC handler. | + | | IPC_NAND_GETMINPAGE |
| + | | Fetches the lowest writable page enforced by MINI. | ||
| + | |- | ||
| + | | IPC_SDHC_DISCOVER | ||
| + | | Initializes the SDHC handler. | ||
| + | |- | ||
| + | | IPC_SDHC_EXIT | ||
| + | | Shuts off the SDHC handler. | ||
| + | |- | ||
| + | | IPC_SDMMC_ACK | ||
| + | | Clears the "new SD card" flag, resulting in [[#IPC_SDMMC_STATE|IPC_SDMMC_STATE]] returning SDMMC_INSERTED instead of SDMMC_NEW_CARD. | ||
| + | |- | ||
| + | | IPC_SDMMC_READ | ||
| + | | Reads raw data from the front SD card. | ||
| + | |- | ||
| + | | IPC_SDMMC_WRITE | ||
| + | | Writes raw data to the front SD. | ||
| + | |- | ||
| + | | IPC_SDMMC_STATE | ||
| + | | Returns whether there is no SD card (SDMMC_NO_CARD), a card inserted since the last [[#IPC_SDMMC_ACK|IPC_SDMMC_ACK]] (SDMMC_NEW_CARD), or a card inserted before the last IPC_SDMMC_ACK (SDMMC_INSERTED). | ||
| + | |- | ||
| + | | IPC_SDMMC_SIZE | ||
| + | | Returns the number of sectors in the front SD. | ||
| + | |- | ||
| + | | IPC_KEYS_GETOTP | ||
| + | | Returns the cached [[Hardware/OTP|OTP]] keys. | ||
| + | |- | ||
| + | | IPC_KEYS_GETEEP | ||
| + | | Returns the cached [[Hardware/SEEPROM|SEEPROM]] keys. | ||
| + | |- | ||
| + | | IPC_AES_RESET | ||
| + | | Sends a reset signal to the [[Hardware/AES Engine|AES engine]]. | ||
| + | |- | ||
| + | | IPC_AES_SETIV | ||
| + | | Sends the contents to be AES-decrypted to the AES engine. | ||
| + | |- | ||
| + | | IPC_AES_SETKEY | ||
| + | | Sets the AES key used for decryption. | ||
| + | |- | ||
| + | | IPC_AES_DECRYPT | ||
| + | | Decrypts the contents in the AES engine. | ||
| + | |- | ||
| + | | IPC_BOOT2_RUN | ||
| + | | Shuts down MINI and launches [[boot2]]. | ||
| + | |- | ||
| + | | IPC_BOOT2_TMD | ||
| + | | Fetches the [[TMD]] of boot2. | ||
| + | |- | ||
| + | | IPC_PPC_BOOT | ||
| + | | Reboots the [[Hardware/Broadway|Broadway]] to a location in memory. | ||
| + | |- | ||
| + | | IPC_PPC_BOOT_FILE | ||
| + | | Similar to [[#IPC_PPC_BOOT|IPC_PPC_BOOT]], but boots a file. <!--TODO: SD or NAND? --> | ||
| + | |} | ||
| − | === | + | == Changelog == |
| − | |||
| − | === | + | === v1.4 === |
| − | + | * Fixed integer overflow when calculating SD card free space | |
| − | === | + | === Beta 5 (v1.2) === |
| − | + | *Compatible with more SD cards. | |
| − | === | + | === Beta 3 (v1.0) === |
| − | + | * Improved the SD card compatibility | |
| + | * Enable HW_AHBPROT to fix RESET issue with [[CEIL1NG_CAT]] | ||
| − | === | + | === Beta 2 (v0.9) === |
| − | + | * SD card performance has been improved, decreasing the boot and the NAND backup / restore time | |
| + | * backupmii accepts fragmented SD cards now, reformatting is not performed anymore. Old NAND dumps are still compatible. | ||
| + | * [[boot2]] patcher now works with [[boot2v4]] | ||
| − | === | + | === Beta 1 === |
| − | + | * First Public Release | |
{{Navbox IOS|skipCat=true}} | {{Navbox IOS|skipCat=true}} | ||
[[Category:IOS]] | [[Category:IOS]] | ||
| + | {{Navbox fail0verflow}} | ||
Latest revision as of 01:52, 1 September 2024
| MINI | |
| General | |
|---|---|
| Author(s) | Team Twiizers |
| Type | System tool |
| Links | |
| Source | |
MINI Is Not IOS -- but it is a limited replacement that can fulfill many low-level tasks that IOS might interfere with. The name is an allusion to GNU, which stands for "GNU's Not Unix"
It was developed alongside BootMii as a replaceable Starlet executable, however, it was made mostly redundant by the Homebrew Channel and AHBPROT. There are still a few features that cannot be achieved that way, such as arbitrary ARM execution without exploits or NAND modification.
Code from MINI was later re-used for m1n1 as part of a project to boot Linux on the Apple M1.
