303
edits
Changes
Jump to navigation
Jump to search
Line 23:
Line 23: +
no edit summary
:::::::::I can't say for sure that it's used, but I do see several paths from the main function that end up calling the signature code (but there's a giant messy function in the middle of everything that makes it hard to be sure). --[[User:Pokechu22|Pokechu22]] ([[User talk:Pokechu22|talk]]) 01:18, 3 May 2021 (CEST)
:::::::::I can't say for sure that it's used, but I do see several paths from the main function that end up calling the signature code (but there's a giant messy function in the middle of everything that makes it hard to be sure). --[[User:Pokechu22|Pokechu22]] ([[User talk:Pokechu22|talk]]) 01:18, 3 May 2021 (CEST)
::::Bushing said that they did something “mildly clever” to work around the BC sigcheck. https://hackmii.com/2009/11/updates-and-bricking/ I think this means we should dump our BootMii-boot2 to find out. [[User:Hallowizer|Hallowizer]] ([[User talk:Hallowizer|talk]]) 03:38, 11 May 2021 (CEST)
::::Bushing said that they did something “mildly clever” to work around the BC sigcheck. https://hackmii.com/2009/11/updates-and-bricking/ I think this means we should dump our BootMii-boot2 to find out. [[User:Hallowizer|Hallowizer]] ([[User talk:Hallowizer|talk]]) 03:38, 11 May 2021 (CEST)
:::::The relevant code is probably actually in the hackmii installer. I did some talking with DacoTaco and sven, and found that boot2 checks HW_CLOCKS and decides to launch MIOS in that case instead of the System Menu (boot2 also seems to be able to launch BC, but I don't think that code is actually reachable). I got confirmation that bootmii itself doesn't use HW_CLOCKS (and reverse-engineered bootmii as IOS to confirm that); sven also mentioned "iirc we didn't put any special gc mode/BC code into bootmii fwiw". I also did enough reverse engineering to determine that BC is almost certainly loading boot2, as it does a lot of NAND stuff in relevant places (including looking for two matching copies; [https://github.com/fail0verflow/mini/blob/befb64ce1cd493946c9a9a0a412262a998f478d9/boot2.c#L66 this] and [https://github.com/fail0verflow/mini/blob/befb64ce1cd493946c9a9a0a412262a998f478d9/boot2.c#L129 this] in MINI seem pretty similar). Probably they did something strange there to make BC reject the modified copy but boot1 allow it; it should show up in a bootmii NAND dump. --[[User:Pokechu22|Pokechu22]] ([[User talk:Pokechu22|talk]]) 20:17, 11 May 2021 (CEST)