System Menu 4.3 has been released.

Quote
jbc007

Quote
SifJar
Provided DVDx can be installed on 4.3, it can be used to install fake signed content (e.g. a patched IOS). It has not been used this way before, but it is possible.

I did not know that. How would this work? Marcan said that from October 23, 2008 until Bootmii was released, piracy was not possible using Team Twiizers applications, but they did update their DVDx installer during that period. Of course, at that time, pirates had another way of installing fakesigned content.

Apparently running DVDx gives access to AHBPROT (a register in the Wii), which allows you to disable MEM2 protection. Once the protection is disabled, ES can be patched in memory to remove signature check. Then, temporarily, the current IOS will be able to install fake signed content. It could install a patched IOS, which will permanently give the Wii an IOS with no sig checking.

However, it's probably unlikely this method would be used. It'd probably be easier to use MINI to do it. It could directly in NAND change the TMD of IOS15 to revision 0, then back in IOS you'd be able to install the oldest revision (with trucha bug) and use it to install patched IOS36 (slightly like TBR, only first bit is different).

Quote
WikiFSX

Quote
g_man
Yeah, i just tried to change the only instance of JODI in the arm file, and no luck.

You'd have to do it in the ppc file, I think.

I remember some people were successfully able to do that a while back.

I ran a search in the PPC file, and there was no instance of the string JODI. I think what other people did was create a new ppcboot.elf file.

Quote
SifJar

Quote
jbc007

Quote
SifJar
Provided DVDx can be installed on 4.3, it can be used to install fake signed content (e.g. a patched IOS). It has not been used this way before, but it is possible.

I did not know that. How would this work? Marcan said that from October 23, 2008 until Bootmii was released, piracy was not possible using Team Twiizers applications, but they did update their DVDx installer during that period. Of course, at that time, pirates had another way of installing fakesigned content.

Apparently running DVDx gives access to AHBPROT (a register in the Wii), which allows you to disable MEM2 protection. Once the protection is disabled, ES can be patched in memory to remove signature check. Then, temporarily, the current IOS will be able to install fake signed content. It could install a patched IOS, which will permanently give the Wii an IOS with no sig checking.

However, it's probably unlikely this method would be used. It'd probably be easier to use MINI to do it. It could directly in NAND change the TMD of IOS15 to revision 0, then back in IOS you'd be able to install the oldest revision (with trucha bug) and use it to install patched IOS36 (slightly like TBR, only first bit is different).

Interesting, thanks for the explanation. I see why no one has done this before.



Edited 1 time(s). Last edit at 06/24/2010 03:59AM by jbc007.