Fixing IOS brick without NAND backup

I think it might be possible to install BootMii over boot1 using NAND programmer, then mess with the power lines (like with the HRESET hack)? In boot0's hash fail path, there is an unreachable instruction after the jump to panic that boots boot1 as normal. If we can get the Starlet booting in drunk mode, then it might skip that instruction and proceed to loading BootMii-boot1 for recovery. Hallowizer (talk) 23:00, 23 May 2021 (CEST)