Difference between revisions of "BootMii"

From WiiBrew
Jump to navigation Jump to search
(Corrected some information at the top)
 
(127 intermediate revisions by 56 users not shown)
Line 1: Line 1:
'''BootMii''' is a system designed by [[Team Twiizers]] to enable complete control of the Wii. It allows us to control the Wii about one second after the On button has been pressed, even before the [[System Menu]]. In fact, we can control it before the [[IOS]] even loads.
+
{{Seealso|mini}}
 +
{{Infobox homebrew
 +
| title      = BootMii
 +
| image      = [[File:BootMii Logo.png|128px]]
 +
| author      = [[fail0verflow]]
 +
| version    = 1.5
 +
| type        = loader
 +
| download    = http://bootmii.org/download/
 +
| source      = http://gitweb.bootmii.org
 +
| peripherals = {{FrontSD}} {{FrontSDHC}}
 +
}}
 +
{{Modifies NAND|bmapl=yes}}
 +
{{No vWii}}
  
==Benefits==
+
'''BootMii''' is a system designed by [[Team Twiizers]] to enable complete low-level control of the Wii. It allows the Wii to be controlled mere moments after the On button has been pressed, before any [[IOS]] has been loaded and before the [[NAND]] filesystem has been read.
BootMii can allow anything from Recovery modes (creating a practically unbrickable Wii), to lazy access of the [[Homebrew Channel]]. For example, if you have corrupted the [[System Menu]], you can use the [[AnyRegion Changer]] to install a [[System Menu]] 3.2. Unfortunately, all of these tools need an [[IOS]], because [[libogc]] needs [[IOS]]. However, there will probably be a Recover App made in the future at some point.
 
  
==How it works==
+
BootMii-[[boot2]] runs on every boot. However, BootMii-IOS can be launched from the [[Homebrew Channel]] from the menu that pops up when the home button is pressed.
The BootMii Platform is a [[boot2]] hack, which is loaded by [[boot1]], which is loaded by [[boot0]]. [[boot0]] is part of Hollywood and read-only. [[boot1]] is signed by a value in write-once memory and therefore cannot be changed. However, [[boot2]] is the first code loaded from the [[NAND]]. This means it can be hacked, and also updated, and corrupted. BootMii hacks the [[boot2]] files, and allows us to run code straight from the SD Card, before anything else is loaded. This has huge advantages, such as making it very difficult to brick, and keeping Nintendo from stopping homebrew. The only way we could stop Nintendo from blocking homebrew completely however, is by using BootMii to patch the updates on-the-fly. Also, it may be possible to keep anything from overwriting the [[boot2]] hack.
 
  
==Release date==
+
== BootMii with Related Software ==
As you may know, BootMii has not yet been released. It may even take a few months. There is not a set release date, so '''DO NOT BUG TEAM TWIIZERS (e.g. MARCAN, BUSHING, ETC.) ABOUT WHEN IT'LL BE RELEASED!''' BootMii will be released when it's done. If made sloppily, it can and will brick your console. It is undergoing a lot of work, and it is being thoroughly tested. Remember how long it took to make the [[Homebrew Channel]]? Well, they are going to do even more testing, because of the nature of such a hack.
+
BootMii comes in a group of four pieces of software:
 +
* '''[[HackMii Installer]]''' -- This is a simple ELF file which may be run using your favorite method (HBC, [[str2hax]], or any other exploit which can load standard executables). It checks your Wii to make sure it can safely be modified, saves some vital data for disaster recovery, and installs the rest of the components.
 +
* '''BootMii''' -- This is a small bit of ARM code which is injected into [[boot2]] or [[IOS254]], replacing Nintendo's internal ELF loader. When run, it looks to see if an SD card is inserted. If so, it tries to load and execute /bootmii/armboot.bin instead of boot2. Otherwise, it will fall back to loading boot2.
 +
* '''[[mini]]''' -- This is a rudimentary replacement for IOS that is best suited for low-level recovery functions. Source code is available under GPLv2 [https://github.com/fail0verflow/mini here].
 +
* '''[[CEIL1NG_CAT]]''' (or bootmii-ppc) -- When mini runs, it looks for a file named /bootmii/ppcboot.elf on the SD card. If it exists, mini loads this executable into memory, boots up the {{hw|Broadway}} (ppc) and executes that binary in parallel with mini. Source code is available under GPLv2 at (tbd).
  
