Page 1 of 4 123 ... LastLast
Results 1 to 10 of 35

Thread: How To Use Betwiin To Recover Your Wii - Donor Nand and Bricked Wii Keys Required

  1. #1
    Junior Member streamlinehd's Avatar
    Join Date
    Mar 2010
    Location
    East Coast, USA
    Posts
    1,369
    Thanks
    114
    Thanked 557 Times in 377 Posts
    Blog Entries
    3

    Guide: How To Use Betwiin To Recover Your Wii

    WARNING: This Is An Advanced Guide.... If you don't understand everything here, I recommend you do not proceed as this is advanced brick repair and is not a suitable option for most bricks. Please consider ALL other options before continuing with this method.

    NOTICE: IF YOU DON'T HAVE THE KEYS.BIN FILE OR AT LEAST KNOW THE KEYS FROM YOUR BRICKED WII THIS METHOD WILL NOT WORK AND YOU CAN NOT CONTINUE!!!

    I wrote this guide to help people wanting to use Betwiin to recover their bricked Wii but don't know where to begin. If you try searching for a guide on Betwiin you will quickly find that there just aren't any so I hope everyone appreciates me posting this info as it took a lot of hard work to figure this all out. If you have any questions, please post them in this thread and I will be happy to answer to the best of my ability.

    Betwiin (Summary)

    Betwiin is program written by Bushing that can be used to make a Wii nand dump compatible with a different Wii console. This is done by using the keys from a bricked console to encrypt a nand dump from a donor console. The reason the donor nand needs to be encrypted with the bricked Wii's keys is because each Wii has its own specific keys used to encrypt and decrypt local data. For more information on how Wii security and encryption works see this thread. Betwiin can be used as a last resort to completely restore any software brick so long as you have a compatible donor nand dump, keys from bricked/target Wii, and an Infectus modchip or similar programmer. vx2k7b5atVoc48DulOPoXM63UIWreydK34tNP31vvbdaNNKub6 nhOoySd3q5ahzfsJDJlOGavp8xLw7gzT+JgvjZceNKmn0P1GOS JnCwyKYGUj+rUh9bDSe5/zHqTjVE


    Step 1 – Extract Keys & Compare With Donor Nand


    Prerequisites

    1. Bricked Wii
    2. Donor nand dump with same version of boot1 as bricked Wii.
    3. Donor nand dump with equal version or greater of boot2
    4. Infectus or Infectus2 Modchip and Programmer
    5. Hex Editor
    6. Xavbox Programmer v1.0.0.7
    7. Wiinand v0.2
    8. WiiFlash-Toolz-v0.2BETA.zip
    (C) streamlinehd 2010 - streamlinehd@gmail

    First you will have to complete a full nand dump from the bricked/target Wii. This can be completed with Xavbox Programmer and an Infectus modchip. If you don’t know how to do this you should first download and install the Xavbox software in this thread and then take a look at The Infectus NAND Flashing Guide. Once the target nand is extracted you will have to compare it with the donor nand to make sure they both have the same version of boot1. To do this you will have to look at the first block of both dumps with a hex editor. The first block of the nand contains the boot1 information that we need to evaluate. To evaluate the nand dump open it using a hex editor, the boot1 block starts at offset 0 and ends at offset 00021a5f. Take a look specifically at the first 400 bytes or so of data and make sure they match (see img below). If the first 400-bytes from both nand dumps don’t match then you will have to find a different donor. You can also use Wiinand to find out what version of boot1 you have however, sometimes it comes up as unknown therefore comparing with a hex editor is the more accurate way to check if they're the same. Also make sure that the donor nand you will be using has boot2 v4 as this will ensure you won't run into any boot2 compatibility issues.(C) streamlinehd 2010 - streamlinehd@gmail





    Step 2 – Save and Remove Keys From Donor Nand & Bricked/Target Nand


    Option #1 - Use Simple Nand Converter You must already have a file from Bootmii named keys.bin from both Bootmii nand dumps to use this option (if you have your keys, skip this part for now and move on to step 3 - Preparing your donor nand). If you don't have your keys then see option #2 below on how to extract them.

