When Bootmii doesn't detect an SD card, it will just boot the Nintendo internal boot2 ELF, which boots the sysmenu. You need to have the SD card inserted to use Bootmii to run HBC.(Or access the Bootmii menu) If booting HBC fails, check the system info.by yellowstar - FixMii
Bootmii only restores blocks that were modified since the backup. Try checking the settings menu from Bootmii. Tell us what system info it displays, as well as FS usage. There's currently no software to install sysmenu and HBC under MINI, so there's no way to fix your Wii.(Especially since the NAND restore failed)by yellowstar - FixMii
Boot2 is not encrypted with the NAND AES key. Boot2 is a WAD with a slightly modified format. Bootmii dumps OTP and adds a footer to the end of the NAND dump containing the dump. When restoring NAND, it only checks the footer, to make sure that the dump is from this Wii's NAND. Otherwise, it will not allow you to restore. Bootmii doesn't decrypt, encrypt, and re-sign, with the keys fromby yellowstar - FixMii
If the good dump is from the same bricked Wii, yes you can flash that. You could post the 2 bytes from offset 0x21ee0 of the NAND dump, if you want.(boot2 version) "so does this mean if i flash the good dump to another nand and re-solder it to the wii, it should boot up since they have the same boot version?" Yes. Use Bootmii backup to dump the OTP keys.(You can only use Bootmii with this method,by yellowstar - FixMii
You can use WiiSCU to update channels with the required IOS. Edit: SifJar posted before I finished. :-)by yellowstar - Homebrew General
Download and install devkitARM. Use arm-eabi-objdump and arm-eabi-readelf.(The former to disassemble, the latter to obtain the start-end offsets of sections to extract them, and the sections' virtual/physical addresses.) Here's my dasm.txt reference.(Based on chishm's gbadev posts) Replace the filename before the > with the input extracted binary, and replace the filename afteby yellowstar - Software
Yes. You'll need to add the OTP dump footer from a Bootmii NAND dump, to dumps dumped by other software.by yellowstar - FixMii
Yes. If you have an NAND dump from another Wii with Bootmii installed, and if the boot2 version is greater than or equal to the boot2 version from the brick dump, yeah Bootmii should install fine. See this for replacing boot2: To find the boot2 version, search for hex bytes 0000000100000001 twice. The big-endian unsigned 16-bit(2-byte) title version field is 0x50 bytes after that.(Relative to thby yellowstar - FixMii
It's no trouble. If the good dump has a boot2 version is greater than or equal to brick dump boot2 version, you could try copying blocks 1-7 from the good dump, and replacing the brick dump blocks 1-7. Make sure your hex editor replaced, not inserted, that data.(Raw start-end offsets: 0x21000 - 0x108000)by yellowstar - FixMii
By "check", do you mean "check the boot2 version"? If so, yeah. I think you can use mega upload for this.by yellowstar - FixMii
Never mind, it's simple to find the boot2 version inside an NAND dump /w spare data: check the big-endian u16(2 bytes) at 0x21ee0 in the dump, for the boot2 version. I found this by searching for 0000000100000001 twice, then the version is 0x50 bytes after that.by yellowstar - FixMii
The good Wii and the bricked Wii may have different boot2 versions. If the bricked Wii has a boot2 version larger than or equal to the good Wii, you can flash the good dump to the bricked Wii. But to only dump NAND via Bootmii with keys, or restore, attempting to boot sysmenu/HBC will not work, as the NAND FS would be encrypted with the wrong keys. Boot2 is an encrypted WAD, so injecting Bootmiiby yellowstar - FixMii
Starlet is an ARM CPU, so it's ARM machine code. I use devkitARM to disassemble IOS, as IDA Pro Free only has x86 support. The kernel is the first IOS code run. Check the TMD for the boot index and boot content ID. Strip the elf "loader" from the kernel .app. It's all of the data before the byte before the "ELF" string. The other contents are .elf modules loaded by the kernel. Using armby yellowstar - Software
1: The unique NAND AES and HMAC keys are stored in OTP, not NAND. Dumping NAND via hardware will not dump these keys. NAND dumps are useless without the NAND key from OTP. 2: Yes, but only to dump/restore NAND. 3: Bootmii adds an 1KB OTP+SEEPROM dump footer to NAND dumps. Bootmii will not restore dumps unless they have the footer with the correct keys for this Wii. 4: That's complicby yellowstar - FixMii