==Required hardware==
+
Both mini and CEIL1NG_CAT must be present in order to draw a user interface, because the [[Starlet]] cannot directly access the {{hw|Video Interface}}.
BootMii will not require any special hardware.
 
  
==Video==
+
== Benefits ==
This is a demo from Marcan about the BootMii platform. This is the official BootMii. Please read above if you are wondering about the hardware on his Wii.
+
BootMii allows anything from Recovery modes (creating a practically unbrickable Wii), to lazy access of the [[Homebrew Channel]]. For example, if you have corrupted the [[System Menu]], you can use [[DOP-Mii]] to reinstall the System Menu. Unfortunately, all homebrew currently require an [[IOS]], because [[libogc]] requires one. However, there is [[mini]] (a homebrew IOS-like software), which can be modified specifically for the program, ie, for better communication to the Linux kernel.
<youtube>9oAQ9i4FMeg</youtube>
 
  
==External links==
+
== How it works ==
 +
BootMii-boot2 is a modified version of [[boot2]]'s [[NANDLoader]], which is loaded by [[boot1]], which is loaded by [[boot0]]. boot0 is part of [[Hollywood]] and read-only. boot1, although stored on the [[NAND]], is signed by a value in write-once memory and therefore cannot be changed without rendering a console unable to boot. boot2, however, can be modified (with some restrictions). This means it can be hacked, updated, and corrupted. BootMii hijacks the [[boot process]] before the normal boot2 is run, optionally allowing code to be run directly from the SD Card. This has many advantages, such as making it very difficult to [[brick]], and slowing Nintendo from blocking homebrew. Unfortunately, the only way we could completely stop Nintendo from blocking homebrew is by patching updates on-the-fly, or somehow preventing overwriting boot2. Along with the [[4.2]] update, Nintendo released a new version of boot2 ([[boot2v4]]); there is nothing in boot2v4 that prevents BootMii from working, but it will overwrite an existing BootMii installation when it is installed.
 +
 
 +
The space normally allocated for the NANDLoader is split into two sections itself for technical reasons; the first section is a custom NANDLoader that loads the second section. The second section checks to see if an SD card is inserted; if so, it loads <code>/bootmii/armboot.bin</code> and executed it. Otherwise, it loads the real boot2, which remains intact when BootMii-boot2 is installed.
 +
 
 +
<!-- TODO: BootMii-IOS -->
 +
 
 +
== Compatibility ==
 +
BootMii should be compatible with most Wiis released before late 2008. Support for newer Wiis (with reduced functionality) will have to install BootMii as an IOS
 +
 
 +
For an SD card compatibility list, See [[/SD Card Compatibility List|SD Card Compatibility List]].
 +
 
 +
== Required hardware ==
 +
BootMii will not require any special hardware. However, special hardware might help accomplish things that BootMii by itself cannot, such as hardware NAND write protection and isolation from the Nintendo software stack. No such hardware exists yet though.
 +
 
 +
== The new boot1 ==
 +
Consoles made after some point in 2008 (no concrete date is known) have a new version of [[boot1]] that patches the vulnerability which allows the console to boot a modified [[boot2]]. The Hackmii Installer will detect this situation and refuse to modify boot2 (see more at [http://hackmii.com/2009/02/bootmii-and-the-new-boot1/ Hackmii]). Since boot1 cannot be updated, all consoles already manufactured before this update are safe. About 10% of the consoles that ran the BootMii Checker tool have the new boot1.
 +
 
 +
== Media ==
 +
{|
 +
|-
 +
| <youtube size="medium" valign="top" align="left">9oAQ9i4FMeg</youtube>
 +
|-
 +
| Video source: [[User:Marcan|Marcan]]'s early BootMii demo.  The hardware mod in the video is unrelated to BootMii.
 +
|-
 +
|}
 +
 
 +
 
 +
 
 +
== History ==
 +
=== v1.5 ===
 +
* Switched the HBC title ID to LULZ
 +
 
 +
=== v1.4 ===
 +
* Stopped the "queueing" of the eject button press when confirming dangerous operations
 +
* Fixed integer overflow when calculating SD card free space
 +
* Switched the HBC title ID to 0xaf1bf516
 +
 