    Option # 2 - Alternate Extraction Methods If you don't have a keys.bin file and only have a nand.bin from your Bootmii backup, chances are that your keys are attached to the nand.bin file. To manually extract these keys you can open the nand.bin in a hex editor and select the last 1024-bytes of data. If your keys are attached you should see 42, 61, 63, 6b, 75 as the first five selected bytes and your last byte should a 0 which comes after a ton of other 0's. You will also notice to the right of the hex editor program a readable line that says BackupMii v1 followed by a console ID. If you see all this then your nand does indeed have the keys attached to it. Now that you have the keys selected, copy and past them into a blank hex file by selecting File -> New File in your hex editor. Save this file and name it keys.bin, then put it in a safe spot as you will need to extract the keys from this file later.(C) streamlinehd 2010 - streamlinehd@gmail

    Advanced Note on Reading keys (this part can be skipped) - To manually read the keys with a hex editor locate the keys.bin file and open it in the editor. The hmac key starts at offset 00000144 and is 20-bytes in size and the nand key starts at offset 00000158 and is 16-bytes in size. The keys attached to the nand.bin start at offset 21000000 and end at offset 210003ff. Just use the hex editor to copy them over to Betwiin accordingly (donor keys to input folder and target keys to output folder).vx2k7b5atVoc48DulOPoXM63UIWreydK34tNP31vvbdaNNKub6 nhOoySd3q5ahzfsJDJlOGavp8xLw7gzT+JgvjZceNKmn0P1GOS JnCwyKYGUj+rUh9bDSe5/zHqTjVE


    Step 3 – Preparing the Donor Nand


    Depending on what type of dump you received from Bootmii you may have to remove the keys from the nand.bin. These keys are located in the last 1024-bytes of data in the nand dump and need to be deleted if they are included in the dump. The best way to do this is by using Wiinand to clean the donor dump. This option can be found under the extra tab in Wiinand v0.2 simply select the infectus radio button and then choose clean. You can also manually delete the keys using a hex editor to select the last 1024-bytes and deleting them. Once the donor nand is cleaned you need to move it to the input folder for Betwiin and rename it to flash.bin(C) streamlinehd 2010 - streamlinehd@gmail








    Step 4 – Setting Up Betwiin


    Option #1 Windows GUI Method - (skip everything in option #2 below)

    DOWNLOAD: Simple Nand Converter Mod - Includes Betwiin for Windows

    If you have your keys.bin file for both your donor and target Wiis you can use this method as it's much easier than running Betwiin using Python. (BIG THANKS to bad_Ad84 for suggesting this.)

    1. Start Simple Nand Converter Mod
    2. Load keys.bin from donor Wii
    3. Load keys.bin from bricked/target Wii
    4. Move donor nand.bin to Betwiin -> input folder and rename it to flash.bin
    5. Click on convert button and accept or decline all warnings
    6. Betwiin GUI will start and should take 20 - 45 minutes to complete depending on PC speed





    Option #2 Python Method - (the listed modules are required)


    Prerequisites

    1. Betwiin
    2. Python Interface
    3. Numpy Module
    4. Pycrypto Module
    (C) streamlinehd 2010 - streamlinehd@gmail
    To run Betwiin on a PC you will need to download and install Python for Windows. You will also need Python modules Numpy and Pycrypto installed to be able to run the Betwiin code. Once you have all this installed you will need to locate and setup the input and output folders in the Betwiin archive (this is located wherever you chose to unzip Betwiin on your computer.) Add the donor nand.bin (renamed to flash.bin), hmac-key and nand-key to the input folder and the target hmac-key and nand-key to the output folder.

    Next you will need to start Python, then open the betwiin.py module and choose to run the module. If everything was setup correctly, Betwiin will automatically start decrypting the donor nand and encrypting it with the output keys from the target Wii. This will take around 20-45 minutes to complete. Once completed, you will get an output file in the output folder called flash.bin. Simply rename this file to nand.bin and use the Infectus chip to complete the dump into the bricked/target Wii.


    Step 5 - Preparing the output flash.bin


    If everything was done correctly, you should end up with a file in the output folder named flash.bin. Simply rename this file to nand.bin and it's now ready to be installed into the bricked/target Wii. You will need your Infectus modchip and Xavbox software to complete this installation. If it doesn’t work it may be because the donor nand doesn't have the same boot1 or has an older version of boot2 than the bricked/target nand. To fix this, you will have to upgrade the donor nand (You should use a donor nand with the same boot1 and boot2 v4 to avoid this issue). You can also copy and paste the boot1/boot2 data from the original bricked/target nand to the Betwiin output to maintain the same boot1/boot2 versions. As mentioned by Bushing, this tool is a last resort to revive your system and can be a very tedious process that sometimes requires a lot of tweeking to get it right.

