Changes

| image      = [[File:BootMii Logo.png|128px]]

| image      = [[File:BootMii Logo.png|128px]]

| author      = [[Team Twiizers]]

| author      = [[Team Twiizers]]

| version    = Beta 6

| version    = 1.5

| download    = http://bootmii.org/download

| download    = http://bootmii.org/download/

| source      = http://gitweb.bootmii.org

| source      = http://gitweb.bootmii.org

| peripherals = {{GCNController}} {{FrontSD}} {{FrontSDHC}} {{Wii}}

| peripherals = {{GCNController}} {{FrontSD}} {{FrontSDHC}} {{Wii}}

}}

}}

{{Modifies NAND}}

{{Modifies NAND}}

'''BootMii''' is a system designed by [[Team Twiizers]] to enable complete low-level control of the Wii. It allows the Wii to be controlled mere moments after the On button has been pressed, before any [[IOS]] has been loaded and before the [[NAND]] filesystem has been read.

'''BootMii''' is a system designed by [[Team Twiizers]] to enable complete low-level control of the Wii. It allows the Wii to be controlled mere moments after the On button has been pressed, before any [[IOS]] has been loaded and before the [[NAND]] filesystem has been read. BootMii can be launched from the [[Homebrew Channel]] from the menu that pops up when the home button is pressed.

== Controls ==

== Controls ==

== How it works ==

== How it works ==

BootMii is a modified version of [[boot2]], which is loaded by [[boot1]], which is loaded by [[boot0]]. '''boot0''' is part of [[Hollywood]] and read-only. '''boot1''', although stored on the [[NAND]], is signed by a value in write-once memory and therefore cannot be changed without rendering a console unable to boot. '''boot2''', however, can be modified (with some restrictions). This means it can be hacked, updated, and corrupted. BootMii hijacks the boot process before the normal '''boot2''' is run, optionally allowing code to be run directly from the SD Card. This has many advantages, such as making it very difficult to [[brick]], and slowing Nintendo from blocking homebrew. Unfortunately, the only way we could completely stop Nintendo from blocking homebrew is by patching updates on-the-fly, or somehow preventing overwriting '''boot2'''. Along with the [[System Menu 4.2]] update, Nintendo released a new version of '''boot2''' (boot2v4); there is nothing in boot2v4 that prevents BootMii from working, but it will overwrite an existing BootMii installation when it is installed.

BootMii is a modified version of [[boot2]], which is loaded by [[boot1]], which is loaded by [[boot0]]. '''boot0''' is part of [[Hollywood]] and read-only. '''boot1''', although stored on the [[NAND]], is signed by a value in write-once memory and therefore cannot be changed without rendering a console unable to boot. '''boot2''', however, can be modified (with some restrictions). This means it can be hacked, updated, and corrupted. BootMii hijacks the [[boot process]] before the normal '''boot2''' is run, optionally allowing code to be run directly from the SD Card. This has many advantages, such as making it very difficult to [[brick]], and slowing Nintendo from blocking homebrew. Unfortunately, the only way we could completely stop Nintendo from blocking homebrew is by patching updates on-the-fly, or somehow preventing overwriting '''boot2'''. Along with the [[System Menu 4.2]] update, Nintendo released a new version of '''boot2''' (boot2v4); there is nothing in boot2v4 that prevents BootMii from working, but it will overwrite an existing BootMii installation when it is installed.

== Compatibility ==

== Compatibility ==

== The new boot1 ==

== The new boot1 ==

Consoles made after some point in 2008 (no concrete date is known) have a new version of [[boot1]] that patches the vulnerability which allows the console to boot a modified [[boot2]]. The Hackmii Installer will detect this situation and refuse to modify '''boot2'''(see more at [http://hackmii.com2009/02/bootmii-and-the-new-boot1/ Hackmii]). Since '''boot1''' cannot be updated, all consoles already manufactured before this update are safe. About 10% of the consoles that ran the BootMii Checker tool have the new '''boot1'''.