 +
=== Beta 6 (v1.3) ===
 +
* Fixed the freeze when using the autoboot feature to load System Menu with a delay of zero.
 +
* The NAND backup no longer crashes when stumbling on uncorrectable pages.
 +
* A couple of fixes to the integrated SD browser.
 +
* The autoboot feature is ignored when launching the IOS version of BootMii.
 +
 
 +
=== Beta 5 (v1.2) ===
 +
*Compatible with more SD cards.
 +
*New font, borrowed from [[Savezelda]].
 +
*The button combination when restoring a NAND backup with only BootMii/IOS was impossible to perform with some pads. It has been changed to the Konami Code.
 +
 
 +
=== Beta 4 (v1.1) ===
 +
* Properly write the keys to nand.bin :
 +
** This fixes the “NAND dump is from another Wii” issue on restoring beta 3 backups. If you don’t know how to fix those dumps, you have to backup the NAND again. Dumps from all other versions are not affected.
 +
* Switched the HBC title ID to JODI.
 +
 
 +
=== Beta 3 (v1.0) ===
 +
* Improved the SD card compability
 +
* Increased the backup/restore speed for some SD cards, but decreased it for others :P
 +
* Fix GPIO input for all Wiis
 +
* Wavebird support
 +
* Fixed a silly bug where [[NAND]] backups were left as 0 byte files
 +
* Keys are now saved to SD as /bootmii/keys.bin too
 +
 
 +
=== Beta 2 (v0.9) ===
 +
* SD card performance has been improved, decreasing the boot and the NAND backup / restore time
 +
* backupmii accepts fragmented SD cards now, reformatting is not performed anymore. Old NAND dumps are still compatible.
 +
* Introduced the INI variable “BOOTDELAY” to set the timeout for the auto boot feature
 +
 
 +
=== Beta 1 ===
 +
* First Public Release
 +
 
 +
== External links ==
 
* http://www.hackmii.com/
 
* http://www.hackmii.com/
 +
* http://www.bootmii.org/

Latest revision as of 23:12, 12 May 2021

See also: mini
BootMii
BootMii Logo.png
General
Author(s)fail0verflow
TypeLoader
Version1.5
Links
Download
Source
Peripherals
Loads files from the Front SD slot Loads files from SDHC cards in the Front SD slot
NOTICE
ModifiesNAND.png
This homebrew application makes permanent changes to the Wii's NAND, thus, this application should be used with caution.
Warning!
NoVWii.svg
This homebrew cannot be used on the Wii U's vWii. Attempting to use this homebrew on the vWii may result in the app not working, or may render the system unusable.

BootMii is a system designed by Team Twiizers to enable complete low-level control of the Wii. It allows the Wii to be controlled mere moments after the On button has been pressed, before any IOS has been loaded and before the NAND filesystem has been read.

BootMii-boot2 runs on every boot. However, BootMii-IOS can be launched from the Homebrew Channel from the menu that pops up when the home button is pressed.

BootMii with Related Software

BootMii comes in a group of four pieces of software:

  • HackMii Installer -- This is a simple ELF file which may be run using your favorite method (HBC, str2hax, or any other exploit which can load standard executables). It checks your Wii to make sure it can safely be modified, saves some vital data for disaster recovery, and installs the rest of the components.
  • BootMii -- This is a small bit of ARM code which is injected into boot2 or IOS254, replacing Nintendo's internal ELF loader. When run, it looks to see if an SD card is inserted. If so, it tries to load and execute /bootmii/armboot.bin instead of boot2. Otherwise, it will fall back to loading boot2.
  • mini -- This is a rudimentary replacement for IOS that is best suited for low-level recovery functions. Source code is available under GPLv2 here.
  • CEIL1NG_CAT (or bootmii-ppc) -- When mini runs, it looks for a file named /bootmii/ppcboot.elf on the SD card. If it exists, mini loads this executable into memory, boots up the Broadway (ppc) and executes that binary in parallel with mini. Source code is available under GPLv2 at (tbd).

Both mini and CEIL1NG_CAT must be present in order to draw a user interface, because the Starlet cannot directly access the Video Interface.