Actually, I don't think SFFS has spare data for ECC/HMAC. It should be safe to modify SFFS, but backup NAND first. Never mind, bushing said on hackmii blog that SFFS is HMAC signed... I couldn't find any HMAC signatures in my SFFS though... :/ If the first 2 bits of a file node's attribute byte are clear,(0) it is considered an empty node. If you can, find the siblings of that fileby yellowstar - FixMii
You only need IOS61 if you haven't already updated Wii Shop. Re-installing boot2 won't allow Bootmii boot2 to install, Bootmii boot2 is blocked on newer Wiis because of the boot1 update. Boot1 can only be flashed/installed by Nintendo in the factory.by yellowstar - FixMii
What errors did you get when you attempted to dump NAND?by yellowstar - FixMii
There's not really any NAND FS documentation, other than segher's zestig and Bootmii ppcskel src code on bootmii-devel Google Groups. This SFFS data contains a header, a "FAT"/cluster chain table,(Not sure how many copies there are) then the entries for the files and directories. This data contains the file/dirnames of the NAND FS files/dirs, as well as the the start cluster chain for tby yellowstar - FixMii
idiosync, backup your NAND, then extract the data from 0x20be0000 - 0x21000000 of the dump with a hex editor, then upload the extracted SFFS.by yellowstar - FixMii
There's an open-source linux wmb host, written by masscat. The linux build doesn't work, but this is only because the program can't always process received packets, in the timeframe required by the official WMB client.(Other processes may be executing, ect) There's also Juglak's NDS WMB Host. These could be used as protocol reference, as well as NDS Tech Wiki, and gbatek.by yellowstar - Ideas, requests
Extract the .text section,(the section with the E flag) use ChangeBinEndian to flip the extracted bin from big-endian to separate little endian bin, then use arm-eabi-objdump to disassemble and RE. arm-eabi-objdump doesn't support big-endian.by yellowstar - Software
Thanks Tantric, your libtremor port and your oggplayer.c code works perfectly with this test ogg.by yellowstar - Coding
This produced silence for a while, then noise, then nothing. unsigned int mp3buffer_len = GetFileLength(fmp3); unsigned char *mp3buffer = (unsigned char*)malloc(mp3buffer_len); fread(mp3buffer, 1, mp3buffer_len, fmp3); MP3Player_PlayBuffer(mp3buffer, mp3buffer_len, NULL); fclose(fmp3);by yellowstar - Coding
This only plays about a second of the mp3, then there's clicking for a while, then nothing. s32 mp3player_input(void* cb_data, void* ReadStart, s32 ReadLen) { int read_framelen = 0; //struct buffer *buffer = data; //if (!buffer->length) //return MAD_FLOW_STOP; //mad_stream_buffer(stream, buffer->start, buffer->length); //buffer->length = 0; ifby yellowstar - Coding
I'm attempting to play music, though the last time I tried playing mp3s was with libogc Mp3player and sound effects. I don't see anything for asndlib in mp3player.c, though I'll still try it sometime. I tried using a buffer, but that didn't help. Apparently the output callback is never called; I un-commented the putchar code and nothing displayed...by yellowstar - Coding
The last time I tried using that libmad wrapper with short sound effects, that wrapper wouldn't play the whole mp3. Also, mp3player was never updated to use asndlib.by yellowstar - Coding
I'm attempting to play mp3s with libmad included with libogc, and asndlib. But, no sound is played, although it displays "playing play.mp3...". This is based on the libmad example.(from the libmad src) I tried mp3s with samples rates 44100 and 48000, and 16-bit/32-bit float, but neither worked. #include #include #include #include #include #include #include #include #incby yellowstar - Coding
I get error -4100 when attempting to use ES_Identify to identify as HATE. I tried SU certs, SysMenu certs,(from WiiMU) Shop certs from an update partition wad, patchmii core haxx certs, and all of these produced the same error. When I attempt to read HATE's tmd, ticket, or boot dol from NAND, I get error -101. Identifying as SU or SysMenu produces the same error. ... #include "certs_by yellowstar - Coding
People that region changed their Wii couldn't use the Wii Shop for updating Nintendo Channel, for the region they changed to. I guess I'll try fake signing.by yellowstar - Coding