From WiiBrew
< Talk:IOS
Jump to navigation Jump to search
  • I'm curious. How does starlet handle Wii mode and gamecube mode? Also, are there other modes, such as a difference in access rights between the wii menu, and a running game?
During Wii mode, the normal Starlet code ("IOS") runs -- during GameCube mode, a compatibility layer called "MIOS" runs. Yes, the system menu has special access rights that go beyond those of a normal game -- for example, it can see the files of all of the games (to allow you to back up save games), and it can initiate firmware updates. Bushing 05:22, 13 February 2008 (PST)

  • The reason why I bring it up, is because I'm curious what kind of barriers Nintendo has put up to flashing firmware from within a game. (I understand that a flaw has been found in the code dubbed 'BOOT1' which could provide a hole in the chain of trust and open the door for custom firmware which doesn't bother doing security checks. But, can the NAND even be accessed from wii game mode?)
The raw NAND (encrypted sectors) can be accessed by any game, but that is not useful unless you know the encryption key (which is hard to get). Aside from that, games can access certain parts of the filesystem on the NAND -- specifically, the files that "belong" to that game. Bushing 05:22, 13 February 2008 (PST)

  • Some games do firmware updates. 01:58, 13 February 2008 (PST)
No, they don't. Games specify their required IOS version in the TMD -- when the system menu detects that a game requires a version of IOS that you don't already have installed, it checks to see if the disc also contains an update partition. If so, it installs the contents of the update partition before letting you run the game. Games themselves do not have permission to modify firmware. Bushing 05:22, 13 February 2008 (PST)
Actually, the system menu will check the game's update partition first, which contains a file describing the updates included with the game. It will apply these updates as long as they're newer than the versions on your Wii, whether the game actually requires them or not. Marcan 08:18, 13 March 2008 (PDT)

  • I thought there were a lot of different IOS 'versions'. Games that asked me to update were generally only games that also had a lot more in their update partition then just newer IOS versions (a lot of IOS versions and many more update files). Along the same lines isn't the IOS that comes with Zelda (that Zelda uses) very basic allowing only fairly little things (i.e. no USB / Wifi). (signature here :))?
There are. For example, Super Mario Galaxy comes with IOS versions 11, 12, 13, 15, 17, 20, 21, 30, 31, 33, 35, and it requires 35. (It also comes with a bunch of channels, etc, but that's not relevant -- your observation about large vs small update partitions is just coincidence.)
Yes, Zelda uses an old IOS version (15? don't remember). AFAICT, WiFi support is in all versions of IOS, even if the games don't use it -- the system menu uses it, and it needs to be able to phone home to get system updates. Likewise, everything supports raw USB, because that's how it communicates with the Bluetooth adapter. The glaring omission in Zelda's IOS is USB keyboard support -- we'd either need to write our own driver for USB HID (yech) or preferably find an exploit in a newer game, if we want to be able to use the keyboard. Bushing 04:53, 14 February 2008 (PST)
Zelda uses IOS9. Time has gone by, and we can now reboot to a newer IOS, so USB keyboard support is not a problem as long as the user has an IOS that supports it. Marcan 08:18, 13 March 2008 (PDT)

  • So basically our injected code running inside the game isn't allowed to touch things like the firmware?
More or less. The games aren't allowed to touch it, either, assuming the Starlet does its job correctly.
  • If we got the key somehow, is raw writing to the NAND possible, or only reading the encrypted data?
Writing may be possible, but it doesn't help unless you get the key "somehow". (Hint: That's very hard to do)
  • Supposing we just refused to update the firmware (not connecting to the Internet and using ISOs with the update partition removed, etc), would these restrictions stop us from doing other fun things, or do we basically have free reign over the rest of the machine? 15:09, 13 February 2008 (PST)
Refusing to update the firmware serves no purpose unless Nintendo does something to prevent homebrew from running -- it's not clear that that is possible, or worth their time. That has nothing to do with the second part of your question -- we have "free reign" in the sense that we can do anything a game can do, but we are restricted from modifying the way the system works (patching the system menu, installing new channels, etc.) Bushing 04:53, 14 February 2008 (PST)

  • Let me know if I understand correctly. The key that is used to decrypt/encrypt the firmware is unique to each console, and is in the OTP area accessible by starlet only?
Yes. Well, the key used to encrypt BOOT1 is common, but that's irrelevant because we can't modify BOOT1 as it is checked against a hash in OTP. The key used to encrypt the NAND filesystem is unique to each console. However, firmware updates as delivered over the network and on update discs are, of course, encrypted with a common key. Marcan 08:18, 13 March 2008 (PDT)

  • That's too bad. I was really hoping to see a linux penguin on one of my channel icons some time soon :)
Oh, that may very well come. Newer games like WiiFit install channels. We can also assume the system menu's permissions now, using some newly discovered /dev/es calls. We just need to figure out how to make channels :) Marcan 08:18, 13 March 2008 (PDT)
  • If/when a future system menu update blocks truchasigned discs, could the Twilight exploit be used to downgrade to a Trucha friendly system menu?
Maybe. Wait and see. Bushing 03:16, 29 March 2008 (PDT)