    vx2k7b5atVoc48DulOPoXM63UIWreydK34tNP31vvbdaNNKub6 nhOoySd3q5ahzfsJDJlOGavp8xLw7gzT+JgvjZceNKmn0P1GOS JnCwyKYGUj+rUh9bDSe5/zHqTjVE
    Last edited by streamlinehd; 04-21-2011 at 04:25 AM. Reason: Updated Xavbox Programmer download with drivers
    Cogita ante salis
    If you're happy with the help I provided, don't forget to hit my thanks button


  2. 4 Users Say Thank You to streamlinehd For This Useful Post


  3. #2
    Junior Member
    Join Date
    Dec 2009
    Location
    England
    Posts
    1,304
    Thanks
    7
    Thanked 320 Times in 240 Posts
    Blog Entries
    2
    Quote Originally Posted by streamlinehd View Post
    [COLOR="red"]
    Step 3 – Setting Up Betwiin

    Prerequisites

    Betwiin
    Python Interface
    Numpy Module
    Pycrypto Module

    To run Betwiin on a PC you will need to download and install Python for Windows. You will also need Python modules Numpy and Pycrypto installed to be able to run the Betwiin code. Once you have all this installed you will need to locate and setup the input and output folders in the Betwiin archive (this is located wherever you chose to unzip Betwiin on your computer.) Replace both the input and output folders with the folders we made on our desktop.

    Next you will need to start Python, then open the betwiin.py module and choose to run the module. If everything was setup correctly, Betwiin will automatically start decrypting the donor nand and encrypting it with the output keys from the bricked Wii. This will take around 20-30 minutes to complete. Once completed, you will get an output file in the output folder called flash.bin. Simply rename this file to nand.bin and use the Infectus chip to complete the dump into the bricked Wii.

    If everything was done correctly, you should end up with a working console. If it doesn’t work it may be because the donor nand had a different version of boot2 then the bricked nand and you will have to search for a different donor. As mentioned by Bushing, this tool is a last resort option to revive your system and is a very tedious process that sometimes requires a lot of tweeking to get it all right.
    Simple Nand Converter - WiiBrew

    and the part about extracting the keys isnt needed... you just use keys.bin from the bootmii backup, hmac stuff is covered by betwiin/simple nand convertor.
    Last edited by Bad_Ad84; 10-06-2010 at 09:05 AM.

  4. 3 Users Say Thank You to Bad_Ad84 For This Useful Post


  5. #3
    Junior Member streamlinehd's Avatar
    Join Date
    Mar 2010
    Location
    East Coast, USA
    Posts
    1,369
    Thanks
    114
    Thanked 557 Times in 377 Posts
    Blog Entries
    3
    Quote Originally Posted by Bad_Ad84 View Post
    Simple Nand Converter - WiiBrew

    and the part about extracting the keys isnt needed... you just use keys.bin from the bootmii backup, hmac stuff is covered by betwiin/simple nand convertor.
    Thanks bad_Ad84 your suggestion was added to the guide.
    Cogita ante salis
    If you're happy with the help I provided, don't forget to hit my thanks button


  6. 1 User Says Thank You streamlinehd For This Useful Post


  7. #4
    Junior Member
    Join Date
    Dec 2009
    Location
    England
    Posts
    1,304
    Thanks
    7
    Thanked 320 Times in 240 Posts
    Blog Entries
    2
    You missed that theres an english translation of simple nand convertor at the bottom of the wiibrew page.

    also, it doesnt just extract the parts ready to use with betwiin... it IS betwiin with a GUI and no need to install python, etc.

    as wiibrew article says, you just rename the donor nand.bin to flash.bin, but it in the right folder, then pick the donor keys.bin and target keys.bin and click go, then you get a nand dump build for the target.
    Last edited by Bad_Ad84; 10-06-2010 at 11:21 PM.