Consoles made after some point in 2008 (no concrete date is known) have a new version of [[boot1]] that patches the vulnerability which allows the console to boot a modified [[boot2]]. The Hackmii Installer will detect this situation and refuse to modify '''boot2'''(see more at [http://hackmii.com/2009/02/bootmii-and-the-new-boot1/ Hackmii]). Since '''boot1''' cannot be updated, all consoles already manufactured before this update are safe. About 10% of the consoles that ran the BootMii Checker tool have the new '''boot1'''.

== Console Keys and keys.bin ==

== Console Keys and keys.bin ==

Instead of using [[WiiND]], you can retrieve your console keys from the keys.bin file that BootMii v3+ produces when backing up the [[NAND]]. To view them, open keys.bin with a hex editor.<br />

Instead of using [[WiiND]], you can retrieve your console keys from the keys.bin file that BootMii v3+ produces when backing up the [[NAND]]. To view them, open keys.bin with a hex editor.<br />

Here are the offsets for each key:

Here are the offsets for each key:

<pre>ECC Private Key: 0x128 (30 bytes)

<pre>

boot1 hash: 0x100 (20 bytes)

Common key (AES): 0x114 (16 bytes)

Console ID: 0x124 (4 bytes)

Console ID: 0x124 (4 bytes)

NAND AES key: 0x158 (16 bytes)

NAND AES key: 0x158 (16 bytes)

PRNG seed (AES): 0x168 (16 bytes)

PRNG seed (AES): 0x168 (16 bytes)

ng_key_id: 0x208 (4 bytes)

ng_key_id: 0x208 (4 bytes)

ng_sig: 0x20c (60 bytes)</pre>  

ng_sig: 0x20c (60 bytes)</pre>  

== History ==

== History ==

=== Beta 6 ===

 

=== Beta 6 (v1.3) ===

* Fixed the freeze when using the autoboot feature to load System Menu with a delay of zero.

* Fixed the freeze when using the autoboot feature to load System Menu with a delay of zero.

* The NAND backup no longer crashes when stumbling on uncorrectable pages.

* The NAND backup no longer crashes when stumbling on uncorrectable pages.

* The autoboot feature is ignored when launching the IOS version of BootMii.

* The autoboot feature is ignored when launching the IOS version of BootMii.

=== Beta 5 ===

=== Beta 5 (v1.2) ===

*Compatible with more SD cards.

*Compatible with more SD cards.

*New font, borrowed from the deceased [[Twilight Hack]].

*New font, borrowed from the deceased [[Twilight Hack]].

*The button combination when restoring a NAND backup with only BootMii/IOS was impossible to perform with some pads. It has been changed to the Konami Code.

*The button combination when restoring a NAND backup with only BootMii/IOS was impossible to perform with some pads. It has been changed to the Konami Code.

=== Beta 4 ===

=== Beta 4 (v1.1) ===

* Properly write the keys to nand.bin :

* Properly write the keys to nand.bin :

** This fixes the “NAND dump is from another Wii” issue on restoring beta 3 backups. If you don’t know how to fix those dumps, you have to backup the NAND again. Dumps from all other versions are not affected.

** This fixes the “NAND dump is from another Wii” issue on restoring beta 3 backups. If you don’t know how to fix those dumps, you have to backup the NAND again. Dumps from all other versions are not affected.

=== Beta 3 ===

=== Beta 3 (v1.0) ===

* Improved the SD card compability

* Improved the SD card compability

* Increased the backup/restore speed for some SD cards, but decreased it for others :P

* Increased the backup/restore speed for some SD cards, but decreased it for others :P

* Keys are now saved to SD as /bootmii/keys.bin too

* Keys are now saved to SD as /bootmii/keys.bin too

=== Beta 2 ===

=== Beta 2 (v0.9) ===

* SD card performance has been improved, decreasing the boot and the NAND backup / restore time

* SD card performance has been improved, decreasing the boot and the NAND backup / restore time

* backupmii accepts fragmented SD cards now, reformatting is not performed anymore. Old NAND dumps are still compatible.

* backupmii accepts fragmented SD cards now, reformatting is not performed anymore. Old NAND dumps are still compatible.