685
edits
Changes
Jump to navigation
Jump to search
Dump format
Line 39:
Line 39:
== How it works ==
== How it works ==
BootMii is a modified version of [[boot2]], which is loaded by [[boot1]], which is loaded by [[boot0]]. '''boot0''' is part of [[Hollywood]] and read-only. '''boot1''', although stored on the [[NAND]], is signed by a value in write-once memory and therefore cannot be changed without rendering a console unable to boot. '''boot2''', however, can be modified (with some restrictions). This means it can be hacked, updated, and corrupted. BootMii hijacks the [[boot process]] before the normal '''boot2''' is run, optionally allowing code to be run directly from the SD Card. This has many advantages, such as making it very difficult to [[brick]], and slowing Nintendo from blocking homebrew. Unfortunately, the only way we could completely stop Nintendo from blocking homebrew is by patching updates on-the-fly, or somehow preventing overwriting '''boot2'''. Along with the [[System Menu 4.2]] update, Nintendo released a new version of '''boot2''' (boot2v4); there is nothing in boot2v4 that prevents BootMii from working, but it will overwrite an existing BootMii installation when it is installed.
BootMii is a modified version of [[boot2]], which is loaded by [[boot1]], which is loaded by [[boot0]]. '''boot0''' is part of [[Hollywood]] and read-only. '''boot1''', although stored on the [[NAND]], is signed by a value in write-once memory and therefore cannot be changed without rendering a console unable to boot. '''boot2''', however, can be modified (with some restrictions). This means it can be hacked, updated, and corrupted. BootMii hijacks the [[boot process]] before the normal '''boot2''' is run, optionally allowing code to be run directly from the SD Card. This has many advantages, such as making it very difficult to [[brick]], and slowing Nintendo from blocking homebrew. Unfortunately, the only way we could completely stop Nintendo from blocking homebrew is by patching updates on-the-fly, or somehow preventing overwriting '''boot2'''. Along with the [[System Menu 4.2]] update, Nintendo released a new version of '''boot2''' (boot2v4); there is nothing in boot2v4 that prevents BootMii from working, but it will overwrite an existing BootMii installation when it is installed.
+
+BootMii creates a 553649152-byte NAND dump called "nand.bin" on an SD card. It is formatted as:
+
+ 4096 * 64 pages of (2048 + 64) bytes of data + ECC
+ A 1024-byte footer with keying information
+
+Specifically, the format of that 1024-byte footer is:
+
+ 256 bytes of human-readable information (e.g. "BackupMii v1\nConsole ID: 0408cafa"), padded with null bytes
+ 128 bytes of OTP data (copied directly from OTP)
+
+ 128 bytes of padding
+ 256 bytes of SEEPROM data (copied directly from OTP)
+ 256 bytes of padding
== Compatibility ==
== Compatibility ==