Can boot2 v3 be installed?

So as I understand it, boot2v3 has the signing bug, boot2v4 does not.

Is it possible to install an unaltered (validly signed) boot2v3 on a wii with the new boot1 and boot2v4?

Would that then give us the ability to install fake-signed code on modern wiis?

no, you can run unsigned code on the newer wiis you just cant install bootmii to boot2, also, you cannot downgrade boot2 afaik and boot1 cannot be touched

You misunderstand.

You can run unsigned code on ANY wii, regardless of boot1 and boot2 versions, via expoits or HBC. Homebrew is unsigned code.

As for downgrading boot2, this would do no good. For several reasons.

The reason BootMii cannot be installed as boot2 on these machines is nothing to do with the boot2 version, its boot1 that matters. You may have heard of the trucha bug, which is present in some older IOS. Original boot1 had it too. boot1's job is to check the signature on boot2, and if boot1 has the trucha bug, boot2 can be fake-signed. However, on the newer Wiis, boot1 has the trucha bug fixed. Therefore, no matter what the version of boot2, it MUST be real-signed, not fake-singed. BootMii cannot be real-signed, because Team Twiizers dont have the private key needed to do that, and it would be illegal to do so anyway.

boot1 cannot be modified, because its hash is stored in OTP (one time programmable) memory, and checked by boot0. If it is changed at all, the wii will not boot. the installed version of boot1 cannot be changed, even by Nintendo.

Therefore, it does not matter the version of boot2, if you have a fixed boot1, BootMii cannot be installed as boot2, unless a new exploit is found in boot1.

Also, you cannot downgrade boot2, because if you installed a different version of boot2, you'd have to sign it with the private key. Upgrading boot2 could be done, but to downgrade, you have to fake-sign it, which boot1 would reject anyway.

^ thats what i said but is inflated

also, nintendo is an example of upgrading boot2 but like a failure

Quote
SifJar
You can run unsigned code on ANY wii, regardless of boot1 and boot2 versions, via expoits or HBC. Homebrew is unsigned code.

As for downgrading boot2, this would do no good. For several reasons.

... Therefore, no matter what the version of boot2, it MUST be real-signed, not fake-singed.
...
Also, you cannot downgrade boot2, because if you installed a different version of boot2, you'd have to sign it with the private key. Upgrading boot2 could be done, but to downgrade, you have to fake-sign it, which boot1 would reject anyway.

As I understand it, there are things that require signed code to do. While normal unsigned code can run, apparently (if I understand correctly) IOS's and other things have to be signed. There are homebrews that require the trucha bug, for example.

I know that I'll never get bootmii/boot2, and have to settle for bootmii/ios.
At the same time, since there is a real, signed boot2 that has the trucha bug, can that be installed on machines that have v4 so that fakesigned stuff can be installed?

Just as a quickie, as I understand it, v4 does not permit downgrading IOS's, while v3 does; if a stub IOS gets installed on a v4 machine, you can't do anything about it, while if a stub gets on a v3 machine, it can be replaced with a usable version.

There is no merit in downgrading IOS. You have no need of a lower version of boot2.

Anyway, like I said before, if you downgrade something, IT WILL BE FAKESIGNED, i.e. the boot2 would be fakesigned, regardless of the fact it is an official boot2. Therefore your boot1 which does not accept fake signatures would not accept the boot2, and you would have a full brick, fixable only with an Infectus.

I am confused. Doesn't the official boot2v3 have a real signature?

Yes, but the functions used to install titles in the Wii will only allow you to install a higher version of an installed title, so to downgrade it, you have to fakesign it. (or something like that. if you want to downgrade it or install a patched version, it must be fakesigned.)

This is a really stupid idea, but would it be possible to install a fakesigned boot2 v2 and then update it to version 3 (without turning off the wii untill boot2 v3 is installed)? Or would boot2 v3 still have to be fakesigned?

If you could install a fakesigned boot2v2, why wouldnt you just install a fakesigned boot2v3? Or BootMii for that matter? ANY fakesigned boot2 will brick a Wii with a fixed boot1.

EDIT: Oh yeah, and anyway, there is NO reason to dowgrade boot2 anyway, there is no benefit. You can do anything with a boot2v4 you can do with a boot2v2. You can have patched IOS, preloader, patched System Menu (with StartPatch) etc. even fail works fine. You can say "but you cant downgrade" - there is no need to downgrade, its dangerous and pointless. just because on some systems (PSP springs to mind) downgrading allows homebrew, doesnt mean it helps on the wii. The way the Wii works, if you have a patched IOS and the latest System Menu, you are as vulnerable as a 3.2 Wii.



Edited 1 time(s). Last edit at 10/14/2009 09:27PM by SifJar.

I am just thinking hypothetically as it is true that there is no reason to downgrade boot2.

If boot2 v2 was installed on a wii with a fixed boot1, but boot2 v3 was installed immediately after without turning off the wii, and therefore not loading boot1 again, would the wii still be bricked? If so, is it because boot2 v3 would still have to be fakesigned?



Edited 1 time(s). Last edit at 10/14/2009 09:38PM by jbc007.

that could work, but afaik, you cant install a boot2 WAD with Edited Out, so it'd have to be a completely custom app. And anyway, like I said before, there is no benefit to having a downgraded boot2.



Edited 1 time(s). Last edit at 10/15/2009 12:36AM by Arikado.

Quote
SifJar
that could work, but afaik, you cant install a boot2 WAD with Edited Out, so it'd have to be a completely custom app. And anyway, like I said before, there is no benefit to having a downgraded boot2.

Hmm, couldn't the bootmii installer install Boot2v2? It has the code in there to install a custom boot2. Your fakesigned boot2 is then able to install the true-signed v3, and then you've got trucha at the lowest level.

A possible benefit to a downgraded boot2? How about running bootmii after boot2 and before start menu? As I understand it, you can't use bootmii to restore your nand if you have to run it from HBC; can you use it to restore your nand if you run it earlier?

There is no way to run BootMii after boot2 but before System Menu, other than a) having it as System Menu IOS, which would mean it relies on System Menu being there or b) having a preloader-style dol inserted in System Menu's place which loads BootMii, and both of these would be possible on a boot2v4 Wii. Trust me, there is NO benefit to downgrading boot2. If there was, Team Twiizers would probably have done it by now.

Quote
SifJar
Yes, but the functions used to install titles in the Wii will only allow you to install a higher version of an installed title, so to downgrade it, you have to fakesign it. (or something like that. if you want to downgrade it or install a patched version, it must be fakesigned.)

Isn't it possible to uninstall an upgraded/corrected IOS (for example IOS15v266) (with ATD) and then install the same IOS but with a lower version (an official and vulnerable one, for example IOS15v257) ? As the IOS was removed from its slot, installing an "downgraded" version of this IOS in the empty slot should work, shouldn't it ?

You need ES_Identify (aka ES_DiVerify) in IOS36 to be able to use ATD.

However, it IS possible to downgrade IOS15 without any bugs, using an unsupported app, but it doesnt work quite like you say. Anyway, why is this still being discussed? As I have said, three times now I think, DOWNGRADING BOOT2 IS POINTLESS. IT HAS NO BENEFITS!!



Edited 1 time(s). Last edit at 10/15/2009 11:29PM by SifJar.