Changes

Jump to navigation Jump to search
Dump format
'''{{Seealso|mini}}{{Infobox homebrew| title = BootMii''' is a system designed by | image = [[Team TwiizersFile:BootMii Logo.png|128px]] to enable complete control of the Wii. It allows the Wii to be controlled about one second after the On button has been pressed, even before the | author = [[System MenuTeam Twiizers]]| version = 1.5| download = http://bootmii.org/download/| source = http://gitweb. In fact, it can be controlled even before the [[IOS]] even loadsbootmii.org| peripherals = {{GCNController}} {{FrontSD}} {{FrontSDHC}} {{Wii}}}}{{Modifies NAND|bmapl=yes}}{{No vWii}}
==Benefits=='''BootMii can allow anything from Recovery modes (creating ''' is a practically unbrickable Wii), to lazy access of the system designed by [[Homebrew ChannelTeam Twiizers]]to enable complete low-level control of the Wii. For example, if you have corrupted It allows the [[System Menu]], you can use Wii to be controlled mere moments after the [[AnyRegion Changer]] to install a [[System Menu]] 3.2. UnfortunatelyOn button has been pressed, all of these tools need an before any [[IOS]], because has been loaded and before the [[libogcNAND]] needs filesystem has been read. BootMii can be launched from the [[IOSHomebrew Channel]]. However, there will probably be a Recover App made in from the menu that pops up when the future at some pointhome button is pressed.
==How it worksControls ==The BootMii Platform is a [[boot2]] hack, which is loaded by [[boot1]], which is loaded by [[boot0]]. [[boot0]] is part of Hollywood and read{| class="wikitable" style="left;text-only. [[boot1]] is signed by a value in writealign:center;"! {{Wii}} !! {{GCNController}} !! Family Trainer Pad !! Action|-once memory and therefore cannot be changed. However, [[boot2]] is the first code loaded from the [[NAND]]. This means it can be hacked, and also updated, and corrupted. BootMii hacks the [[boot2]] files, and allows us to run code straight from the SD Card, before anything else is loaded. This has huge advantages, such as making it very difficult to brick, and keeping Nintendo from stopping homebrew. The only way we could stop Nintendo from blocking homebrew completely however, is by using BootMii to patch the updates on| || {{GCDPadLeft}} || minus || Previous Option|-the| {{WiiPowerButton}} || {{GCDPadRight}} || Blue Down || Next option|-fly. Also, it may be possible to keep anything from overwriting the [[boot2]] hack.| {{WiiResetButton}} || {{GCAButton}} || Orange Square || Select option|}
==Release dateArchitecture ==As you may know, BootMii has not yet been released. It may even take a few months. There is not a set release date, so comprised by four pieces of software:*'''Installer'''DO NOT BUG TEAM TWIIZERS -- This is a simple ELF file which may be run using your favorite method (eHBC, [[Twilight Hack]], or any other exploit which can load standard executables).g. MARCANIt checks your Wii to make sure it can safely be modified, BUSHINGsaves some vital data for disaster recovery, ETCand installs the rest of the components. It is now integrated into the HackMii Installer.) ABOUT WHEN IT*'''LL BE RELEASED!Loader stub''' BootMii will be released when it-- This is a small bit of ARM code which is injected into [[boot2]], replacing Nintendo's doneinternal ELF loader. When run, it looks to see if an SD card is inserted. If made sloppilyso, it can tries to load and will brick your consoleexecute /bootmii/armboot. It is undergoing a lot bin instead of work'''boot2'''. Otherwise, and it is being thoroughly testedwill fall back to loading '''boot2'''. Remember how long it took to make the *'''[[Homebrew Channelmini]]''' -- This is a rudimentary replacement for IOS that is best suited for low-level recovery functions. Source code is available under GPLv2 [https://github.com/fail0verflow/mini here]? Well.*'''BootMii''' (or bootmii-ppc) -- When mini runs, they are going to do even more testingit looks for a file named /bootmii/ppcboot.elf on the SD card. If it exists, mini loads this executable into memory, because of boots up the nature of such a hack{{hw|Broadway}} (ppc) and executes that binary in parallel with mini. Source code is available under GPLv2 at (tbd).
Both mini and bootmii-ppc must be present in order to draw a user interface, because the [[Starlet]] cannot directly access the {{hw|Video Interface}}. == Benefits ==BootMii allows anything from Recovery modes (creating a practically unbrickable Wii), to lazy access of the [[Homebrew Channel]]. For example, if you have corrupted the [[System Menu]], you can use [[DOP-Mii]] to reinstall the [[System Menu]]. Unfortunately, all homebrew currently require an [[IOS]], because [[libogc]] requires one. However, there is [[Mini]] (a homebrew IOS-like software), which can be modified specifically for the program, ie, for better communication to the Linux kernel. == How it works ==BootMii is a modified version of [[boot2]], which is loaded by [[boot1]], which is loaded by [[boot0]]. '''boot0''' is part of [[Hollywood]] and read-only. '''boot1''', although stored on the [[NAND]], is signed by a value in write-once memory and therefore cannot be changed without rendering a console unable to boot. '''boot2''', however, can be modified (with some restrictions). This means it can be hacked, updated, and corrupted. BootMii hijacks the [[boot