5,579
edits
Changes
Jump to navigation
Jump to search
Line 24:
Line 24: +
→BootMii as boot2
::::Bushing said that they did something “mildly clever” to work around the BC sigcheck. https://hackmii.com/2009/11/updates-and-bricking/ I think this means we should dump our BootMii-boot2 to find out. [[User:Hallowizer|Hallowizer]] ([[User talk:Hallowizer|talk]]) 03:38, 11 May 2021 (CEST)
::::Bushing said that they did something “mildly clever” to work around the BC sigcheck. https://hackmii.com/2009/11/updates-and-bricking/ I think this means we should dump our BootMii-boot2 to find out. [[User:Hallowizer|Hallowizer]] ([[User talk:Hallowizer|talk]]) 03:38, 11 May 2021 (CEST)
:::::The relevant code is probably actually in the hackmii installer. I did some talking with DacoTaco and sven, and found that boot2 checks HW_CLOCKS and decides to launch MIOS in that case instead of the System Menu (boot2 also seems to be able to launch BC, but I don't think that code is actually reachable). I got confirmation that bootmii itself doesn't use HW_CLOCKS (and reverse-engineered bootmii as IOS to confirm that); sven also mentioned "iirc we didn't put any special gc mode/BC code into bootmii fwiw". I also did enough reverse engineering to determine that BC is almost certainly loading boot2, as it does a lot of NAND stuff in relevant places (including looking for two matching copies; [https://github.com/fail0verflow/mini/blob/befb64ce1cd493946c9a9a0a412262a998f478d9/boot2.c#L66 this] and [https://github.com/fail0verflow/mini/blob/befb64ce1cd493946c9a9a0a412262a998f478d9/boot2.c#L129 this] in MINI seem pretty similar). Probably they did something strange there to make BC reject the modified copy but boot1 allow it; it should show up in a bootmii NAND dump. --[[User:Pokechu22|Pokechu22]] ([[User talk:Pokechu22|talk]]) 20:17, 11 May 2021 (CEST)
:::::The relevant code is probably actually in the hackmii installer. I did some talking with DacoTaco and sven, and found that boot2 checks HW_CLOCKS and decides to launch MIOS in that case instead of the System Menu (boot2 also seems to be able to launch BC, but I don't think that code is actually reachable). I got confirmation that bootmii itself doesn't use HW_CLOCKS (and reverse-engineered bootmii as IOS to confirm that); sven also mentioned "iirc we didn't put any special gc mode/BC code into bootmii fwiw". I also did enough reverse engineering to determine that BC is almost certainly loading boot2, as it does a lot of NAND stuff in relevant places (including looking for two matching copies; [https://github.com/fail0verflow/mini/blob/befb64ce1cd493946c9a9a0a412262a998f478d9/boot2.c#L66 this] and [https://github.com/fail0verflow/mini/blob/befb64ce1cd493946c9a9a0a412262a998f478d9/boot2.c#L129 this] in MINI seem pretty similar). Probably they did something strange there to make BC reject the modified copy but boot1 allow it; it should show up in a bootmii NAND dump. --[[User:Pokechu22|Pokechu22]] ([[User talk:Pokechu22|talk]]) 20:17, 11 May 2021 (CEST)
::::::I think we’re over complicating this actually. Maybe the first boot2 has the BootMii loader, and the second one doesn’t. Boot1 defaults to the first one, but BC sees that the first one is invalid and goes to the second one? [[User:Hallowizer|Hallowizer]] ([[User talk:Hallowizer|talk]]) 20:40, 11 May 2021 (CEST)