Benefits

BootMii allows anything from Recovery modes (creating a practically unbrickable Wii), to lazy access of the Homebrew Channel. For example, if you have corrupted the System Menu, you can use DOP-Mii to reinstall the System Menu. Unfortunately, all homebrew currently require an IOS, because libogc requires one. However, there is mini (a homebrew IOS-like software), which can be modified specifically for the program, ie, for better communication to the Linux kernel.

How it works

BootMii-boot2 is a modified version of boot2's NANDLoader, which is loaded by boot1, which is loaded by boot0. boot0 is part of Hollywood and read-only. boot1, although stored on the NAND, is signed by a value in write-once memory and therefore cannot be changed without rendering a console unable to boot. boot2, however, can be modified (with some restrictions). This means it can be hacked, updated, and corrupted. BootMii hijacks the boot process before the normal boot2 is run, optionally allowing code to be run directly from the SD Card. This has many advantages, such as making it very difficult to brick, and slowing Nintendo from blocking homebrew. Unfortunately, the only way we could completely stop Nintendo from blocking homebrew is by patching updates on-the-fly, or somehow preventing overwriting boot2. Along with the 4.2 update, Nintendo released a new version of boot2 (boot2v4); there is nothing in boot2v4 that prevents BootMii from working, but it will overwrite an existing BootMii installation when it is installed.

The space normally allocated for the NANDLoader is split into two sections itself for technical reasons; the first section is a custom NANDLoader that loads the second section. The second section checks to see if an SD card is inserted; if so, it loads /bootmii/armboot.bin and executed it. Otherwise, it loads the real boot2, which remains intact when BootMii-boot2 is installed.


Compatibility

BootMii should be compatible with most Wiis released before late 2008. Support for newer Wiis (with reduced functionality) will have to install BootMii as an IOS

For an SD card compatibility list, See SD Card Compatibility List.

Required hardware

BootMii will not require any special hardware. However, special hardware might help accomplish things that BootMii by itself cannot, such as hardware NAND write protection and isolation from the Nintendo software stack. No such hardware exists yet though.

The new boot1

Consoles made after some point in 2008 (no concrete date is known) have a new version of boot1 that patches the vulnerability which allows the console to boot a modified boot2. The Hackmii Installer will detect this situation and refuse to modify boot2 (see more at Hackmii). Since boot1 cannot be updated, all consoles already manufactured before this update are safe. About 10% of the consoles that ran the BootMii Checker tool have the new boot1.

Media

Video source: Marcan's early BootMii demo. The hardware mod in the video is unrelated to BootMii.


History

v1.5

  • Switched the HBC title ID to LULZ

v1.4

  • Stopped the "queueing" of the eject button press when confirming dangerous operations
  • Fixed integer overflow when calculating SD card free space
  • Switched the HBC title ID to 0xaf1bf516

Beta 6 (v1.3)

  • Fixed the freeze when using the autoboot feature to load System Menu with a delay of zero.
  • The NAND backup no longer crashes when stumbling on uncorrectable pages.
  • A couple of fixes to the integrated SD browser.
  • The autoboot feature is ignored when launching the IOS version of BootMii.

Beta 5 (v1.2)

  • Compatible with more SD cards.
  • New font, borrowed from Savezelda.
  • The button combination when restoring a NAND backup with only BootMii/IOS was impossible to perform with some pads. It has been changed to the Konami Code.

Beta 4 (v1.1)

  • Properly write the keys to nand.bin :
    • This fixes the “NAND dump is from another Wii” issue on restoring beta 3 backups. If you don’t know how to fix those dumps, you have to backup the NAND again. Dumps from all other versions are not affected.
  • Switched the HBC title ID to JODI.

Beta 3 (v1.0)

  • Improved the SD card compability
  • Increased the backup/restore speed for some SD cards, but decreased it for others :P
  • Fix GPIO input for all Wiis
  • Wavebird support
  • Fixed a silly bug where NAND backups were left as 0 byte files
  • Keys are now saved to SD as /bootmii/keys.bin too

Beta 2 (v0.9)

  • SD card performance has been improved, decreasing the boot and the NAND backup / restore time
  • backupmii accepts fragmented SD cards now, reformatting is not performed anymore. Old NAND dumps are still compatible.
  • Introduced the INI variable “BOOTDELAY” to set the timeout for the auto boot feature

Beta 1

  • First Public Release

External links