Homebrew using MINI
- CEIL1NG_CAT
- HackMii Installer
- Wii-Linux
- ppcskel, basic example code that runs alongside MINI
Features
- Light-weight -- binary is approximately 50kbytes, 11,673 lines of code as of first release
- Mostly IRQ driven :)
- Supports debug output over the GPIO pins and USBGecko
- Supports loading both ARM and PPC-side binaries over USBGecko (ala Wiiload)
- Allows any memory address to be peeked or poked from the PPC (via IPC)
- Contains drivers for the following hardware:
- OTP, SEEPROM
- AES Engine
- SDHC (at the sector level, or can load a file from a FAT FS on SD)
- NAND (read/write at the physical level)
- PowerPC (can read a PPC ELF file from SD into memory, and kickstart execution on the PPC)
- Not dependent on IOS in any way -- as long as you can run it, it can do whatever it wants, regardless of what security features Nintendo patches into newer versions of IOS.
Limitations
- No real kernel architecture; no threading model, but most calls are asynchronous
- No USB support (including Bluetooth for Wiimotes)
- No WiFi support
- No NAND FS support
- No audio/visual capability (hardware limitation)
All registers are exposed over IPC, so some or all of the missing driver functionality could conceivably be implemented on the PPC side. Note that this cannot execute at the same time as IOS; you can only have one or the other executing at any point in time. Switching back and forth between the two is left as an exercise for the developer.
Since the discovery of the AHBPROT register, MINI enables direct PPC access to all devices. It is often used together with Wii Linux to enable full hardware functionality and performance.
IPC documentation
IPC messages take the following format:
struct {
u32 code;
u32 tag;
u32 args[6];
}
| Command | Description |
|---|---|
| IPC_SYS_PING | Simply pings the Starlet for testing. |
| IPC_SYS_JUMP | Shuts down MINI and jumps to the code passed. |
| IPC_SYS_GETVERS | Fetches the MINI version. |
| IPC_SYS_GETGITS | Fetches MINI's Git version. |
| IPC_NAND_RESET | Disables and re-enables the NAND Interface. |
| IPC_NAND_GETID | Retrieves the NAND's physical ID. |
| IPC_NAND_STATUS | Sends the GETSTATUS command to the NAND. |
| IPC_NAND_READ | Reads a raw page from the NAND. |
| IPC_NAND_WRITE | Writes a raw page to the NAND. |
| IPC_NAND_ERASE | Erases a block on the NAND. |
| IPC_NAND_SETMINPAGE | Changes the lowest writable page enforced by MINI to prevent accidental bricking. |
| IPC_NAND_GETMINPAGE | Fetches the lowest writable page enforced by MINI. |
| IPC_SDHC_DISCOVER | Initializes the SDHC handler. |
| IPC_SDHC_EXIT | Shuts off the SDHC handler. |
| IPC_SDMMC_ACK | Clears the "new SD card" flag, resulting in IPC_SDMMC_STATE returning SDMMC_INSERTED instead of SDMMC_NEW_CARD. |
| IPC_SDMMC_READ | Reads raw data from the front SD card. |
| IPC_SDMMC_WRITE | Writes raw data to the front SD. |
| IPC_SDMMC_STATE | Returns whether there is no SD card (SDMMC_NO_CARD), a card inserted since the last IPC_SDMMC_ACK (SDMMC_NEW_CARD), or a card inserted before the last IPC_SDMMC_ACK (SDMMC_INSERTED). |
| IPC_SDMMC_SIZE | Returns the number of sectors in the front SD. |
| IPC_KEYS_GETOTP | Returns the cached OTP keys. |
| IPC_KEYS_GETEEP | Returns the cached SEEPROM keys. |
| IPC_AES_RESET | Sends a reset signal to the AES engine. |
| IPC_AES_SETIV | Sends the contents to be AES-decrypted to the AES engine. |
| IPC_AES_SETKEY | Sets the AES key used for decryption. |
| IPC_AES_DECRYPT | Decrypts the contents in the AES engine. |
| IPC_BOOT2_RUN | Shuts down MINI and launches boot2. |
| IPC_BOOT2_TMD | Fetches the TMD of boot2. |
| IPC_PPC_BOOT | Reboots the Broadway to a location in memory. |
| IPC_PPC_BOOT_FILE | Similar to IPC_PPC_BOOT, but boots a file. |
Changelog
v1.4
- Fixed integer overflow when calculating SD card free space
Beta 5 (v1.2)
- Compatible with more SD cards.
Beta 3 (v1.0)
- Improved the SD card compatibility
- Enable HW_AHBPROT to fix RESET issue with CEIL1NG_CAT
Beta 2 (v0.9)
- SD card performance has been improved, decreasing the boot and the NAND backup / restore time
- backupmii accepts fragmented SD cards now, reformatting is not performed anymore. Old NAND dumps are still compatible.
- boot2 patcher now works with boot2v4
Beta 1
- First Public Release
| |||||||||||||||||
| |||||||||||||||||||||||