process]] before the normal '''boot2''' is run, optionally allowing code to be run directly from the SD Card. This has many advantages, such as making it very difficult to [[brick]], and slowing Nintendo from blocking homebrew. Unfortunately, the only way we could completely stop Nintendo from blocking homebrew is by patching updates on-the-fly, or somehow preventing overwriting '''boot2'''. Along with the [[System Menu 4.2]] update, Nintendo released a new version of '''boot2''' (boot2v4); there is nothing in boot2v4 that prevents BootMii from working, but it will overwrite an existing BootMii installation when it is installed. BootMii creates a 553649152-byte NAND dump called "nand.bin" on an SD card. It is formatted as:  4096 * 64 pages of (2048 + 64) bytes of data + ECC A 1024-byte footer with keying information Specifically, the format of that 1024-byte footer is:  256 bytes of human-readable information (e.g. "BackupMii v1\nConsole ID: 0408cafa"), padded with null bytes 128 bytes of OTP data (copied directly from OTP)  128 bytes of padding 256 bytes of SEEPROM data (copied directly from OTP) 256 bytes of padding == Compatibility ==BootMii should be compatible with most Wiis released before late 2008. Support for newer Wiis (with reduced functionality) will have to install BootMii as an IOS For an SD card compatibility list, See [[/SD Card Compatibility List|SD Card Compatibility List]]. ==Required hardware==
BootMii will not require any special hardware. However, special hardware might help accomplish things that BootMii by itself cannot, such as hardware NAND write protection and isolation from the Nintendo software stack. No such hardware exists yet though.
==The new boot1==Nintendo has released Consoles made after some point in 2008 (no concrete date is known) have a new version of [[Boot1boot1]], that patches the vulnerability which disables Bootmii as allows the console to boot a modified [[Boot2boot2]] hack. Fortunately, Bootmii can also be modified The Hackmii Installer will detect this situation and refuse to work as a replacement for IOS, or as a separate IOS modify '''boot2'''(likely [[IOS255]]). See see more at [http://hackmii.com/2009/02/bootmii-and-the-new-boot1/ Hackmii]). Since '''boot1 ''' cannot be updated, all consoles already manufactured before this update are safe. About 10% of the consoles that ran the BootMii Checker tool have the new '''boot1'''. == Console Keys and keys.bin ==Instead of using [[WiiND]], you can retrieve your console keys from the keys.bin file that BootMii v3+ produces when backing up the [[NAND]]. To view them, open keys.bin with a hex editor.<br />Here are the offsets for each key:<pre>boot1 hash: 0x100 (20 bytes) Common key (AES): 0x114 (16 bytes)Console ID: 0x124 (4 bytes)ECC Private Key: 0x128 (30 bytes)NAND HMAC: 0x144 (20 bytes)NAND AES key: 0x158 (16 bytes)PRNG seed (AES): 0x168 (16 bytes)ng_key_id: 0x208 (4 bytes)ng_sig: 0x20c (60 bytes)</pre>  For a full description of the purpose of each key, see [http://hackmii.com/2008/04/keys-keys-keys/ this writeup on HackMii]. == Media ==[[File:Bootmii_screenshot.png|right|thumb|200px|Screenshot. Click for larger image.]] {||-| <youtube size="medium" valign="top" align="left">9oAQ9i4FMeg</youtube>|-| Video source: [[User:Marcan|Marcan]]'s early BootMii demo. The hardware mod in the video is unrelated to BootMii.|-|}   == History == === v1.4 ===* Stopped the "queueing" of the eject button press when confirming dangerous operations* Fixed integer overflow when calculating SD card free space === Beta 6 (v1.3) ===* Fixed the freeze when using the autoboot feature to load System Menu with a delay of zero.* The NAND backup no longer crashes when stumbling on uncorrectable pages.* A couple of fixes to the integrated SD browser.* The autoboot feature is ignored when launching the IOS version of BootMii. === Beta 5 (v1.2) ===*Compatible with more SD cards.*New font, borrowed from the deceased [[Twilight Hack]].*The button combination when restoring a NAND backup with only BootMii/IOS was impossible to perform with some pads. It has been changed to the Konami Code. === Beta 4 (v1.1) ===* Properly write the keys to nand.bin :** This fixes the “NAND dump is from another Wii” issue on restoring beta 3 backups. If you don’t know how to fix those dumps, you have to backup the NAND again. Dumps from all other versions are not affected. === Beta 3 (v1.0) ===* Improved the SD card compability* Increased the backup/restore speed for some SD cards, but decreased it for others :P* Fix GPIO input for all Wiis* Wavebird support* Fixed a silly bug where [[NAND]] backups were left as 0 byte files* Keys are now saved to SD as /bootmii/keys.bin too === Beta 2 (v0.9) ===* SD card performance has been improved, decreasing the boot and the NAND backup / restore time* backupmii accepts fragmented SD cards now, reformatting is not performed anymore. Old NAND dumps are still compatible.* Introduced the INI variable “BOOTDELAY” to set the timeout for the auto boot feature
==Video= Beta 1 ===This is a demo from Marcan about the BootMii platform. This is (a very old version of) the official BootMii. Please read the video description if you are wondering about the hardware on his Wii.<youtube>9oAQ9i4FMeg</youtube>* First Public Release
==External links==
* http://www.hackmii.com/
* http://www.bootmii.org/
295

edits

Navigation menu