  8. 2 Users Say Thank You to Bad_Ad84 For This Useful Post


  9. #5
    Junior Member streamlinehd's Avatar
    Join Date
    Mar 2010
    Location
    East Coast, USA
    Posts
    1,369
    Thanks
    114
    Thanked 557 Times in 377 Posts
    Blog Entries
    3
    Quote Originally Posted by Bad_Ad84 View Post
    You missed that theres an english translation of simple nand convertor at the bottom of the wiibrew page.

    also, it doesnt just extract the parts ready to use with betwiin... it IS betwiin with a GUI and no need to install python, etc.

    as wiibrew article says, you just rename the donor nand.bin to flash.bin, but it in the right folder, then pick the donor keys.bin and target keys.bin and click go, then you get a nand dump build for the target.
    I'm running a conversion right now with the tool. So far everything seems to be running well. I will test my output tonight just to make sure but this is a great tool. I was wondering why no one made a GUI of this yet and I was even thinking of coding one but it was more work than I wanted to get into. Excellent tool bad_Ad84 thanks for the tip and I'll get it worked into the guide as this is much more user friendly than running Python. Well deserved thanks on both of your posts

    I think I finally have this guide where I want it however, I may decide to add a few pictures in the future.
    Last edited by streamlinehd; 10-07-2010 at 05:32 AM.
    Cogita ante salis
    If you're happy with the help I provided, don't forget to hit my thanks button


  10. 1 User Says Thank You streamlinehd For This Useful Post


  11. #6
    Junior Member
    Join Date
    Dec 2009
    Location
    England
    Posts
    1,304
    Thanks
    7
    Thanked 320 Times in 240 Posts
    Blog Entries
    2
    The issue with the nand not working from incompatible boot2 versions can be easily fixed.

    when you have finished the betwiin stage and have the nand.bin for the target wii, just replace boot1 and boot2 with boot2v4, this is the highest version and will work on any wii as long as you have the right boot1 version.

    I have these dumps at home:
    boot1a boot2v2 -> boot2v4
    boot1b boot2v2 -> boot2v4
    boot1c boot2v2 -> boot2v4

    just paste the contents of those dumps over the start of the target nand and you will be good to go.

  12. 1 User Says Thank You Bad_Ad84 For This Useful Post


  13. #7
    New Member
    Join Date
    Sep 2010
    Posts
    5
    Thanks
    4
    Thanked 3 Times in 2 Posts

    errors when running simple nand convertor

    Fiirstly thanks foir the tut and the links much appreciated.

    I have tried running this on my pc a x64 dual core amd system and i keep getting two errors after it allocates the flash.bin i get an error in line 46 and line 204 , the only way i actually got the error, as it disappears instantly was to use a screen capture program.


    Any ideas why these errors are appearing?

  14. 1 User Says Thank You scousemartin For This Useful Post


  15. #8
    Retired WiiHacks Staff Krafter's Avatar
    Join Date
    Dec 2009
    Posts
    4,425
    Thanks
    460
    Thanked 1,090 Times in 857 Posts
    Blog Entries
    5
    What version of Python are you using? There was a change in the way the "Print" function works in the later versions. Try this version here.

    And it will make things easier to read/see if you use the Python GUI instead of the CMD prompt.
    Last edited by Krafter; 10-16-2010 at 08:10 AM.

  16. 1 User Says Thank You Krafter For This Useful Post


  17. #9
    Retired WiiHacks Staff ShadowSonic2's Avatar
    Join Date
    Feb 2009
    Location
    Green Hill Zone
    Posts
    3,648
    Thanks
    295
    Thanked 3,892 Times in 984 Posts
    Blog Entries
    47
    Nice tutorial. Stickied.

  18. 1 User Says Thank You ShadowSonic2 For This Useful Post


  19. #10
    Junior Member streamlinehd's Avatar
    Join Date
    Mar 2010
    Location
    East Coast, USA
    Posts
    1,369
    Thanks
    114
    Thanked 557 Times in 377 Posts
    Blog Entries
    3
    Quote Originally Posted by scousemartin View Post
    Fiirstly thanks foir the tut and the links much appreciated.

    I have tried running this on my pc a x64 dual core amd system and i keep getting two errors after it allocates the flash.bin i get an error in line 46 and line 204 , the only way i actually got the error, as it disappears instantly was to use a screen capture program.


    Any ideas why these errors are appearing?
    Yeah, you're most likely getting the error because you aren't cleaning the keys from the donor nand. You must first remove the keys attached to the donor dump (the last 1024-bytes of data) before you can start Betwiin. (see step #3 of this tutorial)
    Last edited by streamlinehd; 10-16-2010 at 02:37 PM.
    Cogita ante salis
    If you're happy with the help I provided, don't forget to hit my thanks button


  20. 1 User Says Thank You streamlinehd For This Useful Post


Page 1 of 4 123 ... LastLast

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •